diff options
36 files changed, 3698 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..58f5ece --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +/target +result +/examples/system/bare-system.qcow2
\ No newline at end of file diff --git a/.reuse/dep5 b/.reuse/dep5 new file mode 100644 index 0000000..d5d6256 --- /dev/null +++ b/.reuse/dep5 @@ -0,0 +1,10 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: deploy-rs +Upstream-Contact: Serokell <https://serokell.io/> +Source: https://github.com/serokell/deploy-rs + +# Sample paragraph, commented out: +# +# Files: src/* +# Copyright: $YEAR $NAME <$CONTACT> +# License: ... diff --git a/Cargo.lock b/Cargo.lock new file mode 100644 index 0000000..bfb1db4 --- /dev/null +++ b/Cargo.lock @@ -0,0 +1,790 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +[[package]] +name = "aho-corasick" +version = "0.7.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "043164d8ba5c4c3035fec9bbee8647c0261d788f3474306f93bb65901cae0e86" +dependencies = [ + "memchr", +] + +[[package]] +name = "arc-swap" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4d25d88fd6b8041580a654f9d0c581a047baee2b3efee13275f2fc392fc75034" + +[[package]] +name = "atty" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" +dependencies = [ + "hermit-abi", + "libc", + "winapi 0.3.9", +] + +[[package]] +name = "autocfg" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cdb031dd78e28731d87d56cc8ffef4a8f36ca26c38fe2de700543e627f8a464a" + +[[package]] +name = "bitflags" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" + +[[package]] +name = "bytes" +version = "0.5.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0e4cec68f03f32e44924783795810fa50a7035d8c8ebe78580ad7e6c703fba38" + +[[package]] +name = "cfg-if" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" + +[[package]] +name = "clap" +version = "3.0.0-beta.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4bd1061998a501ee7d4b6d449020df3266ca3124b941ec56cf2005c3779ca142" +dependencies = [ + "atty", + "bitflags", + "clap_derive", + "indexmap", + "lazy_static", + "os_str_bytes", + "strsim", + "termcolor", + "textwrap", + "unicode-width", + "vec_map", +] + +[[package]] +name = "clap_derive" +version = "3.0.0-beta.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "370f715b81112975b1b69db93e0b56ea4cd4e5002ac43b2da8474106a54096a1" +dependencies = [ + "heck", + "proc-macro-error", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "deploy-rs" +version = "0.1.0" +dependencies = [ + "clap", + "fork", + "futures-util", + "inotify", + "log", + "merge", + "pretty_env_logger", + "serde", + "serde_derive", + "serde_json", + "tokio", + "whoami", +] + +[[package]] +name = "env_logger" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "44533bbbb3bb3c1fa17d9f2e4e38bbbaf8396ba82193c4cb1b6445d711445d36" +dependencies = [ + "atty", + "humantime", + "log", + "regex", + "termcolor", +] + +[[package]] +name = "fnv" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" + +[[package]] +name = "fork" +version = "0.1.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48ab1b42fd10696f85fa0bd0856da17ba05b18d527dbaf846359441ecb808d92" +dependencies = [ + "libc", +] + +[[package]] +name = "fuchsia-zircon" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e9763c69ebaae630ba35f74888db465e49e259ba1bc0eda7d06f4a067615d82" +dependencies = [ + "bitflags", + "fuchsia-zircon-sys", +] + +[[package]] +name = "fuchsia-zircon-sys" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3dcaa9ae7725d12cdb85b3ad99a434db70b468c09ded17e012d86b5c1010f7a7" + +[[package]] +name = "futures-core" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d674eaa0056896d5ada519900dbf97ead2e46a7b6621e8160d79e2f2e1e2784b" + +[[package]] +name = "futures-macro" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f57ed14da4603b2554682e9f2ff3c65d7567b53188db96cb71538217fc64581b" +dependencies = [ + "proc-macro-hack", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "futures-task" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4dd26820a9f3637f1302da8bceba3ff33adbe53464b54ca24d4e2d4f1db30f94" +dependencies = [ + "once_cell", +] + +[[package]] +name = "futures-util" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a894a0acddba51a2d49a6f4263b1e64b8c579ece8af50fa86503d52cd1eea34" +dependencies = [ + "futures-core", + "futures-macro", + "futures-task", + "pin-project", + "pin-utils", + "proc-macro-hack", + "proc-macro-nested", + "slab", +] + +[[package]] +name = "hashbrown" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00d63df3d41950fb462ed38308eea019113ad1508da725bbedcd0fa5a85ef5f7" + +[[package]] +name = "heck" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "20564e78d53d2bb135c343b3f47714a56af2061f1c928fdb541dc7b9fdd94205" +dependencies = [ + "unicode-segmentation", +] + +[[package]] +name = "hermit-abi" +version = "0.1.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c30f6d0bc6b00693347368a67d41b58f2fb851215ff1da49e90fe2c5c667151" +dependencies = [ + "libc", +] + +[[package]] +name = "humantime" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df004cfca50ef23c36850aaaa59ad52cc70d0e90243c3c7737a4dd32dc7a3c4f" +dependencies = [ + "quick-error", +] + +[[package]] +name = "indexmap" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55e2e4c765aa53a0424761bf9f41aa7a6ac1efa87238f59560640e27fca028f2" +dependencies = [ + "autocfg", + "hashbrown", +] + +[[package]] +name = "inotify" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46dd0a94b393c730779ccfd2a872b67b1eb67be3fc33082e733bdb38b5fde4d4" +dependencies = [ + "bitflags", + "futures-core", + "inotify-sys", + "libc", + "mio", + "tokio", +] + +[[package]] +name = "inotify-sys" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e74a1aa87c59aeff6ef2cc2fa62d41bc43f54952f55652656b18a02fd5e356c0" +dependencies = [ + "libc", +] + +[[package]] +name = "iovec" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b2b3ea6ff95e175473f8ffe6a7eb7c00d054240321b84c57051175fe3c1e075e" +dependencies = [ + "libc", +] + +[[package]] +name = "itoa" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dc6f3ad7b9d11a0c00842ff8de1b60ee58661048eb8049ed33c73594f359d7e6" + +[[package]] +name = "kernel32-sys" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7507624b29483431c0ba2d82aece8ca6cdba9382bff4ddd0f7490560c056098d" +dependencies = [ + "winapi 0.2.8", + "winapi-build", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + +[[package]] +name = "libc" +version = "0.2.79" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2448f6066e80e3bfc792e9c98bf705b4b0fc6e8ef5b43e5889aff0eaa9c58743" + +[[package]] +name = "log" +version = "0.4.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4fabed175da42fed1fa0746b0ea71f412aa9d35e76e95e59b192c64b9dc2bf8b" +dependencies = [ + "cfg-if", +] + +[[package]] +name = "memchr" +version = "2.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3728d817d99e5ac407411fa471ff9800a778d88a24685968b36824eaf4bee400" + +[[package]] +name = "merge" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10bbef93abb1da61525bbc45eeaff6473a41907d19f8f9aa5168d214e10693e9" +dependencies = [ + "merge_derive", + "num-traits", +] + +[[package]] +name = "merge_derive" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "209d075476da2e63b4b29e72a2ef627b840589588e71400a25e3565c4f849d07" +dependencies = [ + "proc-macro-error", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "mio" +version = "0.6.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fce347092656428bc8eaf6201042cb551b8d67855af7374542a92a0fbfcac430" +dependencies = [ + "cfg-if", + "fuchsia-zircon", + "fuchsia-zircon-sys", + "iovec", + "kernel32-sys", + "libc", + "log", + "miow 0.2.1", + "net2", + "slab", + "winapi 0.2.8", +] + +[[package]] +name = "mio-named-pipes" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0840c1c50fd55e521b247f949c241c9997709f23bd7f023b9762cd561e935656" +dependencies = [ + "log", + "mio", + "miow 0.3.5", + "winapi 0.3.9", +] + +[[package]] +name = "mio-uds" +version = "0.6.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "afcb699eb26d4332647cc848492bbc15eafb26f08d0304550d5aa1f612e066f0" +dependencies = [ + "iovec", + "libc", + "mio", +] + +[[package]] +name = "miow" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c1f2f3b1cf331de6896aabf6e9d55dca90356cc9960cca7eaaf408a355ae919" +dependencies = [ + "kernel32-sys", + "net2", + "winapi 0.2.8", + "ws2_32-sys", +] + +[[package]] +name = "miow" +version = "0.3.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07b88fb9795d4d36d62a012dfbf49a8f5cf12751f36d31a9dbe66d528e58979e" +dependencies = [ + "socket2", + "winapi 0.3.9", +] + +[[package]] +name = "net2" +version = "0.2.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3ebc3ec692ed7c9a255596c67808dee269f64655d8baf7b4f0638e51ba1d6853" +dependencies = [ + "cfg-if", + "libc", + "winapi 0.3.9", +] + +[[package]] +name = "num-traits" +version = "0.2.12" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac267bcc07f48ee5f8935ab0d24f316fb722d7a1292e2913f0cc196b29ffd611" +dependencies = [ + "autocfg", +] + +[[package]] +name = "num_cpus" +version = "1.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05499f3756671c15885fee9034446956fff3f243d6077b91e5767df161f766b3" +dependencies = [ + "hermit-abi", + "libc", +] + +[[package]] +name = "once_cell" +version = "1.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "260e51e7efe62b592207e9e13a68e43692a7a279171d6ba57abd208bf23645ad" + +[[package]] +name = "os_str_bytes" +version = "2.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2ac6fe3538f701e339953a3ebbe4f39941aababa8a3f6964635b24ab526daeac" + +[[package]] +name = "pin-project" +version = "0.4.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2ffbc8e94b38ea3d2d8ba92aea2983b503cd75d0888d75b86bb37970b5698e15" +dependencies = [ + "pin-project-internal", +] + +[[package]] +name = "pin-project-internal" +version = "0.4.27" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "65ad2ae56b6abe3a1ee25f15ee605bacadb9a764edaba9c2bf4103800d4a1895" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "pin-project-lite" +version = "0.1.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282adbf10f2698a7a77f8e983a74b2d18176c19a7fd32a45446139ae7b02b715" + +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" + +[[package]] +name = "pretty_env_logger" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "926d36b9553851b8b0005f1275891b392ee4d2d833852c417ed025477350fb9d" +dependencies = [ + "env_logger", + "log", +] + +[[package]] +name = "proc-macro-error" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" +dependencies = [ + "proc-macro-error-attr", + "proc-macro2", + "quote", + "syn", + "version_check", +] + +[[package]] +name = "proc-macro-error-attr" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" +dependencies = [ + "proc-macro2", + "quote", + "version_check", +] + +[[package]] +name = "proc-macro-hack" +version = "0.5.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99c605b9a0adc77b7211c6b1f722dcb613d68d66859a44f3d485a6da332b0598" + +[[package]] +name = "proc-macro-nested" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eba180dafb9038b050a4c280019bbedf9f2467b61e5d892dcad585bb57aadc5a" + +[[package]] +name = "proc-macro2" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e0704ee1a7e00d7bb417d0770ea303c1bccbabf0ef1667dae92b5967f5f8a71" +dependencies = [ + "unicode-xid", +] + +[[package]] +name = "quick-error" +version = "1.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0" + +[[package]] +name = "quote" +version = "1.0.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "aa563d17ecb180e500da1cfd2b028310ac758de548efdd203e18f283af693f37" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "redox_syscall" +version = "0.1.57" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41cc0f7e4d5d4544e8861606a285bb08d3e70712ccc7d2b84d7c0ccfaf4b05ce" + +[[package]] +name = "regex" +version = "1.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c3780fcf44b193bc4d09f36d2a3c87b251da4a046c87795a0d35f4f927ad8e6" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", + "thread_local", +] + +[[package]] +name = "regex-syntax" +version = "0.6.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26412eb97c6b088a6997e05f69403a802a92d520de2f8e63c2b65f9e0f47c4e8" + +[[package]] +name = "ryu" +version = "1.0.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e" + +[[package]] +name = "serde" +version = "1.0.116" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96fe57af81d28386a513cbc6858332abc6117cfdb5999647c6444b8f43a370a5" + +[[package]] +name = "serde_derive" +version = "1.0.116" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f630a6370fd8e457873b4bd2ffdae75408bc291ba72be773772a4c2a065d9ae8" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.57" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "164eacbdb13512ec2745fb09d51fd5b22b0d65ed294a1dcf7285a360c80a675c" +dependencies = [ + "itoa", + "ryu", + "serde", +] + +[[package]] +name = "signal-hook-registry" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a3e12110bc539e657a646068aaf5eb5b63af9d0c1f7b29c97113fad80e15f035" +dependencies = [ + "arc-swap", + "libc", +] + +[[package]] +name = "slab" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c111b5bd5695e56cffe5129854aa230b39c93a305372fdbb2668ca2394eea9f8" + +[[package]] +name = "socket2" +version = "0.3.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b1fa70dc5c8104ec096f4fe7ede7a221d35ae13dcd19ba1ad9a81d2cab9a1c44" +dependencies = [ + "cfg-if", + "libc", + "redox_syscall", + "winapi 0.3.9", +] + +[[package]] +name = "strsim" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" + +[[package]] +name = "syn" +version = "1.0.44" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e03e57e4fcbfe7749842d53e24ccb9aa12b7252dbe5e91d2acad31834c8b8fdd" +dependencies = [ + "proc-macro2", + "quote", + "unicode-xid", +] + +[[package]] +name = "termcolor" +version = "1.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb6bfa289a4d7c5766392812c0a1f4c1ba45afa1ad47803c11e1f407d846d75f" +dependencies = [ + "winapi-util", +] + +[[package]] +name = "textwrap" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "203008d98caf094106cfaba70acfed15e18ed3ddb7d94e49baec153a2b462789" +dependencies = [ + "unicode-width", +] + +[[package]] +name = "thread_local" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d40c6d1b69745a6ec6fb1ca717914848da4b44ae29d9b3080cbee91d72a69b14" +dependencies = [ + "lazy_static", +] + +[[package]] +name = "tokio" +version = "0.2.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d34ca54d84bf2b5b4d7d31e901a8464f7b60ac145a284fba25ceb801f2ddccd" +dependencies = [ + "bytes", + "fnv", + "futures-core", + "iovec", + "lazy_static", + "libc", + "memchr", + "mio", + "mio-named-pipes", + "mio-uds", + "num_cpus", + "pin-project-lite", + "signal-hook-registry", + "slab", + "tokio-macros", + "winapi 0.3.9", +] + +[[package]] +name = "tokio-macros" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0c3acc6aa564495a0f2e1d59fab677cd7f81a19994cfc7f3ad0e64301560389" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "unicode-segmentation" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e83e153d1053cbb5a118eeff7fd5be06ed99153f00dbcd8ae310c5fb2b22edc0" + +[[package]] +name = "unicode-width" +version = "0.1.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9337591893a19b88d8d87f2cec1e73fad5cdfd10e5a6f349f498ad6ea2ffb1e3" + +[[package]] +name = "unicode-xid" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f7fe0bb3479651439c9112f72b6c505038574c9fbb575ed1bf3b797fa39dd564" + +[[package]] +name = "vec_map" +version = "0.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1bddf1187be692e79c5ffeab891132dfb0f236ed36a43c7ed39f1165ee20191" + +[[package]] +name = "version_check" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5a972e5669d67ba988ce3dc826706fb0a8b01471c088cb0b6110b805cc36aed" + +[[package]] +name = "whoami" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7884773ab69074615cb8f8425d0e53f11710786158704fca70f53e71b0e05504" + +[[package]] +name = "winapi" +version = "0.2.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "167dc9d6949a9b857f3451275e911c3f44255842c1f7a76f33c55103a909087a" + +[[package]] +name = "winapi" +version = "0.3.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" +dependencies = [ + "winapi-i686-pc-windows-gnu", + "winapi-x86_64-pc-windows-gnu", +] + +[[package]] +name = "winapi-build" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d315eee3b34aca4797b2da6b13ed88266e6d612562a0c46390af8299fc699bc" + +[[package]] +name = "winapi-i686-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" + +[[package]] +name = "winapi-util" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" +dependencies = [ + "winapi 0.3.9", +] + +[[package]] +name = "winapi-x86_64-pc-windows-gnu" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "ws2_32-sys" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d59cefebd0c892fa2dd6de581e937301d8552cb44489cdff035c6187cb63fa5e" +dependencies = [ + "winapi 0.2.8", + "winapi-build", +] diff --git a/Cargo.lock.license b/Cargo.lock.license new file mode 100644 index 0000000..9e9897d --- /dev/null +++ b/Cargo.lock.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0
\ No newline at end of file diff --git a/Cargo.toml b/Cargo.toml new file mode 100644 index 0000000..e8474b4 --- /dev/null +++ b/Cargo.toml @@ -0,0 +1,33 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +[package] +name = "deploy-rs" +version = "0.1.0" +authors = ["Serokell <https://serokell.io/>"] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +clap = "3.0.0-beta.2" +tokio = { version = "0.2.22", features = [ "full" ] } +serde_json = "1.0.48" +serde_derive = "1.0.104" +serde = "1.0.104" +merge = "0.1.0" +whoami = "0.9.0" +log = "0.4" +pretty_env_logger = "0.4" +inotify = "0.8" +futures-util = "0.3.6" +fork = "0.1" + +[[bin]] +name = "deploy" +path = "src/main.rs" + +[[bin]] +name = "activate" +path = "src/activate.rs"
\ No newline at end of file @@ -0,0 +1,312 @@ +Mozilla Public License Version 2.0 + + 1. Definitions + +1.1. "Contributor" means each individual or legal entity that creates, contributes +to the creation of, or owns Covered Software. + +1.2. "Contributor Version" means the combination of the Contributions of others +(if any) used by a Contributor and that particular Contributor's Contribution. + + 1.3. "Contribution" means Covered Software of a particular Contributor. + +1.4. "Covered Software" means Source Code Form to which the initial Contributor +has attached the notice in Exhibit A, the Executable Form of such Source Code +Form, and Modifications of such Source Code Form, in each case including portions +thereof. + + 1.5. "Incompatible With Secondary Licenses" means + +(a) that the initial Contributor has attached the notice described in Exhibit +B to the Covered Software; or + +(b) that the Covered Software was made available under the terms of version +1.1 or earlier of the License, but not also under the terms of a Secondary +License. + +1.6. "Executable Form" means any form of the work other than Source Code Form. + +1.7. "Larger Work" means a work that combines Covered Software with other +material, in a separate file or files, that is not Covered Software. + + 1.8. "License" means this document. + +1.9. "Licensable" means having the right to grant, to the maximum extent possible, +whether at the time of the initial grant or subsequently, any and all of the +rights conveyed by this License. + + 1.10. "Modifications" means any of the following: + +(a) any file in Source Code Form that results from an addition to, deletion +from, or modification of the contents of Covered Software; or + +(b) any new file in Source Code Form that contains any Covered Software. + +1.11. "Patent Claims" of a Contributor means any patent claim(s), including +without limitation, method, process, and apparatus claims, in any patent Licensable +by such Contributor that would be infringed, but for the grant of the License, +by the making, using, selling, offering for sale, having made, import, or +transfer of either its Contributions or its Contributor Version. + +1.12. "Secondary License" means either the GNU General Public License, Version +2.0, the GNU Lesser General Public License, Version 2.1, the GNU Affero General +Public License, Version 3.0, or any later versions of those licenses. + +1.13. "Source Code Form" means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") means an individual or a legal entity exercising rights +under this License. For legal entities, "You" includes any entity that controls, +is controlled by, or is under common control with You. For purposes of this +definition, "control" means (a) the power, direct or indirect, to cause the +direction or management of such entity, whether by contract or otherwise, +or (b) ownership of more than fifty percent (50%) of the outstanding shares +or beneficial ownership of such entity. + + 2. License Grants and Conditions + + 2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive +license: + +(a) under intellectual property rights (other than patent or trademark) Licensable +by such Contributor to use, reproduce, make available, modify, display, perform, +distribute, and otherwise exploit its Contributions, either on an unmodified +basis, with Modifications, or as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer for +sale, have made, import, and otherwise transfer either its Contributions or +its Contributor Version. + + 2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution become +effective for each Contribution on the date the Contributor first distributes +such Contribution. + + 2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under this +License. No additional rights or licenses will be implied from the distribution +or licensing of Covered Software under this License. Notwithstanding Section +2.1(b) above, no patent license is granted by a Contributor: + +(a) for any code that a Contributor has removed from Covered Software; or + +(b) for infringements caused by: (i) Your and any other third party's modifications +of Covered Software, or (ii) the combination of its Contributions with other +software (except as part of its Contributor Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of its +Contributions. + +This License does not grant any rights in the trademarks, service marks, or +logos of any Contributor (except as may be necessary to comply with the notice +requirements in Section 3.4). + + 2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to distribute +the Covered Software under a subsequent version of this License (see Section +10.2) or under the terms of a Secondary License (if permitted under the terms +of Section 3.3). + + 2.5. Representation + +Each Contributor represents that the Contributor believes its Contributions +are its original creation(s) or it has sufficient rights to grant the rights +to its Contributions conveyed by this License. + + 2.6. Fair Use + +This License is not intended to limit any rights You have under applicable +copyright doctrines of fair use, fair dealing, or other equivalents. + + 2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in +Section 2.1. + + 3. Responsibilities + + 3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any Modifications +that You create or to which You contribute, must be under the terms of this +License. You must inform recipients that the Source Code Form of the Covered +Software is governed by the terms of this License, and how they can obtain +a copy of this License. You may not attempt to alter or restrict the recipients' +rights in the Source Code Form. + + 3.2. Distribution of Executable Form + + If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code Form, +as described in Section 3.1, and You must inform recipients of the Executable +Form how they can obtain a copy of such Source Code Form by reasonable means +in a timely manner, at a charge no more than the cost of distribution to the +recipient; and + +(b) You may distribute such Executable Form under the terms of this License, +or sublicense it under different terms, provided that the license for the +Executable Form does not attempt to limit or alter the recipients' rights +in the Source Code Form under this License. + + 3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, provided +that You also comply with the requirements of this License for the Covered +Software. If the Larger Work is a combination of Covered Software with a work +governed by one or more Secondary Licenses, and the Covered Software is not +Incompatible With Secondary Licenses, this License permits You to additionally +distribute such Covered Software under the terms of such Secondary License(s), +so that the recipient of the Larger Work may, at their option, further distribute +the Covered Software under the terms of either this License or such Secondary +License(s). + + 3.4. Notices + +You may not remove or alter the substance of any license notices (including +copyright notices, patent notices, disclaimers of warranty, or limitations +of liability) contained within the Source Code Form of the Covered Software, +except that You may alter any license notices to the extent required to remedy +known factual inaccuracies. + + 3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, indemnity +or liability obligations to one or more recipients of Covered Software. However, +You may do so only on Your own behalf, and not on behalf of any Contributor. +You must make it absolutely clear that any such warranty, support, indemnity, +or liability obligation is offered by You alone, and You hereby agree to indemnify +every Contributor for any liability incurred by such Contributor as a result +of warranty, support, indemnity or liability terms You offer. You may include +additional disclaimers of warranty and limitations of liability specific to +any jurisdiction. + + 4. Inability to Comply Due to Statute or Regulation + +If it is impossible for You to comply with any of the terms of this License +with respect to some or all of the Covered Software due to statute, judicial +order, or regulation then You must: (a) comply with the terms of this License +to the maximum extent possible; and (b) describe the limitations and the code +they affect. Such description must be placed in a text file included with +all distributions of the Covered Software under this License. Except to the +extent prohibited by statute or regulation, such description must be sufficiently +detailed for a recipient of ordinary skill to be able to understand it. + + 5. Termination + +5.1. The rights granted under this License will terminate automatically if +You fail to comply with any of its terms. However, if You become compliant, +then the rights granted under this License from a particular Contributor are +reinstated (a) provisionally, unless and until such Contributor explicitly +and finally terminates Your grants, and (b) on an ongoing basis, if such Contributor +fails to notify You of the non-compliance by some reasonable means prior to +60 days after You have come back into compliance. Moreover, Your grants from +a particular Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the first +time You have received notice of non-compliance with this License from such +Contributor, and You become compliant prior to 30 days after Your receipt +of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent infringement +claim (excluding declaratory judgment actions, counter-claims, and cross-claims) +alleging that a Contributor Version directly or indirectly infringes any patent, +then the rights granted to You by any and all Contributors for the Covered +Software under Section 2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all end +user license agreements (excluding distributors and resellers) which have +been validly granted by You or Your distributors under this License prior +to termination shall survive termination. + + 6. Disclaimer of Warranty + +Covered Software is provided under this License on an "as is" basis, without +warranty of any kind, either expressed, implied, or statutory, including, +without limitation, warranties that the Covered Software is free of defects, +merchantable, fit for a particular purpose or non-infringing. The entire risk +as to the quality and performance of the Covered Software is with You. Should +any Covered Software prove defective in any respect, You (not any Contributor) +assume the cost of any necessary servicing, repair, or correction. This disclaimer +of warranty constitutes an essential part of this License. No use of any Covered +Software is authorized under this License except under this disclaimer. + + 7. Limitation of Liability + +Under no circumstances and under no legal theory, whether tort (including +negligence), contract, or otherwise, shall any Contributor, or anyone who +distributes Covered Software as permitted above, be liable to You for any +direct, indirect, special, incidental, or consequential damages of any character +including, without limitation, damages for lost profits, loss of goodwill, +work stoppage, computer failure or malfunction, or any and all other commercial +damages or losses, even if such party shall have been informed of the possibility +of such damages. This limitation of liability shall not apply to liability +for death or personal injury resulting from such party's negligence to the +extent applicable law prohibits such limitation. Some jurisdictions do not +allow the exclusion or limitation of incidental or consequential damages, +so this exclusion and limitation may not apply to You. + + 8. Litigation + +Any litigation relating to this License may be brought only in the courts +of a jurisdiction where the defendant maintains its principal place of business +and such litigation shall be governed by laws of that jurisdiction, without +reference to its conflict-of-law provisions. Nothing in this Section shall +prevent a party's ability to bring cross-claims or counter-claims. + + 9. Miscellaneous + +This License represents the complete agreement concerning the subject matter +hereof. If any provision of this License is held to be unenforceable, such +provision shall be reformed only to the extent necessary to make it enforceable. +Any law or regulation which provides that the language of a contract shall +be construed against the drafter shall not be used to construe this License +against a Contributor. + + 10. Versions of the License + + 10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section 10.3, +no one other than the license steward has the right to modify or publish new +versions of this License. Each version will be given a distinguishing version +number. + + 10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version of +the License under which You originally received the Covered Software, or under +the terms of any subsequent version published by the license steward. + + 10.3. Modified Versions + +If you create software not governed by this License, and you want to create +a new license for such software, you may create and use a modified version +of this License if you rename the license and remove any references to the +name of the license steward (except to note that such modified license differs +from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses + +If You choose to distribute Source Code Form that is Incompatible With Secondary +Licenses under the terms of this version of the License, the notice described +in Exhibit B of this License must be attached. Exhibit A - Source Code Form +License Notice + +This Source Code Form is subject to the terms of the Mozilla Public License, +v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain +one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular file, +then You may include the notice in a location (such as a LICENSE file in a +relevant directory) where a recipient would be likely to look for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice + +This Source Code Form is "Incompatible With Secondary Licenses", as defined +by the Mozilla Public License, v. 2.0. diff --git a/LICENSES/MPL-2.0.txt b/LICENSES/MPL-2.0.txt new file mode 100644 index 0000000..09f2798 --- /dev/null +++ b/LICENSES/MPL-2.0.txt @@ -0,0 +1,312 @@ +Mozilla Public License Version 2.0 + + 1. Definitions + +1.1. "Contributor" means each individual or legal entity that creates, contributes +to the creation of, or owns Covered Software. + +1.2. "Contributor Version" means the combination of the Contributions of others +(if any) used by a Contributor and that particular Contributor's Contribution. + + 1.3. "Contribution" means Covered Software of a particular Contributor. + +1.4. "Covered Software" means Source Code Form to which the initial Contributor +has attached the notice in Exhibit A, the Executable Form of such Source Code +Form, and Modifications of such Source Code Form, in each case including portions +thereof. + + 1.5. "Incompatible With Secondary Licenses" means + +(a) that the initial Contributor has attached the notice described in Exhibit +B to the Covered Software; or + +(b) that the Covered Software was made available under the terms of version +1.1 or earlier of the License, but not also under the terms of a Secondary +License. + +1.6. "Executable Form" means any form of the work other than Source Code Form. + +1.7. "Larger Work" means a work that combines Covered Software with other +material, in a separate file or files, that is not Covered Software. + + 1.8. "License" means this document. + +1.9. "Licensable" means having the right to grant, to the maximum extent possible, +whether at the time of the initial grant or subsequently, any and all of the +rights conveyed by this License. + + 1.10. "Modifications" means any of the following: + +(a) any file in Source Code Form that results from an addition to, deletion +from, or modification of the contents of Covered Software; or + +(b) any new file in Source Code Form that contains any Covered Software. + +1.11. "Patent Claims" of a Contributor means any patent claim(s), including +without limitation, method, process, and apparatus claims, in any patent Licensable +by such Contributor that would be infringed, but for the grant of the License, +by the making, using, selling, offering for sale, having made, import, or +transfer of either its Contributions or its Contributor Version. + +1.12. "Secondary License" means either the GNU General Public License, Version +2.0, the GNU Lesser General Public License, Version 2.1, the GNU Affero General +Public License, Version 3.0, or any later versions of those licenses. + +1.13. "Source Code Form" means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") means an individual or a legal entity exercising rights +under this License. For legal entities, "You" includes any entity that controls, +is controlled by, or is under common control with You. For purposes of this +definition, "control" means (a) the power, direct or indirect, to cause the +direction or management of such entity, whether by contract or otherwise, +or (b) ownership of more than fifty percent (50%) of the outstanding shares +or beneficial ownership of such entity. + + 2. License Grants and Conditions + + 2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive +license: + +(a) under intellectual property rights (other than patent or trademark) Licensable +by such Contributor to use, reproduce, make available, modify, display, perform, +distribute, and otherwise exploit its Contributions, either on an unmodified +basis, with Modifications, or as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer for +sale, have made, import, and otherwise transfer either its Contributions or +its Contributor Version. + + 2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution become +effective for each Contribution on the date the Contributor first distributes +such Contribution. + + 2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under this +License. No additional rights or licenses will be implied from the distribution +or licensing of Covered Software under this License. Notwithstanding Section +2.1(b) above, no patent license is granted by a Contributor: + +(a) for any code that a Contributor has removed from Covered Software; or + +(b) for infringements caused by: (i) Your and any other third party's modifications +of Covered Software, or (ii) the combination of its Contributions with other +software (except as part of its Contributor Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of its +Contributions. + +This License does not grant any rights in the trademarks, service marks, or +logos of any Contributor (except as may be necessary to comply with the notice +requirements in Section 3.4). + + 2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to distribute +the Covered Software under a subsequent version of this License (see Section +10.2) or under the terms of a Secondary License (if permitted under the terms +of Section 3.3). + + 2.5. Representation + +Each Contributor represents that the Contributor believes its Contributions +are its original creation(s) or it has sufficient rights to grant the rights +to its Contributions conveyed by this License. + + 2.6. Fair Use + +This License is not intended to limit any rights You have under applicable +copyright doctrines of fair use, fair dealing, or other equivalents. + + 2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in +Section 2.1. + + 3. Responsibilities + + 3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any Modifications +that You create or to which You contribute, must be under the terms of this +License. You must inform recipients that the Source Code Form of the Covered +Software is governed by the terms of this License, and how they can obtain +a copy of this License. You may not attempt to alter or restrict the recipients' +rights in the Source Code Form. + + 3.2. Distribution of Executable Form + + If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code Form, +as described in Section 3.1, and You must inform recipients of the Executable +Form how they can obtain a copy of such Source Code Form by reasonable means +in a timely manner, at a charge no more than the cost of distribution to the +recipient; and + +(b) You may distribute such Executable Form under the terms of this License, +or sublicense it under different terms, provided that the license for the +Executable Form does not attempt to limit or alter the recipients' rights +in the Source Code Form under this License. + + 3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, provided +that You also comply with the requirements of this License for the Covered +Software. If the Larger Work is a combination of Covered Software with a work +governed by one or more Secondary Licenses, and the Covered Software is not +Incompatible With Secondary Licenses, this License permits You to additionally +distribute such Covered Software under the terms of such Secondary License(s), +so that the recipient of the Larger Work may, at their option, further distribute +the Covered Software under the terms of either this License or such Secondary +License(s). + + 3.4. Notices + +You may not remove or alter the substance of any license notices (including +copyright notices, patent notices, disclaimers of warranty, or limitations +of liability) contained within the Source Code Form of the Covered Software, +except that You may alter any license notices to the extent required to remedy +known factual inaccuracies. + + 3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, indemnity +or liability obligations to one or more recipients of Covered Software. However, +You may do so only on Your own behalf, and not on behalf of any Contributor. +You must make it absolutely clear that any such warranty, support, indemnity, +or liability obligation is offered by You alone, and You hereby agree to indemnify +every Contributor for any liability incurred by such Contributor as a result +of warranty, support, indemnity or liability terms You offer. You may include +additional disclaimers of warranty and limitations of liability specific to +any jurisdiction. + + 4. Inability to Comply Due to Statute or Regulation + +If it is impossible for You to comply with any of the terms of this License +with respect to some or all of the Covered Software due to statute, judicial +order, or regulation then You must: (a) comply with the terms of this License +to the maximum extent possible; and (b) describe the limitations and the code +they affect. Such description must be placed in a text file included with +all distributions of the Covered Software under this License. Except to the +extent prohibited by statute or regulation, such description must be sufficiently +detailed for a recipient of ordinary skill to be able to understand it. + + 5. Termination + +5.1. The rights granted under this License will terminate automatically if +You fail to comply with any of its terms. However, if You become compliant, +then the rights granted under this License from a particular Contributor are +reinstated (a) provisionally, unless and until such Contributor explicitly +and finally terminates Your grants, and (b) on an ongoing basis, if such Contributor +fails to notify You of the non-compliance by some reasonable means prior to +60 days after You have come back into compliance. Moreover, Your grants from +a particular Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the first +time You have received notice of non-compliance with this License from such +Contributor, and You become compliant prior to 30 days after Your receipt +of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent infringement +claim (excluding declaratory judgment actions, counter-claims, and cross-claims) +alleging that a Contributor Version directly or indirectly infringes any patent, +then the rights granted to You by any and all Contributors for the Covered +Software under Section 2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all end +user license agreements (excluding distributors and resellers) which have +been validly granted by You or Your distributors under this License prior +to termination shall survive termination. + + 6. Disclaimer of Warranty + +Covered Software is provided under this License on an "as is" basis, without +warranty of any kind, either expressed, implied, or statutory, including, +without limitation, warranties that the Covered Software is free of defects, +merchantable, fit for a particular purpose or non-infringing. The entire risk +as to the quality and performance of the Covered Software is with You. Should +any Covered Software prove defective in any respect, You (not any Contributor) +assume the cost of any necessary servicing, repair, or correction. This disclaimer +of warranty constitutes an essential part of this License. No use of any Covered +Software is authorized under this License except under this disclaimer. + + 7. Limitation of Liability + +Under no circumstances and under no legal theory, whether tort (including +negligence), contract, or otherwise, shall any Contributor, or anyone who +distributes Covered Software as permitted above, be liable to You for any +direct, indirect, special, incidental, or consequential damages of any character +including, without limitation, damages for lost profits, loss of goodwill, +work stoppage, computer failure or malfunction, or any and all other commercial +damages or losses, even if such party shall have been informed of the possibility +of such damages. This limitation of liability shall not apply to liability +for death or personal injury resulting from such party's negligence to the +extent applicable law prohibits such limitation. Some jurisdictions do not +allow the exclusion or limitation of incidental or consequential damages, +so this exclusion and limitation may not apply to You. + + 8. Litigation + +Any litigation relating to this License may be brought only in the courts +of a jurisdiction where the defendant maintains its principal place of business +and such litigation shall be governed by laws of that jurisdiction, without +reference to its conflict-of-law provisions. Nothing in this Section shall +prevent a party's ability to bring cross-claims or counter-claims. + + 9. Miscellaneous + +This License represents the complete agreement concerning the subject matter +hereof. If any provision of this License is held to be unenforceable, such +provision shall be reformed only to the extent necessary to make it enforceable. +Any law or regulation which provides that the language of a contract shall +be construed against the drafter shall not be used to construe this License +against a Contributor. + + 10. Versions of the License + + 10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section 10.3, +no one other than the license steward has the right to modify or publish new +versions of this License. Each version will be given a distinguishing version +number. + + 10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version of +the License under which You originally received the Covered Software, or under +the terms of any subsequent version published by the license steward. + + 10.3. Modified Versions + +If you create software not governed by this License, and you want to create +a new license for such software, you may create and use a modified version +of this License if you rename the license and remove any references to the +name of the license steward (except to note that such modified license differs +from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses + +If You choose to distribute Source Code Form that is Incompatible With Secondary +Licenses under the terms of this version of the License, the notice described +in Exhibit B of this License must be attached. Exhibit A - Source Code Form +License Notice + +This Source Code Form is subject to the terms of the Mozilla Public License, +v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain +one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular file, +then You may include the notice in a location (such as a LICENSE file in a +relevant directory) where a recipient would be likely to look for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice + +This Source Code Form is "Incompatible With Secondary Licenses", as defined +by the Mozilla Public License, v. 2.0. diff --git a/README.md b/README.md new file mode 100644 index 0000000..f5a6458 --- /dev/null +++ b/README.md @@ -0,0 +1,123 @@ +<!-- +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0 +--> + +# deploy-rs + +A Simple, multi-profile Nix-flake deploy tool. + +**This is very early development software, you should expect to find issues, and things will change** + +## Usage + +Basic usage: `deploy [options] <flake>`. + +The given flake can be just a source `my-flake`, or optionally specify the node to deploy `my-flake#my-node`, or specify a profile too `my-flake#my-node.my-profile`. + +You can try out this tool easily with `nix run`: +- `nix run github:serokell/deploy-rs your-flake` + +If you require a signing key to push closures to your server, specify the path to it in the `LOCAL_KEY` environment variable. + +Check out `deploy --help` for CLI flags! Remember to check there before making one-time changes to things like hostnames. + +There is also an `activate` binary though this should be ignored, it is only used internally and for testing/hacking purposes. + +## API + +### Profile + +This is the core of how `deploy-rs` was designed, any number of these can run on a node, as any user (see further down for specifying user information). If you want to mimick the behaviour of traditional tools like NixOps or Morph, try just defining one `profile` called `system`, as root, containing a nixosSystem, and you can even similarly use [home-manager](https://github.com/nix-community/home-manager) on any non-privileged user. + +```nix +{ + # The command to bootstrap your profile, this is optional + bootstrap = "mkdir xyz"; + + # A derivation containing your required software, and a script to activate it in `${path}/activate` + # For ease of use, `deploy-rs` provides a function to easy all this required activation script to any derivation + path = deploy-rs.lib.x86_64-linux.setActivate pkgs.hello "./bin/hello"; + + # An optional path to where your profile should be installed to, this is useful if you want to use a common profile name across multiple users, but would have conflicts in your node's profile list. + profilePath = "/nix/var/nix/profiles/per-user/someuser/someprofile"; + + # ...generic options... (see lower section) +} +``` + +### Node + +This defines a single node/server, and the profiles you intend it to run. + +```nix +{ + # The hostname of your server, don't worry, this can be overridden at runtime if needed + hostname = "my.server.gov"; + + # An optional list containing the order you want profiles to be deployed. + profilesOrder = [ "something" "system" ]; + + profiles = { + system = {}; # Definition shown above + something = {}; # Definition shown above + }; + + # ...generic options... (see lower section) +} +``` + +### Deploy + +This is the top level attribute containing all of the options for this tool + +```nix +{ + nodes = { + my-node = {}; # Definition shown above + another-node = {}; # Definition shown above + }; + + # ...generic options... (see lower section) +} +``` + +### Generic options + +This is a set of options that can be put in any of the above definitions, with the priority being `profile > node > deploy` + +```nix +{ + sshUser = "admin"; # This is the user that deploy-rs will use when connecting + user = "root"; # This is the user that the profile will be deployed to (will use sudo if not the same as above) + sshOpts = [ "-p" "2121" ]; # These are arguments that will be passed to SSH + fastConnection = false; # Fast connection to the node. If this is true, copy the whole closure instead of letting the node substitute + autoRollback = true; # If the previous profile should be re-activated if activation fails +} +``` + +A stronger definition of the schema is in the [interface directory](./interface), and full working examples Nix expressions/configurations are in the [examples folder](./examples). + +## Idea + +`deploy-rs` is a simple Rust program that will take a Nix flake and use it to deploy any of your defined profiles to your nodes. This is _strongly_ based off of [serokell/deploy](https://github.com/serokell/deploy), designed to replace it and expand upon it. + +This type of design (as opposed to more traditional tools like NixOps or morph) allows for lesser-privileged deployments, and the ability to update different things independently of eachother. + +## Things to work on + +- ~~Ordered profiles~~ +- ~~Automatic rollbacks~~ +- UI (?) +- automatic kexec lustration of servers (maybe) +- Remote health checks +- ~~Rollback on reconnection failure (technically, rollback if not reconnected to)~~ +- Optionally build on remote server + +## About Serokell + +deploy-rs is maintained and funded with ❤️ by [Serokell](https://serokell.io/). +The names and logo for Serokell are trademark of Serokell OÜ. + +We love open source software! See [our other projects](https://serokell.io/community?utm_source=github) or [hire us](https://serokell.io/hire-us?utm_source=github) to design, develop and grow your idea!
\ No newline at end of file diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..73df194 --- /dev/null +++ b/default.nix @@ -0,0 +1,17 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +(import + ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + { + src = ./.; + }).defaultNix diff --git a/examples/simple/flake.lock b/examples/simple/flake.lock new file mode 100644 index 0000000..fc92f40 --- /dev/null +++ b/examples/simple/flake.lock @@ -0,0 +1,115 @@ +{ + "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "naersk": "naersk", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1603740297, + "narHash": "sha256-yeTrA8AaLzDFICApX725gQhKoHNI2TCqWAeOl9axVZE=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "426fb3c489dcbb4ccbf98a3ab6a7fe25e71b95ca", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1600853454, + "narHash": "sha256-EgsgbcJNZ9AQLVhjhfiegGjLbO+StBY9hfKsCwc8Hw8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "94cf59784c73ecec461eaa291918eff0bfb538ac", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "naersk": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1602173141, + "narHash": "sha256-m6wU6lP0wf2OMw3KtJqn27ITtg29+ftciGHicLiVSGE=", + "owner": "nmattia", + "repo": "naersk", + "rev": "22b96210b2433228d42bce460f3befbdcfde7520", + "type": "github" + }, + "original": { + "owner": "nmattia", + "ref": "master", + "repo": "naersk", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1601961544, + "narHash": "sha256-uuh9CkDWkXlXse8IcergqoIM5JffqfQDKsl1uHB7XJI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "89281dd1dfed6839610f0ccad0c0e493606168fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1603739127, + "narHash": "sha256-mdLESpo4jXrAynLp7ypRaqkx6IS1jx2l78f1tg9iiJU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d699505277b99e4698d90563c5eb1b62ba5ba0ea", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "deploy-rs": "deploy-rs", + "nixpkgs": "nixpkgs_2" + } + }, + "utils": { + "locked": { + "lastModified": 1601282935, + "narHash": "sha256-WQAFV6sGGQxrRs3a+/Yj9xUYvhTpukQJIcMbIi7LCJ4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "588973065fce51f4763287f0fda87a174d78bf48", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/examples/simple/flake.lock.license b/examples/simple/flake.lock.license new file mode 100644 index 0000000..9e9897d --- /dev/null +++ b/examples/simple/flake.lock.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0
\ No newline at end of file diff --git a/examples/simple/flake.nix b/examples/simple/flake.nix new file mode 100644 index 0000000..e5003c7 --- /dev/null +++ b/examples/simple/flake.nix @@ -0,0 +1,21 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +{ + description = "Deploy GNU hello to localhost"; + + inputs.deploy-rs.url = "github:serokell/deploy-rs"; + + outputs = { self, nixpkgs, deploy-rs }: { + deploy.nodes.example = { + hostname = "localhost"; + profiles.hello = { + user = "balsoft"; + path = deploy-rs.lib.x86_64-linux.setActivate nixpkgs.legacyPackages.x86_64-linux.hello "./bin/hello"; + }; + }; + + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + }; +} diff --git a/examples/system/README.md b/examples/system/README.md new file mode 100644 index 0000000..daf649a --- /dev/null +++ b/examples/system/README.md @@ -0,0 +1,16 @@ +<!-- +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0 +--> + +# Example nixos system deployment + +This is an example of how to deploy a full nixos system with a separate user unit to a bare machine. + +1. Run bare system from `.#nixosConfigurations.bare` + - `nix build .#nixosConfigurations.bare.config.system.build.vm` + - `QEMU_NET_OPTS=hostfwd=tcp::2221-:22 ./result/bin/run-bare-system-vm` +2. `nix run github:serokell/deploy --prime` +3. ??? +4. PROFIT!!! diff --git a/examples/system/bare.nix b/examples/system/bare.nix new file mode 100644 index 0000000..46ba3b2 --- /dev/null +++ b/examples/system/bare.nix @@ -0,0 +1,10 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +{ + imports = [ ./common.nix ]; + + # Use that when deploy scripts asks you for a hostname + networking.hostName = "bare-system"; +} diff --git a/examples/system/common.nix b/examples/system/common.nix new file mode 100644 index 0000000..83ea225 --- /dev/null +++ b/examples/system/common.nix @@ -0,0 +1,34 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +{ + boot.loader.systemd-boot.enable = true; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/00000000-0000-0000-0000-000000000000"; + fsType = "btrfs"; + }; + + users.users.admin = { + isNormalUser = true; + extraGroups = [ "wheel" "sudo" ]; + password = "123"; + }; + + services.openssh = { enable = true; }; + + # Another option would be root on the server + security.sudo.extraRules = [{ + groups = [ "wheel" ]; + commands = [{ + command = "ALL"; + options = [ "NOPASSWD" ]; + }]; + }]; + + nix.binaryCachePublicKeys = [ + (builtins.readFile ./nix-pub.pem) + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; +} diff --git a/examples/system/configuration.nix b/examples/system/configuration.nix new file mode 100644 index 0000000..6d4234a --- /dev/null +++ b/examples/system/configuration.nix @@ -0,0 +1,15 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +{ + imports = [ ./common.nix ]; + + networking.hostName = "example-nixos-system"; + + users.users.hello = { + isNormalUser = true; + password = ""; + uid = 1010; + }; +} diff --git a/examples/system/flake.lock b/examples/system/flake.lock new file mode 100644 index 0000000..fc92f40 --- /dev/null +++ b/examples/system/flake.lock @@ -0,0 +1,115 @@ +{ + "nodes": { + "deploy-rs": { + "inputs": { + "flake-compat": "flake-compat", + "naersk": "naersk", + "nixpkgs": "nixpkgs", + "utils": "utils" + }, + "locked": { + "lastModified": 1603740297, + "narHash": "sha256-yeTrA8AaLzDFICApX725gQhKoHNI2TCqWAeOl9axVZE=", + "owner": "serokell", + "repo": "deploy-rs", + "rev": "426fb3c489dcbb4ccbf98a3ab6a7fe25e71b95ca", + "type": "github" + }, + "original": { + "owner": "serokell", + "repo": "deploy-rs", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1600853454, + "narHash": "sha256-EgsgbcJNZ9AQLVhjhfiegGjLbO+StBY9hfKsCwc8Hw8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "94cf59784c73ecec461eaa291918eff0bfb538ac", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "naersk": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1602173141, + "narHash": "sha256-m6wU6lP0wf2OMw3KtJqn27ITtg29+ftciGHicLiVSGE=", + "owner": "nmattia", + "repo": "naersk", + "rev": "22b96210b2433228d42bce460f3befbdcfde7520", + "type": "github" + }, + "original": { + "owner": "nmattia", + "ref": "master", + "repo": "naersk", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1601961544, + "narHash": "sha256-uuh9CkDWkXlXse8IcergqoIM5JffqfQDKsl1uHB7XJI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "89281dd1dfed6839610f0ccad0c0e493606168fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1603739127, + "narHash": "sha256-mdLESpo4jXrAynLp7ypRaqkx6IS1jx2l78f1tg9iiJU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d699505277b99e4698d90563c5eb1b62ba5ba0ea", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "root": { + "inputs": { + "deploy-rs": "deploy-rs", + "nixpkgs": "nixpkgs_2" + } + }, + "utils": { + "locked": { + "lastModified": 1601282935, + "narHash": "sha256-WQAFV6sGGQxrRs3a+/Yj9xUYvhTpukQJIcMbIi7LCJ4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "588973065fce51f4763287f0fda87a174d78bf48", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/examples/system/flake.lock.license b/examples/system/flake.lock.license new file mode 100644 index 0000000..9e9897d --- /dev/null +++ b/examples/system/flake.lock.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0
\ No newline at end of file diff --git a/examples/system/flake.nix b/examples/system/flake.nix new file mode 100644 index 0000000..021f9db --- /dev/null +++ b/examples/system/flake.nix @@ -0,0 +1,46 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +{ + description = "Deploy a full system with hello service as a separate profile"; + + inputs.deploy-rs.url = "github:serokell/deploy-rs"; + + outputs = { self, nixpkgs, deploy-rs }: { + nixosConfigurations.example-nixos-system = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ ./configuration.nix ]; + }; + + nixosConfigurations.bare = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = + [ ./bare.nix "${nixpkgs}/nixos/modules/virtualisation/qemu-vm.nix" ]; + }; + + # This is the application we actually want to run + defaultPackage.x86_64-linux = import ./hello.nix nixpkgs; + + deploy.nodes.example = { + sshOpts = [ "-p" "2221" ]; + hostname = "localhost"; + fastConnection = true; + profiles = { + system = { + sshUser = "admin"; + path = + deploy-rs.lib.x86_64-linux.setActivate self.nixosConfigurations.example-nixos-system.config.system.build.toplevel "./bin/switch-to-configuration switch"; + user = "root"; + }; + hello = { + sshUser = "hello"; + path = deploy-rs.lib.x86_64-linux.setActivate self.defaultPackage.x86_64-linux "./bin/activate"; + user = "hello"; + }; + }; + }; + + checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + }; +} diff --git a/examples/system/hello.nix b/examples/system/hello.nix new file mode 100644 index 0000000..df57308 --- /dev/null +++ b/examples/system/hello.nix @@ -0,0 +1,30 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +nixpkgs: +let + pkgs = nixpkgs.legacyPackages.x86_64-linux; + generateSystemd = type: name: config: + (nixpkgs.lib.nixosSystem { + modules = [{ systemd."${type}s".${name} = config; }]; + system = "x86_64-linux"; + }).config.systemd.units."${name}.${type}".text; + + mkService = generateSystemd "service"; + + service = pkgs.writeTextFile { + name = "hello.service"; + text = mkService "hello" { + unitConfig.WantedBy = [ "multi-user.target" ]; + path = [ pkgs.hello ]; + script = "hello"; + }; + }; +in pkgs.writeShellScriptBin "activate" '' + mkdir -p $HOME/.config/systemd/user + rm $HOME/.config/systemd/user/hello.service + ln -s ${service} $HOME/.config/systemd/user/hello.service + systemctl --user daemon-reload + systemctl --user restart hello +'' diff --git a/examples/system/nix-pub.pem b/examples/system/nix-pub.pem new file mode 100644 index 0000000..926f44c --- /dev/null +++ b/examples/system/nix-pub.pem @@ -0,0 +1 @@ +cache.example.com:ic28PY7OIOQtoU282iaiizvA5WIOtYx5h6c9ePn3hDQ=
\ No newline at end of file diff --git a/examples/system/nix-pub.pem.license b/examples/system/nix-pub.pem.license new file mode 100644 index 0000000..9e9897d --- /dev/null +++ b/examples/system/nix-pub.pem.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0
\ No newline at end of file diff --git a/examples/system/nix.key b/examples/system/nix.key new file mode 100644 index 0000000..9157587 --- /dev/null +++ b/examples/system/nix.key @@ -0,0 +1 @@ +cache.example.com:dPNdwv04QPIEpcWnGioZmX9dvaGe7GCo7BZJFymDBnSJzbw9js4g5C2hTbzaJqKLO8DlYg61jHmHpz14+feENA==
\ No newline at end of file diff --git a/examples/system/nix.key.license b/examples/system/nix.key.license new file mode 100644 index 0000000..9e9897d --- /dev/null +++ b/examples/system/nix.key.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0
\ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..c9e4ff3 --- /dev/null +++ b/flake.lock @@ -0,0 +1,82 @@ +{ + "nodes": { + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1600853454, + "narHash": "sha256-EgsgbcJNZ9AQLVhjhfiegGjLbO+StBY9hfKsCwc8Hw8=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "94cf59784c73ecec461eaa291918eff0bfb538ac", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "naersk": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1602173141, + "narHash": "sha256-m6wU6lP0wf2OMw3KtJqn27ITtg29+ftciGHicLiVSGE=", + "owner": "nmattia", + "repo": "naersk", + "rev": "22b96210b2433228d42bce460f3befbdcfde7520", + "type": "github" + }, + "original": { + "owner": "nmattia", + "ref": "master", + "repo": "naersk", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1601961544, + "narHash": "sha256-uuh9CkDWkXlXse8IcergqoIM5JffqfQDKsl1uHB7XJI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "89281dd1dfed6839610f0ccad0c0e493606168fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-compat": "flake-compat", + "naersk": "naersk", + "nixpkgs": "nixpkgs", + "utils": "utils" + } + }, + "utils": { + "locked": { + "lastModified": 1601282935, + "narHash": "sha256-WQAFV6sGGQxrRs3a+/Yj9xUYvhTpukQJIcMbIi7LCJ4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "588973065fce51f4763287f0fda87a174d78bf48", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.lock.license b/flake.lock.license new file mode 100644 index 0000000..9e9897d --- /dev/null +++ b/flake.lock.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0
\ No newline at end of file diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..fe24754 --- /dev/null +++ b/flake.nix @@ -0,0 +1,76 @@ +# SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +# +# SPDX-License-Identifier: MPL-2.0 + +{ + description = "A Simple multi-profile Nix-flake deploy tool."; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + naersk = { + url = "github:nmattia/naersk/master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + utils.url = "github:numtide/flake-utils"; + flake-compat = { + url = "github:edolstra/flake-compat"; + flake = false; + }; + }; + + outputs = { self, nixpkgs, utils, naersk, ... }: + utils.lib.eachDefaultSystem (system: + let + pkgs = import nixpkgs { inherit system; }; + naersk-lib = pkgs.callPackage naersk { }; + in + { + defaultPackage = self.packages."${system}".deploy-rs; + packages.deploy-rs = naersk-lib.buildPackage ./.; + + defaultApp = self.apps."${system}".deploy-rs; + apps.deploy-rs = { + type = "app"; + program = "${self.defaultPackage."${system}"}/bin/deploy"; + }; + + lib = rec { + setActivate = base: activate: pkgs.buildEnv { + name = ("activatable-" + base.name); + paths = [ + base + (pkgs.writeTextFile { + name = base.name + "-activate-path"; + text = '' + #!${pkgs.runtimeShell} + ${activate} + ''; + executable = true; + destination = "/deploy-rs-activate"; + }) + ]; + }; + + # DEPRECATED + checkSchema = checks.schema; + + deployChecks = deploy: builtins.mapAttrs (_: check: check deploy) checks; + + checks = { + schema = deploy: pkgs.runCommandNoCC "jsonschema-deploy-system" { } '' + ${pkgs.python3.pkgs.jsonschema}/bin/jsonschema -i ${pkgs.writeText "deploy.json" (builtins.toJSON deploy)} ${./interface/deploy.json} && touch $out + ''; + + activate = deploy: + let + allPaths = pkgs.lib.flatten (pkgs.lib.mapAttrsToList (nodeName: node: pkgs.lib.mapAttrsToList (profileName: profile: profile.path) node.profiles) deploy.nodes); + in + pkgs.runCommandNoCC "deploy-rs-check-activate" { } '' + for i in ${builtins.concatStringsSep " " allPaths}; do test -f "$i/deploy-rs-activate" || (echo "A profile path is missing an activation script" && exit 1); done + + touch $out + ''; + }; + }; + }); +} diff --git a/interface/README.md b/interface/README.md new file mode 100644 index 0000000..f61a69f --- /dev/null +++ b/interface/README.md @@ -0,0 +1,39 @@ +<!-- +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0 +--> + +A flake must have a `deploy` output with the following structure: + +``` +deploy +├── <generic args> +└── nodes + ├── <NODE> + │ ├── <generic args> + │ ├── hostname + │ ├── profilesOrder + │ └── profiles + │ ├── <PROFILE> + │ │ ├── <generic args> + │ │ ├── bootstrap + │ │ ├── profilePath + │ │ └── path + │ └── <PROFILE>... + └── <NODE>... +``` + +Where `<generic args>` are all optional and can be one or multiple of: + +- `sshUser` -- user to connect as +- `user` -- user to install and activate profiles with +- `sshOpts` -- options passed to `nix copy` and `ssh` +- `fastConnection` -- whether the connection from this host to the target one is fast (if it is, don't substitute on target and copy the entire closure) [default: `false`] +- `autoRollback` -- whether to roll back when the deployment fails [default: `false`] + +A formal definition for the structure can be found in [the JSON schema](./deploy.json) + +For every profile of every node, arguments are merged with `<PROFILE>` taking precedence over `<NODE>` and `<NODE>` taking precedence over top-level. + +Certain read values can be overridden by supplying flags to the deploy binary, for example `deploy --auto-rollback true .` will enable automatic rollback for all nodes being deployed to, regardless of settings.
\ No newline at end of file diff --git a/interface/deploy.json b/interface/deploy.json new file mode 100644 index 0000000..fa45e50 --- /dev/null +++ b/interface/deploy.json @@ -0,0 +1,117 @@ +{ + "$schema": "http://json-schema.org/draft/2019-09/schema#", + "title": "Deploy", + "description": "Matches a correct deploy attribute of a flake", + "definitions": { + "generic_settings": { + "type": "object", + "properties": { + "sshUser": { + "type": "string" + }, + "user": { + "type": "string" + }, + "sshOpts": { + "type": "array", + "items": { + "type": "string" + } + }, + "fastConnection": { + "type": "boolean" + }, + "autoRollback": { + "type": "boolean" + }, + "magicRollback": { + "type": "boolean" + }, + "confirmTimeout": { + "type": "integer" + }, + "tempPath": { + "type": "string" + } + } + }, + "node_settings": { + "type": "object", + "properties": { + "hostname": { + "type": "string" + }, + "profilesOrder": { + "type": "array", + "items": { + "type": "string" + }, + "uniqueItems": true + }, + "profiles": { + "type": "object", + "patternProperties": { + "[A-z][A-z0-9_-]*": { + "allOf": [ + { + "$ref": "#/definitions/generic_settings" + }, + { + "$ref": "#/definitions/profile_settings" + } + ] + } + }, + "additionalProperties": false + } + }, + "required": [ + "hostname" + ] + }, + "profile_settings": { + "type": "object", + "properties": { + "path": { + "type": "string" + }, + "bootstrap": { + "type": "string" + }, + "profilePath": { + "type": "string" + } + }, + "required": [ + "path" + ] + } + }, + "type": "object", + "allOf": [ + { + "$ref": "#/definitions/generic_settings" + }, + { + "type": "object", + "properties": { + "nodes": { + "type": "object", + "patternProperties": { + "[A-z][A-z0-9_-]*": { + "allOf": [ + { + "$ref": "#/definitions/generic_settings" + }, + { + "$ref": "#/definitions/node_settings" + } + ] + } + }, + "additionalProperties": false + } + } + } + ] +}
\ No newline at end of file diff --git a/interface/deploy.json.license b/interface/deploy.json.license new file mode 100644 index 0000000..9e9897d --- /dev/null +++ b/interface/deploy.json.license @@ -0,0 +1,3 @@ +SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> + +SPDX-License-Identifier: MPL-2.0
\ No newline at end of file diff --git a/src/activate.rs b/src/activate.rs new file mode 100644 index 0000000..4fdb59c --- /dev/null +++ b/src/activate.rs @@ -0,0 +1,303 @@ +// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +// +// SPDX-License-Identifier: MPL-2.0 + +use clap::Clap; + +use futures_util::FutureExt; +use std::process::Stdio; +use tokio::fs; +use tokio::process::Command; +use tokio::time::timeout; + +use std::time::Duration; + +use futures_util::StreamExt; + +use std::path::Path; + +use inotify::Inotify; + +extern crate pretty_env_logger; +#[macro_use] +extern crate log; + +#[macro_use] +extern crate serde_derive; + +#[macro_use] +mod utils; + +/// Activation portion of the simple Rust Nix deploy tool +#[derive(Clap, Debug)] +#[clap(version = "1.0", author = "notgne2 <gen2@gen2.space>")] +struct Opts { + profile_path: String, + closure: String, + + /// Temp path for any temporary files that may be needed during activation + #[clap(long)] + temp_path: String, + + /// Maximum time to wait for confirmation after activation + #[clap(long)] + confirm_timeout: u16, + + /// Wait for confirmation after deployment and rollback if not confirmed + #[clap(long)] + magic_rollback: bool, + + /// Command for bootstrapping + #[clap(long)] + bootstrap_cmd: Option<String>, + + /// Auto rollback if failure + #[clap(long)] + auto_rollback: bool, +} + +pub async fn deactivate(profile_path: &str) -> Result<(), Box<dyn std::error::Error>> { + error!("De-activating due to error"); + + let nix_env_rollback_exit_status = Command::new("nix-env") + .arg("-p") + .arg(&profile_path) + .arg("--rollback") + .stdout(Stdio::null()) + .stderr(Stdio::null()) + .status() + .await?; + + if !nix_env_rollback_exit_status.success() { + good_panic!("`nix-env --rollback` failed"); + } + + debug!("Listing generations"); + + let nix_env_list_generations_out = Command::new("nix-env") + .arg("-p") + .arg(&profile_path) + .arg("--list-generations") + .output() + .await?; + + if !nix_env_list_generations_out.status.success() { + good_panic!("Listing `nix-env` generations failed"); + } + + let generations_list = String::from_utf8(nix_env_list_generations_out.stdout)?; + + let last_generation_line = generations_list + .lines() + .last() + .expect("Expected to find a generation in list"); + + let last_generation_id = last_generation_line + .split_whitespace() + .next() + .expect("Expected to get ID from generation entry"); + + debug!("Removing generation entry {}", last_generation_line); + warn!("Removing generation by ID {}", last_generation_id); + + let nix_env_delete_generation_exit_status = Command::new("nix-env") + .arg("-p") + .arg(&profile_path) + .arg("--delete-generations") + .arg(last_generation_id) + .stdout(Stdio::null()) + .stderr(Stdio::null()) + .status() + .await?; + + if !nix_env_delete_generation_exit_status.success() { + good_panic!("Failed to delete failed generation"); + } + + info!("Attempting to re-activate the last generation"); + + let re_activate_exit_status = Command::new(format!("{}/deploy-rs-activate", profile_path)) + .env("PROFILE", &profile_path) + .current_dir(&profile_path) + .status() + .await?; + + if !re_activate_exit_status.success() { + good_panic!("Failed to re-activate the last generation"); + } + + Ok(()) +} + +async fn deactivate_on_err<A, B: core::fmt::Debug>(profile_path: &str, r: Result<A, B>) -> A { + match r { + Ok(x) => x, + Err(err) => { + error!("Deactivating due to error: {:?}", err); + match deactivate(profile_path).await { + Ok(_) => (), + Err(err) => { + error!("Error de-activating, uh-oh: {:?}", err); + } + }; + + std::process::exit(1); + } + } +} + +pub async fn activation_confirmation( + profile_path: String, + temp_path: String, + confirm_timeout: u16, + closure: String, +) -> Result<(), Box<dyn std::error::Error>> { + let lock_hash = &closure[11 /* /nix/store/ */ ..]; + let lock_path = format!("{}/activating-{}", temp_path, lock_hash); + + if let Some(parent) = Path::new(&lock_path).parent() { + fs::create_dir_all(parent).await?; + } + + fs::File::create(&lock_path).await?; + + let mut inotify = Inotify::init()?; + inotify.add_watch(lock_path, inotify::WatchMask::DELETE)?; + + match fork::daemon(false, false).map_err(|x| x.to_string())? { + fork::Fork::Child => { + std::thread::spawn(move || { + let mut rt = tokio::runtime::Runtime::new().unwrap(); + + rt.block_on(async move { + info!("Waiting for confirmation event..."); + + let mut buffer = [0; 32]; + let mut stream = + deactivate_on_err(&profile_path, inotify.event_stream(&mut buffer)).await; + + deactivate_on_err( + &profile_path, + deactivate_on_err( + &profile_path, + deactivate_on_err( + &profile_path, + timeout(Duration::from_secs(confirm_timeout as u64), stream.next()) + .await, + ) + .await + .ok_or("Watcher ended prematurely"), + ) + .await, + ) + .await; + }); + }) + .join() + .unwrap(); + + info!("Confirmation successful!"); + + std::process::exit(0); + } + fork::Fork::Parent(_) => { + std::process::exit(0); + } + } +} + +pub async fn activate( + profile_path: String, + closure: String, + bootstrap_cmd: Option<String>, + auto_rollback: bool, + temp_path: String, + confirm_timeout: u16, + magic_rollback: bool, +) -> Result<(), Box<dyn std::error::Error>> { + info!("Activating profile"); + + let nix_env_set_exit_status = Command::new("nix-env") + .arg("-p") + .arg(&profile_path) + .arg("--set") + .arg(&closure) + .stdout(Stdio::null()) + .status() + .await?; + + if !nix_env_set_exit_status.success() { + good_panic!("Failed to update nix-env generation"); + } + + if let (Some(bootstrap_cmd), false) = (bootstrap_cmd, !Path::new(&profile_path).exists()) { + let bootstrap_status = Command::new("bash") + .arg("-c") + .arg(&bootstrap_cmd) + .env("PROFILE", &profile_path) + .stdout(Stdio::null()) + .stderr(Stdio::null()) + .status() + .await; + + match bootstrap_status { + Ok(s) if s.success() => (), + _ => { + tokio::fs::remove_file(&profile_path).await?; + good_panic!("Failed to execute bootstrap command"); + } + } + } + + let activate_status = Command::new(format!("{}/deploy-rs-activate", profile_path)) + .env("PROFILE", &profile_path) + .current_dir(&profile_path) + .status() + .await; + + let activate_status_all = match activate_status { + Ok(s) if s.success() => Ok(()), + Ok(_) => Err(std::io::Error::new(std::io::ErrorKind::Other, "Activation did not succeed")), + Err(x) => Err(x), + }; + + deactivate_on_err(&profile_path, activate_status_all).await; + + info!("Activation succeeded!"); + + if magic_rollback { + info!("Performing activation confirmation steps"); + deactivate_on_err( + &profile_path, + activation_confirmation(profile_path.clone(), temp_path, confirm_timeout, closure) + .await, + ) + .await; + } + + Ok(()) +} + +#[tokio::main] +async fn main() -> Result<(), Box<dyn std::error::Error>> { + if std::env::var("DEPLOY_LOG").is_err() { + std::env::set_var("DEPLOY_LOG", "info"); + } + + pretty_env_logger::init_custom_env("DEPLOY_LOG"); + + let opts: Opts = Opts::parse(); + + activate( + opts.profile_path, + opts.closure, + opts.bootstrap_cmd, + opts.auto_rollback, + opts.temp_path, + opts.confirm_timeout, + opts.magic_rollback, + ) + .await?; + + Ok(()) +} diff --git a/src/main.rs b/src/main.rs new file mode 100644 index 0000000..5dc6bb9 --- /dev/null +++ b/src/main.rs @@ -0,0 +1,439 @@ +// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +// +// SPDX-License-Identifier: MPL-2.0 + +use clap::Clap; + +use std::process::Stdio; +use tokio::process::Command; + +use merge::Merge; + +extern crate pretty_env_logger; + +#[macro_use] +extern crate log; + +#[macro_use] +extern crate serde_derive; + +#[macro_use] +mod utils; + +/// Simple Rust rewrite of a simple Nix Flake deployment tool +#[derive(Clap, Debug)] +#[clap(version = "1.0", author = "Serokell <https://serokell.io/>")] +struct Opts { + /// The flake to deploy + #[clap(default_value = ".")] + flake: String, + /// Check signatures when using `nix copy` + #[clap(short, long)] + checksigs: bool, + /// Extra arguments to be passed to nix build + extra_build_args: Vec<String>, + + /// Keep the build outputs of each built profile + #[clap(short, long)] + keep_result: bool, + /// Location to keep outputs from built profiles in + #[clap(short, long)] + result_path: Option<String>, + + /// Skip the automatic pre-build checks + #[clap(short, long)] + skip_checks: bool, + + /// Override the SSH user with the given value + #[clap(long)] + ssh_user: Option<String>, + /// Override the profile user with the given value + #[clap(long)] + profile_user: Option<String>, + /// Override the SSH options used + #[clap(long)] + ssh_opts: Option<String>, + /// Override if the connecting to the target node should be considered fast + #[clap(long)] + fast_connection: Option<bool>, + /// Override if a rollback should be attempted if activation fails + #[clap(long)] + auto_rollback: Option<bool>, + /// Override hostname used for the node + #[clap(long)] + hostname: Option<String>, + /// Make activation wait for confirmation, or roll back after a period of time + #[clap(long)] + magic_rollback: Option<bool>, + /// How long activation should wait for confirmation (if using magic-rollback) + #[clap(long)] + confirm_timeout: Option<u16>, + /// Where to store temporary files (only used by magic-rollback) + #[clap(long)] + temp_path: Option<String>, +} + +async fn push_all_profiles( + node: &utils::data::Node, + node_name: &str, + supports_flakes: bool, + repo: &str, + top_settings: &utils::data::GenericSettings, + check_sigs: bool, + cmd_overrides: &utils::CmdOverrides, + keep_result: bool, + result_path: Option<&str>, +) -> Result<(), Box<dyn std::error::Error>> { + info!("Pushing all profiles for `{}`", node_name); + + let mut profiles_list: Vec<&str> = node + .node_settings + .profiles_order + .iter() + .map(|x| x.as_ref()) + .collect(); + + // Add any profiles which weren't in the provided order list + for profile_name in node.node_settings.profiles.keys() { + if !profiles_list.contains(&profile_name.as_str()) { + profiles_list.push(&profile_name); + } + } + + for profile_name in profiles_list { + let profile = match node.node_settings.profiles.get(profile_name) { + Some(x) => x, + None => good_panic!("No profile was found named `{}`", profile_name), + }; + + let mut merged_settings = top_settings.clone(); + merged_settings.merge(node.generic_settings.clone()); + merged_settings.merge(profile.generic_settings.clone()); + + let deploy_data = utils::make_deploy_data( + top_settings, + node, + node_name, + profile, + profile_name, + cmd_overrides, + )?; + + let deploy_defs = deploy_data.defs(); + + utils::push::push_profile( + supports_flakes, + check_sigs, + repo, + &deploy_data, + &deploy_defs, + keep_result, + result_path, + ) + .await?; + } + + Ok(()) +} + +#[inline] +async fn deploy_all_profiles( + node: &utils::data::Node, + node_name: &str, + top_settings: &utils::data::GenericSettings, + cmd_overrides: &utils::CmdOverrides, +) -> Result<(), Box<dyn std::error::Error>> { + info!("Deploying all profiles for `{}`", node_name); + + let mut profiles_list: Vec<&str> = node + .node_settings + .profiles_order + .iter() + .map(|x| x.as_ref()) + .collect(); + + // Add any profiles which weren't in the provided order list + for profile_name in node.node_settings.profiles.keys() { + if !profiles_list.contains(&profile_name.as_str()) { + profiles_list.push(&profile_name); + } + } + + for profile_name in profiles_list { + let profile = match node.node_settings.profiles.get(profile_name) { + Some(x) => x, + None => good_panic!("No profile was found named `{}`", profile_name), + }; + + let mut merged_settings = top_settings.clone(); + merged_settings.merge(node.generic_settings.clone()); + merged_settings.merge(profile.generic_settings.clone()); + + let deploy_data = utils::make_deploy_data( + top_settings, + node, + node_name, + profile, + profile_name, + cmd_overrides, + )?; + + let deploy_defs = deploy_data.defs(); + + utils::deploy::deploy_profile(&deploy_data, &deploy_defs).await?; + } + + Ok(()) +} + +/// Returns if the available Nix installation supports flakes +#[inline] +async fn test_flake_support() -> Result<bool, Box<dyn std::error::Error>> { + debug!("Checking for flake support"); + + Ok(Command::new("nix") + .arg("eval") + .arg("--expr") + .arg("builtins.getFlake") + .stdout(Stdio::null()) + .stderr(Stdio::null()) + .status() + .await? + .success()) +} + +async fn check_deployment(supports_flakes: bool, repo: &str, extra_build_args: &[String]) -> () { + info!("Running checks for flake in {}", repo); + + let mut c = match supports_flakes { + true => Command::new("nix"), + false => Command::new("nix-build"), + }; + + let mut check_command = match supports_flakes { + true => { + c.arg("flake") + .arg("check") + .arg(repo) + } + false => { + c.arg("-E") + .arg("--no-out-link") + .arg(format!("let r = import {}/.; in (if builtins.isFunction r then (r {{}}) else r).checks.${{builtins.currentSystem}}", repo)) + } + }; + + for extra_arg in extra_build_args { + check_command = check_command.arg(extra_arg); + } + + let check_status = match check_command.status().await { + Ok(x) => x, + Err(err) => good_panic!("Error running checks for the given flake repo: {:?}", err), + }; + + if !check_status.success() { + good_panic!("Checks failed for the given flake repo"); + } + + () +} + +/// Evaluates the Nix in the given `repo` and return the processed Data from it +async fn get_deployment_data( + supports_flakes: bool, + repo: &str, + extra_build_args: &[String], +) -> Result<utils::data::Data, Box<dyn std::error::Error>> { + info!("Evaluating flake in {}", repo); + + let mut c = match supports_flakes { + true => Command::new("nix"), + false => Command::new("nix-instantiate"), + }; + + let mut build_command = match supports_flakes { + true => { + c.arg("eval") + .arg("--json") + .arg(format!("{}#deploy", repo)) + } + false => { + c + .arg("--strict") + .arg("--read-write-mode") + .arg("--json") + .arg("--eval") + .arg("-E") + .arg(format!("let r = import {}/.; in if builtins.isFunction r then (r {{}}).deploy else r.deploy", repo)) + } + }; + + for extra_arg in extra_build_args { + build_command = build_command.arg(extra_arg); + } + + let build_child = build_command.stdout(Stdio::piped()).spawn()?; + + let build_output = build_child.wait_with_output().await?; + + if !build_output.status.success() { + good_panic!( + "Error building deploy props for the provided flake: {}", + repo + ); + } + + let data_json = String::from_utf8(build_output.stdout)?; + + Ok(serde_json::from_str(&data_json)?) +} + +async fn run_deploy( + deploy_flake: utils::DeployFlake<'_>, + data: utils::data::Data, + supports_flakes: bool, + check_sigs: bool, + cmd_overrides: utils::CmdOverrides, + keep_result: bool, + result_path: Option<&str>, +) -> Result<(), Box<dyn std::error::Error>> { + match (deploy_flake.node, deploy_flake.profile) { + (Some(node_name), Some(profile_name)) => { + let node = match data.nodes.get(node_name) { + Some(x) => x, + None => good_panic!("No node was found named `{}`", node_name), + }; + let profile = match node.node_settings.profiles.get(profile_name) { + Some(x) => x, + None => good_panic!("No profile was found named `{}`", profile_name), + }; + + let deploy_data = utils::make_deploy_data( + &data.generic_settings, + node, + node_name, + profile, + profile_name, + &cmd_overrides, + )?; + + let deploy_defs = deploy_data.defs(); + + utils::push::push_profile( + supports_flakes, + check_sigs, + deploy_flake.repo, + &deploy_data, + &deploy_defs, + keep_result, + result_path, + ) + .await?; + + utils::deploy::deploy_profile(&deploy_data, &deploy_defs).await?; + } + (Some(node_name), None) => { + let node = match data.nodes.get(node_name) { + Some(x) => x, + None => good_panic!("No node was found named `{}`", node_name), + }; + + push_all_profiles( + node, + node_name, + supports_flakes, + deploy_flake.repo, + &data.generic_settings, + check_sigs, + &cmd_overrides, + keep_result, + result_path, + ) + .await?; + + deploy_all_profiles(node, node_name, &data.generic_settings, &cmd_overrides).await?; + } + (None, None) => { + info!("Deploying all profiles on all nodes"); + + for (node_name, node) in &data.nodes { + push_all_profiles( + node, + node_name, + supports_flakes, + deploy_flake.repo, + &data.generic_settings, + check_sigs, + &cmd_overrides, + keep_result, + result_path, + ) + .await?; + } + + for (node_name, node) in &data.nodes { + deploy_all_profiles(node, node_name, &data.generic_settings, &cmd_overrides) + .await?; + } + } + (None, Some(_)) => { + good_panic!("Profile provided without a node, this is not (currently) supported") + } + }; + + Ok(()) +} + +#[tokio::main] +async fn main() -> Result<(), Box<dyn std::error::Error>> { + if std::env::var("DEPLOY_LOG").is_err() { + std::env::set_var("DEPLOY_LOG", "info"); + } + + pretty_env_logger::init_custom_env("DEPLOY_LOG"); + + let opts: Opts = Opts::parse(); + + let deploy_flake = utils::parse_flake(opts.flake.as_str()); + + let cmd_overrides = utils::CmdOverrides { + ssh_user: opts.ssh_user, + profile_user: opts.profile_user, + ssh_opts: opts.ssh_opts, + fast_connection: opts.fast_connection, + auto_rollback: opts.auto_rollback, + hostname: opts.hostname, + magic_rollback: opts.magic_rollback, + temp_path: opts.temp_path, + confirm_timeout: opts.confirm_timeout, + }; + + let supports_flakes = test_flake_support().await?; + + if !supports_flakes { + warn!("A Nix version without flakes support was detected, support for this is work in progress"); + } + + if !opts.skip_checks { + check_deployment(supports_flakes, deploy_flake.repo, &opts.extra_build_args).await; + } + + let data = + get_deployment_data(supports_flakes, deploy_flake.repo, &opts.extra_build_args).await?; + + let result_path = opts.result_path.as_deref(); + + run_deploy( + deploy_flake, + data, + supports_flakes, + opts.checksigs, + cmd_overrides, + opts.keep_result, + result_path, + ) + .await?; + + Ok(()) +} diff --git a/src/utils/data.rs b/src/utils/data.rs new file mode 100644 index 0000000..6cf2c5a --- /dev/null +++ b/src/utils/data.rs @@ -0,0 +1,74 @@ +// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +// +// SPDX-License-Identifier: MPL-2.0 + +use merge::Merge; + +use std::collections::HashMap; + +#[derive(Deserialize, Debug, Clone, Merge)] +pub struct GenericSettings { + #[serde(rename(deserialize = "sshUser"))] + pub ssh_user: Option<String>, + pub user: Option<String>, + #[serde( + skip_serializing_if = "Vec::is_empty", + default, + rename(deserialize = "sshOpts") + )] + #[merge(strategy = merge::vec::append)] + pub ssh_opts: Vec<String>, + #[serde(rename(deserialize = "fastConnection"))] + pub fast_connection: Option<bool>, + #[serde(rename(deserialize = "autoRollback"))] + pub auto_rollback: Option<bool>, + #[serde(rename(deserialize = "confirmTimeout"))] + pub confirm_timeout: Option<u16>, + #[serde(rename(deserialize = "tempPath"))] + pub temp_path: Option<String>, + #[serde(rename(deserialize = "magicRollback"))] + pub magic_rollback: Option<bool>, +} + +#[derive(Deserialize, Debug, Clone)] +pub struct NodeSettings { + pub hostname: String, + pub profiles: HashMap<String, Profile>, + #[serde( + skip_serializing_if = "Vec::is_empty", + default, + rename(deserialize = "profilesOrder") + )] + pub profiles_order: Vec<String>, +} + +#[derive(Deserialize, Debug, Clone)] +pub struct ProfileSettings { + pub path: String, + pub bootstrap: Option<String>, + #[serde(rename(deserialize = "profilePath"))] + pub profile_path: Option<String>, +} + +#[derive(Deserialize, Debug, Clone)] +pub struct Profile { + #[serde(flatten)] + pub profile_settings: ProfileSettings, + #[serde(flatten)] + pub generic_settings: GenericSettings, +} + +#[derive(Deserialize, Debug, Clone)] +pub struct Node { + #[serde(flatten)] + pub generic_settings: GenericSettings, + #[serde(flatten)] + pub node_settings: NodeSettings, +} + +#[derive(Deserialize, Debug, Clone)] +pub struct Data { + #[serde(flatten)] + pub generic_settings: GenericSettings, + pub nodes: HashMap<String, Node>, +} diff --git a/src/utils/deploy.rs b/src/utils/deploy.rs new file mode 100644 index 0000000..59217df --- /dev/null +++ b/src/utils/deploy.rs @@ -0,0 +1,169 @@ +// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +// +// SPDX-License-Identifier: MPL-2.0 + +use std::borrow::Cow; +use tokio::process::Command; + +fn build_activate_command( + activate_path_str: String, + sudo: &Option<String>, + profile_path: &str, + closure: &str, + bootstrap_cmd: &Option<String>, + auto_rollback: bool, + temp_path: &Cow<str>, + confirm_timeout: u16, + magic_rollback: bool, +) -> String { + let mut self_activate_command = format!( + "{} '{}' '{}' --temp-path {} --confirm-timeout {}", + activate_path_str, profile_path, closure, temp_path, confirm_timeout + ); + + if magic_rollback { + self_activate_command = format!("{} --magic-rollback", self_activate_command); + } + + if auto_rollback { + self_activate_command = format!("{} --auto-rollback", self_activate_command); + } + + if let Some(ref bootstrap_cmd) = bootstrap_cmd { + self_activate_command = format!( + "{} --bootstrap-cmd '{}'", + self_activate_command, bootstrap_cmd + ); + } + + if let Some(sudo_cmd) = &sudo { + self_activate_command = format!("{} {}", sudo_cmd, self_activate_command); + } + + self_activate_command +} + +#[test] +fn test_activation_command_builder() { + let activate_path_str = "/blah/bin/activate".to_string(); + let sudo = Some("sudo -u test".to_string()); + let profile_path = "/blah/profiles/test"; + let closure = "/blah/etc"; + let bootstrap_cmd = None; + let auto_rollback = true; + let temp_path = &"/tmp/deploy-rs".into(); + let confirm_timeout = 30; + let magic_rollback = true; + + assert_eq!( + build_activate_command( + activate_path_str, + &sudo, + profile_path, + closure, + &bootstrap_cmd, + auto_rollback, + temp_path, + confirm_timeout, + magic_rollback + ), + "sudo -u test /blah/bin/activate '/blah/profiles/test' '/blah/etc' --temp-path /tmp/deploy-rs --confirm-timeout 30 --magic-rollback --auto-rollback" + .to_string(), + ); +} + +pub async fn deploy_profile( + deploy_data: &super::DeployData<'_>, + deploy_defs: &super::DeployDefs<'_>, +) -> Result<(), Box<dyn std::error::Error>> { + info!( + "Activating profile `{}` for node `{}`", + deploy_data.profile_name, deploy_data.node_name + ); + + let activate_path_str = super::deploy_path_to_activate_path_str(&deploy_defs.current_exe)?; + + let temp_path: Cow<str> = match &deploy_data.merged_settings.temp_path { + Some(x) => x.into(), + None => "/tmp/deploy-rs".into(), + }; + + let confirm_timeout = deploy_data.merged_settings.confirm_timeout.unwrap_or(30); + + let magic_rollback = deploy_data.merged_settings.magic_rollback.unwrap_or(false); + + let auto_rollback = deploy_data.merged_settings.auto_rollback.unwrap_or(true); + + let self_activate_command = build_activate_command( + activate_path_str, + &deploy_defs.sudo, + &deploy_defs.profile_path, + &deploy_data.profile.profile_settings.path, + &deploy_data.profile.profile_settings.bootstrap, + auto_rollback, + &temp_path, + confirm_timeout, + magic_rollback, + ); + + debug!("Constructed activation command: {}", self_activate_command); + + let hostname = match deploy_data.cmd_overrides.hostname { + Some(ref x) => x, + None => &deploy_data.node.node_settings.hostname, + }; + + let mut c = Command::new("ssh"); + let mut ssh_command = c + .arg("-t") + .arg(format!("ssh://{}@{}", deploy_defs.ssh_user, hostname)); + + for ssh_opt in &deploy_data.merged_settings.ssh_opts { + ssh_command = ssh_command.arg(ssh_opt); + } + + let ssh_exit_status = ssh_command.arg(self_activate_command).status().await?; + + if !ssh_exit_status.success() { + good_panic!("Activation over SSH failed"); + } + + info!("Success activating!"); + + if magic_rollback { + info!("Attempting to confirm activation"); + + let mut c = Command::new("ssh"); + let mut ssh_confirm_command = c.arg(format!("ssh://{}@{}", deploy_defs.ssh_user, hostname)); + + for ssh_opt in &deploy_data.merged_settings.ssh_opts { + ssh_confirm_command = ssh_confirm_command.arg(ssh_opt); + } + + let lock_hash = &deploy_data.profile.profile_settings.path[11 /* /nix/store/ */ ..]; + let lock_path = format!("{}/activating-{}", temp_path, lock_hash); + + let mut confirm_command = format!("rm {}", lock_path); + if let Some(sudo_cmd) = &deploy_defs.sudo { + confirm_command = format!("{} {}", sudo_cmd, confirm_command); + } + + debug!( + "Attempting to run command to confirm deployment: {}", + confirm_command + ); + + let ssh_exit_status = ssh_confirm_command.arg(confirm_command).status().await?; + + if !ssh_exit_status.success() { + good_panic!( + "Failed to confirm deployment, the node will roll back in <{} seconds", + confirm_timeout + ); + } + + info!("Deployment confirmed."); + } + + Ok(()) +} diff --git a/src/utils/mod.rs b/src/utils/mod.rs new file mode 100644 index 0000000..a0e62e1 --- /dev/null +++ b/src/utils/mod.rs @@ -0,0 +1,233 @@ +// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +// +// SPDX-License-Identifier: MPL-2.0 + +use std::borrow::Cow; +use std::path::PathBuf; + +use merge::Merge; + +#[macro_export] +macro_rules! good_panic { + ($($tts:tt)*) => {{ + error!($($tts)*); + std::process::exit(1); + }} +} + +pub mod data; +pub mod deploy; +pub mod push; + +pub struct CmdOverrides { + pub ssh_user: Option<String>, + pub profile_user: Option<String>, + pub ssh_opts: Option<String>, + pub fast_connection: Option<bool>, + pub auto_rollback: Option<bool>, + pub hostname: Option<String>, + pub magic_rollback: Option<bool>, + pub temp_path: Option<String>, + pub confirm_timeout: Option<u16>, +} + +#[derive(PartialEq, Debug)] +pub struct DeployFlake<'a> { + pub repo: &'a str, + pub node: Option<&'a str>, + pub profile: Option<&'a str>, +} + +pub fn parse_flake(flake: &str) -> DeployFlake { + let flake_fragment_start = flake.find('#'); + let (repo, maybe_fragment) = match flake_fragment_start { + Some(s) => (&flake[..s], Some(&flake[s + 1..])), + None => (flake, None), + }; + + let (node, profile) = match maybe_fragment { + Some(fragment) => { + let fragment_profile_start = fragment.find('.'); + match fragment_profile_start { + Some(s) => (Some(&fragment[..s]), Some(&fragment[s + 1..])), + None => (Some(fragment), None), + } + } + None => (None, None), + }; + + DeployFlake { + repo, + node, + profile, + } +} + +#[test] +fn test_parse_flake() { + assert_eq!( + parse_flake("../deploy/examples/system#example"), + DeployFlake { + repo: "../deploy/examples/system", + node: Some("example"), + profile: None + } + ); + + assert_eq!( + parse_flake("../deploy/examples/system#example.system"), + DeployFlake { + repo: "../deploy/examples/system", + node: Some("example"), + profile: Some("system") + } + ); + + assert_eq!( + parse_flake("../deploy/examples/system"), + DeployFlake { + repo: "../deploy/examples/system", + node: None, + profile: None, + } + ); +} + +pub struct DeployData<'a> { + pub node_name: &'a str, + pub node: &'a data::Node, + pub profile_name: &'a str, + pub profile: &'a data::Profile, + + pub cmd_overrides: &'a CmdOverrides, + + pub merged_settings: data::GenericSettings, +} + +pub struct DeployDefs<'a> { + pub ssh_user: Cow<'a, str>, + pub profile_user: Cow<'a, str>, + pub profile_path: Cow<'a, str>, + pub current_exe: PathBuf, + pub sudo: Option<String>, +} + +impl<'a> DeployData<'a> { + pub fn defs(&'a self) -> DeployDefs<'a> { + let ssh_user: Cow<str> = match self.merged_settings.ssh_user { + Some(ref u) => u.into(), + None => whoami::username().into(), + }; + + let profile_user: Cow<str> = match self.merged_settings.user { + Some(ref x) => x.into(), + None => match self.merged_settings.ssh_user { + Some(ref x) => x.into(), + None => good_panic!( + "Neither user nor sshUser set for profile `{}` of node `{}`", + self.profile_name, + self.node_name + ), + }, + }; + + let profile_path: Cow<str> = match self.profile.profile_settings.profile_path { + None => match &profile_user[..] { + "root" => format!("/nix/var/nix/profiles/{}", self.profile_name).into(), + _ => format!( + "/nix/var/nix/profiles/per-user/{}/{}", + profile_user, self.profile_name + ) + .into(), + }, + Some(ref x) => x.into(), + }; + + let sudo: Option<String> = match self.merged_settings.user { + Some(ref user) if user != &ssh_user => Some(format!("sudo -u {}", user)), + _ => None, + }; + + let current_exe = + std::env::current_exe().expect("Expected to find current executable path"); + + if !current_exe.starts_with("/nix/store/") { + good_panic!("The deploy binary must be in the Nix store"); + } + + DeployDefs { + ssh_user, + profile_user, + profile_path, + current_exe, + sudo, + } + } +} + +pub fn make_deploy_data<'a, 's>( + top_settings: &'s data::GenericSettings, + node: &'a data::Node, + node_name: &'a str, + profile: &'a data::Profile, + profile_name: &'a str, + cmd_overrides: &'a CmdOverrides, +) -> Result<DeployData<'a>, Box<dyn std::error::Error>> { + let mut merged_settings = top_settings.clone(); + merged_settings.merge(node.generic_settings.clone()); + merged_settings.merge(profile.generic_settings.clone()); + + if cmd_overrides.ssh_user.is_some() { + merged_settings.ssh_user = cmd_overrides.ssh_user.clone(); + } + if cmd_overrides.profile_user.is_some() { + merged_settings.user = cmd_overrides.profile_user.clone(); + } + if let Some(ref ssh_opts) = cmd_overrides.ssh_opts { + merged_settings.ssh_opts = ssh_opts.split(' ').map(|x| x.to_owned()).collect(); + } + if let Some(fast_connection) = cmd_overrides.fast_connection { + merged_settings.fast_connection = Some(fast_connection); + } + if let Some(auto_rollback) = cmd_overrides.auto_rollback { + merged_settings.auto_rollback = Some(auto_rollback); + } + if let Some(magic_rollback) = cmd_overrides.magic_rollback { + merged_settings.magic_rollback = Some(magic_rollback); + } + + Ok(DeployData { + profile, + profile_name, + node, + node_name, + + cmd_overrides, + + merged_settings, + }) +} + +pub fn deploy_path_to_activate_path_str( + deploy_path: &std::path::Path, +) -> Result<String, Box<dyn std::error::Error>> { + Ok(format!( + "{}/activate", + deploy_path + .parent() + .ok_or("Deploy path too short")? + .to_str() + .ok_or("Deploy path is not valid utf8")? + .to_owned() + )) +} + +#[test] +fn test_activate_path_generation() { + match deploy_path_to_activate_path_str(&std::path::PathBuf::from( + "/blah/blah/deploy-rs/bin/deploy", + )) { + Err(_) => panic!(""), + Ok(x) => assert_eq!(x, "/blah/blah/deploy-rs/bin/activate".to_string()), + } +} diff --git a/src/utils/push.rs b/src/utils/push.rs new file mode 100644 index 0000000..5e87d5c --- /dev/null +++ b/src/utils/push.rs @@ -0,0 +1,137 @@ +// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/> +// +// SPDX-License-Identifier: MPL-2.0 + +use std::process::Stdio; +use tokio::process::Command; + +pub async fn push_profile( + supports_flakes: bool, + check_sigs: bool, + repo: &str, + deploy_data: &super::DeployData<'_>, + deploy_defs: &super::DeployDefs<'_>, + keep_result: bool, + result_path: Option<&str>, +) -> Result<(), Box<dyn std::error::Error>> { + info!( + "Building profile `{}` for node `{}`", + deploy_data.profile_name, deploy_data.node_name + ); + + let mut build_c = if supports_flakes { + Command::new("nix") + } else { + Command::new("nix-build") + }; + + let mut build_command = if supports_flakes { + build_c.arg("build").arg("--no-link").arg(format!( + "{}#deploy.nodes.{}.profiles.{}.path", + repo, deploy_data.node_name, deploy_data.profile_name + )) + } else { + build_c + .arg(&repo) + .arg("--no-out-link") + .arg("-A") + .arg(format!( + "deploy.nodes.{}.profiles.{}.path", + deploy_data.node_name, deploy_data.profile_name + )) + }; + + build_command = match (keep_result, supports_flakes) { + (true, _) => { + let result_path = match result_path { + Some(x) => x, + None => "./.deploy-gc", + }; + + build_command.arg("--out-link").arg(format!( + "{}/{}/{}", + result_path, deploy_data.node_name, deploy_data.profile_name + )) + } + (false, false) => build_command.arg("--no-out-link"), + (false, true) => build_command.arg("--no-link"), + }; + + let build_exit_status = build_command.stdout(Stdio::null()).status().await?; + + if !build_exit_status.success() { + good_panic!("`nix build` failed"); + } + + if let Ok(local_key) = std::env::var("LOCAL_KEY") { + info!( + "Signing key present! Signing profile `{}` for node `{}`", + deploy_data.profile_name, deploy_data.node_name + ); + + let sign_exit_status = Command::new("nix") + .arg("sign-paths") + .arg("-r") + .arg("-k") + .arg(local_key) + .arg(&deploy_data.profile.profile_settings.path) + .arg(&super::deploy_path_to_activate_path_str( + &deploy_defs.current_exe, + )?) + .stdout(Stdio::null()) + .stderr(Stdio::null()) + .status() + .await?; + + if !sign_exit_status.success() { + good_panic!("`nix sign-paths` failed"); + } + } + + debug!( + "Copying profile `{}` to node `{}`", + deploy_data.profile_name, deploy_data.node_name + ); + + let mut copy_command_ = Command::new("nix"); + let mut copy_command = copy_command_.arg("copy"); + + if let Some(true) = deploy_data.merged_settings.fast_connection { + copy_command = copy_command.arg("--substitute-on-destination"); + } + + if !check_sigs { + copy_command = copy_command.arg("--no-check-sigs"); + } + + let ssh_opts_str = deploy_data + .merged_settings + .ssh_opts + // This should provide some extra safety, but it also breaks for some reason, oh well + // .iter() + // .map(|x| format!("'{}'", x)) + // .collect::<Vec<String>>() + .join(" "); + + let hostname = match deploy_data.cmd_overrides.hostname { + Some(ref x) => x, + None => &deploy_data.node.node_settings.hostname, + }; + + let copy_exit_status = copy_command + .arg("--to") + .arg(format!("ssh://{}@{}", deploy_defs.ssh_user, hostname)) + .arg(&deploy_data.profile.profile_settings.path) + .arg(&super::deploy_path_to_activate_path_str( + &deploy_defs.current_exe, + )?) + .env("NIX_SSHOPTS", ssh_opts_str) + .status() + .await?; + + if !copy_exit_status.success() { + good_panic!("`nix copy` failed"); + } + + Ok(()) +} |