#!/usr/bin/env sh . ./common.sh trap error INT TERM start rebuild() { host="$(resolveAlias $1)" skip_check=$2 msg "Rebuilding: ${host}" if ! tsAlive $host; then msg "can't reach ${host}.. skipping.." return fi hostVersion=$(${SSH} root@${host} 'nixos-version --json | jq -r .configurationRevision') if [ $? != 0 ]; then return $? fi if [ "$hostVersion" = "$CurrentVersion" ] && [ $skip_check = false ]; then msg "Up-to-date: ${host}" return 0 fi nixos-rebuild --flake .#${1} --build-host root@${host} --target-host root@${host} switch return $? } if [ "$1" = "status" ]; then rev=$(git rev-parse HEAD) msg "Currently at: ${rev}\t($(git log --format=%B -n 1 $rev | head -n1))" for h in $(nix eval .#nixosConfigurations --apply builtins.attrNames --json | jq -r '.[]'); do host="$(resolveAlias $h)" if ! tsAlive $host; then msg "can't reach ${host}.. skipping.." continue fi echo -n "===> $h: " host_data="$(${SSH} root@${host} 'nixos-version --json')" remote_rev=$(echo $host_data | jq -r .configurationRevision) remote_ver=$(echo $host_data | jq -r .nixosVersion) rev_msg="DIRTY" rev_status="✓"; if [ "$remote_rev" != "DIRTY" ]; then rev_msg=$(git log --format=%B -n1 $remote_rev | head -n1) if [ "${remote_rev}" != "${rev}" ]; then rev_status="×" fi fi echo -en "\t\t${remote_ver}\t${rev_status}\t(${rev_msg})" if ${SSH} root@$host 'check-restart' >/dev/null 2>&1; then echo -e "\tOK" else echo -e "\tREBOOT" fi done exit 0 fi if [ "$1" = "install" ]; then h="$2" host="$(resolveAlias $2)" dest="${3:-/nix/store}" shift shift if [ ! -d hosts/${h} ]; then msg "No config found for $h" exit 1 fi set -eu set -x mkdir -p .gcroots out=$(nix build -o .gcroots/${h} --json .#nixosConfigurations.${h}.config.system.build.toplevel | jq -r '.[0].outputs.out') nix copy -s --to "ssh://root@${host}?remote-store=${dest}" "$out" nix copy -s --derivation --to "ssh://root@${host}?remote-store=${dest}" "$out" ${SSH} "root@${host}" NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$dest" -- nix --extra-experimental-features nix-command build --profile /nix/var/nix/profiles/system "$out" ${SSH} "root@${host}" NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$dest" -- /run/current-system/bin/switch-to-configuration switch exit 0 fi if [ "$1" = "update" ]; then single="$2" can_sign=0 for i in $(ssh-add -L | awk '{print $NF}'); do grep -q $i .allowed_signers && can_sign=1 done if [ $can_sign = 1 ]; then if [ "$single" != "" ]; then nix flake lock --commit-lock-file --update-input "$single" else nix flake update --commit-lock-file fi exit else echo "Can't find signing key." exit 1 fi fi if [ "$1" = "installer" ]; then nix build .#nixosConfigurations.isoInstall.config.system.build.isoImage exit $? fi if [ "$1" = "diff" ]; then host="$(resolveAlias $2)" mkdir -p .gcroots out=$(nix build -o .gcroots/${host} --json .#nixosConfigurations.${2}.config.system.build.toplevel | jq -r '.[0].outputs.out') nix copy -s --to "ssh://root@$host" "$out" nix copy -s --derivation --to "ssh://root@$host" "$out" ${SSH} "root@$host" "nix-store -qd /run/current-system $out | xargs nix-diff --color=always" | less exit $? fi ret=0 if [ ${#@} = 1 ]; then rebuild $1 true || ret=1 else for host in $(ls hosts); do rebuild $host false || ret=1 done fi