blob: 69f4ab3a80f301191ca45a54928af89ac6cf4854 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
with import ../../lib;
with shell;
{ coreutils, dash, findutils, git, jq, openssh, rsync, writeDash }:
let
check = { force, target }: let
sentinelFile = "${target.path}/.populate";
in shell' target /* sh */ ''
${optionalString force /* sh */ ''
mkdir -vp ${quote (dirOf sentinelFile)}
touch ${quote sentinelFile}
''}
if ! test -f ${quote sentinelFile}; then
>&2 printf 'error: missing sentinel file: %s\n' ${quote (
optionalString (!isLocalTarget target) "${target.host}:" +
sentinelFile
)}
exit 1
fi
'';
pop.file = target: file: rsync' target (quote file.path);
pop.git = target: git: shell' target /* sh */ ''
if ! test -e ${quote target.path}; then
git clone --recurse-submodules ${quote git.url} ${quote target.path}
fi
cd ${quote target.path}
if ! url=$(git config remote.origin.url); then
git remote add origin ${quote git.url}
elif test "$url" != ${quote git.url}; then
git remote set-url origin ${quote git.url}
fi
# TODO resolve git_ref to commit hash
hash=${quote git.ref}
if ! test "$(git log --format=%H -1)" = "$hash"; then
if ! git log -1 "$hash" >/dev/null 2>&1; then
git fetch origin
fi
git checkout "$hash" -- ${quote target.path}
git -c advice.detachedHead=false checkout -f "$hash"
git submodule update --init --recursive
fi
git clean -dfx
'';
pop.pass = target: pass: let
passPrefix = "${pass.dir}/${pass.name}";
in /* sh */ ''
umask 0077
tmp_dir=$(${coreutils}/bin/mktemp -dt populate-pass.XXXXXXXX)
trap cleanup EXIT
cleanup() {
rm -fR "$tmp_dir"
}
${findutils}/bin/find ${quote passPrefix} -type f |
while read -r gpg_path; do
rel_name=''${gpg_path#${quote passPrefix}}
rel_name=''${rel_name%.gpg}
pass_date=$(
${git}/bin/git -C ${quote pass.dir} log -1 --format=%aI "$gpg_path"
)
pass_name=${quote pass.name}/$rel_name
tmp_path=$tmp_dir/$rel_name
${coreutils}/bin/mkdir -p "$(${coreutils}/bin/dirname "$tmp_path")"
PASSWORD_STORE_DIR=${quote pass.dir} pass show "$pass_name" > "$tmp_path"
${coreutils}/bin/touch -d "$pass_date" "$tmp_path"
done
${rsync' target /* sh */ "$tmp_dir"}
'';
pop.pipe = target: pipe: /* sh */ ''
${quote pipe.command} | {
${shell' target /* sh */ "cat > ${quote target.path}"}
}
'';
# TODO rm -fR instead of ln -f?
pop.symlink = target: symlink: shell' target /* sh */ ''
ln -fns ${quote symlink.target} ${quote target.path}
'';
populate = target: name: source: let
source' = source.${source.type};
target' = target // { path = "${target.path}/${name}"; };
in writeDash "populate.${target'.host}.${name}" ''
set -efu
${pop.${source.type} target' source'}
'';
rsync' = target: sourcePath: /* sh */ ''
source_path=${sourcePath}
if test -d "$source_path"; then
source_path=$source_path/
fi
${rsync}/bin/rsync \
-e ${quote (ssh' target)} \
-vFrlptD \
--delete-excluded \
"$source_path" \
${quote (
optionalString (!isLocalTarget target)
"${target.user}@${target.host}:" +
target.path
)} \
>&2
'';
shell' = target: script:
if isLocalTarget target
then script
else /* sh */ ''
${ssh' target} ${quote target.host} ${quote script}
'';
ssh' = target: concatMapStringsSep " " quote [
"${openssh}/bin/ssh"
"-l" target.user
"-o" "ControlPersist=no"
"-p" target.port
"-T"
];
in
{ force ? false, source, target }: writeDash "populate.${target.host}" ''
set -efu
${check { inherit force target; }}
set -x
${concatStringsSep "\n" (mapAttrsToList (populate target) source)}
''
|