forked from c3d2/nix-config
Check on every deploy ssh connection if we are on the right machine
This commit is contained in:
parent
362cf35957
commit
a8bde144b3
|
@ -157,6 +157,7 @@ in
|
|||
'';
|
||||
|
||||
runOnServer = pkgs.writeShellScript "run-on-${server}" ''
|
||||
# we cannot execute any other commands here because it grabs away $@
|
||||
ssh root@${serverFQDN} -- $@
|
||||
'';
|
||||
};
|
||||
|
|
24
packages.nix
24
packages.nix
|
@ -115,9 +115,9 @@ lib.attrsets.mapAttrs
|
|||
exit 2
|
||||
''}
|
||||
|
||||
if [[ $(ssh ${target} cat /etc/hostname) != ${name} ]]; then
|
||||
echo "hostname of the target machine does not match, please manually investigate!"
|
||||
echo " $(ssh ${target} cat /etc/hostname) != ${name}"
|
||||
hostname="$(ssh ${target} cat /etc/hostname)"
|
||||
if [[ "$hostname" != ${name} ]]; then
|
||||
echo "hostname of ${target} was expected to be ${name} but is $hostname. Aborting to be safe..."
|
||||
exit 2
|
||||
fi
|
||||
nix copy --no-check-sigs --to ssh-ng://${target} ${inputPaths}
|
||||
|
@ -125,7 +125,9 @@ lib.attrsets.mapAttrs
|
|||
|
||||
# use nixos-rebuild from target config
|
||||
ssh ${target} bash -e <<END
|
||||
nix build ${toplevelDrvPath}
|
||||
set -eou pipefail
|
||||
set -x
|
||||
nix build --no-link ${toplevelDrvPath}
|
||||
${discardStringCtx hostConfig.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set ${toplevelOutPath}
|
||||
${toplevelOutPath}/bin/switch-to-configuration "''${@:-switch}"
|
||||
END
|
||||
|
@ -161,7 +163,13 @@ lib.attrsets.mapAttrs
|
|||
"${name}-nixos-rebuild-local" = pkgs.writeScriptBin "${name}-nixos-rebuild" ''
|
||||
set -eou pipefail
|
||||
|
||||
[[ ''${1:-} == build || $(ssh ${target} cat /etc/hostname) == ${name} ]]
|
||||
if [[ ''${1:-} == build; then
|
||||
hostname=$(ssh root@${target} cat /etc/hostname)"
|
||||
if [[ "$hostname" != ${name} ]]; then
|
||||
echo "hostname of ${target} was expected to be ${name} but is $hostname. Aborting to be safe..."
|
||||
exit 2
|
||||
fi
|
||||
fi
|
||||
# don't re-execute, otherwise we run the targetPlatform locally
|
||||
_NIXOS_REBUILD_REEXEC=1 ${lib.getExe pkgs.nixos-rebuild} ${rebuildArg} --target-host ${target} --use-remote-sudo "$@"
|
||||
'';
|
||||
|
@ -219,9 +227,9 @@ lib.attrsets.mapAttrs
|
|||
ssh ${target} bash -e <<END
|
||||
set -eou pipefail
|
||||
|
||||
if [[ \$(cat /etc/hostname) != ${name} ]]; then
|
||||
echo "hostname of the target machine does not match, please manually investigate!"
|
||||
echo " $(cat /etc/hostname) != ${name}"
|
||||
hostname=\$(cat /etc/hostname)
|
||||
if [[ "\$hostname" != ${name} ]]; then
|
||||
echo "hostname of ${target} was expected to be ${name} but is \$hostname. Aborting to be safe..."
|
||||
exit 2
|
||||
fi
|
||||
${toplevelOutPath}/bin/switch-to-configuration "''${@:-switch}"
|
||||
|
|
Loading…
Reference in New Issue
Block a user