diff options
author | tv <tv@krebsco.de> | 2015-05-21 23:52:06 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2015-05-21 23:52:06 +0200 |
commit | bb46e52bb239f9b0962ff441d5a8f037b1ef1eaf (patch) | |
tree | 826235e1b776665ab32ee787bb96cd3b6f519d95 /bin | |
parent | 42d10d883a720a63753568a6fa2d12790e9310c6 (diff) |
deploy: merge next
Diffstat (limited to 'bin')
-rwxr-xr-x | bin/backtrace | 32 | ||||
-rwxr-xr-x | bin/bre-escape | 5 | ||||
-rwxr-xr-x | bin/bre-invert-word | 15 | ||||
-rwxr-xr-x | bin/cac-ssh | 2 | ||||
-rwxr-xr-x | bin/copy-secrets | 28 | ||||
-rwxr-xr-x | bin/filter-secrets | 6 | ||||
-rwxr-xr-x | bin/import-statements | 10 | ||||
-rwxr-xr-x | bin/json-assert-type | 18 | ||||
-rwxr-xr-x | bin/list-hosts | 7 | ||||
-rwxr-xr-x | bin/list-module-imports | 20 | ||||
-rwxr-xr-x | bin/ls-bre | 12 | ||||
-rwxr-xr-x | bin/make-parent-dirs | 10 | ||||
-rwxr-xr-x | bin/make-relative-to | 6 | ||||
-rwxr-xr-x | bin/make-rsync-filter | 33 | ||||
-rwxr-xr-x | bin/make-rsync-whitelist | 15 | ||||
-rwxr-xr-x | bin/nixos-build | 25 | ||||
-rwxr-xr-x | bin/nixos-deploy | 16 | ||||
-rwxr-xr-x | bin/nixos-fetch-git | 32 | ||||
-rwxr-xr-x | bin/nixos-query | 21 | ||||
-rwxr-xr-x | bin/nixpkgs-rev | 13 | ||||
-rwxr-xr-x | bin/nixpkgs-url | 13 | ||||
-rwxr-xr-x | bin/quoted-strings | 15 | ||||
-rwxr-xr-x | bin/slash-path-relpath | 8 | ||||
-rwxr-xr-x | bin/ssh-deploy | 26 | ||||
-rwxr-xr-x | bin/ssh-fetch-git | 35 | ||||
-rwxr-xr-x | bin/undot-paths | 14 |
26 files changed, 123 insertions, 314 deletions
diff --git a/bin/backtrace b/bin/backtrace deleted file mode 100755 index 15d60a9..0000000 --- a/bin/backtrace +++ /dev/null @@ -1,32 +0,0 @@ -#! /bin/sh -set -euf - -exec >&2 - -pid=$$ -while :; do - cd /proc/$pid - cmdline=$(cat cmdline | tr '\0' ' ' | sed 's/ $//') - ppid=$(grep PPid status | awk '{print$2}') - printf '%5d %s\n' $pid "$cmdline" - if [ $pid = 1 ]; then - break - else - pid=$ppid - fi -done \ - | sed \ - "$(printf ' - s:\(/bin/sh \)%s/\([^ ]\+\):\e[32m\\2\e[m:g - s:%s/\([^ ]\+\):\e[32;1m\\1\e[m:g - ' \ - "$(dirname "$0" | bre-escape | sed 's/:/\\:/g')" \ - "$(dirname "$0" | bre-escape | sed 's/:/\\:/g')" \ - )" \ - | tac - -ps='Press ^C to abort: ' -while :; do - printf '\e[K\e[31;1m%s\e[m' "$ps" - read -r _input -done diff --git a/bin/bre-escape b/bin/bre-escape deleted file mode 100755 index ae961b0..0000000 --- a/bin/bre-escape +++ /dev/null @@ -1,5 +0,0 @@ -#! /bin/sh -# bre-escape : lines string |> lines bre-escaped-string -set -euf - -sed 's:[\.\[\\\*\^\$]:\\&:g' diff --git a/bin/bre-invert-word b/bin/bre-invert-word deleted file mode 100755 index 677ba2e..0000000 --- a/bin/bre-invert-word +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/sh -# bre-invert-word : string -> BRE -set -euf - -# TODO escape chars in the resulting BRE. -awk -v input="$1" ' - BEGIN { - split(input,s,"") - for (i in s) { - c=s[i] - printf "\\|%s[^%s]", y, c - y = y c - } - } -' diff --git a/bin/cac-ssh b/bin/cac-ssh index e01f76b..a0ec5dc 100755 --- a/bin/cac-ssh +++ b/bin/cac-ssh @@ -1,7 +1,7 @@ #! /bin/sh set -euf -server=$(json-assert-type object "$1") +server=$1 shift address=$(echo $server | jq -r .ip) diff --git a/bin/copy-secrets b/bin/copy-secrets new file mode 100755 index 0000000..36854ea --- /dev/null +++ b/bin/copy-secrets @@ -0,0 +1,28 @@ +#! /bin/sh +set -euf + +host=$1 + +target=root@$host + +nixos_config=$config_root/modules/$host +secrets_nix=$secrets_root/$host/nix +secrets_rsync=$secrets_root/$host/rsync + +if ! test -e "$secrets_rsync"; then + exit # nothing to do +fi + +retiolum_secret=$(nixos-query $host services.retiolum.privateKeyFile) +retiolum_uid=$(nixos-query $host users.extraUsers.retiolum-tinc.uid) + +ejabberd_secret=/etc/ejabberd/ejabberd.pem +ejabberd_uid=$(nixos-query $host users.extraUsers.ejabberd.uid) + +rsync -cz --chown=0:0 -vr "$secrets_rsync/" "$target:/" + +ssh "$target" -T <<EOF +set -euf +! test -f $retiolum_secret || chown -v $retiolum_uid:0 $retiolum_secret +! test -f $ejabberd_secret || chown -v $ejabberd_uid:0 $ejabberd_secret +EOF diff --git a/bin/filter-secrets b/bin/filter-secrets deleted file mode 100755 index 6fcce73..0000000 --- a/bin/filter-secrets +++ /dev/null @@ -1,6 +0,0 @@ -#! /bin/sh -# filter_secrets : lines string |> lines secrets-file-candidate -set -euf - -# Notice how false positives are possible. -sed -n 's:^\(.*/\)\?\(secrets/.*\):'"${PWD//:/\\:}"'/\2:p' diff --git a/bin/import-statements b/bin/import-statements deleted file mode 100755 index 12c8879..0000000 --- a/bin/import-statements +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/sh -# import-statements : lines (path ":" string) |> lines (path ":" relpath) -set -euf -sed -n ' - s@^\([^:]\+:\)\('"$(bre-invert-word import)"'\)*\<import\s\+@\1@ - t1;d - :1; s@^\([^:]\+:\)\(\.*/\S*\)@\1\2\n@ - t2;d - :2; P;D -' diff --git a/bin/json-assert-type b/bin/json-assert-type deleted file mode 100755 index 29cadad..0000000 --- a/bin/json-assert-type +++ /dev/null @@ -1,18 +0,0 @@ -#! /bin/sh -set -euf - -formal_type=$1 - -actual_value=$2 -actual_type=$(echo $actual_value | jq -r type) - -if [ "$actual_type" != "$formal_type" ]; then - backtrace - printf 'error: expected %s, got %s\n' \ - "$formal_type" \ - "$actual_type" \ - >&2 - exit 1 -fi - -echo "$actual_value" diff --git a/bin/list-hosts b/bin/list-hosts deleted file mode 100755 index e25a8ac..0000000 --- a/bin/list-hosts +++ /dev/null @@ -1,7 +0,0 @@ -#! /bin/sh -# list-hosts : lines tinc-host-file -set -euf - -# Precondition: $PWD/hosts is the correct repository :) -git -C hosts ls-tree --name-only HEAD \ - | awk '{print ENVIRON["PWD"]"/hosts/"$$0}' diff --git a/bin/list-module-imports b/bin/list-module-imports deleted file mode 100755 index 39d11bf..0000000 --- a/bin/list-module-imports +++ /dev/null @@ -1,20 +0,0 @@ -#! /bin/sh -# list-module-imports : nix-file -> lines nix-file -set -euf - -if echo "$1" | grep -q ^/; then - : -else - set -- "./$1" -fi - -imports=$(nix-instantiate \ - -I secrets=secrets \ - --strict \ - --json \ - --eval \ - -E \ - "with builtins; with import ./lib/modules.nix; map toString (list-imports $1)") - -echo "$imports" \ - | jq -r .[] diff --git a/bin/ls-bre b/bin/ls-bre deleted file mode 100755 index ae97889..0000000 --- a/bin/ls-bre +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/sh -# ls-bre : directory -> BRE -# Create a BRE from the files in a directory. -set -euf - -ls "$1" \ - | tr \\n / \ - | sed ' - s:[\.\[\\\*\^\$]:\\&:g - s:/$:: - s:/:\\|:g - ' diff --git a/bin/make-parent-dirs b/bin/make-parent-dirs deleted file mode 100755 index f4717b2..0000000 --- a/bin/make-parent-dirs +++ /dev/null @@ -1,10 +0,0 @@ -#! /bin/sh -# make-parent-dirs : lines path |> lines directory -# List all parent directories of a path. -set -euf - -set -- "$(sed -n 's|/[^/]*$||p' | grep . | sort | uniq)" -if echo "$1" | grep -q .; then - echo "$1" - echo "$1" | make-parent-dirs -fi diff --git a/bin/make-relative-to b/bin/make-relative-to deleted file mode 100755 index 9d947e1..0000000 --- a/bin/make-relative-to +++ /dev/null @@ -1,6 +0,0 @@ -#! /bin/sh -# make-relative-to : lines path |> directory -> lines path -# Non-matching paths won't get altered. -set -euf - -sed "s:^$(echo "$1/" | bre-escape | sed 's/:/\\:/g')::" diff --git a/bin/make-rsync-filter b/bin/make-rsync-filter deleted file mode 100755 index 26e070a..0000000 --- a/bin/make-rsync-filter +++ /dev/null @@ -1,33 +0,0 @@ -#! /bin/sh -# make-rsync-filter : nixos-config -> rsync-filter -set -euf - -main=$1 - -hosts=$(list-hosts) -module_imports=$(list-module-imports "$main") -other_imports=$( - echo "$module_imports" \ - | xargs grep -H . \ - | import-statements \ - | slash-path-relpath \ - | undot-paths \ - | sort \ - | uniq \ - | sed '/\.nix$/!s:$:/default.nix:' \ - ) -secrets=$(echo "$module_imports" | xargs cat | quoted-strings | filter-secrets) - -# TODO collect all other paths from *_imports - -abs_deps=$( - echo "$hosts" - echo "$module_imports" - echo "$other_imports" - echo "$secrets" -) - -rel_deps=$(echo "$abs_deps" | make-relative-to "$PWD") -filter=$(echo "$rel_deps" | make-rsync-whitelist) - -echo "$filter" diff --git a/bin/make-rsync-whitelist b/bin/make-rsync-whitelist deleted file mode 100755 index a1b09c8..0000000 --- a/bin/make-rsync-whitelist +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/sh -# make-rsync-whitelist : lines relpath |> liens rsync-filter -set -euf - -set -- "$(cat)" - -# include all files in stdin and their directories -{ - echo "$1" - echo "$1" | make-parent-dirs | sort | uniq -} \ - | sed 's|^|+ /|' - -# exclude everything else -echo '- *' diff --git a/bin/nixos-build b/bin/nixos-build new file mode 100755 index 0000000..a0c9551 --- /dev/null +++ b/bin/nixos-build @@ -0,0 +1,25 @@ +#! /bin/sh +# +# build : hostname -> system-path +# +set -euf + +host=$1 + +#target=root@$host + +nixpkgs=$nixpkgs_root/$host +nixos_config=$config_root/modules/$host +secrets_nix=$secrets_root/$host/nix +secrets_rsync=$secrets_root/$host/rsync + +nixos-fetch-git "$host" + +nix-build \ + -I "$nixpkgs" \ + -I nixos-config="$nixos_config" \ + -I retiolum-hosts="$retiolum_hosts" \ + -I secrets="$secrets_nix" \ + -A system \ + --no-out-link \ + '<nixos>' diff --git a/bin/nixos-deploy b/bin/nixos-deploy new file mode 100755 index 0000000..6b84186 --- /dev/null +++ b/bin/nixos-deploy @@ -0,0 +1,16 @@ +#! /bin/sh +# +# deploy +# +set -euf + +host=$1 +system=${2-$(nixos-build "$host")} + +target=root@$host + +nix-copy-closure --gzip --to "$target" "$system" + +copy-secrets "$host" + +ssh ${NIX_SSHOPTS-} "$target" "$system/bin/switch-to-configuration" switch diff --git a/bin/nixos-fetch-git b/bin/nixos-fetch-git new file mode 100755 index 0000000..7002208 --- /dev/null +++ b/bin/nixos-fetch-git @@ -0,0 +1,32 @@ +#! /bin/sh +# +# nixos-fetch-git : nixos-config -> ... +# +set -euf + +host=$1 + +target=root@$host + +git_rev=$(nixos-query "$host" nixpkgs.rev) +git_url=$(nixos-query "$host" nixpkgs.url) + +worktree=$nixpkgs_root/$host + +if [ ! -d "$worktree" ]; then + mkdir -p "$worktree" +fi + +cd "$worktree" + +git init -q + +if ! current_url=$(git config remote.src.url); then + git remote add src "$git_url" +elif [ "$current_url" != "$git_url" ]; then + git remote set-url src "$git_url" +fi + +git fetch src + +git checkout "$git_rev" diff --git a/bin/nixos-query b/bin/nixos-query new file mode 100755 index 0000000..65b5c96 --- /dev/null +++ b/bin/nixos-query @@ -0,0 +1,21 @@ +#! /bin/sh +set -euf + +host=$1 +attr=$2 + +nixpkgs=$nixpkgs_root/$host +nixos_config=$config_root/modules/$host +secrets_nix=$secrets_root/$host/nix +secrets_rsync=$secrets_root/$host/rsync + +nix-instantiate \ + -I "$nixpkgs" \ + -I nixos-config="$nixos_config" \ + -I retiolum-hosts="$retiolum_hosts" \ + -I secrets="$secrets_nix" \ + -A config."$attr" \ + '<nixos>' \ + --eval \ + --json \ + | jq -r . diff --git a/bin/nixpkgs-rev b/bin/nixpkgs-rev deleted file mode 100755 index 1acde1e..0000000 --- a/bin/nixpkgs-rev +++ /dev/null @@ -1,13 +0,0 @@ -#! /bin/sh -# nixpkgs-rev : nixos-config -> git_rev -set -euf -nix-instantiate \ - -I nixos-config="$1" \ - --eval \ - --json \ - -E \ - ' - (import <nixos-config> {config={}; pkgs={};}).nixpkgs.rev - ' \ - 2> /dev/null \ - | jq -r . 2> /dev/null diff --git a/bin/nixpkgs-url b/bin/nixpkgs-url deleted file mode 100755 index 9549f0c..0000000 --- a/bin/nixpkgs-url +++ /dev/null @@ -1,13 +0,0 @@ -#! /bin/sh -# nixpkgs-url : nixos-config -> git_url -set -euf -nix-instantiate \ - -I nixos-config="$1" \ - --eval \ - --json \ - -E \ - ' - (import <nixos-config> {config={}; pkgs={};}).nixpkgs.url - ' \ - 2> /dev/null \ - | jq -r . 2> /dev/null diff --git a/bin/quoted-strings b/bin/quoted-strings deleted file mode 100755 index e640391..0000000 --- a/bin/quoted-strings +++ /dev/null @@ -1,15 +0,0 @@ -#! /bin/sh -# quoted_strings : lines string |> lines string -# Extract all (double-) quoted strings from stdin. -# -# 0. find begin of string or skip line -# 1. find end of string or skip line -# 2. print string and continue after string -set -euf - -sed ' - s:[^"]*":: ;t1;d - :1; s:\(\([^"]\|\\"\)*\)":\1\n: ;t2;d - :2; P;D -' \ - | sed 's:\\":":g' diff --git a/bin/slash-path-relpath b/bin/slash-path-relpath deleted file mode 100755 index 40230a7..0000000 --- a/bin/slash-path-relpath +++ /dev/null @@ -1,8 +0,0 @@ -#! /bin/sh -# slash_path_relpath : lines (path ":" relpath) |> lines path -# -# Example: "/foo/bar: baz" => "/foo/baz" -# -set -euf - -sed -n 's@/[^/]\+:@/@p' diff --git a/bin/ssh-deploy b/bin/ssh-deploy deleted file mode 100755 index fe50677..0000000 --- a/bin/ssh-deploy +++ /dev/null @@ -1,26 +0,0 @@ -#! /bin/sh -# ssh-deploy : nixos-config x [user@]hostname -> () -set -xeuf - -main=$1 -target=$2 -nixpkgs_dir=/var/nixpkgs # TODO make configurable - -git_url=$(nixpkgs-url $main) -git_rev=$(nixpkgs-rev $main) - -if [ "$git_url" = '' ] || [ "$git_rev" = '' ]; then - echo "specify nixpkgs.url and nixpkgs.rev in $main !" - exit 23 -fi - -filter=$(make-rsync-filter "$main") - -echo "$filter" \ - | rsync -f '. -' -zvrlptD --delete-excluded ./ "$target":/etc/nixos/ - -ssh-fetch-git "$target" "$nixpkgs_dir" "$git_url" "$git_rev" -ssh "$target" nixos-rebuild switch \ - -I nixos-config=/etc/nixos/"$main" \ - -I nixpkgs="$nixpkgs_dir" \ - -I secrets=/etc/nixos/secrets \ diff --git a/bin/ssh-fetch-git b/bin/ssh-fetch-git deleted file mode 100755 index 7de58ab..0000000 --- a/bin/ssh-fetch-git +++ /dev/null @@ -1,35 +0,0 @@ -#! /bin/sh -# ssh-fetch-git : [user@]hostname x remote_dir x git_url x git_rev -> () -set -euf - -target=$1 -remote_dir=$2 -git_url=$3 -git_rev=$4 - -echo ' - set -euf - - if [ ! -d "$remote_dir" ]; then - mkdir -p "$remote_dir" - fi - - cd "$remote_dir" - - git init -q - - if ! current_url=$(git config remote.src.url); then - git remote add src "$git_url" - elif [ $current_url != $git_url ]; then - git remote set-url src "$git_url" - fi - - git fetch src - - git checkout "$git_rev" -' \ - | ssh "$target" env \ - remote_dir="$remote_dir" \ - git_rev="$git_rev" \ - git_url="$git_url" \ - /bin/sh diff --git a/bin/undot-paths b/bin/undot-paths deleted file mode 100755 index 2ed86bd..0000000 --- a/bin/undot-paths +++ /dev/null @@ -1,14 +0,0 @@ -#! /bin/sh -# undot_paths : lines path |> lines path -# Remove all dots (. and ..) from input paths. -set -euf - -sed ' - :0 - s://\+:/:g - s:/\.\(/\|$\):\1:g - s:/[^/]\+/\.\.\(/\|$\):\1:g - s:^/\(\.\./\)\+:/: - t0 - s:^$:/: -' |