diff options
| author | Marc Coquand <marc@mccd.space> | 2024-01-20 21:01:12 -0600 |
|---|---|---|
| committer | Marc Coquand <marc@mccd.space> | 2024-01-20 21:01:12 -0600 |
| commit | 1af2703f0198bc0089ed50417828939e077511ae (patch) | |
| tree | 9e926a18a4d37001695cbcb62f72eea2d26996be | |
| parent | 0e79a9fe0cb628f0492bb6ba0d02a27e803a8cce (diff) | |
| download | mccd.space-1af2703f0198bc0089ed50417828939e077511ae.tar.gz mccd.space-1af2703f0198bc0089ed50417828939e077511ae.tar.bz2 mccd.space-1af2703f0198bc0089ed50417828939e077511ae.zip | |
Update git-to-deploy post with new script
| -rw-r--r-- | posts/git-to-deploy.njk | 51 |
1 files changed, 36 insertions, 15 deletions
diff --git a/posts/git-to-deploy.njk b/posts/git-to-deploy.njk index 244e987..c92864c 100644 --- a/posts/git-to-deploy.njk +++ b/posts/git-to-deploy.njk @@ -15,11 +15,13 @@ machine to change the configurations. There is also little advantage to having a declarative config if I can’t reuse it elsewhere.</p> <p>There are tools out there like <a href="https://github.com/serokell/deploy-rs/tree/master">deploy-rs</a> -and <a href="https://github.com/NixOS/nixops">Nixops</a>. I found them a -bit overkill for my need, which was just to make changes to a personal -development machine, so I came up with a script to make the setup easy. -It makes use of git, and levarages hooks to validate and apply changes with a simple push. In the end, it creates a workflow similar to Heroku. Here is what the script looks like, which you can run -on a new machine with a fresh Nix installation:</p> +and <a href="https://github.com/NixOS/nixops">Nixops</a>, however I +found them a bit overkill for my need. There also seems to be a way to +use nixos-rebuild to build a change on your local machine and deploy, +which is intriguing but I don’t run nixos on my machine so it felt like +a no-go. So in the end, I came up with a script to make the setup easy. +It makes use of git, so it allows me to make my changes using a git flow +similar to Heroku. Here is what the installation script looks like:</p> <div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a><span class="co"># Start of by adding git to our configuration.nix, we will levarage this to</span></span> <span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a><span class="co"># be able to easily make changes to our machine without SSH.</span></span> <span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a><span class="fu">sed</span> <span class="at">-i</span> <span class="st">'s/}/ programs.git.enable = true;\n}/g'</span> /etc/nixos/configuration.nix</span> @@ -41,18 +43,37 @@ on a new machine with a fresh Nix installation:</p> <span id="cb1-19"><a href="#cb1-19" aria-hidden="true" tabindex="-1"></a><span class="co"># Allow us to push changes to our machine and have those changes immediately reflected in the files</span></span> <span id="cb1-20"><a href="#cb1-20" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> config receive.denyCurrentBranch updateInstead</span> <span id="cb1-21"><a href="#cb1-21" aria-hidden="true" tabindex="-1"></a></span> -<span id="cb1-22"><a href="#cb1-22" aria-hidden="true" tabindex="-1"></a><span class="co"># Add a git hook to validate incoming changes</span></span> -<span id="cb1-23"><a href="#cb1-23" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="at">-e</span> <span class="st">'#!/bin/sh \nnixos-rebuild dry-run'</span> <span class="op">></span> /etc/nixos/.git/hooks/pre-receive</span> +<span id="cb1-22"><a href="#cb1-22" aria-hidden="true" tabindex="-1"></a><span class="co"># Store a push-to-checkout script to variable $validate_script</span></span> +<span id="cb1-23"><a href="#cb1-23" aria-hidden="true" tabindex="-1"></a><span class="bu">read</span> <span class="at">-r</span> <span class="at">-d</span> <span class="st">''</span> <span class="va">validate_script</span> <span class="op"><<-EOF</span></span> <span id="cb1-24"><a href="#cb1-24" aria-hidden="true" tabindex="-1"></a></span> -<span id="cb1-25"><a href="#cb1-25" aria-hidden="true" tabindex="-1"></a><span class="co"># Make the hook executable</span></span> -<span id="cb1-26"><a href="#cb1-26" aria-hidden="true" tabindex="-1"></a><span class="fu">chmod</span> +x /etc/nixos/.git/hooks/pre-receive</span> +<span id="cb1-25"><a href="#cb1-25" aria-hidden="true" tabindex="-1"></a><span class="st">#!/bin/sh</span></span> +<span id="cb1-26"><a href="#cb1-26" aria-hidden="true" tabindex="-1"></a><span class="st">echo "Running push-to-checkout hook"</span></span> <span id="cb1-27"><a href="#cb1-27" aria-hidden="true" tabindex="-1"></a></span> -<span id="cb1-28"><a href="#cb1-28" aria-hidden="true" tabindex="-1"></a><span class="co"># Add a git hook to apply the changes afterward</span></span> -<span id="cb1-29"><a href="#cb1-29" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="at">-e</span> <span class="st">'#!/bin/sh \nnixos-rebuild switch'</span> <span class="op">></span> /etc/nixos/.git/hooks/post-receive</span> +<span id="cb1-28"><a href="#cb1-28" aria-hidden="true" tabindex="-1"></a><span class="st"># Get the changes made</span></span> +<span id="cb1-29"><a href="#cb1-29" aria-hidden="true" tabindex="-1"></a><span class="st">git read-tree -u -m HEAD "</span><span class="va">$1</span><span class="st">"</span></span> <span id="cb1-30"><a href="#cb1-30" aria-hidden="true" tabindex="-1"></a></span> -<span id="cb1-31"><a href="#cb1-31" aria-hidden="true" tabindex="-1"></a><span class="co"># Make the hook executable</span></span> -<span id="cb1-32"><a href="#cb1-32" aria-hidden="true" tabindex="-1"></a><span class="fu">chmod</span> +x /etc/nixos/.git/hooks/post-receive</span></code></pre></div> -<p>Once set up, you can clone the repo on your local computer:</p> +<span id="cb1-31"><a href="#cb1-31" aria-hidden="true" tabindex="-1"></a><span class="st"># Run a dry-build to see that it works</span></span> +<span id="cb1-32"><a href="#cb1-32" aria-hidden="true" tabindex="-1"></a><span class="st">nixos-rebuild dry-build</span></span> +<span id="cb1-33"><a href="#cb1-33" aria-hidden="true" tabindex="-1"></a><span class="st">result=</span><span class="va">$?</span></span> +<span id="cb1-34"><a href="#cb1-34" aria-hidden="true" tabindex="-1"></a><span class="st">if [ </span><span class="va">$result</span><span class="st"> -eq 1 ] ; then</span></span> +<span id="cb1-35"><a href="#cb1-35" aria-hidden="true" tabindex="-1"></a><span class="st"> # In case of failure, we'll undo the changes applied from read-tree</span></span> +<span id="cb1-36"><a href="#cb1-36" aria-hidden="true" tabindex="-1"></a><span class="st"> git stash --all --quiet</span></span> +<span id="cb1-37"><a href="#cb1-37" aria-hidden="true" tabindex="-1"></a><span class="st"> exit 1</span></span> +<span id="cb1-38"><a href="#cb1-38" aria-hidden="true" tabindex="-1"></a><span class="st">fi</span></span> +<span id="cb1-39"><a href="#cb1-39" aria-hidden="true" tabindex="-1"></a><span class="st">exit 0</span></span> +<span id="cb1-40"><a href="#cb1-40" aria-hidden="true" tabindex="-1"></a><span class="op">EOF</span></span> +<span id="cb1-41"><a href="#cb1-41" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-42"><a href="#cb1-42" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">"</span><span class="va">$validate_script</span><span class="st">"</span> <span class="op">></span> /etc/nixos/.git/hooks/push-to-checkout</span> +<span id="cb1-43"><a href="#cb1-43" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-44"><a href="#cb1-44" aria-hidden="true" tabindex="-1"></a><span class="co"># Make the hook executable</span></span> +<span id="cb1-45"><a href="#cb1-45" aria-hidden="true" tabindex="-1"></a><span class="fu">chmod</span> +x /etc/nixos/.git/hooks/push-to-checkout</span> +<span id="cb1-46"><a href="#cb1-46" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-47"><a href="#cb1-47" aria-hidden="true" tabindex="-1"></a><span class="co"># Add a git hook to apply the changes afterward</span></span> +<span id="cb1-48"><a href="#cb1-48" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="at">-e</span> <span class="st">'#!/bin/sh \nnixos-rebuild switch'</span> <span class="op">></span> /etc/nixos/.git/hooks/post-receive</span> +<span id="cb1-49"><a href="#cb1-49" aria-hidden="true" tabindex="-1"></a></span> +<span id="cb1-50"><a href="#cb1-50" aria-hidden="true" tabindex="-1"></a><span class="co"># Make the hook executable</span></span> +<span id="cb1-51"><a href="#cb1-51" aria-hidden="true" tabindex="-1"></a><span class="fu">chmod</span> +x /etc/nixos/.git/hooks/post-receive</span></code></pre></div> +<p>Once set up, you can clone the repo on your local computer</p> <div class="sourceCode" id="cb2"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> clone root@your-machine:/etc/nixos</span></code></pre></div> <p>And if you’d like to set up a backup on <a href="https://sourcehut.org/">Sourcehut</a>, you can do so easily:</p> @@ -60,4 +81,4 @@ href="https://sourcehut.org/">Sourcehut</a>, you can do so easily:</p> <span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> push backup main</span></code></pre></div> <p>This script can be ran on a new machine. I used <a href="https://github.com/elitak/nixos-infect/tree/master">Nixos-infect</a> -to setup NixOS on a VPC that I rent on Hetzner cloud.</p> +to setup NixOS on a VPC that I rent on Hetzner Cloud.</p> |