servers/mermet/deploy.sh

   1 #!/bin/sh
   2 set -eux
   3 target=${target:-root@mermet.sourcephile.fr}
   4 # Compile the derivation of the new system
   5 systemDrv=$(nix-instantiate "${0%/*}".nix \
   6  -A config.system.build.toplevel \
   7  ${TRACE:+--show-trace} )
   8 # Compile the build products of the new system
   9 system=$(nix-store --realise "$systemDrv")
  10 # Send the system
  11 nix copy --to ssh://"$target" --substitute-on-destination "$system"
  12 # Send secrets
  13 pass "dkim/sourcephile.fr/20200101.key" |
  14 ssh "$target" install -D -m 0400 -o rspamd -g root /dev/stdin \
  15  /run/keys/"dkim.sourcephile.fr.20200101.key"
  16 pass "dkim/autogeree.net/20200101.key" |
  17 ssh "$target" install -D -m 0400 -o rspamd -g root /dev/stdin \
  18  /run/keys/"dkim.autogeree.net.20200101.key"
  19 # Register and switch to the new system
  20 profile=/nix/var/nix/profiles/system
  21 ssh "$target" nix-env --profile "$profile" --set "$system" \
  22  '&&' nix-env --profile "$profile" --delete-generations +5 \
  23  '&&' "$profile"/bin/switch-to-configuration "${switch:-switch}"