diff options
Diffstat (limited to 'pkgs')
| -rw-r--r-- | pkgs/krops/default.nix | 63 | ||||
| -rw-r--r-- | pkgs/populate/default.nix | 43 |
2 files changed, 95 insertions, 11 deletions
diff --git a/pkgs/krops/default.nix b/pkgs/krops/default.nix index 10b96ce..04c38cf 100644 --- a/pkgs/krops/default.nix +++ b/pkgs/krops/default.nix @@ -4,16 +4,24 @@ in { nix, openssh, populate, writers }: rec { - rebuild = args: target: - runShell target {} "nixos-rebuild -I ${lib.escapeShellArg target.path} ${ - lib.concatMapStringsSep " " lib.escapeShellArg args - }"; + rebuild = { + useNixOutputMonitor + }: + args: target: + runShell target {} + (withNixOutputMonitor target useNixOutputMonitor /* sh */ '' + NIX_PATH=${lib.escapeShellArg target.path} \ + nixos-rebuild ${lib.escapeShellArgs args} + ''); runShell = target: { allocateTTY ? false }: command: let - command' = if target.sudo then "sudo ${command}" else command; + command' = /* sh */ '' + ${lib.optionalString target.sudo "sudo"} \ + /bin/sh -c ${lib.escapeShellArg command} + ''; in if lib.isLocalTarget target then command' @@ -24,9 +32,44 @@ in (if allocateTTY then "-t" else "-T") target.extraOptions target.host - command'])} + command' + ])} ''; + withNixOutputMonitor = target: mode_: command: let + mode = + lib.getAttr (lib.typeOf mode_) { + bool = lib.toJSON mode_; + string = mode_; + }; + in /* sh */ '' + printf '# use nix-output-monitor: %s\n' ${lib.escapeShellArg mode} >&2 + ${lib.getAttr mode rec { + opportunistic = /* sh */ '' + if command -v nom >/dev/null; then + ${optimistic} + else + ${false} + fi + ''; + optimistic = /* sh */ '' + (${command}) 2>&1 | nom + ''; + pessimistic = /* sh */ '' + NIX_PATH=${lib.escapeShellArg target.path} \ + nix-shell -p nix-output-monitor --run ${lib.escapeShellArg optimistic} + ''; + true = /* sh */ '' + if command -v nom >/dev/null; then + ${optimistic} + else + ${pessimistic} + fi + ''; + false = command; + }} + ''; + writeCommand = name: { command ? (targetPath: "echo ${targetPath}"), backup ? false, @@ -49,8 +92,10 @@ in crossDeploy ? false, fast ? null, force ? false, + operation ? "switch", source, - target + target, + useNixOutputMonitor ? "opportunistic" }: let buildTarget' = if buildTarget == null @@ -64,8 +109,8 @@ in ${lib.optionalString (buildTarget' != target') (populate { inherit backup force source; target = buildTarget'; })} ${populate { inherit backup force source; target = target'; }} - ${rebuild ([ - "switch" + ${rebuild { inherit useNixOutputMonitor; } ([ + operation ] ++ lib.optionals crossDeploy [ "--no-build-nix" ] ++ lib.optionals (buildTarget' != target') [ diff --git a/pkgs/populate/default.nix b/pkgs/populate/default.nix index 7edb66b..7129b90 100644 --- a/pkgs/populate/default.nix +++ b/pkgs/populate/default.nix @@ -1,7 +1,7 @@ with import ../../lib; with shell; -{ coreutils, dash, findutils, git, jq, openssh, pass, rsync, writers }: +{ coreutils, dash, findutils, git, jq, openssh, pass, passage, rsync, writers }: let check = { force, target }: let @@ -119,7 +119,15 @@ let umask 0077 if test -e ${quote source.dir}/.git; then - local_pass_info=${quote source.name}\ $(${git}/bin/git -C ${quote source.dir} log -1 --format=%H ${quote source.name}) + local_pass_info=${quote source.name}\ $( + ${git}/bin/git -C ${quote source.dir} log -1 --format=%H ${quote source.name} + # we append a hash for every symlink, otherwise we would miss updates on + # files where the symlink points to + ${findutils}/bin/find ${quote source.dir}/${quote source.name} -type l \ + -exec ${coreutils}/bin/realpath {} + | + ${coreutils}/bin/sort | + ${findutils}/bin/xargs -r -n 1 ${git}/bin/git -C ${quote source.dir} log -1 --format=%H + ) remote_pass_info=$(${runShell target /* sh */ '' cat ${quote target.path}/.pass_info || : ''}) @@ -163,6 +171,37 @@ let ${rsync' target rsyncDefaultConfig /* sh */ "$tmp_dir"} ''; + pop.passage = target: source: /* sh */ '' + set -efu + + export PASSAGE_AGE=${quote source.age} + export PASSAGE_DIR=${quote source.dir} + export PASSAGE_IDENTITIES_FILE=${quote source.identities_file} + + umask 0077 + + tmp_dir=$(${coreutils}/bin/mktemp -dt populate-passage.XXXXXXXX) + trap cleanup EXIT + cleanup() { + rm -fR "$tmp_dir" + } + + ${findutils}/bin/find "$PASSAGE_DIR" -type f -name \*.age -follow | + while read -r age_path; do + + rel_name=''${age_path#$PASSAGE_DIR} + rel_name=''${rel_name%.age} + + tmp_path=$tmp_dir/$rel_name + + ${coreutils}/bin/mkdir -p "$(${coreutils}/bin/dirname "$tmp_path")" + ${passage}/bin/passage show "$rel_name" > "$tmp_path" + ${coreutils}/bin/touch -r "$age_path" "$tmp_path" + done + + ${rsync' target rsyncDefaultConfig /* sh */ "$tmp_dir"} + ''; + pop.pipe = target: source: /* sh */ '' ${quote source.command} | { ${runShell target /* sh */ "cat > ${quote target.path}"} |