Luis/nextjs-python-web-template
Template
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

clan-cli: get deploymentAddress from clan.networking

Browse Source
This commit is contained in:
lassulus
2023-09-14 16:57:38 +02:00
committed by Mic92
parent 0132abc547
commit 8d29d0e69c
4 changed files with 68 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nixosModules/clanCore/flake-module.nix
View File

@@ -3,6 +3,7 @@
imports = [ imports = [
./secrets ./secrets
./zerotier.nix ./zerotier.nix
./networking.nix
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
# just some example options. Can be removed later # just some example options. Can be removed later
./bloatware ./bloatware

15
nixosModules/clanCore/networking.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, lib, ... }:
{
options.clan.networking = {
deploymentAddress = lib.mkOption {
description = ''
The target SSH node for deployment.
By default, the node's attribute name will be used.
If set to null, only local deployment will be supported.
'';
type = lib.types.nullOr lib.types.str;
default = "root@${config.networking.hostName}";
};
};
}

51
pkgs/clan-cli/clan_cli/machines/update.py
View File

@@ -2,10 +2,13 @@ import argparse
import json import json
import os import os
import subprocess import subprocess
from typing import Optional
from ..ssh import Host, HostGroup, HostKeyCheck from ..dirs import get_clan_flake_toplevel
from ..secrets.upload import upload_secrets from ..nix import nix_eval
from ..secrets.generate import generate_secrets from ..secrets.generate import generate_secrets
from ..secrets.upload import upload_secrets
from ..ssh import Host, HostGroup, HostKeyCheck
def deploy_nixos(hosts: HostGroup) -> None: def deploy_nixos(hosts: HostGroup) -> None:
@@ -22,7 +25,7 @@ def deploy_nixos(hosts: HostGroup) -> None:
["nix", "flake", "archive", "--to", f"ssh://{target}", "--json"], ["nix", "flake", "archive", "--to", f"ssh://{target}", "--json"],
check=True, check=True,
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
extra_env=env extra_env=env,
) )
data = json.loads(res.stdout) data = json.loads(res.stdout)
path = data["path"] path = data["path"]
@@ -75,20 +78,36 @@ def deploy_nixos(hosts: HostGroup) -> None:
# FIXME: we want some kind of inventory here. # FIXME: we want some kind of inventory here.
def update(args: argparse.Namespace) -> None: def update(args: argparse.Namespace) -> None:
meta = {} clan_dir = get_clan_flake_toplevel().as_posix()
if args.flake_uri: host = json.loads(
meta["flake_uri"] = args.flake_uri subprocess.run(
if args.flake_attr: nix_eval(
meta["flake_attr"] = args.flake_attr [
deploy_nixos(HostGroup([Host(args.host, user=args.user, meta=meta)])) f'{clan_dir}#nixosConfigurations."{args.machine}".config.clan.networking.deploymentAddress'
]
),
stdout=subprocess.PIPE,
check=True,
text=True,
).stdout
)
parts = host.split("@")
user: Optional[str] = None
if len(parts) > 1:
user = parts[0]
hostname = parts[1]
else:
hostname = parts[0]
maybe_port = hostname.split(":")
port = None
if len(maybe_port) > 1:
hostname = maybe_port[0]
port = int(maybe_port[1])
print(f"deploying {host}")
deploy_nixos(HostGroup([Host(host=hostname, port=port, user=user)]))
def register_update_parser(parser: argparse.ArgumentParser) -> None: def register_update_parser(parser: argparse.ArgumentParser) -> None:
# TODO pass all args we don't parse into ssh_args, currently it fails if arg starts with - parser.add_argument("--target-host", type=str, default="root")
parser.add_argument("--flake-uri", type=str, default=".#", help="nix flake uri") parser.add_argument("machine", type=str)
parser.add_argument(
"--flake-attr", type=str, help="nixos configuration in the flake"
)
parser.add_argument("--user", type=str, default="root")
parser.add_argument("host", type=str)
parser.set_defaults(func=update) parser.set_defaults(func=update)

24
pkgs/clan-cli/clan_cli/secrets/upload.py
View File

@@ -1,11 +1,11 @@
import argparse import argparse
import json
import subprocess import subprocess
import sys
from clan_cli.errors import ClanError from clan_cli.errors import ClanError
from ..dirs import get_clan_flake_toplevel from ..dirs import get_clan_flake_toplevel
from ..nix import nix_build from ..nix import nix_build, nix_eval
def upload_secrets(machine: str) -> None: def upload_secrets(machine: str) -> None:
@@ -17,18 +17,28 @@ def upload_secrets(machine: str) -> None:
f'{clan_dir}#nixosConfigurations."{machine}".config.system.clan.uploadSecrets' f'{clan_dir}#nixosConfigurations."{machine}".config.system.clan.uploadSecrets'
] ]
), ),
capture_output=True, stdout=subprocess.PIPE,
text=True, text=True,
check=True,
)
host = json.loads(
subprocess.run(
nix_eval(
[
f'{clan_dir}#nixosConfigurations."{machine}".config.clan.networking.deploymentAddress'
]
),
stdout=subprocess.PIPE,
text=True,
check=True,
).stdout
) )
if proc.returncode != 0:
print(proc.stderr, file=sys.stderr)
raise ClanError(f"failed to upload secrets:\n{proc.stderr}")
secret_upload_script = proc.stdout.strip() secret_upload_script = proc.stdout.strip()
secret_upload = subprocess.run( secret_upload = subprocess.run(
[ [
secret_upload_script, secret_upload_script,
f"root@{machine}", host,
], ],
) )