aboutsummaryrefslogtreecommitdiff
path: root/src/infrastructure/scripts/reconfigure.sh
blob: 4936e077abe2e00818c55bb2ad8bf451e53fa856 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
#!/bin/sh
set -eu

usage() {
	cat <<-'EOF'
		Usage:
		  reconfigure [-n] [-U] [SHA]
		  reconfigure -h
	EOF
}

help() {
	cat <<-'EOF'


		Options:
		  -n            build the system, but don't switch to it (dry-run)
		  -U            pull the latest channels before reconfiguring
		  -h, --help    show this message

		  SHA           the repository SHA to checkout (default: main)


		Run a "guix system reconfigure" as root via "sudo -i".  If a -U
		flag is given, perform a "guix pull" (in root profile) prior to
		the reconfigure.  The user must be able to become the "deployer"
		user, either via "sudo reconfigure" or by being member of the
		"become-deployer" group.


		Examples:

		  Reconfigure the system:

		    $ reconfigure


		  Build the system on a custom SHA, but don't switch to it:

		    $ reconfigure -n 916dafc092f797349a54515756f2c8e477326511


		  Update and upgrade:

		    $ reconfigure -U
	EOF
}


for flag in "$@"; do
	case "$flag" in
		--)
			break
			;;
		--help)
			usage
			help
			exit
			;;
		*)
			;;
	esac
done

UPDATE=false
DRY_RUN=false
while getopts 'nUh' flag; do
	case "$flag" in
		n)
			DRY_RUN=true
			;;
		U)
			UPDATE=true
			;;
		h)
			usage
			help
			exit
			;;
		*)
			usage >&2
			exit 2
			;;
	esac
done
shift $((OPTIND - 1))

SHA="${1:-main}"
REPO='/srv/git/servers.git'
NOW="$(date '+%Y-%m-%dT%H:%M:%S%:z')"
NOW_DIR=/opt/deploy/"$NOW"
NPROC=$(($(nproc) * 2 + 1))


if [ "$(id -un)" != 'root' ]; then
	printf 'This script must be run as root.\n\n' >&2
	usage >&2
	exit 2
fi


set +eu
# shellcheck source=/dev/null
. /etc/rc
set -eu


if [ "$UPDATE" = true ] && [ "$DRY_RUN" = false ]; then
	sudo -i guix pull -v3
fi

set -x
sudo -u deployer git clone --depth=1 "file://$REPO" "$NOW_DIR"
sudo -u deployer rm -f /opt/deploy/current
sudo -u deployer ln -rs "$NOW_DIR" /opt/deploy/current
cd /opt/deploy/current
sudo -u deployer git fetch --depth=1 "file://$REPO" "$SHA"
sudo -u deployer --preserve-env=GIT_CONFIG_GLOBAL git checkout "$SHA"
guix system describe

if [ "$DRY_RUN" = true ]; then
	sudo -i guix system -c$NPROC -v3 build "$PWD"/src/infrastructure/guix/system.scm
else
	# COMMENT: pre-receive is always running the previous version!
	#          The same is true for the reconfigure script itself.
	sudo cp description                              "$REPO"/description
	sudo cp src/infrastructure/ci/git-pre-receive.sh "$REPO"/hooks/pre-receive
	sudo cp src/infrastructure/guix/channels.scm /etc/guix/
	sudo cp src/infrastructure/guix/system.scm   /etc/guix/

	sudo -i guix system -c$NPROC -v3 reconfigure /etc/guix/system.scm

	rsync \
		--chmod=D775,F664         \
		-a                        \
		--exclude='dev/ci/*'      \
		/run/current-system/profile/share/doc/servers/ /srv/www/s/servers/
	deploy
fi