git.delta.rocks / jrsonnet / refs/commits / 33e3a6cc33fd

difftreelog

feat basic lustration helper

Lach2025-04-24parent: #bd11592.patch.diff
in: trunk

3 files changed

modifiedcmds/fleet/src/cmds/build_systems.rsdiffbeforeafterboth
1use std::{env::current_dir, os::unix::fs::symlink, path::PathBuf, time::Duration};1use std::{env::current_dir, os::unix::fs::symlink, path::PathBuf, time::Duration};
22
3use anyhow::{anyhow, bail, Result};3use anyhow::{anyhow, bail, Context, Result};
4use clap::{Parser, ValueEnum};4use clap::{Parser, ValueEnum};
5use fleet_base::{5use fleet_base::{
6	host::{Config, ConfigHost, DeployKind},6	host::{Config, ConfigHost, DeployKind},
132	disable_rollback: bool,132	disable_rollback: bool,
133) -> Result<()> {133) -> Result<()> {
134	let deploy_kind = host.deploy_kind().await?;134	let deploy_kind = host.deploy_kind().await?;
135	if deploy_kind == DeployKind::NixosInstall135	if (deploy_kind == DeployKind::NixosInstall || deploy_kind == DeployKind::NixosLustrate)
136		&& !matches!(action, DeployAction::Boot | DeployAction::Upload)136		&& !matches!(action, DeployAction::Boot | DeployAction::Upload)
137	{137	{
138		bail!("nixos-install deploy kind only supports boot and upload actions");138		bail!("{deploy_kind:?} deploy kind only supports boot and upload actions");
139	}139	}
140140
141	let mut failed = false;141	let mut failed = false;
184			}184			}
185		}185		}
186	}186	}
187	if deploy_kind == DeployKind::NixosLustrate {
188		// Fleet could also create this file, but as this operation is potentially disruptive,
189		// make user do it themself.
190		if !host.file_exists("/etc/NIXOS_LUSTRATE").await? {
191			bail!("/etc/NIXOS_LUSTRATE should be created on remote host");
192		}
193		// Wanted by NixOS to recognize the system as NixOS.
194		let mut cmd = host.cmd("touch").await?;
195		cmd.arg("/etc/NIXOS");
196		cmd.sudo().run().await.context("creating /etc/NIXOS")?;
197	}
187	if deploy_kind == DeployKind::NixosInstall {198	if deploy_kind == DeployKind::NixosInstall {
188		info!(199		info!(
189			"running nixos-install to switch profile, install bootloader, and perform activation"200			"running nixos-install to switch profile, install bootloader, and perform activation"
247			};258			};
248			let switch_script = specialised.join("bin/switch-to-configuration");259			let switch_script = specialised.join("bin/switch-to-configuration");
249			let mut cmd = host.cmd(switch_script).in_current_span().await?;260			let mut cmd = host.cmd(switch_script).in_current_span().await?;
261			if deploy_kind == DeployKind::NixosLustrate {
262				cmd.env("NIXOS_INSTALL_BOOTLOADER", "1");
263			}
250			cmd.env("FLEET_ONLINE_ACTIVATION", "1")264			cmd.env("FLEET_ONLINE_ACTIVATION", "1")
251				.arg(action.name().expect("upload.should_activate == false"));265				.arg(action.name().expect("upload.should_activate == false"));
252			if let Err(e) = cmd.sudo().run().in_current_span().await {266			if let Err(e) = cmd.sudo().run().in_current_span().await {
modifiedcrates/fleet-base/src/host.rsdiffbeforeafterboth
23};23};
2424
25pub struct FleetConfigInternals {25pub struct FleetConfigInternals {
26	/// Fleet project directory, containing fleet.nix file.
26	pub local_system: String,27	pub directory: PathBuf,
28	/// builtins.currentSystem
27	pub directory: PathBuf,29	pub local_system: String,
28	pub data: Mutex<FleetData>,30	pub data: Mutex<FleetData>,
29	pub nix_args: Vec<OsString>,31	pub nix_args: Vec<OsString>,
30	/// fleet_config.config32	/// fleet_config.config
3436
35	/// import nixpkgs {system = local};37	/// import nixpkgs {system = local};
36	pub default_pkgs: Value,38	pub default_pkgs: Value,
39	/// inputs.nixpkgs
37	pub nixpkgs: Value,40	pub nixpkgs: Value,
3841
39	pub nix_session: NixSession,42	pub nix_session: NixSession,
58	Su,61	Su,
59}62}
6063
61#[derive(Clone, PartialEq, Copy)]64#[derive(Clone, PartialEq, Copy, Debug)]
62pub enum DeployKind {65pub enum DeployKind {
63	/// NixOS => NixOS managed by fleet66	/// NixOS => NixOS managed by fleet
64	UpgradeToFleet,67	UpgradeToFleet,
67	/// Remote host has /mnt, /mnt/boot mounted,70	/// Remote host has /mnt, /mnt/boot mounted,
68	/// generated config is added to fleet configuration.71	/// generated config is added to fleet configuration.
69	NixosInstall,72	NixosInstall,
73	/// Remote host has some system and nix installed in multi-user mode (/nix is owned by root),
74	/// generated config is added to fleet configuration,
75	/// and /etc/NIXOS_LUSTRATE exists, fleet will perform the rest.
76	NixosLustrate,
70}77}
7178
72impl FromStr for DeployKind {79impl FromStr for DeployKind {
302		nix.arg("copy").arg("--substitute-on-destination");309		nix.arg("copy").arg("--substitute-on-destination");
303310
304		match self.deploy_kind().await? {311		match self.deploy_kind().await? {
305			DeployKind::Fleet | DeployKind::UpgradeToFleet => {312			DeployKind::Fleet | DeployKind::UpgradeToFleet | DeployKind::NixosLustrate => {
306				nix.comparg("--to", format!("ssh-ng://{}", self.name));313				nix.comparg("--to", format!("ssh-ng://{}", self.name));
307			}314			}
308			DeployKind::NixosInstall => {315			DeployKind::NixosInstall => {
modifiedcrates/fleet-base/src/opts.rsdiffbeforeafterboth
6	sync::{Arc, Mutex},6	sync::{Arc, Mutex},
7};7};
88
9use anyhow::{Context, Result};9use anyhow::{bail, Context, Result};
10use clap::Parser;10use clap::Parser;
11use nix_eval::{nix_go, util::assert_warn, NixSessionPool, Value};11use nix_eval::{nix_go, util::assert_warn, NixSessionPool, Value};
12use nom::{12use nom::{
182182
183	// TODO: Config should be detached from opts.183	// TODO: Config should be detached from opts.
184	pub async fn build(&self, nix_args: Vec<OsString>, assert: bool) -> Result<Config> {184	pub async fn build(&self, nix_args: Vec<OsString>, assert: bool) -> Result<Config> {
185		let directory = current_dir()?;185		let cwd = current_dir()?;
186		let mut directory = cwd.clone();
187		let mut fleet_data_path = directory.join("fleet.nix");
188		while !fleet_data_path.is_file() {
189			// fleet.nix
190			fleet_data_path.pop();
191			if !directory.pop() || !fleet_data_path.pop() {
192				bail!(
193					"fleet.nix not found at {} or any of the parent directories",
194					cwd.display()
195				);
196			}
197			fleet_data_path.push("fleet.nix");
198		}
199		let bytes =
200			std::fs::read_to_string(&fleet_data_path).context("reading fleet state (fleet.nix)")?;
201		let data: Mutex<FleetData> = nixlike::parse_str(&bytes)?;
186202
187		let pool = NixSessionPool::new(203		let pool = NixSessionPool::new(
188			directory.as_os_str().to_owned(),204			directory.as_os_str().to_owned(),
194210
195		let builtins_field = Value::binding(nix_session.clone(), "builtins").await?;211		let builtins_field = Value::binding(nix_session.clone(), "builtins").await?;
196
197		let mut fleet_data_path = directory.clone();
198		fleet_data_path.push("fleet.nix");
199		let bytes =
200			std::fs::read_to_string(fleet_data_path).context("reading fleet state (fleet.nix)")?;
201		let data: Mutex<FleetData> = nixlike::parse_str(&bytes)?;
202212
203		let fleet_root = Value::binding(nix_session.clone(), "fleetConfigurations").await?;213		let fleet_root = Value::binding(nix_session.clone(), "fleetConfigurations").await?;
204		let fleet_field = nix_go!(fleet_root.default({ data }));214		let fleet_field = nix_go!(fleet_root.default({ data }));