about summary refs log tree commit diff
diff options
context:
space:
mode:
authorGriffin Smith <grfn@gws.fyi>2020-07-03T04·26-0400
committerglittershark <grfn@gws.fyi>2020-07-06T15·16+0000
commita73714a93c2d5e1ce2f9e52f23eaf3019a5d46ed (patch)
tree9162ebd1a732ddcd743794eba602f88cd6ba4e27
parent8bcdff263c31892161c5c40eb848f02b88c18624 (diff)
feat(ops/nixos): Add generic rebuild-system script r/1221
This adds a first crack at one idea for a generic, non-user-specific
rebuild-system script to ops.nixos.rebuild-system. The idea here is that
we enumerate all the nixos systems stored in the monorepo (similarly to
what we do for ci-builds right now) then search through them by hostname
to find the one matching the hostname of the current system, which is an
attempt at a more generic version of tazjin's rebuilder script which
does the same thing but with an explicit case block.

As a caveat, it feels like there's a slight possibility that this way of
finding systems is going to get slow to evaluate - on my system it feels
fine but if it grows out of hand it's probably feasible to just bake
this into the built script as a dynamically generated case statement.

Change-Id: I2e4c5401913b6f4d936ab48ba2f95f96e0e78eb4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/894
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
-rwxr-xr-xbin/__dispatch.sh3
l---------bin/rebuild-system1
-rw-r--r--ci-builds.nix20
-rw-r--r--ops/nixos/all-systems.nix14
-rw-r--r--ops/nixos/default.nix36
-rw-r--r--ops/nixos/whitby/default.nix6
-rw-r--r--users/glittershark/system/system/default.nix4
7 files changed, 63 insertions, 21 deletions
diff --git a/bin/__dispatch.sh b/bin/__dispatch.sh
index e8d54fec39c9..fa954ae29c1d 100755
--- a/bin/__dispatch.sh
+++ b/bin/__dispatch.sh
@@ -52,6 +52,9 @@ case "${TARGET_TOOL}" in
   hash-password)
     attr="tools.hash-password"
     ;;
+  rebuild-system)
+    attr="ops.nixos.rebuild-system"
+    ;;
   *)
     echo "The tool '${TARGET_TOOL}' is currently not installed in this repository."
     exit 1
diff --git a/bin/rebuild-system b/bin/rebuild-system
new file mode 120000
index 000000000000..8390ec9c9652
--- /dev/null
+++ b/bin/rebuild-system
@@ -0,0 +1 @@
+__dispatch.sh
\ No newline at end of file
diff --git a/ci-builds.nix b/ci-builds.nix
index 26f7e105d9fd..437804eef937 100644
--- a/ci-builds.nix
+++ b/ci-builds.nix
@@ -16,6 +16,10 @@ let
     owo = lib.generators.toPretty {} exp;
   };
 
+  systemFor = configuration: (depot.third_party.nixos {
+    inherit configuration;
+  }).system;
+
 in lib.fix (self: {
   __apprehendEvaluators = throw ''
     Do not evaluate this attribute set directly. It exists only to group builds
@@ -28,18 +32,10 @@ in lib.fix (self: {
   # used to trigger builds for each key.
   __evaluatable = filter (key: (substring 0 2 key) != "__") (attrNames self);
 
-  # List of non-public targets, these are only used in local builds
-  # and not in CI.
-  __nonpublic = with depot; [
-    users.tazjin.nixos.camdenSystem
-    users.tazjin.nixos.frogSystem
-  ];
-
   # Combined list of all the targets, used for building everything locally.
   __allTargets =
     (with depot.nix.yants; list drv)
-      (foldl' (x: y: x ++ y) self.__nonpublic
-        (map (k: getAttr k self) self.__evaluatable));
+    (foldl' (x: y: x ++ y) [] (map (k: getAttr k self) self.__evaluatable));
 
   fun = with depot.fun; [
     amsterdump
@@ -57,7 +53,7 @@ in lib.fix (self: {
     journaldriver
     kontemplate
     mq_cli
-    nixos.whitby
+    (systemFor nixos.whitby)
   ];
 
   third_party = with depot.third_party; [
@@ -98,10 +94,12 @@ in lib.fix (self: {
     emacs
     finito
     homepage
+    (systemFor nixos.camden)
+    (systemFor nixos.frog)
   ];
 
   glittershark = with depot.users.glittershark; [
-    system.system.chupacabra
+    (systemFor system.system.chupacabra)
     xanthous
   ];
 })
diff --git a/ops/nixos/all-systems.nix b/ops/nixos/all-systems.nix
new file mode 100644
index 000000000000..ba63de2f2dd5
--- /dev/null
+++ b/ops/nixos/all-systems.nix
@@ -0,0 +1,14 @@
+{ depot, ... }:
+
+(with depot.ops.nixos; [
+  whitby
+]) ++
+
+(with depot.users.tazjin.nixos; [
+  camden
+  frog
+]) ++
+
+(with depot.users.glittershark.system.system; [
+  chupacabra
+])
diff --git a/ops/nixos/default.nix b/ops/nixos/default.nix
index a0d7630d00e0..40431a79afaf 100644
--- a/ops/nixos/default.nix
+++ b/ops/nixos/default.nix
@@ -6,8 +6,40 @@
 #
 # TODO(tazjin): Find a more elegant solution for the whole module
 # situation.
-{ ... }@args:
+{ lib, pkgs, depot, ... }@args:
 
-{
+let
+  inherit (lib) findFirst isAttrs;
+in
+
+rec {
   whitby = import ./whitby/default.nix args;
+
+  # System installation
+
+  allSystems = import ./all-systems.nix args;
+
+  nixosFor = configuration: depot.third_party.nixos {
+    inherit configuration;
+  };
+
+  findSystem = hostname:
+    (findFirst
+      (system: system.config.networking.hostName == hostname)
+      (throw "${hostname} is not a known NixOS host")
+      (map nixosFor allSystems));
+
+  rebuild-system = pkgs.writeShellScriptBin "rebuild-system" ''
+    set -ue
+    if [[ $EUID -ne 0 ]]; then
+      echo "Oh no! Only root is allowed to rebuild the system!" >&2
+      exit 1
+    fi
+
+    echo "Rebuilding NixOS for $HOSTNAME"
+    system=$(nix-build -E "((import ${toString depot.depotPath} {}).ops.nixos.findSystem \"$HOSTNAME\").system" --no-out-link --show-trace)
+
+    nix-env -p /nix/var/nix/profiles/system --set $system
+    $system/bin/switch-to-configuration switch
+  '';
 }
diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix
index 73066d6b9cad..b1055ddd2ee1 100644
--- a/ops/nixos/whitby/default.nix
+++ b/ops/nixos/whitby/default.nix
@@ -12,11 +12,7 @@ let
     mkdir -p $out/bin
     ln -s ${depot.ops.besadii}/bin/besadii $out/bin/post-command
   '';
-
-  systemForConfig = configuration: (depot.third_party.nixos {
-    inherit configuration;
-  }).system;
-in systemForConfig {
+in {
   inherit depot;
   imports = [
     "${depot.depotPath}/ops/nixos/depot.nix"
diff --git a/users/glittershark/system/system/default.nix b/users/glittershark/system/system/default.nix
index 75e93d533bdd..7c241de86b0a 100644
--- a/users/glittershark/system/system/default.nix
+++ b/users/glittershark/system/system/default.nix
@@ -1,9 +1,7 @@
 { depot, ... }:
 
 rec {
-  chupacabra = (depot.third_party.nixos {
-    configuration = import ./machines/chupacabra.nix;
-  }).system;
+  chupacabra = import ./machines/chupacabra.nix;
 
   rebuilder =
     let