project-wide: Moving to tf-nix for traditional hosts

2026-02-10 04:49:19 -08:00 · 2021-03-29 02:49:45 +01:00 · 2021-03-29 02:49:45 +01:00 · 69c2dcf7f2
commit 69c2dcf7f2
parent 4ad12c96fa
8 changed files with 47 additions and 107 deletions
--- a/modules/nixos/deploy/default.nix
+++ b/modules/nixos/deploy/default.nix
@ -2,42 +2,9 @@

 with lib;

-let
-  cfg = config.deploy;
-  secretsScript = concatMapStrings (file:
-    ''
-      ssh $NIX_SSHOPTS -T root@${cfg.ssh.host} "mkdir -p ${
-        toString file.out.dir
-      }
-      cat > ${file.path}
-      chmod ${file.mode} ${file.path}
-      chown ${file.owner}:${file.group} ${file.path}"''
-    + (if file.source != null then ''
-      < ${toString file.source}
-    '' else ''
-      <<${if hasPrefix "__FUCKERY__" file.text then "EOF" else "'EOF'"}
-      ${removePrefix "__FUCKERY__" file.text}
-      EOF
-    '')) (attrValues config.secrets.files);
-in {
+{
  options = {
    deploy = {
-      enable = mkOption {
-        type = types.bool;
-        default = true;
-      };
-      ssh.host = mkOption {
-        type = types.str;
-        default = "${config.networking.hostName}.${config.networking.domain}";
-      };
-      ssh.port = mkOption {
-        type = types.int;
-        default = head config.services.openssh.ports;
-      };
-      substitute = mkOption {
-        type = types.bool;
-        default = true;
-      };
      groups = mkOption {
        type = with types; listOf str;
        default = [ ];
@ -45,23 +12,7 @@ in {
    };
  };

-  config = mkIf cfg.enable {
+  config = {
    deploy.groups = [ "all" ];
-
-    system.build.deployScript = ''
-      #!${pkgs.runtimeShell}
-      set -xeo pipefail
-      export PATH=${with pkgs; lib.makeBinPath [ coreutils openssh nix ]}
-      export NIX_SSHOPTS="-p${toString cfg.ssh.port}"
-      nix build ${
-        builtins.unsafeDiscardStringContext config.system.build.toplevel.drvPath
-      } -o result-${config.networking.hostName} 
-      nix copy ${
-        if cfg.substitute then "-s" else ""
-      } --no-check-sigs --to ssh://root@${cfg.ssh.host} ${config.system.build.toplevel}
-      ${secretsScript}
-      ssh $NIX_SSHOPTS root@${cfg.ssh.host} "nix-env -p /nix/var/nix/profiles/system -i ${config.system.build.toplevel}" 
-      ssh $NIX_SSHOPTS root@${cfg.ssh.host} "/nix/var/nix/profiles/system/bin/switch-to-configuration $1" 
-    '';
  };
 }