1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
// SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
//
// SPDX-License-Identifier: MPL-2.0
use super::data;
use std::process::Stdio;
use tokio::process::Command;
pub async fn push_profile(
profile: &data::Profile,
profile_name: &str,
node: &data::Node,
node_name: &str,
supports_flakes: bool,
check_sigs: bool,
repo: &str,
merged_settings: &data::GenericSettings,
deploy_data: &super::DeployData<'_>,
) -> Result<(), Box<dyn std::error::Error>> {
info!(
"Pushing profile `{}` for node `{}`",
profile_name, node_name
);
debug!(
"Building profile `{} for node `{}`",
profile_name, node_name
);
if supports_flakes {
Command::new("nix")
.arg("build")
.arg("--no-link")
.arg(format!(
"{}#deploy.nodes.{}.profiles.{}.path",
repo, node_name, profile_name
))
.stdout(Stdio::null())
.stderr(Stdio::null())
.spawn()?
.await?;
} else {
Command::new("nix-build")
.arg(&repo)
.arg("-A")
.arg(format!(
"deploy.nodes.{}.profiles.{}.path",
node_name, profile_name
))
.stdout(Stdio::null())
.stderr(Stdio::null())
.spawn()?
.await?;
}
if let Ok(local_key) = std::env::var("LOCAL_KEY") {
info!(
"Signing key present! Signing profile `{}` for node `{}`",
profile_name, node_name
);
Command::new("nix")
.arg("sign-paths")
.arg("-r")
.arg("-k")
.arg(local_key)
.arg(&profile.profile_settings.path)
.arg(&deploy_data.current_exe)
.stdout(Stdio::null())
.stderr(Stdio::null())
.spawn()?
.await?;
}
debug!("Copying profile `{} for node `{}`", profile_name, node_name);
let mut copy_command_ = Command::new("nix");
let mut copy_command = copy_command_.arg("copy");
if merged_settings.fast_connection {
copy_command = copy_command.arg("--substitute-on-destination");
}
if !check_sigs {
copy_command = copy_command.arg("--no-check-sigs");
}
let ssh_opts_str = merged_settings
.ssh_opts
// This should provide some extra safety, but it also breaks for some reason, oh well
// .iter()
// .map(|x| format!("'{}'", x))
// .collect::<Vec<String>>()
.join(" ");
copy_command
.arg("--to")
.arg(format!(
"ssh://{}@{}",
deploy_data.ssh_user, node.node_settings.hostname
))
.arg(&profile.profile_settings.path)
.arg(&deploy_data.current_exe)
.env("NIX_SSHOPTS", ssh_opts_str)
.stdout(Stdio::null())
.stderr(Stdio::null())
.spawn()?
.await?;
Ok(())
}
|