95 lines
2.4 KiB
Bash
Executable File
95 lines
2.4 KiB
Bash
Executable File
#!/usr/bin/env sh
|
|
|
|
. ./common.sh
|
|
|
|
trap error INT TERM
|
|
|
|
start
|
|
|
|
rebuild() {
|
|
host="$(resolveAlias $1)"
|
|
skip_check=$2
|
|
|
|
build_host=${BUILD_HOST:-$host}
|
|
msg "Rebuilding: ${host} using ${build_host}"
|
|
nixos-rebuild ${TRACE} --flake .#${1} --build-host "root@${build_host}" --target-host "root@${host}" switch 2>&1 | nom
|
|
return $?
|
|
}
|
|
|
|
if [ "$1" = "watch" ]; then
|
|
if [ "$2" = "status" ]; then
|
|
for f in pull_requests/*.json; do
|
|
pr=$(basename $f .json)
|
|
title="$(jq -r '.title' <$f)"
|
|
status="$(jq -r '.status' <$f)"
|
|
echo "${pr}|${title}|${status}"
|
|
done | column -t -s '|'
|
|
exit 0
|
|
fi
|
|
|
|
if [ "$2" = "update" ]; then
|
|
msg "updating watches..."
|
|
for f in pull_requests/*.json; do
|
|
pr=$(basename $f .json)
|
|
if [ "$(jq -r '.status' <$f)" = "open" ]; then
|
|
curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
|
|
msg "Updated watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)"
|
|
else
|
|
msg "$Skipping: ${pr} ($(jq -r .title <pull_requests/${pr}.json)), already complete"
|
|
fi
|
|
done
|
|
else
|
|
pr="$2"
|
|
curl -s -o - https://pr-status.otter-alligator.ts.net/${pr} | jq -rS 'del(.queryTime)' >pull_requests/${pr}.json
|
|
msg "Added watch for ${pr}: $(jq -r .title <pull_requests/${pr}.json)"
|
|
git add pull_requests/${pr}.json
|
|
fi
|
|
exit 0
|
|
fi
|
|
|
|
if [ "$1" = "local" ]; then
|
|
sudo nixos-rebuild ${TRACE} --option eval-cache false --flake .#$(uname -n) switch 2>&1 | nom
|
|
exit $?
|
|
fi
|
|
|
|
if [ "$1" = "update" ]; then
|
|
single="$2"
|
|
can_sign=0
|
|
for i in $(ssh-add -L | awk '{print $2}'); do
|
|
grep -q $i .allowed_signers && can_sign=1
|
|
done
|
|
|
|
# TODO: capture commit message and wrap it with what is being updated.
|
|
if [ $can_sign != 1 ]; then
|
|
echo "Can't find signing key."
|
|
exit 1
|
|
fi
|
|
|
|
if [ "$single" != "" ]; then
|
|
nix flake update --commit-lock-file "$single"
|
|
else
|
|
nix flake update --commit-lock-file
|
|
fi
|
|
nix flake archive
|
|
fi
|
|
|
|
if [ "$1" = "diff" ]; then
|
|
host="$(resolveAlias $2)"
|
|
mkdir -p .gcroots
|
|
out=$(nix build -o .gcroots/${host} --json .#nixosConfigurations.${2}.config.system.build.toplevel | jq -r '.[0].outputs.out')
|
|
nix copy -s --to "ssh://root@$host" "$out"
|
|
nix copy -s --derivation --to "ssh://root@$host" "$out"
|
|
${SSH} "root@$host" "nix-store -qd /run/current-system $out | xargs nix-diff --color=always" | less
|
|
exit $?
|
|
fi
|
|
|
|
ret=0
|
|
if [ ${#@} = 1 ]; then
|
|
rebuild $1 true || ret=1
|
|
else
|
|
lock
|
|
for host in $(listNixOSHosts); do
|
|
rebuild $host false || ret=1
|
|
done
|
|
fi
|