servers/mermet/deploy.sh

   1 #!/bin/sh
   2 set -eux
   3 target=${target:-root@mermet.sourcephile.fr}
   4 # Compile the derivation of the new system
   5 system=$(nix-instantiate "${0%/*}".nix \
   6  -A config.system.build.toplevel \
   7  ${TRACE:+--show-trace} \
   8 )
   9 # Compile the build products of the new system
  10 nix-store --realise "$system"
  11 # Send the system
  12 nix-copy-closure --to "$target" --use-substitutes --gzip "$system"
  13 # Register the new system
  14 profile=/nix/var/nix/profiles/system
  15 ssh "$target" nix-env --profile "$profile" --set "$system" \
  16  '&&' nix-env --profile "$profile" --delete-generations +5
  17 # Send secrets
  18 pass "dkim/sourcephile.fr/20200101.key" |
  19 ssh "$target" install -D -m 0400 -o rspamd -g root /dev/stdin \
  20  /run/keys/"dkim.sourcephile.fr.20200101.key"
  21 pass "dkim/autogeree.net/20200101.key" |
  22 ssh "$target" install -D -m 0400 -o rspamd -g root /dev/stdin \
  23  /run/keys/"dkim.autogeree.net.20200101.key"
  24 # Switch to the new system
  25 ssh "$target" "$profile"/bin/switch-to-configuration switch