diff --git a/LICENSE.md b/LICENSE.md index 05604d8..26ef2fc 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,6 +1,7 @@ MIT License Copyright (c) 2022 Matthew Croughan +Copyright (c) 2022 Platonic Systems Limited Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 4aadffb..cb76137 100644 --- a/README.md +++ b/README.md @@ -113,6 +113,11 @@ Connection to itchy.scratchy.com closed. built a lot of the paths from the previous deployment. However, if the remote has a slow upload bandwidth, this would not be a good idea to enable. +- `reboot` *`bool`* + + Whether to reboot the remote host if a newer kernel is available. Defaults to + false. + # Project Principles * No Premature Optimization: Make it work, then optimize it later if the diff --git a/flake.nix b/flake.nix index 2e9df22..b56fae6 100644 --- a/flake.nix +++ b/flake.nix @@ -27,19 +27,23 @@ validMachines = final.lib.remove "" (final.lib.forEach machines (x: final.lib.optionalString (flake.nixosConfigurations."${x}"._module.args ? nixinate) "${x}" )); mkDeployScript = { machine, dryRun }: let inherit (builtins) abort; - inherit (final.lib) getExe optionalString; + inherit (final.lib) getExe optionalString concatStringsSep; nix = "${getExe final.nix}"; nixos-rebuild = "${getExe final.nixos-rebuild}"; openssh = "${getExe final.openssh}"; + flock = "${getExe final.flock}"; n = flake.nixosConfigurations.${machine}._module.args.nixinate; - hermetic = n.hermetic or false; + hermetic = n.hermetic or true; user = n.sshUser or "root"; host = n.host; where = n.buildOn or "remote"; remote = if where == "remote" then true else if where == "local" then false else abort "_module.args.nixinate.buildOn is not set to a valid value of 'local' or 'remote'"; substituteOnTarget = n.substituteOnTarget or false; switch = if dryRun then "dry-activate" else "switch"; + nixOptions = concatStringsSep " " (n.nixOptions or []); + reboot = if ! dryRun then n.reboot or false else false; + script = '' set -e @@ -48,19 +52,26 @@ echo "🌐 SSH Host: ${host}" '' + (if remote then '' echo "🚀 Sending flake to ${machine} via nix copy:" - ( set -x; ${nix} copy ${flake} --to ssh://${user}@${host} ) + ( set -x; ${nix} ${nixOptions} copy ${flake} --to ssh://${user}@${host} ) '' + (if hermetic then '' echo "🤞 Activating configuration hermetically on ${machine} via ssh:" - ( set -x; ${nix} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} ) - ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} -c 'nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${switch} --flake ${flake}#${machine}'" ) + ( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} ${flock} --to ssh://${user}@${host} ) + ( set -x; ${openssh} -t ${user}@${host} "sudo nix-store --realise ${nixos-rebuild} ${flock} && sudo ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" ) '' else '' echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:" - ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} -c 'nixos-rebuild ${switch} --flake ${flake}#${machine}'" ) + ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" ) '') else '' echo "🔨 Building system closure locally, copying it to remote store and activating it:" - ( set -x; NIX_SSHOPTS="-t" flock -w 60 /dev/shm/nixinate-${machine} -c '${nixos-rebuild} ${switch} --flake ${flake}#${machine} --target-host ${user}@${host} --use-remote-sudo ${optionalString substituteOnTarget "-s"}' ) - ''); + ( set -x; NIX_SSHOPTS="-t" ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine} --target-host ${user}@${host} --use-remote-sudo ${optionalString substituteOnTarget "-s"} ) + + '') + (if reboot then '' + ( if ! ${openssh} -t ${user}@${host} '[ "$(readlink /run/booted-system/{initrd,kernel,kernel-modules})" = "$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})" ]' + then + echo "🙈 Rebooting host due to newer kernel:" + set -x; ${openssh} -t ${user}@${host} "sudo reboot" + fi ) + '' else ""); in final.writeScript "deploy-${machine}.sh" script; in { diff --git a/tests/vmTest/default.nix b/tests/vmTest/default.nix index 097d4fa..1eb70b8 100644 --- a/tests/vmTest/default.nix +++ b/tests/vmTest/default.nix @@ -70,7 +70,8 @@ let writableStore = true; additionalPaths = [] ++ lib.optional (buildOn == "remote") (allDrvOutputs exampleSystem) - ++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild); + ++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild.drvPath) + ++ lib.optional (hermetic == true) (pkgs.flock.drvPath); }; }; nixinator = { ... }: { @@ -81,7 +82,8 @@ let additionalPaths = [ (allDrvOutputs exampleSystem) ] - ++ lib.optional (buildOn == "remote") exampleFlake; + ++ lib.optional (buildOn == "remote") exampleFlake + ++ lib.optional (hermetic == true) pkgs.flock.drvPath; }; }; };