From cb25445e2363ccf07c34ee0b1394f31b986e3968 Mon Sep 17 00:00:00 2001
From: Fabian Hauser <fabian@fh2.ch>
Date: Sat, 12 Apr 2025 20:39:55 +0300
Subject: [PATCH] WIP: Create script to deploy in CI

---
 deploy/README.md                   | 19 +++++++++----
 deploy/system-physical/default.nix | 27 ++++++++++++++++++
 deploy/system-vm/default.nix       | 27 ++++++++++++++++++
 deploy/system/default.nix          | 20 -------------
 dev-shells/default.nix             |  2 +-
 packages/auto-deploy/default.nix   | 16 +++++++++++
 packages/auto-deploy/script.bash   | 45 ++++++++++++++++++++++++++++++
 packages/deploy-qois/default.nix   | 14 ----------
 treefmt.nix                        |  6 ++--
 updates.md                         |  9 ++----
 10 files changed, 136 insertions(+), 49 deletions(-)
 create mode 100644 deploy/system-physical/default.nix
 create mode 100644 deploy/system-vm/default.nix
 delete mode 100644 deploy/system/default.nix
 create mode 100644 packages/auto-deploy/default.nix
 create mode 100644 packages/auto-deploy/script.bash
 delete mode 100644 packages/deploy-qois/default.nix

diff --git a/deploy/README.md b/deploy/README.md
index 8c95d8a..934665e 100644
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -4,14 +4,21 @@ Note that you have to be connected to the `vpn.qo.is`
 (or execute the deployment from a host that is in the `backplane.net.qo.is` overlay network)
 and that you need to have SSH root access to the target machines.
 
+## Deploy system categories
+
+This is also used in CI.
+
+```bash
+
+auto-deploy vm
+auto-deploy physical
+```
+
 ## Deploy to selected target hosts
 
 ```bash
-nix run .#deploy-qois .#<hostname>.system .#<hostname2>.system
-```
+nix develop
 
-## Deploy with extended timeouts (sometimes required for slow APU devices)
-
-```bash
-nix run .#deploy-qois  .#calanda.system -- --confirm-timeout 600 --activation-timeout 600
+deploy --skip-checks .#cyprianspitz.system-physical
+deploy --skip-checks .#lindberg-build.system-vm
 ```
diff --git a/deploy/system-physical/default.nix b/deploy/system-physical/default.nix
new file mode 100644
index 0000000..0b344a7
--- /dev/null
+++ b/deploy/system-physical/default.nix
@@ -0,0 +1,27 @@
+{
+  deployPkgs,
+  pkgs,
+  self,
+  ...
+}:
+let
+  inherit (pkgs.lib) pipe filterAttrs mapAttrs;
+in
+{
+  nodes = pipe self.nixosConfigurations [
+    (filterAttrs (_n: v: v.config.services.qemuGuest.enable == false))
+    (mapAttrs (
+      host: config: {
+        hostname = "${host}.backplane.net.qo.is";
+        profiles.system-physical = {
+          sshUser = "root";
+          user = "root";
+          activationTimeout = 600;
+          confirmTimeout = 120;
+          remoteBuild = true;
+          path = deployPkgs.deploy-rs.lib.activate.nixos config;
+        };
+      }
+    ))
+  ];
+}
diff --git a/deploy/system-vm/default.nix b/deploy/system-vm/default.nix
new file mode 100644
index 0000000..019da31
--- /dev/null
+++ b/deploy/system-vm/default.nix
@@ -0,0 +1,27 @@
+{
+  deployPkgs,
+  pkgs,
+  self,
+  ...
+}:
+let
+  inherit (pkgs.lib) pipe filterAttrs mapAttrs;
+in
+{
+  nodes = pipe self.nixosConfigurations [
+    (filterAttrs (_n: v: v.config.services.qemuGuest.enable))
+    (mapAttrs (
+      host: config: {
+        hostname = "${host}.backplane.net.qo.is";
+        profiles.system-vm = {
+          sshUser = "root";
+          user = "root";
+          activationTimeout = 300;
+          confirmTimeout = 60;
+          remoteBuild = true;
+          path = deployPkgs.deploy-rs.lib.activate.nixos config;
+        };
+      }
+    ))
+  ];
+}
diff --git a/deploy/system/default.nix b/deploy/system/default.nix
deleted file mode 100644
index cdaf846..0000000
--- a/deploy/system/default.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  deployPkgs,
-  pkgs,
-  self,
-  system,
-  ...
-}:
-{
-  nodes = pkgs.lib.mapAttrs (host: config: {
-    hostname = "${host}.backplane.net.qo.is";
-    profiles.system = {
-      sshUser = "root";
-      user = "root";
-      activationTimeout = 420;
-      confirmTimeout = 120;
-
-      path = deployPkgs.deploy-rs.lib.activate.nixos config;
-    };
-  }) self.nixosConfigurations;
-}
diff --git a/dev-shells/default.nix b/dev-shells/default.nix
index 2023f3e..6f289ff 100644
--- a/dev-shells/default.nix
+++ b/dev-shells/default.nix
@@ -29,9 +29,9 @@ in
       pre-commit-check.enabledPackages
       ++ [ vscodium-with-extensions ]
       ++ (with self.packages.${system}; [
-        deploy-qois
         sops
         sops-rekey
+        auto-deploy
       ])
       ++ (with pkgs; [
         attic-client
diff --git a/packages/auto-deploy/default.nix b/packages/auto-deploy/default.nix
new file mode 100644
index 0000000..3c266a7
--- /dev/null
+++ b/packages/auto-deploy/default.nix
@@ -0,0 +1,16 @@
+{
+  deploy-rs,
+  gitMinimal,
+  writeShellApplication,
+  lib,
+  ...
+}:
+writeShellApplication {
+  name = "auto-deploy";
+  meta.description = "Deploy machines automatically.";
+  runtimeInputs = [
+    deploy-rs
+    gitMinimal
+  ];
+  text = lib.readFile ./script.bash;
+}
diff --git a/packages/auto-deploy/script.bash b/packages/auto-deploy/script.bash
new file mode 100644
index 0000000..0fba9ce
--- /dev/null
+++ b/packages/auto-deploy/script.bash
@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+#### Environment
+FLAKE_ROOT="$(git rev-parse --show-toplevel)"
+
+export PROFILE=""
+case "${1:-''}" in
+vm | physical)
+  PROFILE="system-$1"
+  ;;
+*)
+  echo "🛑 Error: Please use 'vm' or 'physical' as first parameter."
+  exit 1
+  ;;
+esac
+
+HOSTS=$(nix eval --raw "$FLAKE_ROOT"#deploy.nodes --apply "
+   nodes: let
+     inherit (builtins) attrNames filter concatStringsSep;
+     names = attrNames nodes;
+     profile = \"$PROFILE\";
+     filteredNames = filter (name: nodes.\${name}.profiles ? \${profile}) names;
+   in concatStringsSep \"\\n\" filteredNames
+")
+
+#### Helpers
+retry() {
+  local -r -i max_attempts="$1"
+  shift
+  local -i attempt_num=1
+  until "$@"; do
+    if ((attempt_num == max_attempts)); then
+      echo "⚠️ Warning: Attempt $attempt_num failed and there are no more attempts left!"
+      return 1
+    else
+      echo "⚠️ Attempt $attempt_num failed! Trying again in $attempt_num seconds..."
+      sleep $((attempt_num++))
+    fi
+  done
+}
+
+#### Execution
+for HOST in $HOSTS; do
+  retry 3 deploy --skip-checks --targets "${FLAKE_ROOT}#${HOST}.${PROFILE}"
+done
diff --git a/packages/deploy-qois/default.nix b/packages/deploy-qois/default.nix
deleted file mode 100644
index 49ab5e7..0000000
--- a/packages/deploy-qois/default.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{
-  deploy-rs,
-  flakeSelf,
-  writeShellApplication,
-  ...
-}:
-writeShellApplication {
-  name = "deploy-qois";
-  meta.description = "Deploy configuration to specificed targets.";
-  runtimeInputs = [ deploy-rs ];
-  text = ''
-    deploy --remote-build --skip-checks --interactive --targets "''${@:-${flakeSelf}}"
-  '';
-}
diff --git a/treefmt.nix b/treefmt.nix
index 5e44926..14412c6 100644
--- a/treefmt.nix
+++ b/treefmt.nix
@@ -19,11 +19,13 @@
         "*.toml"
       ]
       ++ [
-        ".envrc"
-        "robots.txt"
         ".vscode/*"
         "nixos-modules/system/etc/*"
+        "private"
         "private/*"
+
+        ".envrc"
+        "robots.txt"
       ];
     formatter.jsonfmt.excludes = [ ".vscode/*.json" ];
   };
diff --git a/updates.md b/updates.md
index 949cac7..47c875d 100644
--- a/updates.md
+++ b/updates.md
@@ -22,13 +22,10 @@ Deploy updates:
 nix develop
 
 # Deploy vms
-deploy-qois .#lindberg-nextcloud .#lindberg-build
+auto-deploy vm
 
-# Deploy fast physical hosts
-deploy-qois .#lindberg
-
-# Deploy slow physical hosts (maybe do individually)
-deploy-qois --confirm-timeout 600 --activation-timeout 600 --targets .#stompert .#stompert
+# Deploy physical hosts
+auto-deploy physical
 
 ```