From fcad02a8426fb55aba85fc26ba5bb8dc239b3bd0 Mon Sep 17 00:00:00 2001
From: Yaroslav Bolyukin <iam@lach.pw>
Date: Tue, 19 Nov 2024 00:27:40 +0000
Subject: [PATCH] feat: create gc root per built system


---
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -962,6 +962,7 @@
  "nixlike",
  "nom",
  "openssh",
+ "rand",
  "serde",
  "serde_json",
  "tempfile",
--- a/cmds/fleet/src/cmds/build_systems.rs
+++ b/cmds/fleet/src/cmds/build_systems.rs
@@ -253,12 +253,12 @@
 
 async fn build_task(
 	config: Config,
-	host: String,
+	hostname: String,
 	build_attr: &str,
 	batch: Option<NixBuildBatch>,
 ) -> Result<PathBuf> {
 	info!("building");
-	let host = config.host(&host).await?;
+	let host = config.host(&hostname).await?;
 	// let action = Action::from(self.subcommand.clone());
 	let nixos = host.nixos_config().await?;
 	let drv = nix_go!(nixos.system.build[{ build_attr }]);
@@ -267,6 +267,21 @@
 		.get("out")
 		.ok_or_else(|| anyhow!("system build should produce \"out\" output"))?;
 
+	{
+		info!("adding gc root");
+		let mut cmd = config.local_host().cmd("nix").await?;
+		cmd.arg("build")
+			.comparg(
+				"--profile",
+				format!(
+					"/nix/var/nix/profiles/{}-{hostname}",
+					config.data().gc_root_prefix
+				),
+			)
+			.arg(out_output);
+		cmd.sudo().run_nix().await?;
+	}
+
 	Ok(out_output.clone())
 }
 
--- a/crates/fleet-base/Cargo.toml
+++ b/crates/fleet-base/Cargo.toml
@@ -17,6 +17,7 @@
 nixlike.workspace = true
 nom = "7.1.3"
 openssh = "0.11.0"
+rand = "0.8.5"
 serde.workspace = true
 serde_json = "1.0.127"
 tempfile.workspace = true
--- a/crates/fleet-base/src/fleetdata.rs
+++ b/crates/fleet-base/src/fleetdata.rs
@@ -6,6 +6,10 @@
 use age::Recipient;
 use chrono::{DateTime, Utc};
 use fleet_shared::SecretData;
+use rand::{
+	distributions::{Alphanumeric, DistString},
+	thread_rng,
+};
 use serde::{de::Error, Deserialize, Serialize};
 use serde_json::Value;
 
@@ -42,10 +46,17 @@
 	}
 }
 
+fn generate_gc_prefix() -> String {
+	let id = Alphanumeric.sample_string(&mut thread_rng(), 8);
+	format!("fleet-gc-{id}")
+}
+
 #[derive(Serialize, Deserialize)]
 #[serde(rename_all = "camelCase")]
 pub struct FleetData {
 	pub version: FleetDataVersion,
+	#[serde(default = "generate_gc_prefix")]
+	pub gc_root_prefix: String,
 
 	#[serde(default)]
 	pub hosts: BTreeMap<String, HostData>,
--- a/modules/hosts.nix
+++ b/modules/hosts.nix
@@ -16,6 +16,10 @@
             type = str;
             internal = true;
           };
+          gcRootPrefix = mkOption {
+            type = str;
+            internal = true;
+          };
           hosts = mkOption {
             type = attrsOf (submodule {
               options.encryptionKey = mkOption {

-- 
gitstuff