From b2c30fe2c2e5864484210ffc3d2db89732a1eafa Mon Sep 17 00:00:00 2001 From: Magic_RB Date: Sat, 27 Aug 2022 20:55:15 +0200 Subject: [PATCH 1/6] Add options to specify Nix options Signed-off-by: Magic_RB --- flake.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 2e9df22..4ac369d 100644 --- a/flake.nix +++ b/flake.nix @@ -27,7 +27,7 @@ validMachines = final.lib.remove "" (final.lib.forEach machines (x: final.lib.optionalString (flake.nixosConfigurations."${x}"._module.args ? nixinate) "${x}" )); mkDeployScript = { machine, dryRun }: let inherit (builtins) abort; - inherit (final.lib) getExe optionalString; + inherit (final.lib) getExe optionalString concatStringsSep; nix = "${getExe final.nix}"; nixos-rebuild = "${getExe final.nixos-rebuild}"; openssh = "${getExe final.openssh}"; @@ -40,6 +40,8 @@ remote = if where == "remote" then true else if where == "local" then false else abort "_module.args.nixinate.buildOn is not set to a valid value of 'local' or 'remote'"; substituteOnTarget = n.substituteOnTarget or false; switch = if dryRun then "dry-activate" else "switch"; + nixOptions = concatStringsSep " " (n.nixOptions or []); + script = '' set -e @@ -48,18 +50,19 @@ echo "🌐 SSH Host: ${host}" '' + (if remote then '' echo "🚀 Sending flake to ${machine} via nix copy:" - ( set -x; ${nix} copy ${flake} --to ssh://${user}@${host} ) + ( set -x; ${nix} ${nixOptions} copy ${flake} --to ssh://${user}@${host} ) '' + (if hermetic then '' echo "🤞 Activating configuration hermetically on ${machine} via ssh:" - ( set -x; ${nix} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} ) - ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} -c 'nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${switch} --flake ${flake}#${machine}'" ) + ( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} ) + ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} -c 'nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}'" ) '' else '' echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:" ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} -c 'nixos-rebuild ${switch} --flake ${flake}#${machine}'" ) '') else '' echo "🔨 Building system closure locally, copying it to remote store and activating it:" - ( set -x; NIX_SSHOPTS="-t" flock -w 60 /dev/shm/nixinate-${machine} -c '${nixos-rebuild} ${switch} --flake ${flake}#${machine} --target-host ${user}@${host} --use-remote-sudo ${optionalString substituteOnTarget "-s"}' ) + ( set -x; NIX_SSHOPTS="-t" flock -w 60 /dev/shm/nixinate-${machine} -c '${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine} --target-host ${user}@${host} --use-remote-sudo ${optionalString substituteOnTarget "-s"}' ) + ''); in final.writeScript "deploy-${machine}.sh" script; in -- 2.45.3 From 6dd8faea22da261d5a9ae6842e022e917e2777d5 Mon Sep 17 00:00:00 2001 From: Isaac Shapira Date: Mon, 10 Oct 2022 15:49:49 -0600 Subject: [PATCH 2/6] Update LICENSE.md --- LICENSE.md | 1 + 1 file changed, 1 insertion(+) diff --git a/LICENSE.md b/LICENSE.md index 05604d8..26ef2fc 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -1,6 +1,7 @@ MIT License Copyright (c) 2022 Matthew Croughan +Copyright (c) 2022 Platonic Systems Limited Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal -- 2.45.3 From 572db25f42d997b7e0c18c770d5f1e9eaa18beb6 Mon Sep 17 00:00:00 2001 From: matthewcroughan Date: Wed, 26 Oct 2022 22:56:41 +0100 Subject: [PATCH 3/6] Use explicit cross-platform flock rather than impurely referencing it --- flake.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 4ac369d..092ce1c 100644 --- a/flake.nix +++ b/flake.nix @@ -31,6 +31,7 @@ nix = "${getExe final.nix}"; nixos-rebuild = "${getExe final.nixos-rebuild}"; openssh = "${getExe final.openssh}"; + flock = "${getExe final.flock}"; n = flake.nixosConfigurations.${machine}._module.args.nixinate; hermetic = n.hermetic or false; @@ -54,14 +55,14 @@ '' + (if hermetic then '' echo "🤞 Activating configuration hermetically on ${machine} via ssh:" ( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} ) - ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} -c 'nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}'" ) + ( set -x; ${openssh} -t ${user}@${host} "sudo ${flock} -w 60 /dev/shm/nixinate-${machine} nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" ) '' else '' echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:" - ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} -c 'nixos-rebuild ${switch} --flake ${flake}#${machine}'" ) + ( set -x; ${openssh} -t ${user}@${host} "sudo ${flock} -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" ) '') else '' echo "🔨 Building system closure locally, copying it to remote store and activating it:" - ( set -x; NIX_SSHOPTS="-t" flock -w 60 /dev/shm/nixinate-${machine} -c '${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine} --target-host ${user}@${host} --use-remote-sudo ${optionalString substituteOnTarget "-s"}' ) + ( set -x; NIX_SSHOPTS="-t" ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine} --target-host ${user}@${host} --use-remote-sudo ${optionalString substituteOnTarget "-s"} ) ''); in final.writeScript "deploy-${machine}.sh" script; -- 2.45.3 From 8dca4f6f5842a602d0c4b8720c279b10d30552eb Mon Sep 17 00:00:00 2001 From: matthewcroughan Date: Fri, 28 Oct 2022 01:31:08 +0100 Subject: [PATCH 4/6] Make flock usage hermetic --- flake.nix | 6 +++--- tests/vmTest/default.nix | 6 ++++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 092ce1c..3290112 100644 --- a/flake.nix +++ b/flake.nix @@ -54,11 +54,11 @@ ( set -x; ${nix} ${nixOptions} copy ${flake} --to ssh://${user}@${host} ) '' + (if hermetic then '' echo "🤞 Activating configuration hermetically on ${machine} via ssh:" - ( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} --to ssh://${user}@${host} ) - ( set -x; ${openssh} -t ${user}@${host} "sudo ${flock} -w 60 /dev/shm/nixinate-${machine} nix-store --realise ${nixos-rebuild} && sudo ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" ) + ( set -x; ${nix} ${nixOptions} copy --derivation ${nixos-rebuild} ${flock} --to ssh://${user}@${host} ) + ( set -x; ${openssh} -t ${user}@${host} "sudo nix-store --realise ${nixos-rebuild} ${flock} && sudo ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine}" ) '' else '' echo "🤞 Activating configuration non-hermetically on ${machine} via ssh:" - ( set -x; ${openssh} -t ${user}@${host} "sudo ${flock} -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" ) + ( set -x; ${openssh} -t ${user}@${host} "sudo flock -w 60 /dev/shm/nixinate-${machine} nixos-rebuild ${switch} --flake ${flake}#${machine}" ) '') else '' echo "🔨 Building system closure locally, copying it to remote store and activating it:" diff --git a/tests/vmTest/default.nix b/tests/vmTest/default.nix index 097d4fa..1eb70b8 100644 --- a/tests/vmTest/default.nix +++ b/tests/vmTest/default.nix @@ -70,7 +70,8 @@ let writableStore = true; additionalPaths = [] ++ lib.optional (buildOn == "remote") (allDrvOutputs exampleSystem) - ++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild); + ++ lib.optional (hermetic == true) (pkgs.nixinate.nixos-rebuild.drvPath) + ++ lib.optional (hermetic == true) (pkgs.flock.drvPath); }; }; nixinator = { ... }: { @@ -81,7 +82,8 @@ let additionalPaths = [ (allDrvOutputs exampleSystem) ] - ++ lib.optional (buildOn == "remote") exampleFlake; + ++ lib.optional (buildOn == "remote") exampleFlake + ++ lib.optional (hermetic == true) pkgs.flock.drvPath; }; }; }; -- 2.45.3 From b4d17b8e2a4abc47e93e1a1c466e0286a63640d8 Mon Sep 17 00:00:00 2001 From: matthewcroughan Date: Thu, 15 Dec 2022 15:08:40 +0000 Subject: [PATCH 5/6] default hermetic to true --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 3290112..5a39796 100644 --- a/flake.nix +++ b/flake.nix @@ -34,7 +34,7 @@ flock = "${getExe final.flock}"; n = flake.nixosConfigurations.${machine}._module.args.nixinate; - hermetic = n.hermetic or false; + hermetic = n.hermetic or true; user = n.sshUser or "root"; host = n.host; where = n.buildOn or "remote"; -- 2.45.3 From 3b2f2de09f157797842bebdbc36dfc1c3860de65 Mon Sep 17 00:00:00 2001 From: Adam Stephens Date: Fri, 23 Sep 2022 03:49:23 +0000 Subject: [PATCH 6/6] Add support for rebooting when a newer kernel is detected --- README.md | 5 +++++ flake.nix | 9 ++++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4aadffb..cb76137 100644 --- a/README.md +++ b/README.md @@ -113,6 +113,11 @@ Connection to itchy.scratchy.com closed. built a lot of the paths from the previous deployment. However, if the remote has a slow upload bandwidth, this would not be a good idea to enable. +- `reboot` *`bool`* + + Whether to reboot the remote host if a newer kernel is available. Defaults to + false. + # Project Principles * No Premature Optimization: Make it work, then optimize it later if the diff --git a/flake.nix b/flake.nix index 5a39796..b56fae6 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,7 @@ substituteOnTarget = n.substituteOnTarget or false; switch = if dryRun then "dry-activate" else "switch"; nixOptions = concatStringsSep " " (n.nixOptions or []); + reboot = if ! dryRun then n.reboot or false else false; script = '' @@ -64,7 +65,13 @@ echo "🔨 Building system closure locally, copying it to remote store and activating it:" ( set -x; NIX_SSHOPTS="-t" ${flock} -w 60 /dev/shm/nixinate-${machine} ${nixos-rebuild} ${nixOptions} ${switch} --flake ${flake}#${machine} --target-host ${user}@${host} --use-remote-sudo ${optionalString substituteOnTarget "-s"} ) - ''); + '') + (if reboot then '' + ( if ! ${openssh} -t ${user}@${host} '[ "$(readlink /run/booted-system/{initrd,kernel,kernel-modules})" = "$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})" ]' + then + echo "🙈 Rebooting host due to newer kernel:" + set -x; ${openssh} -t ${user}@${host} "sudo reboot" + fi ) + '' else ""); in final.writeScript "deploy-${machine}.sh" script; in { -- 2.45.3