refactor(ci): scripts

2026-02-09 04:19:19 -08:00 · 2024-02-22 11:46:52 -08:00 · 2024-02-22 11:46:52 -08:00 · 5c73439cad
commit 5c73439cad
parent c4fcb16fef
19 changed files with 288 additions and 207 deletions
--- a/ci/alejandra.sh
+++ b/ci/alejandra.sh
@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -eu
+
+for blacklist_dir in "${NF_NIX_BLACKLIST_DIRS[@]}"; do
+	set -- --exclude "$blacklist_dir" "$@"
+done
+
+exec alejandra "$@"
--- a/ci/build.sh
+++ b/ci/build.sh
@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -eu
+ARG_NODE=$1
+shift
+
+exec nix build --no-link --print-out-paths \
+	"${NF_CONFIG_ROOT}#nixosConfigurations.$ARG_NODE.config.system.build.toplevel" \
+	--show-trace "$@"
--- a/ci/deadnix.sh
+++ b/ci/deadnix.sh
@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -eu
+
+NF_NIX_BLACKLIST_FILES=(
+	$(find "${NF_NIX_BLACKLIST_DIRS[@]}" -type f)
+)
+
+exec deadnix "$@" \
+	--no-lambda-arg \
+	--exclude "${NF_NIX_BLACKLIST_FILES[@]}"
--- a/ci/deploy.sh
+++ b/ci/deploy.sh
@ -1,59 +0,0 @@
-#!/usr/bin/env bash
-set -eu
-
-NF_CONFIG_ROOT=${NF_CONFIG_ROOT-.}
-
-NF_HOST=${NF_HOST-tewi}
-NIXOS_TOPLEVEL=nixosConfigurations.$NF_HOST.config.system.build.toplevel
-NF_ADDR=${NF_ADDR-${NF_HOST}.local}
-
-if [[ $NF_ADDR = tewi.local ]]; then
-	# work around homekit namespace clash
-	NF_ADDR=tewi.local.gensokyo.zone
-fi
-
-if [[ $# -eq 0 ]]; then
-	set -- ""
-fi
-
-if [[ $1 = tarball ]]; then
-	shift
-	set -- build "$@"
-	NIXOS_TOPLEVEL=nixosConfigurations.$NF_HOST.config.system.build.tarball
-fi
-
-if [[ $1 = build ]]; then
-	shift
-	exec nix build --no-link --print-out-paths \
-		$NF_CONFIG_ROOT\#$NIXOS_TOPLEVEL \
-		"$@"
-elif [[ $1 = switch ]] || [[ $1 = boot ]] || [[ $1 = test ]] || [[ $1 = dry-* ]]; then
-	METHOD=$1
-	shift
-	exec nixos-rebuild $METHOD \
-		--flake $NF_CONFIG_ROOT\#$NF_HOST \
-		--no-build-nix \
-		--target-host $NF_ADDR --use-remote-sudo \
-		"$@"
-elif [[ $1 = check ]]; then
-	EXIT_CODE=0
-	DEFAULT=$(nix eval --raw -f $NF_CONFIG_ROOT $NIXOS_TOPLEVEL)
-	FLAKE=$(nix eval --raw $NF_CONFIG_ROOT\#$NIXOS_TOPLEVEL)
-	if [[ $DEFAULT != $FLAKE ]]; then
-		echo default.nix: $DEFAULT
-		echo flake.nix: $FLAKE
-		EXIT_CODE=1
-	else
-		echo untrusted ok: $FLAKE
-	fi
-	exit $EXIT_CODE
-elif [[ $1 = ssh ]]; then
-	shift
-	exec ssh $NIX_SSHOPTS $NF_ADDR "$@"
-elif [[ $1 = sops-keyscan ]]; then
-	shift
-	ssh-keyscan $NIX_SSHOPTS $NF_ADDR | nix run nixpkgs#ssh-to-age
-else
-	echo unknown cmd $1 >&2
-	exit 1
-fi
--- a/ci/fmt-nix.sh
+++ b/ci/fmt-nix.sh
@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -eu
+
+exec nf-alejandra "${NF_NIX_WHITELIST_FILES[@]}" "$@"
--- a/ci/fmt-tf.sh
+++ b/ci/fmt-tf.sh
@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -eu
+
+exec terraform fmt -recursive "$@"
--- a/ci/generate.sh
+++ b/ci/generate.sh
@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -eu
+
+for node in reisen; do
+	nix eval --json "${NF_CONFIG_ROOT}#lib.generate.$node.users" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/users.json"
+done
--- a/ci/hostname.sh
+++ b/ci/hostname.sh
@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+set -eu
+
+DEPLOY_USER=
+if [[ $# -gt 1 ]]; then
+	ARG_NODE=$1
+	ARG_HOSTNAME=$2
+	shift 2
+else
+	ARG_HOSTNAME=$1
+	shift
+	ARG_NODE=${ARG_HOSTNAME%%.*}
+	if [[ $ARG_HOSTNAME = $ARG_NODE ]]; then
+		if DEPLOY_HOSTNAME=$(nix eval --raw "${NF_CONFIG_ROOT}#deploy.nodes.$ARG_HOSTNAME.hostname" 2>/dev/null); then
+			DEPLOY_USER=$(nix eval --raw "${NF_CONFIG_ROOT}#deploy.nodes.$ARG_HOSTNAME.sshUser" 2>/dev/null || true)
+			ARG_HOSTNAME=$DEPLOY_HOSTNAME
+			if ! ping -w2 -c1 "$DEPLOY_HOSTNAME" >/dev/null 2>&1; then
+				ARG_HOSTNAME="$ARG_NODE.local"
+			fi
+		else
+			ARG_HOSTNAME="$ARG_NODE.local"
+		fi
+	fi
+fi
+
+if ! ping -w2 -c1 "$ARG_HOSTNAME" >/dev/null 2>&1; then
+	LOCAL_HOSTNAME=$ARG_NODE.local.gensokyo.zone
+	TAIL_HOSTNAME=$ARG_NODE.tail.gensokyo.zone
+	GLOBAL_HOSTNAME=$ARG_NODE.gensokyo.zone
+	if ping -w2 -c1 "$LOCAL_HOSTNAME" >/dev/null 2>&1; then
+		ARG_HOSTNAME=$LOCAL_HOSTNAME
+	elif ping -w2 -c1 "$TAIL_HOSTNAME" >/dev/null 2>&1; then
+		ARG_HOSTNAME=$TAIL_HOSTNAME
+	elif ping -w2 -c1 "$GLOBAL_HOSTNAME" >/dev/null 2>&1; then
+		ARG_HOSTNAME=$GLOBAL_HOSTNAME
+	fi
+fi
+
+echo "${DEPLOY_USER-}${DEPLOY_USER+@}$ARG_HOSTNAME"
--- a/ci/lint-nix.sh
+++ b/ci/lint-nix.sh
@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -eu
+
+nf-statix check "$@" &&
+	nf-deadnix -f "$@"
--- a/ci/lint-tf.sh
+++ b/ci/lint-tf.sh
@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+set -eu
+
+exec tflint "$@"
--- a/ci/setup.sh
+++ b/ci/setup.sh
@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -eu
+SETUP_HOSTNAME=''${1-reisen}
+
+exec ssh root@$SETUP_HOSTNAME env \
+	"${NF_SETUP_INPUTS[@]}" \
+	"bash -c \"eval \\\"\\\$(base64 -d <<<\\\$INPUT_INFRA_SETUP)\\\"\""
--- a/ci/sops-keyscan.sh
+++ b/ci/sops-keyscan.sh
@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -eu
+ARG_NODE=$1
+shift
+ARG_HOSTNAME=$(nf-hostname "$ARG_NODE")
+
+ssh-keyscan ''${NIX_SSHOPTS--p62954} "''${ARG_HOSTNAME#*@}" "$@" | ssh-to-age
--- a/ci/ssh.sh
+++ b/ci/ssh.sh
@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -eu
+ARG_NODE=$1
+shift
+ARG_HOSTNAME=$(nf-hostname "$ARG_NODE")
+NIX_SSHOPTS=$(nf-sshopts "$ARG_NODE")
+
+exec ssh $NIX_SSHOPTS "$ARG_HOSTNAME" "$@"
--- a/ci/sshopts.sh
+++ b/ci/sshopts.sh
@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -eu
+ARG_HOSTNAME=$1
+ARG_NODE=${ARG_HOSTNAME%%.*}
+
+if DEPLOY_SSHOPTS=$(nix eval --json "${NF_CONFIG_ROOT}#deploy.nodes.$ARG_HOSTNAME.sshOpts" 2>/dev/null); then
+	SSHOPTS=($(jq -r '.[]' <<<"$DEPLOY_SSHOPTS"))
+	echo "${SSHOPTS[*]}"
+elif [[ $ARG_NODE = reisen ]]; then
+	SSHOPTS=()
+else
+	SSHOPTS=(${NIX_SSHOPTS--p62954})
+fi
+
+if [[ $ARG_NODE = ct || $ARG_NODE = reisen-ct ]]; then
+	SSHOPTS+=(-oUpdateHostKeys=no -oStrictHostKeyChecking=off)
+else
+	SSHOPTS+=(-oHostKeyAlias=$ARG_NODE.gensokyo.zone)
+fi
+
+echo "${SSHOPTS[*]}"
--- a/ci/statix.sh
+++ b/ci/statix.sh
@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -eu
+if [[ $# -eq 0 ]]; then
+	set -- check
+fi
+
+if [[ ${1-} = check ]]; then
+	shift
+	set -- check --config "$NF_CONFIG_ROOT/ci/statix.toml" "$@"
+fi
+
+exec statix "$@"
--- a/ci/switch.sh
+++ b/ci/switch.sh
@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+set -eu
+ARG_NODE=$1
+shift
+ARG_HOSTNAME=$(nf-hostname "$ARG_NODE")
+NIX_SSHOPTS=$(nf-sshopts "$ARG_NODE")
+
+if [[ $# -gt 0 ]]; then
+	ARG_METHOD=$1
+	shift
+else
+	ARG_METHOD=switch
+fi
+
+if [[ $ARG_HOSTNAME != root@ ]]; then
+	set -- --use-remote-sudo "$@"
+fi
+
+exec nixos-rebuild "$ARG_METHOD" \
+	--flake "${NF_CONFIG_ROOT}#${ARG_NODE}" \
+	--no-build-nix \
+	--target-host "$ARG_HOSTNAME" \
+	"$@"
--- a/ci/tarball.sh
+++ b/ci/tarball.sh
@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+set -eu
+if [[ $# -gt 0 ]]; then
+	ARG_NODE=$1
+	shift
+else
+	ARG_NODE=ct
+fi
+
+ARG_CONFIG_PATH=nixosConfigurations.$ARG_NODE.config
+RESULT=$(nix build --no-link --print-out-paths \
+	"${NF_CONFIG_ROOT}#$ARG_CONFIG_PATH.system.build.tarball" \
+	--show-trace "$@")
+
+if [[ $ARG_NODE = ct ]]; then
+	DATESTAMP=$(nix eval --raw "${NF_CONFIG_ROOT}#lib.inputs.nixpkgs.sourceInfo.lastModifiedDate")
+	DATENAME=${DATESTAMP:0:4}${DATESTAMP:4:2}${DATESTAMP:6:2}
+	SYSARCH=$(nix eval --raw "${NF_CONFIG_ROOT}#$ARG_CONFIG_PATH.nixpkgs.system")
+	TAREXT=$(nix eval --raw "${NF_CONFIG_ROOT}#$ARG_CONFIG_PATH.system.build.tarball.extension")
+	TARNAME=nixos-system-$SYSARCH.tar$TAREXT
+	OUTNAME="ct-$DATENAME-$TARNAME"
+	ln -sf "$RESULT/tarball/$TARNAME" "$OUTNAME"
+	echo $OUTNAME
+	ls -l $OUTNAME
+else
+	echo $RESULT
+fi