#!/bin/sh
set -eux
target=${target:-root@mermet.sourcephile.fr}
# Compile the derivation of the new system
systemDrv=$(nix-instantiate "${0%/*}".nix \
 -A config.system.build.toplevel \
 ${TRACE:+--show-trace} )
# Compile the build products of the new system
system=$(nix-store --realise "$systemDrv")
# Send the system
nix copy --to ssh://"$target" --substitute-on-destination "$system"
# Send secrets
pass "dkim/sourcephile.fr/20200101.key" |
ssh "$target" install -D -m 0400 -o rspamd -g root /dev/stdin \
 /run/keys/"dkim.sourcephile.fr.20200101.key"
pass "dkim/autogeree.net/20200101.key" |
ssh "$target" install -D -m 0400 -o rspamd -g root /dev/stdin \
 /run/keys/"dkim.autogeree.net.20200101.key"
# Register and switch to the new system
profile=/nix/var/nix/profiles/system
ssh "$target" nix-env --profile "$profile" --set "$system" \
 '&&' nix-env --profile "$profile" --delete-generations +5 \
 '&&' "$profile"/bin/switch-to-configuration "${switch:-switch}"