// SPDX-FileCopyrightText: 2020 Serokell // // SPDX-License-Identifier: MPL-2.0 use std::path::Path; use std::process::Stdio; use tokio::process::Command; use thiserror::Error; #[derive(Error, Debug)] pub enum PushProfileError { #[error("Failed to calculate activate bin path from deploy bin path: {0}")] DeployPathToActivatePathError(#[from] super::DeployPathToActivatePathError), #[error("Failed to run Nix build command: {0}")] BuildError(std::io::Error), #[error("Nix build command resulted in a bad exit code: {0:?}")] BuildExitError(Option), #[error( "Activation script deploy-rs-activate does not exist in profile.\n\ Did you forget to use deploy-rs#lib.<...>.activate.<...> on your profile path?" )] DeployRsActivateDoesntExist, #[error("Activation script activate-rs does not exist in profile.\n\ Is there a mismatch in deploy-rs used in the flake you're deploying and deploy-rs command you're running?")] ActivateRsDoesntExist, #[error("Failed to run Nix sign command: {0}")] SignError(std::io::Error), #[error("Nix sign command resulted in a bad exit code: {0:?}")] SignExitError(Option), #[error("Failed to run Nix copy command: {0}")] CopyError(std::io::Error), #[error("Nix copy command resulted in a bad exit code: {0:?}")] CopyExitError(Option), } pub struct PushProfileData<'a> { pub supports_flakes: bool, pub check_sigs: bool, pub repo: &'a str, pub deploy_data: &'a super::DeployData<'a>, pub deploy_defs: &'a super::DeployDefs, pub keep_result: bool, pub result_path: Option<&'a str>, pub extra_build_args: &'a [String], } pub async fn push_profile(data: PushProfileData<'_>) -> Result<(), PushProfileError> { info!( "Building profile `{}` for node `{}`", data.deploy_data.profile_name, data.deploy_data.node_name ); let mut build_c = if data.supports_flakes { Command::new("nix") } else { Command::new("nix-build") }; let mut build_command = if data.supports_flakes { build_c.arg("build").arg(format!( "{}#deploy.nodes.\"{}\".profiles.\"{}\".path", data.repo, data.deploy_data.node_name, data.deploy_data.profile_name )) } else { build_c.arg(&data.repo).arg("-A").arg(format!( "deploy.nodes.\"{}\".profiles.\"{}\".path", data.deploy_data.node_name, data.deploy_data.profile_name )) }; build_command = match (data.keep_result, data.supports_flakes) { (true, _) => { let result_path = data.result_path.unwrap_or("./.deploy-gc"); build_command.arg("--out-link").arg(format!( "{}/{}/{}", result_path, data.deploy_data.node_name, data.deploy_data.profile_name )) } (false, false) => build_command.arg("--no-out-link"), (false, true) => build_command.arg("--no-link"), }; for extra_arg in data.extra_build_args { build_command = build_command.arg(extra_arg); } let build_exit_status = build_command // Logging should be in stderr, this just stops the store path from printing for no reason .stdout(Stdio::null()) .status() .await .map_err(PushProfileError::BuildError)?; match build_exit_status.code() { Some(0) => (), a => return Err(PushProfileError::BuildExitError(a)), }; if !Path::new( format!( "{}/deploy-rs-activate", data.deploy_data.profile.profile_settings.path ) .as_str(), ) .exists() { return Err(PushProfileError::DeployRsActivateDoesntExist); } if !Path::new( format!( "{}/activate-rs", data.deploy_data.profile.profile_settings.path ) .as_str(), ) .exists() { return Err(PushProfileError::ActivateRsDoesntExist); } if let Ok(local_key) = std::env::var("LOCAL_KEY") { info!( "Signing key present! Signing profile `{}` for node `{}`", data.deploy_data.profile_name, data.deploy_data.node_name ); let sign_exit_status = Command::new("nix") .arg("sign-paths") .arg("-r") .arg("-k") .arg(local_key) .arg(&data.deploy_data.profile.profile_settings.path) .status() .await .map_err(PushProfileError::SignError)?; match sign_exit_status.code() { Some(0) => (), a => return Err(PushProfileError::SignExitError(a)), }; } debug!( "Copying profile `{}` to node `{}`", data.deploy_data.profile_name, data.deploy_data.node_name ); let mut copy_command_ = Command::new("nix"); let mut copy_command = copy_command_.arg("copy"); if data.deploy_data.merged_settings.fast_connection != Some(true) { copy_command = copy_command.arg("--substitute-on-destination"); } if !data.check_sigs { copy_command = copy_command.arg("--no-check-sigs"); } let ssh_opts_str = data .deploy_data .merged_settings .ssh_opts // This should provide some extra safety, but it also breaks for some reason, oh well // .iter() // .map(|x| format!("'{}'", x)) // .collect::>() .join(" "); let hostname = match data.deploy_data.cmd_overrides.hostname { Some(ref x) => x, None => &data.deploy_data.node.node_settings.hostname, }; let copy_exit_status = copy_command .arg("--to") .arg(format!("ssh://{}@{}", data.deploy_defs.ssh_user, hostname)) .arg(&data.deploy_data.profile.profile_settings.path) .env("NIX_SSHOPTS", ssh_opts_str) .status() .await .map_err(PushProfileError::CopyError)?; match copy_exit_status.code() { Some(0) => (), a => return Err(PushProfileError::CopyExitError(a)), }; Ok(()) }