#!/bin/sh
set -eux
target=${target:-root@mermet.sourcephile.fr}
# Compile the derivation of the new system
system=$(nix-instantiate "${0%/*}".nix \
 -A config.system.build.toplevel \
 ${TRACE:+--show-trace} \
)
# Compile the build products of the new system
nix-store --realise "$system"
# Send the system
nix-copy-closure --to "$target" --use-substitutes --gzip "$system"
# Register the new system
profile=/nix/var/nix/profiles/system
ssh "$target" nix-env --profile "$profile" --set "$system" \
 '&&' nix-env --profile "$profile" --delete-generations +5
# Send secrets
pass "dkim/sourcephile.fr/20200101.key" |
ssh "$target" install -D -m 0400 -o rspamd -g root /dev/stdin \
 /run/keys/"dkim.sourcephile.fr.20200101.key"
pass "dkim/autogeree.net/20200101.key" |
ssh "$target" install -D -m 0400 -o rspamd -g root /dev/stdin \
 /run/keys/"dkim.autogeree.net.20200101.key"
# Switch to the new system
ssh "$target" "$profile"/bin/switch-to-configuration switch