aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--posts/git-to-deploy.njk51
1 files changed, 36 insertions, 15 deletions
diff --git a/posts/git-to-deploy.njk b/posts/git-to-deploy.njk
index 244e987..c92864c 100644
--- a/posts/git-to-deploy.njk
+++ b/posts/git-to-deploy.njk
@@ -15,11 +15,13 @@ machine to change the configurations. There is also little advantage to
having a declarative config if I can’t reuse it elsewhere.</p>
<p>There are tools out there like <a
href="https://github.com/serokell/deploy-rs/tree/master">deploy-rs</a>
-and <a href="https://github.com/NixOS/nixops">Nixops</a>. I found them a
-bit overkill for my need, which was just to make changes to a personal
-development machine, so I came up with a script to make the setup easy.
-It makes use of git, and levarages hooks to validate and apply changes with a simple push. In the end, it creates a workflow similar to Heroku. Here is what the script looks like, which you can run
-on a new machine with a fresh Nix installation:</p>
+and <a href="https://github.com/NixOS/nixops">Nixops</a>, however I
+found them a bit overkill for my need. There also seems to be a way to
+use nixos-rebuild to build a change on your local machine and deploy,
+which is intriguing but I don’t run nixos on my machine so it felt like
+a no-go. So in the end, I came up with a script to make the setup easy.
+It makes use of git, so it allows me to make my changes using a git flow
+similar to Heroku. Here is what the installation script looks like:</p>
<div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="#cb1-1" aria-hidden="true" tabindex="-1"></a><span class="co"># Start of by adding git to our configuration.nix, we will levarage this to</span></span>
<span id="cb1-2"><a href="#cb1-2" aria-hidden="true" tabindex="-1"></a><span class="co"># be able to easily make changes to our machine without SSH.</span></span>
<span id="cb1-3"><a href="#cb1-3" aria-hidden="true" tabindex="-1"></a><span class="fu">sed</span> <span class="at">-i</span> <span class="st">&#39;s/}/ programs.git.enable = true;\n}/g&#39;</span> /etc/nixos/configuration.nix</span>
@@ -41,18 +43,37 @@ on a new machine with a fresh Nix installation:</p>
<span id="cb1-19"><a href="#cb1-19" aria-hidden="true" tabindex="-1"></a><span class="co"># Allow us to push changes to our machine and have those changes immediately reflected in the files</span></span>
<span id="cb1-20"><a href="#cb1-20" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> config receive.denyCurrentBranch updateInstead</span>
<span id="cb1-21"><a href="#cb1-21" aria-hidden="true" tabindex="-1"></a></span>
-<span id="cb1-22"><a href="#cb1-22" aria-hidden="true" tabindex="-1"></a><span class="co"># Add a git hook to validate incoming changes</span></span>
-<span id="cb1-23"><a href="#cb1-23" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="at">-e</span> <span class="st">&#39;#!/bin/sh \nnixos-rebuild dry-run&#39;</span> <span class="op">&gt;</span> /etc/nixos/.git/hooks/pre-receive</span>
+<span id="cb1-22"><a href="#cb1-22" aria-hidden="true" tabindex="-1"></a><span class="co"># Store a push-to-checkout script to variable $validate_script</span></span>
+<span id="cb1-23"><a href="#cb1-23" aria-hidden="true" tabindex="-1"></a><span class="bu">read</span> <span class="at">-r</span> <span class="at">-d</span> <span class="st">&#39;&#39;</span> <span class="va">validate_script</span> <span class="op">&lt;&lt;-EOF</span></span>
<span id="cb1-24"><a href="#cb1-24" aria-hidden="true" tabindex="-1"></a></span>
-<span id="cb1-25"><a href="#cb1-25" aria-hidden="true" tabindex="-1"></a><span class="co"># Make the hook executable</span></span>
-<span id="cb1-26"><a href="#cb1-26" aria-hidden="true" tabindex="-1"></a><span class="fu">chmod</span> +x /etc/nixos/.git/hooks/pre-receive</span>
+<span id="cb1-25"><a href="#cb1-25" aria-hidden="true" tabindex="-1"></a><span class="st">#!/bin/sh</span></span>
+<span id="cb1-26"><a href="#cb1-26" aria-hidden="true" tabindex="-1"></a><span class="st">echo &quot;Running push-to-checkout hook&quot;</span></span>
<span id="cb1-27"><a href="#cb1-27" aria-hidden="true" tabindex="-1"></a></span>
-<span id="cb1-28"><a href="#cb1-28" aria-hidden="true" tabindex="-1"></a><span class="co"># Add a git hook to apply the changes afterward</span></span>
-<span id="cb1-29"><a href="#cb1-29" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="at">-e</span> <span class="st">&#39;#!/bin/sh \nnixos-rebuild switch&#39;</span> <span class="op">&gt;</span> /etc/nixos/.git/hooks/post-receive</span>
+<span id="cb1-28"><a href="#cb1-28" aria-hidden="true" tabindex="-1"></a><span class="st"># Get the changes made</span></span>
+<span id="cb1-29"><a href="#cb1-29" aria-hidden="true" tabindex="-1"></a><span class="st">git read-tree -u -m HEAD &quot;</span><span class="va">$1</span><span class="st">&quot;</span></span>
<span id="cb1-30"><a href="#cb1-30" aria-hidden="true" tabindex="-1"></a></span>
-<span id="cb1-31"><a href="#cb1-31" aria-hidden="true" tabindex="-1"></a><span class="co"># Make the hook executable</span></span>
-<span id="cb1-32"><a href="#cb1-32" aria-hidden="true" tabindex="-1"></a><span class="fu">chmod</span> +x /etc/nixos/.git/hooks/post-receive</span></code></pre></div>
-<p>Once set up, you can clone the repo on your local computer:</p>
+<span id="cb1-31"><a href="#cb1-31" aria-hidden="true" tabindex="-1"></a><span class="st"># Run a dry-build to see that it works</span></span>
+<span id="cb1-32"><a href="#cb1-32" aria-hidden="true" tabindex="-1"></a><span class="st">nixos-rebuild dry-build</span></span>
+<span id="cb1-33"><a href="#cb1-33" aria-hidden="true" tabindex="-1"></a><span class="st">result=</span><span class="va">$?</span></span>
+<span id="cb1-34"><a href="#cb1-34" aria-hidden="true" tabindex="-1"></a><span class="st">if [ </span><span class="va">$result</span><span class="st"> -eq 1 ] ; then</span></span>
+<span id="cb1-35"><a href="#cb1-35" aria-hidden="true" tabindex="-1"></a><span class="st"> # In case of failure, we&#39;ll undo the changes applied from read-tree</span></span>
+<span id="cb1-36"><a href="#cb1-36" aria-hidden="true" tabindex="-1"></a><span class="st"> git stash --all --quiet</span></span>
+<span id="cb1-37"><a href="#cb1-37" aria-hidden="true" tabindex="-1"></a><span class="st"> exit 1</span></span>
+<span id="cb1-38"><a href="#cb1-38" aria-hidden="true" tabindex="-1"></a><span class="st">fi</span></span>
+<span id="cb1-39"><a href="#cb1-39" aria-hidden="true" tabindex="-1"></a><span class="st">exit 0</span></span>
+<span id="cb1-40"><a href="#cb1-40" aria-hidden="true" tabindex="-1"></a><span class="op">EOF</span></span>
+<span id="cb1-41"><a href="#cb1-41" aria-hidden="true" tabindex="-1"></a></span>
+<span id="cb1-42"><a href="#cb1-42" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="st">&quot;</span><span class="va">$validate_script</span><span class="st">&quot;</span> <span class="op">&gt;</span> /etc/nixos/.git/hooks/push-to-checkout</span>
+<span id="cb1-43"><a href="#cb1-43" aria-hidden="true" tabindex="-1"></a></span>
+<span id="cb1-44"><a href="#cb1-44" aria-hidden="true" tabindex="-1"></a><span class="co"># Make the hook executable</span></span>
+<span id="cb1-45"><a href="#cb1-45" aria-hidden="true" tabindex="-1"></a><span class="fu">chmod</span> +x /etc/nixos/.git/hooks/push-to-checkout</span>
+<span id="cb1-46"><a href="#cb1-46" aria-hidden="true" tabindex="-1"></a></span>
+<span id="cb1-47"><a href="#cb1-47" aria-hidden="true" tabindex="-1"></a><span class="co"># Add a git hook to apply the changes afterward</span></span>
+<span id="cb1-48"><a href="#cb1-48" aria-hidden="true" tabindex="-1"></a><span class="bu">echo</span> <span class="at">-e</span> <span class="st">&#39;#!/bin/sh \nnixos-rebuild switch&#39;</span> <span class="op">&gt;</span> /etc/nixos/.git/hooks/post-receive</span>
+<span id="cb1-49"><a href="#cb1-49" aria-hidden="true" tabindex="-1"></a></span>
+<span id="cb1-50"><a href="#cb1-50" aria-hidden="true" tabindex="-1"></a><span class="co"># Make the hook executable</span></span>
+<span id="cb1-51"><a href="#cb1-51" aria-hidden="true" tabindex="-1"></a><span class="fu">chmod</span> +x /etc/nixos/.git/hooks/post-receive</span></code></pre></div>
+<p>Once set up, you can clone the repo on your local computer</p>
<div class="sourceCode" id="cb2"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb2-1"><a href="#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> clone root@your-machine:/etc/nixos</span></code></pre></div>
<p>And if you’d like to set up a backup on <a
href="https://sourcehut.org/">Sourcehut</a>, you can do so easily:</p>
@@ -60,4 +81,4 @@ href="https://sourcehut.org/">Sourcehut</a>, you can do so easily:</p>
<span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> push backup main</span></code></pre></div>
<p>This script can be ran on a new machine. I used <a
href="https://github.com/elitak/nixos-infect/tree/master">Nixos-infect</a>
-to setup NixOS on a VPC that I rent on Hetzner cloud.</p>
+to setup NixOS on a VPC that I rent on Hetzner Cloud.</p>