summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
authorstuebinm2021-03-03 00:51:39 +0100
committerstuebinm2021-03-03 00:51:39 +0100
commitd96fbd63510048bf56d3d600a65f7983096c1bb1 (patch)
tree192afecb97bcdb829e1461bebc283cc86fb99586 /modules
migrating config
This deploy logic is primarily based on hxchn's deploy lib [1], with some slight modifications to make it work with my setup. Everything seems to work fine for now. However, I am unsure about the usage of niv — the config doesn't seem to gain much from it, apart from (some) additional complexity. [1] https://gitlab.com/hexchen/nixfiles
Diffstat (limited to 'modules')
-rw-r--r--modules/default.nix5
-rw-r--r--modules/deploy/default.nix50
2 files changed, 55 insertions, 0 deletions
diff --git a/modules/default.nix b/modules/default.nix
new file mode 100644
index 0000000..23a8abc
--- /dev/null
+++ b/modules/default.nix
@@ -0,0 +1,5 @@
+{...}:
+
+{
+ imports = [ ];
+}
diff --git a/modules/deploy/default.nix b/modules/deploy/default.nix
new file mode 100644
index 0000000..e8bc827
--- /dev/null
+++ b/modules/deploy/default.nix
@@ -0,0 +1,50 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+ cfg = config.hexchen.deploy;
+
+in {
+ options = {
+ hexchen.deploy = {
+ enable = mkOption {
+ type = types.bool;
+ default = true;
+ };
+ ssh.host = mkOption {
+ type = types.str;
+ default = "${config.networking.hostName}.${config.networking.domain}";
+ };
+ ssh.port = mkOption {
+ type = types.int;
+ default = head config.services.openssh.ports;
+ };
+ substitute = mkOption {
+ type = types.bool;
+ default = true;
+ };
+ groups = mkOption {
+ type = with types; listOf str;
+ default = [];
+ };
+ };
+ };
+
+ config = mkIf cfg.enable {
+ hexchen.deploy.groups = [ "all" ];
+
+ system.build.deployScript = let
+ superuser = if config.security.sudo.enable then "sudo" else "";
+ in pkgs.writeScript "deploy-${config.networking.hostName}" ''
+ #!${pkgs.runtimeShell}
+ set -xeo pipefail
+ export PATH=${with pkgs; lib.makeBinPath [ coreutils openssh nix ]}
+ export NIX_SSHOPTS="$NIX_SSHOPTS -p${toString cfg.ssh.port}"
+ nix copy ${if cfg.substitute then "-s" else ""} --no-check-sigs --to ssh://${cfg.ssh.host} ${config.system.build.toplevel}
+ ssh $NIX_SSHOPTS ${cfg.ssh.host} "${superuser} nix-env -p /nix/var/nix/profiles/system -i ${config.system.build.toplevel}"
+ ssh $NIX_SSHOPTS ${cfg.ssh.host} "${superuser} /nix/var/nix/profiles/system/bin/switch-to-configuration $1"
+ '';
+ };
+}
+