aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-12-22 23:59:51 +0100
committerAlex Auvolat <alex@adnab.me>2022-12-22 23:59:51 +0100
commit94a9c8afa8471cbb328262e6385fbda3383f7dde (patch)
treedc1923fde8d772abf7dd28ebf0d38288d24e224d
parent0e1574a82b7067910d5403cfd46e94bcf929327a (diff)
downloadnixcfg-94a9c8afa8471cbb328262e6385fbda3383f7dde.tar.gz
nixcfg-94a9c8afa8471cbb328262e6385fbda3383f7dde.zip
security for deployment on prod
-rwxr-xr-xdeploy_nixos17
-rwxr-xr-xsshtool4
2 files changed, 16 insertions, 5 deletions
diff --git a/deploy_nixos b/deploy_nixos
index 4663acf..4f8aa2a 100755
--- a/deploy_nixos
+++ b/deploy_nixos
@@ -11,8 +11,17 @@ if [ "$CLUSTER" = "staging" ]; then
copy nix/nomad-driver-nix2.nix /etc/nixos/nomad-driver-nix2.nix
fi
-# use ./upgrade_nixos instead to upgrade NixOS
-#cmd "nix-channel --add https://nixos.org/channels/nixos-22.05 nixos"
-#cmd nixos-rebuild switch --upgrade --show-trace
-cmd nixos-rebuild switch
+if [ "$CLUSTER" = "prod" ]; then
+ cmd nixos-rebuild boot
+ message "-------------------------------------------------------------------------------------"
+ message "New NixOS configuration hasn't been applied, to avoid disturbing production services."
+ message "Please apply the following procedure to node '$NIXHOST':"
+ message "1. Drain node in Nomad so that all jobs are relocated elsewhere"
+ message "2. Reboot node manually. You can also take the opportunity to upgrade with:"
+ message " REBOOT_NODES=yes ./upgrade_nixos prod $NIXHOST"
+ message "3. Mark node as eligible again in Nomad"
+ message "-------------------------------------------------------------------------------------"
+else
+ cmd nixos-rebuild switch
+fi
diff --git a/sshtool b/sshtool
index ffe1e4e..8719ffa 100755
--- a/sshtool
+++ b/sshtool
@@ -45,7 +45,9 @@ function footer {
}
function message {
- echo "echo '$@'"
+ echo "base64 -d <<EOG"
+ echo "$@" | base64
+ echo "EOG"
}
function cmd {