hosts: deploy with cachix deploy, drop deploy-rs

2023-07-23 03:27:24 +02:00 · 2023-07-23 03:27:24 +02:00 · dad5c855c7
commit dad5c855c7
parent 98798af2cc
1 changed files with 47 additions and 81 deletions
--- a/hosts/deploy.nix
+++ b/hosts/deploy.nix
@ -1,95 +1,61 @@
 { config, inputs, lib, self, withSystem, ... }:
 let
-  inherit (lib) elem mapAttrs toLower;
+  inherit (lib) const elem flip genAttrs mapAttrs;
-  inherit (config) gods defaultEffectSystem;
+  inherit (config) gods defaultEffectSystem systems;
  inherit (self) nixosConfigurations;
  meta = import ../tools/meta.nix;
  chosenHours = gods.fromLight;
  withEffectSystem = withSystem defaultEffectSystem;
-  callUpon = name: host: withEffectSystem ({ config, hci-effects, ... }: let
+  callUpon = hours: mapAttrs (hour: const nixosConfigurations.${hour}.config.system.build.toplevel) hours;
    inherit (hci-effects) runIf runNixOS;
    inherit (host.enterprise) subdomain;
    hostname = "${toLower name}.${subdomain}.${meta.domain}";
    deploy-rs = inputs.deploy-rs.lib."${host.system}";
  in {
    effect = { branch, ... }: runIf (elem branch [ "master" "staging" ])
    (runNixOS rec {
      requiredSystemFeatures = [ "hci-deploy-agent-nixos" ];
      inherit (nixosConfigurations.${name}) config;
      secretsMap.ssh = "deploy-ssh";
      userSetupScript = ''
        writeSSHKey ssh
        cat >>~/.ssh/known_hosts <<EOF
        ${hostname} ${host.ssh.id.publicKey}
        EOF
      '';
      ssh.destination = "root@${hostname}";
      postEffect = let
        scheduleReboot = builtins.toFile "schedule-reboot.sh" /*bash*/ ''
          currentTime=$(date +%s)
          lastScheduledTime=$(consul kv get system/coordinated-reboot/last)
          if [[ $? -ne 0 ]]; then
            lastScheduledTime=$((currentTime - 300))
          fi
          nextScheduledTime=$((lastScheduledTime + 900))
          if [[ $nextScheduledTime -lt $((currentTime + 300)) ]]; then
            nextScheduledTime=$((currentTime + 300))
          fi
          consul kv put system/coordinated-reboot/last $nextScheduledTime
          echo "Scheduling reboot for $nextScheduledTime"
          systemd-analyze timestamp @$nextScheduledTime
          busctl call \
            org.freedesktop.login1 \
            /org/freedesktop/login1 \
            org.freedesktop.login1.Manager \
            ScheduleShutdown st reboot ''${nextScheduledTime}000000
        '';
      in hci-effects.ssh ssh /*bash*/ ''
        if [[ "$(realpath /run/booted-system/kernel)" != "$(realpath /run/current-system/kernel)" ]]; then
          echo "Scheduling reboot for kernel upgrade"
          if ! consul members >/dev/null; then
            echo "Consul not active, skipping reboot"
            exit 0
          fi
          consul lock --timeout=3m system/coordinated-reboot bash ${scheduleReboot}
        fi
      '';
    });
    deploy = {
      inherit hostname;
      profiles.system = {
        user = "root";
        sshUser = "deploy";
        path = deploy-rs.activate.nixos self.nixosConfigurations.${name};
      };
    };
  });
  calledUponHours = mapAttrs callUpon chosenHours;
  pick = format: _: calledUponHour: calledUponHour.${format};
 in
 {
-  herculesCI = { config, ... }: let
+  herculesCI = { config, ... }: {
-    powers = mapAttrs (pick "effect") calledUponHours;
+    onPush.default.outputs.effects.callUponTheHours = withEffectSystem ({  hci-effects, ... }: let
-    wield = mapAttrs (_: wieldPowerWith: wieldPowerWith config.repo);
+      inherit (hci-effects) runIf runCachixDeploy;
-  in {
+    in runIf (elem config.repo.branch [ "master" "staging" ]) (
-    onPush.default.outputs.effects = wield powers;
+      runCachixDeploy {
        async = true;
        deploy = {
          agents = callUpon chosenHours;
          rollbackScript = genAttrs systems (flip withSystem ({ pkgs, ... }:
            let
              scheduleReboot = pkgs.writeShellScript "schedule-reboot.sh" ''
                currentTime=$(date +%s)
                lastScheduledTime=$(consul kv get system/coordinated-reboot/last)
                if [[ $? -ne 0 ]]; then
                  lastScheduledTime=$((currentTime - 300))
                fi
                nextScheduledTime=$((lastScheduledTime + 900))
                if [[ $nextScheduledTime -lt $((currentTime + 300)) ]]; then
                  nextScheduledTime=$((currentTime + 300))
                fi
                consul kv put system/coordinated-reboot/last $nextScheduledTime
                echo "Scheduling reboot for $nextScheduledTime"
                systemd-analyze timestamp @$nextScheduledTime
                busctl call \
                  org.freedesktop.login1 \
                  /org/freedesktop/login1 \
                  org.freedesktop.login1.Manager \
                  ScheduleShutdown st reboot ''${nextScheduledTime}000000
              '';
            in pkgs.writeShellScript "post-effect.sh" ''
              export PATH="${pkgs.consul}/bin:${pkgs.coreutils}/bin"
              if [[ "$(realpath /run/booted-system/kernel)" != "$(realpath /run/current-system/kernel)" ]]; then
                echo "Scheduling reboot for kernel upgrade"
                if ! consul members >/dev/null; then
                  echo "Consul not active, skipping reboot"
                  exit 0
                fi
                consul lock --timeout=3m system/coordinated-reboot ${scheduleReboot}
              fi
            ''
          ));
        };
      }
    ));
  };
  flake.deploy.nodes = mapAttrs (pick "deploy") calledUponHours;
 }