diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0289179..c40fdf4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,17 +25,11 @@ jobs: attic use "$CACHE_REPOSITORY" - name: Run Builds and Checks run: nix-fast-build --no-nom --max-jobs 6 --skip-cached --attic-cache "$CACHE_REPOSITORY" - deploy: - needs: build - if: success() && github.ref == 'refs/heads/54-deploy-vms-automatically' - runs-on: nix - env: - SSH_DEPLOY_KEY: "${{ secrets.SSH_DEPLOY_KEY }}" - strategy: - matrix: - profile: - - docs-ops.qo.is - - system-vm - steps: - - name: "Deploy Profile ${{ matrix.profile }}" - run: "auto-deploy ${{ matrix.profile }}" + - name: Deploy Docs + if: success() && github.ref == 'refs/heads/main' + run: | + mkdir ~/.ssh/ + echo -e "Host lindberg-webapps.backplane.net.qo.is\n StrictHostKeyChecking no" >> ~/.ssh/config + (umask 0077 && printf "%s\n" "${{ secrets.SSH_DEPLOY_KEY }}" > ~/.ssh/id_ed25519) + deploy --skip-checks --remote-build .#lindberg-webapps.\"docs-ops.qo.is\" + # Remote build is neccessary due to non-wheel nix users signing restrictions. However, the build should come from the cache anyway. diff --git a/deploy/README.md b/deploy/README.md index d0abdbc..934665e 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -6,17 +6,12 @@ and that you need to have SSH root access to the target machines. ## Deploy system categories -We currently split out nixosConfigurations into these categories: - -- `system-ci`: Systems should be updated separately because they might break automated deployment processes. -- `system-vm`: Virtual systems. -- `system-physical`: Physical systems. - -You can roll updates with retries by category with: +This is also used in CI. ```bash -auto-deploy system-vm -auto-deploy system-physical + +auto-deploy vm +auto-deploy physical ``` ## Deploy to selected target hosts diff --git a/deploy/docs-ops/default.nix b/deploy/docs-ops/default.nix index 8fd2890..7fcf9ae 100644 --- a/deploy/docs-ops/default.nix +++ b/deploy/docs-ops/default.nix @@ -12,6 +12,5 @@ in sshUser = "nginx-${domain}"; path = deployPkgs.deploy-rs.lib.activate.noop self.packages.${system}.docs; profilePath = "/var/lib/nginx-${domain}/root"; - remoteBuild = true; }; } diff --git a/deploy/system-ci/default.nix b/deploy/system-ci/default.nix deleted file mode 100644 index a9e49a0..0000000 --- a/deploy/system-ci/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - deployPkgs, - pkgs, - self, - ... -}: -let - inherit (pkgs.lib) pipe filterAttrs mapAttrs; -in -{ - nodes = pipe self.nixosConfigurations [ - (filterAttrs (_n: v: v.config.qois.git-ci-runner.enable)) - (mapAttrs ( - host: config: { - hostname = "${host}.backplane.net.qo.is"; - profiles.system-ci = { - sshUser = "root"; - user = "root"; - activationTimeout = 300; - confirmTimeout = 60; - remoteBuild = true; - path = deployPkgs.deploy-rs.lib.activate.nixos config; - }; - } - )) - ]; -} diff --git a/deploy/system-physical/default.nix b/deploy/system-physical/default.nix index 4e60068..0b344a7 100644 --- a/deploy/system-physical/default.nix +++ b/deploy/system-physical/default.nix @@ -9,7 +9,7 @@ let in { nodes = pipe self.nixosConfigurations [ - (filterAttrs (_n: v: !v.config.services.qemuGuest.enable && !v.config.qois.git-ci-runner.enable)) + (filterAttrs (_n: v: v.config.services.qemuGuest.enable == false)) (mapAttrs ( host: config: { hostname = "${host}.backplane.net.qo.is"; diff --git a/deploy/system-vm/default.nix b/deploy/system-vm/default.nix index 65177b4..019da31 100644 --- a/deploy/system-vm/default.nix +++ b/deploy/system-vm/default.nix @@ -9,7 +9,7 @@ let in { nodes = pipe self.nixosConfigurations [ - (filterAttrs (_n: v: v.config.services.qemuGuest.enable && !v.config.qois.git-ci-runner.enable)) + (filterAttrs (_n: v: v.config.services.qemuGuest.enable)) (mapAttrs ( host: config: { hostname = "${host}.backplane.net.qo.is"; diff --git a/packages/auto-deploy/script.bash b/packages/auto-deploy/script.bash index c68c2a0..0fba9ce 100644 --- a/packages/auto-deploy/script.bash +++ b/packages/auto-deploy/script.bash @@ -3,42 +3,25 @@ #### Environment FLAKE_ROOT="$(git rev-parse --show-toplevel)" -export PROFILE="${1:-}" -if [ -z "${PROFILE}" ]; then - echo "🛑 Error: No deployment profile was specified as first parameter (e.g. \"${0} system-vm\")" 1>&2 +export PROFILE="" +case "${1:-''}" in +vm | physical) + PROFILE="system-$1" + ;; +*) + echo "🛑 Error: Please use 'vm' or 'physical' as first parameter." exit 1 -fi + ;; +esac -if [ -z "${SSH_DEPLOY_KEY:-}" ]; then - echo "ℹī¸ Info: SSH_DEPLOY_KEY env variable was not set, ignoring." - SSH_KEY_FILE_ARG="" -else - TEMP_KEY_FILE=$(mktemp /dev/shm/ssh_deploy_key.XXXXXXXX) - touch "${TEMP_KEY_FILE}" && chmod 600 "${TEMP_KEY_FILE}" - printf "%s\n" "${SSH_DEPLOY_KEY}" >"${TEMP_KEY_FILE}" - SSH_KEY_FILE_ARG="-i ${TEMP_KEY_FILE}" - - # Set up a trap to remove the temporary key file on script exit - trap 'rm -f "${TEMP_KEY_FILE}"' EXIT - trap 'rm -f "${TEMP_KEY_FILE}"' SIGINT - trap 'rm -f "${TEMP_KEY_FILE}"' SIGTERM - trap 'rm -f "${TEMP_KEY_FILE}"' SIGQUIT -fi - -HOSTS=$(nix eval --raw "${FLAKE_ROOT}"#deploy.nodes --apply " +HOSTS=$(nix eval --raw "$FLAKE_ROOT"#deploy.nodes --apply " nodes: let inherit (builtins) attrNames filter concatStringsSep; names = attrNames nodes; - profile = \"${PROFILE}\"; + profile = \"$PROFILE\"; filteredNames = filter (name: nodes.\${name}.profiles ? \${profile}) names; in concatStringsSep \"\\n\" filteredNames ") -if [ -z "$HOSTS" ]; then - echo "🛑 Error: No deployments matching the profile ${PROFILE} were found." 1>&2 - exit 1 -fi - -KNOWN_HOSTS_FILE=$(nix eval --raw .#nixosConfigurations.lindberg.config.environment.etc."ssh/ssh_known_hosts".source) #### Helpers retry() { @@ -47,7 +30,7 @@ retry() { local -i attempt_num=1 until "$@"; do if ((attempt_num == max_attempts)); then - echo "🛑 Error: Attempt $attempt_num failed and there are no more attempts left!" 1>&2 + echo "⚠ī¸ Warning: Attempt $attempt_num failed and there are no more attempts left!" return 1 else echo "⚠ī¸ Attempt $attempt_num failed! Trying again in $attempt_num seconds..." @@ -58,8 +41,5 @@ retry() { #### Execution for HOST in $HOSTS; do - retry 3 deploy \ - --skip-checks \ - --ssh-opts "-o UserKnownHostsFile=${KNOWN_HOSTS_FILE} ${SSH_KEY_FILE_ARG:-''}" \ - --targets "${FLAKE_ROOT}#\"${HOST}\".\"${PROFILE}\"" + retry 3 deploy --skip-checks --targets "${FLAKE_ROOT}#${HOST}.${PROFILE}" done diff --git a/updates.md b/updates.md index 4a8f56d..47c875d 100644 --- a/updates.md +++ b/updates.md @@ -22,14 +22,10 @@ Deploy updates: nix develop # Deploy vms -auto-deploy system-vm - -# Deploy CI hosts -auto-deploy system-ci +auto-deploy vm # Deploy physical hosts -auto-deploy system-physical - +auto-deploy physical ```