diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-04-20 13:01:51 +0200 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-04-20 13:03:29 +0200 |
| commit | 9c9c776213478023d4cab6290efcb6adfdbbbe86 (patch) | |
| tree | 85ae8d2c3dac9c01daf5a1524b8a4ff83b84df70 /deploy.sh | |
| parent | 50e9f0b589b6387d193fcb420ddc045c0bc6d632 (diff) | |
| download | nixcfg-9c9c776213478023d4cab6290efcb6adfdbbbe86.tar.gz nixcfg-9c9c776213478023d4cab6290efcb6adfdbbbe86.zip | |
Refactor deployment scripts
Diffstat (limited to 'deploy.sh')
| -rwxr-xr-x | deploy.sh | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/deploy.sh b/deploy.sh deleted file mode 100755 index 8dcf3a8..0000000 --- a/deploy.sh +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/env bash - -# Get cluster subdirectory name - -cd $(dirname $0) - -CLUSTER="$1" -if [ -z "$CLUSTER" ] || [ ! -d "cluster/$CLUSTER" ]; then - echo "Usage: $0 <cluster name>" - echo "The cluster name must be the name of a subdirectory of cluster/" - exit 1 -fi -shift 1 - -# Do actual stuff - -if [ -z "$1" ]; then - NIXHOSTLIST=$(ls cluster/$CLUSTER/node | grep -v '\.site\.') -else - NIXHOSTLIST="$@" -fi - -TMP_PATH=/tmp/tmp-deploy-$(date +%s) -SSH_CONFIG=cluster/$CLUSTER/ssh_config -YEAR=$(date +%Y) - -for NIXHOST in $NIXHOSTLIST; do - NIXHOST=${NIXHOST%.*} - - if [ -z "$SSH_USER" ]; then - SSH_DEST=$NIXHOST - else - SSH_DEST=$SSH_USER@$NIXHOST - fi - - echo "==== DOING $NIXHOST ====" - - echo "Sending NixOS config files" - - ssh -F $SSH_CONFIG $SSH_DEST mkdir -p $TMP_PATH $TMP_PATH/pki - cat nix/configuration.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/configuration.nix > /dev/null - cat nix/deuxfleurs.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/deuxfleurs.nix > /dev/null - cat nix/remote-unlock.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/remote-unlock.nix > /dev/null - cat nix/wesher.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/wesher.nix > /dev/null - cat nix/wesher_service.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/wesher_service.nix > /dev/null - cat cluster/$CLUSTER/cluster.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/cluster.nix > /dev/null - cat cluster/$CLUSTER/node/$NIXHOST.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/node.nix > /dev/null - cat cluster/$CLUSTER/node/$NIXHOST.site.nix | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/site.nix > /dev/null - - echo "Sending secret files" - for SECRET in pki/consul-ca.crt pki/consul$YEAR.crt pki/consul$YEAR.key \ - pki/consul$YEAR-client.crt pki/consul$YEAR-client.key \ - pki/nomad-ca.crt pki/nomad$YEAR.crt pki/nomad$YEAR.key; do - test -f cluster/$CLUSTER/secrets/$SECRET && (cat cluster/$CLUSTER/secrets/$SECRET | ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/$SECRET > /dev/null) - done - - echo "Rebuilding NixOS" - - ssh -F $SSH_CONFIG $SSH_DEST tee $TMP_PATH/deploy.sh > /dev/null <<EOF -set -ex - -cd $TMP_PATH -mv deuxfleurs.nix remote-unlock.nix wesher.nix wesher_service.nix configuration.nix cluster.nix node.nix site.nix /etc/nixos - -nixos-rebuild switch - -mkdir -p /var/lib/nomad/pki /var/lib/consul/pki - -if [ -f pki/consul-ca.crt ]; then - cp pki/consul* /var/lib/nomad/pki - mv pki/consul* /var/lib/consul/pki - chown -R consul:root /var/lib/consul/pki -fi - -if [ -f pki/nomad-ca.crt ]; then - mv pki/nomad* /var/lib/nomad/pki -fi - -# Save up-to-date Consul client certificates in Consul itself -export CONSUL_HTTP_ADDR=https://localhost:8501 -export CONSUL_CACERT=/var/lib/consul/pki/consul-ca.crt -export CONSUL_CLIENT_CERT=/var/lib/consul/pki/consul$YEAR-client.crt -export CONSUL_CLIENT_KEY=/var/lib/consul/pki/consul$YEAR-client.key -consul kv put secrets/consul/consul-ca.crt - < /var/lib/consul/pki/consul-ca.crt -consul kv put secrets/consul/consul-client.crt - < /var/lib/consul/pki/consul$YEAR-client.crt -consul kv put secrets/consul/consul-client.key - < /var/lib/consul/pki/consul$YEAR-client.key -EOF - - ssh -t -F $SSH_CONFIG $SSH_DEST sudo sh $TMP_PATH/deploy.sh - ssh -F $SSH_CONFIG $SSH_DEST rm -rv '/tmp/tmp-deploy-*' -done |