flake/apps/switch.nix

   1 {
   2   nixos,
   3   config,
   4   hostName,
   5   lib,
   6   nixpkgsPath,
   7   profile,
   8   writeShellApplication,
   9   coreutils,
  10   nix,
  11   systemd,
  12 }:
  13 writeShellApplication {
  14   name = "${hostName}-switch";
  15   runtimeInputs = [
  16     coreutils
  17   ];
  18   text = ''
  19     # shellcheck disable=SC2027
  20     # shellcheck disable=SC2035
  21     # shellcheck disable=SC2086
  22     set -eux
  23     shopt -s globstar
  24
  25     chmod -R g-rwx,o-rwx ./**/*.gpg
  26     trap 'git reset ./**/*.gpg' EXIT
  27     git rm -rf --cached --ignore-unmatch ./**/*.gpg # prevent copying to /nix/store
  28
  29     nix-store --add-root hosts/${hostName}.nixpkgs --indirect --realise ${nixpkgsPath}
  30     nix-store --add-root hosts/${hostName}.root --indirect --realise ${nixos}
  31
  32     target="''${NIXOS_TARGET:-${lib.escapeShellArg config.install.target}}"
  33
  34     nix copy --to "ssh://''${target}?''${targetStore-}"${lib.optionalString config.install.substituteOnDestination " --substitute-on-destination"} ${nixos}
  35
  36     ${config.security.initrd.install}
  37     target="''${NIXOS_TARGET:-${lib.escapeShellArg config.install.target}}"
  38
  39     if ssh "$target" set -x ';' \
  40       systemctl reset-failed nixos-fallback '2>/dev/null' ';' \
  41       test "''${NO_NIXOS_FALLBACK:+set}" '||' \
  42       systemd-run -u nixos-fallback --description=nixos-fallback /bin/sh -xc '''\'''
  43         PATH=${
  44           lib.makeBinPath [
  45             coreutils
  46             nix
  47             systemd
  48           ]
  49         }
  50         sleep $((10 * 60))
  51         ${profile}/bin/switch-to-configuration switch
  52         systemctl reboot
  53       '\'''' '&&' \
  54       ${nixos}/bin/switch-to-configuration test
  55     then
  56       ssh "$target" -o ControlPath=none set -x ';' \
  57         systemctl stop nixos-fallback.service ';' \
  58         nix-env --profile ${profile} --set '${nixos}' ';' \
  59         ${nixos}/bin/switch-to-configuration boot '&&' \
  60         nix-env --delete-generations 7d --profile ${profile}
  61     else
  62       tput rev
  63       echo WARNING: switch-to-configuration was not registered at boot
  64       tput sgr0
  65       ssh "$target" -o ControlPath=none set -x ';' \
  66         systemctl stop nixos-fallback.service
  67       false
  68     fi
  69   '';
  70 }