#!/usr/bin/env sh . ./common.sh trap error INT TERM start rebuild() { host="$(resolveAlias $1)" skip_check=$2 build_host=${BUILD_HOST:-$host} msg "Rebuilding: ${host} using ${build_host}" nixos-rebuild ${TRACE} --flake .#${1} --build-host "root@${build_host}" --target-host "root@${host}" switch 2>&1 | nom return $? } if [ "$1" = "watch" ]; then if [ "$2" = "status" ]; then for f in pull_requests/*.json; do pr=$(basename $f .json) title="$(jq -r '.title' <$f)" status="$(jq -r '.status' <$f)" echo "${pr}|${title}|${status}" done | column -t -s '|' exit 0 fi if [ "$2" = "update" ]; then msg "updating watches..." for f in pull_requests/*.json; do pr=$(basename $f .json) if [ "$(jq -r '.status' <$f)" = "open" ]; then curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json msg "Updated watch for ${pr}: $(jq -r .title pull_requests/${pr}.json msg "Added watch for ${pr}: $(jq -r .title &1 | nom exit $? fi if [ "$1" = "update" ]; then single="$2" can_sign=0 for i in $(ssh-add -L | awk '{print $2}'); do grep -q $i .allowed_signers && can_sign=1 done # TODO: capture commit message and wrap it with what is being updated. if [ $can_sign != 1 ]; then echo "Can't find signing key." exit 1 fi if [ "$single" != "" ]; then nix flake update --commit-lock-file "$single" else nix flake update --commit-lock-file fi nix flake archive fi if [ "$1" = "diff" ]; then host="$(resolveAlias $2)" mkdir -p .gcroots out=$(nix build -o .gcroots/${host} --json .#nixosConfigurations.${2}.config.system.build.toplevel | jq -r '.[0].outputs.out') nix copy -s --to "ssh://root@$host" "$out" nix copy -s --derivation --to "ssh://root@$host" "$out" ${SSH} "root@$host" "nix-store -qd /run/current-system $out | xargs nix-diff --color=always" | less exit $? fi ret=0 if [ ${#@} = 1 ]; then rebuild $1 true || ret=1 else lock for host in $(listNixOSHosts); do rebuild $host false || ret=1 done fi