IoSL/service-aware-frontend
3
0
Fork 0
generated from Luis/nextjs-python-web-template
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

secrets deploy/generate: use nix_build_machine

Browse Source
This commit is contained in:
lassulus
2023-09-13 23:18:05 +02:00
committed by Mic92
parent 6153a9ee71
commit 23c979f8db
2 changed files with 24 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
pkgs/clan-cli/clan_cli/secrets/deploy.py
View File

@@ -4,25 +4,20 @@ import sys
from clan_cli.errors import ClanError from clan_cli.errors import ClanError
from ..dirs import get_clan_flake_toplevel from ..nix import nix_build_machine
def deploy_secrets(machine: str) -> None: def deploy_secrets(machine: str) -> None:
clan_flake = get_clan_flake_toplevel()
proc = subprocess.run( proc = subprocess.run(
[ nix_build_machine(
"nix", machine=machine,
"build", attr=[
"--impure", "config",
"--print-out-paths", "system",
"--expr", "clan",
f'let f = builtins.getFlake "{clan_flake}"; in ' "deploySecrets",
"(f.nixosConfigurations."
f"{machine}"
".extendModules { modules = [{ clanCore.clanDir = "
f"{clan_flake}"
"; }]; }).config.system.clan.deploySecrets",
], ],
),
capture_output=True, capture_output=True,
text=True, text=True,
) )
@@ -32,7 +27,10 @@ def deploy_secrets(machine: str) -> None:
secret_deploy_script = proc.stdout.strip() secret_deploy_script = proc.stdout.strip()
secret_deploy = subprocess.run( secret_deploy = subprocess.run(
[secret_deploy_script], [
secret_deploy_script,
f"root@{machine}",
],
) )
if secret_deploy.returncode != 0: if secret_deploy.returncode != 0:

23
pkgs/clan-cli/clan_cli/secrets/generate.py
View File

@@ -4,25 +4,20 @@ import sys
from clan_cli.errors import ClanError from clan_cli.errors import ClanError
from ..dirs import get_clan_flake_toplevel from ..nix import nix_build_machine
def generate_secrets(machine: str) -> None: def generate_secrets(machine: str) -> None:
clan_flake = get_clan_flake_toplevel()
proc = subprocess.run( proc = subprocess.run(
[ nix_build_machine(
"nix", machine=machine,
"build", attr=[
"--impure", "config",
"--print-out-paths", "system",
"--expr", "clan",
f'let f = builtins.getFlake "{clan_flake}"; in ' "generateSecrets",
"(f.nixosConfigurations."
f"{machine}"
".extendModules { modules = [{ clanCore.clanDir = "
f"{clan_flake}"
"; }]; }).config.system.clan.generateSecrets",
], ],
),
capture_output=True, capture_output=True,
text=True, text=True,
) )