clan-cli: get deploymentAddress from clan.networking
This commit is contained in:
parent
0132abc547
commit
8d29d0e69c
|
@ -3,6 +3,7 @@
|
|||
imports = [
|
||||
./secrets
|
||||
./zerotier.nix
|
||||
./networking.nix
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
# just some example options. Can be removed later
|
||||
./bloatware
|
||||
|
|
15
nixosModules/clanCore/networking.nix
Normal file
15
nixosModules/clanCore/networking.nix
Normal file
|
@ -0,0 +1,15 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
options.clan.networking = {
|
||||
deploymentAddress = lib.mkOption {
|
||||
description = ''
|
||||
The target SSH node for deployment.
|
||||
|
||||
By default, the node's attribute name will be used.
|
||||
If set to null, only local deployment will be supported.
|
||||
'';
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
default = "root@${config.networking.hostName}";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -2,10 +2,13 @@ import argparse
|
|||
import json
|
||||
import os
|
||||
import subprocess
|
||||
from typing import Optional
|
||||
|
||||
from ..ssh import Host, HostGroup, HostKeyCheck
|
||||
from ..secrets.upload import upload_secrets
|
||||
from ..dirs import get_clan_flake_toplevel
|
||||
from ..nix import nix_eval
|
||||
from ..secrets.generate import generate_secrets
|
||||
from ..secrets.upload import upload_secrets
|
||||
from ..ssh import Host, HostGroup, HostKeyCheck
|
||||
|
||||
|
||||
def deploy_nixos(hosts: HostGroup) -> None:
|
||||
|
@ -22,7 +25,7 @@ def deploy_nixos(hosts: HostGroup) -> None:
|
|||
["nix", "flake", "archive", "--to", f"ssh://{target}", "--json"],
|
||||
check=True,
|
||||
stdout=subprocess.PIPE,
|
||||
extra_env=env
|
||||
extra_env=env,
|
||||
)
|
||||
data = json.loads(res.stdout)
|
||||
path = data["path"]
|
||||
|
@ -75,20 +78,36 @@ def deploy_nixos(hosts: HostGroup) -> None:
|
|||
|
||||
# FIXME: we want some kind of inventory here.
|
||||
def update(args: argparse.Namespace) -> None:
|
||||
meta = {}
|
||||
if args.flake_uri:
|
||||
meta["flake_uri"] = args.flake_uri
|
||||
if args.flake_attr:
|
||||
meta["flake_attr"] = args.flake_attr
|
||||
deploy_nixos(HostGroup([Host(args.host, user=args.user, meta=meta)]))
|
||||
clan_dir = get_clan_flake_toplevel().as_posix()
|
||||
host = json.loads(
|
||||
subprocess.run(
|
||||
nix_eval(
|
||||
[
|
||||
f'{clan_dir}#nixosConfigurations."{args.machine}".config.clan.networking.deploymentAddress'
|
||||
]
|
||||
),
|
||||
stdout=subprocess.PIPE,
|
||||
check=True,
|
||||
text=True,
|
||||
).stdout
|
||||
)
|
||||
parts = host.split("@")
|
||||
user: Optional[str] = None
|
||||
if len(parts) > 1:
|
||||
user = parts[0]
|
||||
hostname = parts[1]
|
||||
else:
|
||||
hostname = parts[0]
|
||||
maybe_port = hostname.split(":")
|
||||
port = None
|
||||
if len(maybe_port) > 1:
|
||||
hostname = maybe_port[0]
|
||||
port = int(maybe_port[1])
|
||||
print(f"deploying {host}")
|
||||
deploy_nixos(HostGroup([Host(host=hostname, port=port, user=user)]))
|
||||
|
||||
|
||||
def register_update_parser(parser: argparse.ArgumentParser) -> None:
|
||||
# TODO pass all args we don't parse into ssh_args, currently it fails if arg starts with -
|
||||
parser.add_argument("--flake-uri", type=str, default=".#", help="nix flake uri")
|
||||
parser.add_argument(
|
||||
"--flake-attr", type=str, help="nixos configuration in the flake"
|
||||
)
|
||||
parser.add_argument("--user", type=str, default="root")
|
||||
parser.add_argument("host", type=str)
|
||||
parser.add_argument("--target-host", type=str, default="root")
|
||||
parser.add_argument("machine", type=str)
|
||||
parser.set_defaults(func=update)
|
||||
|
|
|
@ -1,11 +1,11 @@
|
|||
import argparse
|
||||
import json
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
from clan_cli.errors import ClanError
|
||||
|
||||
from ..dirs import get_clan_flake_toplevel
|
||||
from ..nix import nix_build
|
||||
from ..nix import nix_build, nix_eval
|
||||
|
||||
|
||||
def upload_secrets(machine: str) -> None:
|
||||
|
@ -17,18 +17,28 @@ def upload_secrets(machine: str) -> None:
|
|||
f'{clan_dir}#nixosConfigurations."{machine}".config.system.clan.uploadSecrets'
|
||||
]
|
||||
),
|
||||
capture_output=True,
|
||||
stdout=subprocess.PIPE,
|
||||
text=True,
|
||||
check=True,
|
||||
)
|
||||
host = json.loads(
|
||||
subprocess.run(
|
||||
nix_eval(
|
||||
[
|
||||
f'{clan_dir}#nixosConfigurations."{machine}".config.clan.networking.deploymentAddress'
|
||||
]
|
||||
),
|
||||
stdout=subprocess.PIPE,
|
||||
text=True,
|
||||
check=True,
|
||||
).stdout
|
||||
)
|
||||
if proc.returncode != 0:
|
||||
print(proc.stderr, file=sys.stderr)
|
||||
raise ClanError(f"failed to upload secrets:\n{proc.stderr}")
|
||||
|
||||
secret_upload_script = proc.stdout.strip()
|
||||
secret_upload = subprocess.run(
|
||||
[
|
||||
secret_upload_script,
|
||||
f"root@{machine}",
|
||||
host,
|
||||
],
|
||||
)
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user