diff options
Diffstat (limited to 'src/infrastructure/scripts/reconfigure.sh')
| -rwxr-xr-x | src/infrastructure/scripts/reconfigure.sh | 134 |
1 files changed, 134 insertions, 0 deletions
diff --git a/src/infrastructure/scripts/reconfigure.sh b/src/infrastructure/scripts/reconfigure.sh new file mode 100755 index 0000000..c76ea3e --- /dev/null +++ b/src/infrastructure/scripts/reconfigure.sh @@ -0,0 +1,134 @@ +#!/bin/sh +set -eu + +usage() { + cat <<-'EOF' + Usage: + reconfigure [-n] [-U] [SHA] + reconfigure -h + EOF +} + +help() { + cat <<-'EOF' + + + Options: + -n build the system, but don't switch to it (dry-run) + -U pull the latest channels before reconfiguring + -h, --help show this message + + SHA the repository SHA to checkout (default: main) + + + Run a "guix system reconfigure" as root via "sudo -i". If a -U + flag is given, perform a "guix pull" (in root profile) prior to + the reconfigure. The user must be able to become the "deployer" + user, either via "sudo reconfigure" or by being member of the + "become-deployer" group. + + + Examples: + + Reconfigure the system: + + $ reconfigure + + + Build the system on a custom SHA, but don't switch to it: + + $ reconfigure -n 916dafc092f797349a54515756f2c8e477326511 + + + Update and upgrade: + + $ reconfigure -U + EOF +} + + +for flag in "$@"; do + case "$flag" in + --) + break + ;; + --help) + usage + help + exit + ;; + *) + ;; + esac +done + +UPDATE=false +DRY_RUN=false +while getopts 'nUh' flag; do + case "$flag" in + n) + DRY_RUN=true + ;; + U) + UPDATE=true + ;; + h) + usage + help + exit + ;; + *) + usage >&2 + exit 2 + ;; + esac +done +shift $((OPTIND - 1)) + +SHA="${1:-main}" +REPO='/srv/git/servers.git' +NOW="$(date '+%Y-%m-%dT%H:%M:%S%:z')" +NOW_DIR=/opt/deploy/"$NOW" +NPROC=$(($(nproc) * 2 + 1)) + + +if [ "$(id -un)" != 'root' ]; then + printf 'This script must be run as root.\n\n' >&2 + usage >&2 + exit 2 +fi + + +set +eu +# shellcheck source=/dev/null +. /etc/rc +set -eu + + +if [ "$UPDATE" = true ] && [ "$DRY_RUN" = false ]; then + sudo -i guix pull -v3 +fi + +set -x +sudo -u deployer git clone --depth=1 "file://$REPO" "$NOW_DIR" +sudo -u deployer rm -f /opt/deploy/current +sudo -u deployer ln -s "$NOW_DIR" /opt/deploy/current +cd /opt/deploy/current +sudo -u deployer git fetch --depth=1 "file://$REPO" "$SHA" +sudo -u deployer --preserve-env=GIT_CONFIG_GLOBAL git checkout "$SHA" +guix system describe + +if [ "$DRY_RUN" = true ]; then + sudo -i guix system -c$NPROC -v3 build "$PWD"/src/infrastructure/guix/system.scm +else + # COMMENT: pre-receive is always running the previous version! + # The same is true for the reconfigure script itself. + sudo cp description "$REPO"/description + sudo cp src/infrastructure/ci/git-pre-receive.sh "$REPO"/hooks/pre-receive + sudo cp src/infrastructure/guix/channels.scm /etc/guix/ + sudo cp src/infrastructure/guix/system.scm /etc/guix/ + + sudo -i guix system -c$NPROC -v3 reconfigure /etc/guix/system.scm + + deploy +fi |