diff --git a/Cargo.lock b/Cargo.lock index 08ac3bfc..c9f86dcc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1,5 +1,7 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. +version = 3 + [[package]] name = "aho-corasick" version = "0.7.15" @@ -139,6 +141,7 @@ dependencies = [ "flexi_logger", "fork", "futures-util", + "linked_hash_set", "log", "merge", "notify", @@ -381,6 +384,21 @@ version = "0.2.81" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1482821306169ec4d07f6aca392a4681f66c75c9918aa49641a2595db64053cb" +[[package]] +name = "linked-hash-map" +version = "0.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fb9b38af92608140b86b693604b9ffcc5824240a484d1ecd4795bacb2fe88f3" + +[[package]] +name = "linked_hash_set" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47186c6da4d81ca383c7c47c1bfc80f4b95f4720514d860a5407aaf4233f9588" +dependencies = [ + "linked-hash-map", +] + [[package]] name = "lock_api" version = "0.4.2" diff --git a/Cargo.toml b/Cargo.toml index 0ded1259..d3139baa 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -15,6 +15,7 @@ clap = "3.0.0-beta.2" flexi_logger = "0.16" fork = "0.1" futures-util = "0.3.6" +linked_hash_set = "0.1.4" log = "0.4" merge = "0.1.0" notify = "5.0.0-pre.3" diff --git a/chroot-wrapper.bash b/chroot-wrapper.bash new file mode 100644 index 00000000..a8634cd6 --- /dev/null +++ b/chroot-wrapper.bash @@ -0,0 +1,44 @@ +set -e + +# Re-exec ourselves in a private mount namespace so that our bind +# mounts get cleaned up automatically. +if [ -z "$NIXOS_ENTER_REEXEC" ]; then + export NIXOS_ENTER_REEXEC=1 + if [ "$(id -u)" != 0 ]; then + extraFlags="-r" + fi + exec unshare --fork --mount --uts --mount-proc --pid $extraFlags -- "$0" "$@" +else + mount --make-rprivate / +fi + +mountPoint=/mnt + +while [ "$#" -gt 0 ]; do + i="$1"; shift 1 + case "$i" in + --root) + mountPoint="$1"; shift 1 + ;; + --) + command=("$@") + break + ;; + *) + echo "$0: unknown option \`$i'" + exit 1 + ;; + esac +done + +mkdir -p "$mountPoint/dev" "$mountPoint/sys" "$mountPoint/tmp" "$mountPoint/etc" "$mountPoint/proc" +chmod 0755 "$mountPoint/dev" "$mountPoint/sys" "$mountPoint/tmp" "$mountPoint/etc" "$mountPoint/proc" +mount --rbind /dev "$mountPoint/dev" +mount --rbind /sys "$mountPoint/sys" +mount --rbind /proc "$mountPoint/proc" + +touch "$mountPoint/etc/mtab" || true # might be already a working system +(cd "$mountPoint" && ln -snf "../proc/self/mounts" "etc/mtab") # Grub needs an mtab. + +export CHROOTED=1 +exec chroot "$mountPoint" "${command[@]}" diff --git a/flake.nix b/flake.nix index 03f4a253..b943de5a 100644 --- a/flake.nix +++ b/flake.nix @@ -70,10 +70,22 @@ executable = true; destination = "/deploy-rs-activate"; }) + (final.writeTextFile { + name = base.name + "-activate-chroot-wrapper"; + text = '' + # no interpreter: absolute storepaths are not resolvable outside chroot + # run with bash <>, instead + ${nixpkgs.lib.fileContents ./chroot-wrapper.bash}; + ''; + executable = true; + destination = "/deploy-rs-chroot-wrapper"; + }) (final.writeTextFile { name = base.name + "-activate-rs"; text = '' #!${final.runtimeShell} + # required by bin/activate + export PATH="${nixpkgs.lib.makeBinPath [final.nixUnstable final.coreutils]}" exec ${self.defaultPackage.${system}}/bin/activate "$@" ''; executable = true; @@ -84,15 +96,49 @@ }; nixos = base: (custom // { dryActivate = "$PROFILE/bin/switch-to-configuration dry-activate"; }) base.config.system.build.toplevel '' + export PATH="${nixpkgs.lib.makeBinPath [final.coreutils]}" # work around https://github.com/NixOS/nixpkgs/issues/73404 cd /tmp - $PROFILE/bin/switch-to-configuration switch + _SYSTEM="/nix/var/nix/profiles/system" + _SWITCH_COMMAND="$PROFILE/bin/switch-to-configuration" + + # Set $LOCALE_ARCHIVE to supress some Perl locale warnings. + export LOCALE_ARCHIVE="$PROFILE/sw/lib/locale/locale-archive" + + _already_on_nixos() { [[ -f "/etc/NIXOS" ]]; } + _switch_cmd() { + "$_SWITCH_COMMAND" "$1" + } + + _become_a_nixos() { touch /etc/NIXOS; } + _if_chrooted() { [[ "''${CHROOTED:-}" == "1" ]] && echo $@; } + _activate_system() { + # Run the activation script. + "$PROFILE/activate" 1>&2 || true + # Cooperatively respect our chrooted environment + ${final.systemd}/bin/systemd-tmpfiles --create --remove $(_if_chrooted "--exclude-prefix=/dev") 1>&2 || true; + } + + if _already_on_nixos + then + _switch_cmd switch + else + echo "-> Become a NixOS ..." + _become_a_nixos + echo "-> Activate the system ..." + _activate_system + echo "-> Install the boot loader ..." + NIXOS_INSTALL_BOOTLOADER=1 _switch_cmd boot + echo "-> Reboot ..." + $(_if_chrooted sync && echo b |tee /proc/sysrq-trigger) + ${final.systemd}/bin/reboot --reboot + fi # https://github.com/serokell/deploy-rs/issues/31 ${with base.config.boot.loader; final.lib.optionalString systemd-boot.enable - "sed -i '/^default /d' ${efi.efiSysMountPoint}/loader/loader.conf"} + "${final.gnused}/bin/sed -i '/^default /d' ${efi.efiSysMountPoint}/loader/loader.conf"} ''; home-manager = base: custom base.activationPackage "$PROFILE/activate"; diff --git a/src/cli.rs b/src/cli.rs index 33eb5bbd..f5e086d5 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -10,8 +10,7 @@ use clap::{Clap, ArgMatches, FromArgMatches}; use crate as deploy; -use self::deploy::{DeployFlake, ParseFlakeError}; -use futures_util::stream::{StreamExt, TryStreamExt}; +use self::deploy::{data, settings, flake}; use log::{debug, error, info, warn}; use serde::Serialize; use std::process::Stdio; @@ -29,66 +28,16 @@ pub struct Opts { /// A list of flakes to deploy alternatively #[clap(long, group = "deploy")] targets: Option>, - /// Check signatures when using `nix copy` - #[clap(short, long)] - checksigs: bool, - /// Use the interactive prompt before deployment - #[clap(short, long)] - interactive: bool, - /// Extra arguments to be passed to nix build - extra_build_args: Vec, - - /// Print debug logs to output - #[clap(short, long)] - debug_logs: bool, - /// Directory to print logs to (including the background activation process) - #[clap(long)] - log_dir: Option, - - /// Keep the build outputs of each built profile - #[clap(short, long)] - keep_result: bool, - /// Location to keep outputs from built profiles in - #[clap(short, long)] - result_path: Option, - - /// Skip the automatic pre-build checks - #[clap(short, long)] - skip_checks: bool, - /// Override the SSH user with the given value - #[clap(long)] - ssh_user: Option, - /// Override the profile user with the given value - #[clap(long)] - profile_user: Option, - /// Override the SSH options used - #[clap(long)] - ssh_opts: Option, - /// Override if the connecting to the target node should be considered fast - #[clap(long)] - fast_connection: Option, - /// Override if a rollback should be attempted if activation fails - #[clap(long)] - auto_rollback: Option, /// Override hostname used for the node #[clap(long)] hostname: Option, - /// Make activation wait for confirmation, or roll back after a period of time - #[clap(long)] - magic_rollback: Option, - /// How long activation should wait for confirmation (if using magic-rollback) - #[clap(long)] - confirm_timeout: Option, - /// Where to store temporary files (only used by magic-rollback) - #[clap(long)] - temp_path: Option, - /// Show what will be activated on the machines - #[clap(long)] - dry_activate: bool, - /// Revoke all previously succeeded deploys when deploying multiple profiles - #[clap(long)] - rollback_succeeded: Option, + + #[clap(flatten)] + flags: data::Flags, + + #[clap(flatten)] + generic_settings: settings::GenericSettings, } /// Returns if the available Nix installation supports flakes @@ -107,163 +56,6 @@ async fn test_flake_support() -> Result { .success()) } -#[derive(Error, Debug)] -pub enum CheckDeploymentError { - #[error("Failed to execute Nix checking command: {0}")] - NixCheck(#[from] std::io::Error), - #[error("Nix checking command resulted in a bad exit code: {0:?}")] - NixCheckExit(Option), -} - -async fn check_deployment( - supports_flakes: bool, - repo: &str, - extra_build_args: &[String], -) -> Result<(), CheckDeploymentError> { - info!("Running checks for flake in {}", repo); - - let mut check_command = match supports_flakes { - true => Command::new("nix"), - false => Command::new("nix-build"), - }; - - match supports_flakes { - true => { - check_command.arg("flake").arg("check").arg(repo); - } - false => { - check_command.arg("-E") - .arg("--no-out-link") - .arg(format!("let r = import {}/.; x = (if builtins.isFunction r then (r {{}}) else r); in if x ? checks then x.checks.${{builtins.currentSystem}} else {{}}", repo)); - } - }; - - for extra_arg in extra_build_args { - check_command.arg(extra_arg); - } - - let check_status = check_command.status().await?; - - match check_status.code() { - Some(0) => (), - a => return Err(CheckDeploymentError::NixCheckExit(a)), - }; - - Ok(()) -} - -#[derive(Error, Debug)] -pub enum GetDeploymentDataError { - #[error("Failed to execute nix eval command: {0}")] - NixEval(std::io::Error), - #[error("Failed to read output from evaluation: {0}")] - NixEvalOut(std::io::Error), - #[error("Evaluation resulted in a bad exit code: {0:?}")] - NixEvalExit(Option), - #[error("Error converting evaluation output to utf8: {0}")] - DecodeUtf8(#[from] std::string::FromUtf8Error), - #[error("Error decoding the JSON from evaluation: {0}")] - DecodeJson(#[from] serde_json::error::Error), - #[error("Impossible happened: profile is set but node is not")] - ProfileNoNode, -} - -/// Evaluates the Nix in the given `repo` and return the processed Data from it -async fn get_deployment_data( - supports_flakes: bool, - flakes: &[deploy::DeployFlake<'_>], - extra_build_args: &[String], -) -> Result, GetDeploymentDataError> { - futures_util::stream::iter(flakes).then(|flake| async move { - - info!("Evaluating flake in {}", flake.repo); - - let mut c = if supports_flakes { - Command::new("nix") - } else { - Command::new("nix-instantiate") - }; - - if supports_flakes { - c.arg("eval") - .arg("--json") - .arg(format!("{}#deploy", flake.repo)) - // We use --apply instead of --expr so that we don't have to deal with builtins.getFlake - .arg("--apply"); - match (&flake.node, &flake.profile) { - (Some(node), Some(profile)) => { - // Ignore all nodes and all profiles but the one we're evaluating - c.arg(format!( - r#" - deploy: - (deploy // {{ - nodes = {{ - "{0}" = deploy.nodes."{0}" // {{ - profiles = {{ - inherit (deploy.nodes."{0}".profiles) "{1}"; - }}; - }}; - }}; - }}) - "#, - node, profile - )) - } - (Some(node), None) => { - // Ignore all nodes but the one we're evaluating - c.arg(format!( - r#" - deploy: - (deploy // {{ - nodes = {{ - inherit (deploy.nodes) "{}"; - }}; - }}) - "#, - node - )) - } - (None, None) => { - // We need to evaluate all profiles of all nodes anyway, so just do it strictly - c.arg("deploy: deploy") - } - (None, Some(_)) => return Err(GetDeploymentDataError::ProfileNoNode), - } - } else { - c - .arg("--strict") - .arg("--read-write-mode") - .arg("--json") - .arg("--eval") - .arg("-E") - .arg(format!("let r = import {}/.; in if builtins.isFunction r then (r {{}}).deploy else r.deploy", flake.repo)) - }; - - for extra_arg in extra_build_args { - c.arg(extra_arg); - } - - let build_child = c - .stdout(Stdio::piped()) - .spawn() - .map_err(GetDeploymentDataError::NixEval)?; - - let build_output = build_child - .wait_with_output() - .await - .map_err(GetDeploymentDataError::NixEvalOut)?; - - match build_output.status.code() { - Some(0) => (), - a => return Err(GetDeploymentDataError::NixEvalExit(a)), - }; - - let data_json = String::from_utf8(build_output.stdout)?; - - Ok(serde_json::from_str(&data_json)?) -}).try_collect().await -} - #[derive(Serialize)] struct PromptPart<'a> { user: &'a str, @@ -274,23 +66,19 @@ struct PromptPart<'a> { } fn print_deployment( - parts: &[( - &deploy::DeployFlake<'_>, - deploy::DeployData, - deploy::DeployDefs, - )], + parts: &[&data::DeployData], ) -> Result<(), toml::ser::Error> { let mut part_map: HashMap> = HashMap::new(); - for (_, data, defs) in parts { + for data in parts { part_map .entry(data.node_name.to_string()) .or_insert_with(HashMap::new) .insert( data.profile_name.to_string(), PromptPart { - user: &defs.profile_user, - ssh_user: &defs.ssh_user, + user: &data.profile_user, + ssh_user: &data.ssh_user, path: &data.profile.profile_settings.path, hostname: &data.node.node_settings.hostname, ssh_opts: &data.merged_settings.ssh_opts, @@ -317,11 +105,7 @@ pub enum PromptDeploymentError { } fn prompt_deployment( - parts: &[( - &deploy::DeployFlake<'_>, - deploy::DeployData, - deploy::DeployDefs, - )], + parts: &[&data::DeployData], ) -> Result<(), PromptDeploymentError> { print_deployment(parts)?; @@ -374,14 +158,11 @@ pub enum RunDeployError { DeployProfile(#[from] deploy::deploy::DeployProfileError), #[error("Failed to push profile: {0}")] PushProfile(#[from] deploy::push::PushProfileError), - #[error("No profile named `{0}` was found")] - ProfileNotFound(String), - #[error("No node named `{0}` was found")] - NodeNotFound(String), - #[error("Profile was provided without a node name")] - ProfileWithoutNode, + #[error("Failed to resolve target: {0}")] + ResolveTarget(#[from] data::ResolveTargetError), + #[error("Error processing deployment definitions: {0}")] - DeployDataDefs(#[from] deploy::DeployDataDefsError), + DeployDataError(#[from] data::DeployDataError), #[error("Failed to make printable TOML of deployment: {0}")] TomlFormat(#[from] toml::ser::Error), #[error("{0}")] @@ -390,198 +171,89 @@ pub enum RunDeployError { RevokeProfile(#[from] deploy::deploy::RevokeProfileError), } -type ToDeploy<'a> = Vec<( - &'a deploy::DeployFlake<'a>, - &'a deploy::data::Data, - (&'a str, &'a deploy::data::Node), - (&'a str, &'a deploy::data::Profile), -)>; - async fn run_deploy( - deploy_flakes: Vec>, - data: Vec, + targets: Vec, + settings: Vec, supports_flakes: bool, - check_sigs: bool, - interactive: bool, - cmd_overrides: &deploy::CmdOverrides, - keep_result: bool, - result_path: Option<&str>, - extra_build_args: &[String], - debug_logs: bool, - dry_activate: bool, - log_dir: &Option, - rollback_succeeded: bool, + hostname: Option, + cmd_settings: settings::GenericSettings, + cmd_flags: data::Flags, ) -> Result<(), RunDeployError> { - let to_deploy: ToDeploy = deploy_flakes - .iter() - .zip(&data) - .map(|(deploy_flake, data)| { - let to_deploys: ToDeploy = match (&deploy_flake.node, &deploy_flake.profile) { - (Some(node_name), Some(profile_name)) => { - let node = match data.nodes.get(node_name) { - Some(x) => x, - None => Err(RunDeployError::NodeNotFound(node_name.to_owned()))?, - }; - let profile = match node.node_settings.profiles.get(profile_name) { - Some(x) => x, - None => Err(RunDeployError::ProfileNotFound(profile_name.to_owned()))?, - }; - - vec![( - &deploy_flake, - &data, - (node_name.as_str(), node), - (profile_name.as_str(), profile), - )] - } - (Some(node_name), None) => { - let node = match data.nodes.get(node_name) { - Some(x) => x, - None => return Err(RunDeployError::NodeNotFound(node_name.to_owned())), - }; - - let mut profiles_list: Vec<(&str, &deploy::data::Profile)> = Vec::new(); - - for profile_name in [ - node.node_settings.profiles_order.iter().collect(), - node.node_settings.profiles.keys().collect::>(), - ] - .concat() - { - let profile = match node.node_settings.profiles.get(profile_name) { - Some(x) => x, - None => { - return Err(RunDeployError::ProfileNotFound( - profile_name.to_owned(), - )) - } - }; - - if !profiles_list.iter().any(|(n, _)| n == profile_name) { - profiles_list.push((&profile_name, profile)); - } - } - - profiles_list - .into_iter() - .map(|x| (deploy_flake, data, (node_name.as_str(), node), x)) - .collect() - } - (None, None) => { - let mut l = Vec::new(); - - for (node_name, node) in &data.nodes { - let mut profiles_list: Vec<(&str, &deploy::data::Profile)> = Vec::new(); - - for profile_name in [ - node.node_settings.profiles_order.iter().collect(), - node.node_settings.profiles.keys().collect::>(), - ] - .concat() - { - let profile = match node.node_settings.profiles.get(profile_name) { - Some(x) => x, - None => { - return Err(RunDeployError::ProfileNotFound( - profile_name.to_owned(), - )) - } - }; - - if !profiles_list.iter().any(|(n, _)| n == profile_name) { - profiles_list.push((&profile_name, profile)); - } - } - - let ll: ToDeploy = profiles_list - .into_iter() - .map(|x| (deploy_flake, data, (node_name.as_str(), node), x)) - .collect(); - - l.extend(ll); - } - - l - } - (None, Some(_)) => return Err(RunDeployError::ProfileWithoutNode), - }; - Ok(to_deploys) - }) - .collect::, RunDeployError>>()? - .into_iter() - .flatten() - .collect(); - - let mut parts: Vec<( - &deploy::DeployFlake<'_>, - deploy::DeployData, - deploy::DeployDefs, - )> = Vec::new(); - - for (deploy_flake, data, (node_name, node), (profile_name, profile)) in to_deploy { - let deploy_data = deploy::make_deploy_data( - &data.generic_settings, - node, - node_name, - profile, - profile_name, - &cmd_overrides, - debug_logs, - log_dir.as_deref(), - ); - - let deploy_defs = deploy_data.defs()?; - - parts.push((deploy_flake, deploy_data, deploy_defs)); + let deploy_datas_ = targets.into_iter().zip(&settings) + .map( + |(target, root)| + target.resolve( + &root, + &cmd_settings, + &cmd_flags, + hostname.as_deref(), + ) + ) + .collect::>>, data::ResolveTargetError>>()?; + let deploy_datas: Vec<&data::DeployData<'_>> = deploy_datas_.iter().flatten().collect(); + + let mut parts: Vec<&data::DeployData> = Vec::new(); + + for deploy_data in deploy_datas { + parts.push(deploy_data); } - if interactive { + if cmd_flags.interactive { prompt_deployment(&parts[..])?; } else { print_deployment(&parts[..])?; } - for (deploy_flake, deploy_data, deploy_defs) in &parts { - deploy::push::push_profile(deploy::push::PushProfileData { + for deploy_data in &parts { + deploy::push::push_profile( supports_flakes, - check_sigs, - repo: deploy_flake.repo, - deploy_data: &deploy_data, - deploy_defs: &deploy_defs, - keep_result, - result_path, - extra_build_args, - }) + deploy::push::ShowDerivationCommand::from_data(&deploy_data), + deploy::push::BuildCommand::from_data(&deploy_data), + deploy::push::SignCommand::from_data(&deploy_data), + deploy::push::CopyCommand::from_data(&deploy_data), + ) .await?; } - let mut succeeded: Vec<(&deploy::DeployData, &deploy::DeployDefs)> = vec![]; + let mut succeeded: Vec<&data::DeployData> = vec![]; // Run all deployments // In case of an error rollback any previoulsy made deployment. // Rollbacks adhere to the global seeting to auto_rollback and secondary // the profile's configuration - for (_, deploy_data, deploy_defs) in &parts { - if let Err(e) = deploy::deploy::deploy_profile(deploy_data, deploy_defs, dry_activate).await + for deploy_data in &parts { + if let Err(e) = deploy::deploy::deploy_profile( + &deploy_data.node_name, + &deploy_data.profile_name, + deploy::deploy::SshCommand::from_data(&deploy_data)?, + deploy::deploy::ActivateCommand::from_data(&deploy_data), + deploy::deploy::WaitCommand::from_data(&deploy_data), + deploy::deploy::ConfirmCommand::from_data(&deploy_data), + ).await { error!("{}", e); - if dry_activate { + if cmd_flags.dry_activate { info!("dry run, not rolling back"); } info!("Revoking previous deploys"); - if rollback_succeeded && cmd_overrides.auto_rollback.unwrap_or(true) { + if cmd_flags.rollback_succeeded && cmd_settings.auto_rollback.unwrap_or(true) { // revoking all previous deploys // (adheres to profile configuration if not set explicitely by // the command line) - for (deploy_data, deploy_defs) in &succeeded { + for deploy_data in &succeeded { if deploy_data.merged_settings.auto_rollback.unwrap_or(true) { - deploy::deploy::revoke(*deploy_data, *deploy_defs).await?; + deploy::deploy::revoke( + &deploy_data.node_name, + &deploy_data.profile_name, + deploy::deploy::SshCommand::from_data(&deploy_data)?, + deploy::deploy::RevokeCommand::from_data(&deploy_data), + ).await?; } } } break; } - succeeded.push((deploy_data, deploy_defs)) + succeeded.push(deploy_data) } Ok(()) @@ -596,11 +268,11 @@ pub enum RunError { #[error("Failed to test for flake support: {0}")] FlakeTest(std::io::Error), #[error("Failed to check deployment: {0}")] - CheckDeployment(#[from] CheckDeploymentError), + CheckDeployment(#[from] flake::CheckDeploymentError), #[error("Failed to evaluate deployment data: {0}")] - GetDeploymentData(#[from] GetDeploymentDataError), + GetDeploymentData(#[from] flake::GetDeploymentDataError), #[error("Error parsing flake: {0}")] - ParseFlake(#[from] deploy::ParseFlakeError), + ParseFlake(#[from] data::ParseTargetError), #[error("Error initiating logger: {0}")] Logger(#[from] flexi_logger::FlexiLoggerError), #[error("{0}")] @@ -614,8 +286,8 @@ pub async fn run(args: Option<&ArgMatches>) -> Result<(), RunError> { }; deploy::init_logger( - opts.debug_logs, - opts.log_dir.as_deref(), + opts.flags.debug_logs, + opts.flags.log_dir.as_deref(), deploy::LoggerType::Deploy, )?; @@ -624,51 +296,30 @@ pub async fn run(args: Option<&ArgMatches>) -> Result<(), RunError> { .targets .unwrap_or_else(|| vec![opts.clone().target.unwrap_or(".".to_string())]); - let deploy_flakes: Vec = deploys - .iter() - .map(|f| deploy::parse_flake(f.as_str())) - .collect::, ParseFlakeError>>()?; - - let cmd_overrides = deploy::CmdOverrides { - ssh_user: opts.ssh_user, - profile_user: opts.profile_user, - ssh_opts: opts.ssh_opts, - fast_connection: opts.fast_connection, - auto_rollback: opts.auto_rollback, - hostname: opts.hostname, - magic_rollback: opts.magic_rollback, - temp_path: opts.temp_path, - confirm_timeout: opts.confirm_timeout, - dry_activate: opts.dry_activate, - }; - let supports_flakes = test_flake_support().await.map_err(RunError::FlakeTest)?; if !supports_flakes { warn!("A Nix version without flakes support was detected, support for this is work in progress"); } - if !opts.skip_checks { - for deploy_flake in deploy_flakes.iter() { - check_deployment(supports_flakes, deploy_flake.repo, &opts.extra_build_args).await?; + let targets: Vec = deploys + .into_iter() + .map(|f| f.parse::()) + .collect::, data::ParseTargetError>>()?; + + if !opts.flags.skip_checks { + for target in targets.iter() { + flake::check_deployment(supports_flakes, &target.repo, &opts.flags.extra_build_args).await?; } } - let result_path = opts.result_path.as_deref(); - let data = get_deployment_data(supports_flakes, &deploy_flakes, &opts.extra_build_args).await?; + let settings = flake::get_deployment_data(supports_flakes, &targets, &opts.flags.extra_build_args).await?; run_deploy( - deploy_flakes, - data, + targets, + settings, supports_flakes, - opts.checksigs, - opts.interactive, - &cmd_overrides, - opts.keep_result, - result_path, - &opts.extra_build_args, - opts.debug_logs, - opts.dry_activate, - &opts.log_dir, - opts.rollback_succeeded.unwrap_or(true), + opts.hostname, + opts.generic_settings, + opts.flags, ) .await?; diff --git a/src/data.rs b/src/data.rs index 6fe7f75f..54ec6bf4 100644 --- a/src/data.rs +++ b/src/data.rs @@ -1,73 +1,394 @@ // SPDX-FileCopyrightText: 2020 Serokell +// SPDX-FileCopyrightText: 2021 Yannik Sander // // SPDX-License-Identifier: MPL-2.0 +use linked_hash_set::LinkedHashSet; +use rnix::{types::*, SyntaxKind::*}; use merge::Merge; -use serde::Deserialize; -use std::collections::HashMap; - -#[derive(Deserialize, Debug, Clone, Merge)] -pub struct GenericSettings { - #[serde(rename(deserialize = "sshUser"))] - pub ssh_user: Option, - pub user: Option, - #[serde( - skip_serializing_if = "Vec::is_empty", - default, - rename(deserialize = "sshOpts") - )] - #[merge(strategy = merge::vec::append)] - pub ssh_opts: Vec, - #[serde(rename(deserialize = "fastConnection"))] - pub fast_connection: Option, - #[serde(rename(deserialize = "autoRollback"))] - pub auto_rollback: Option, - #[serde(rename(deserialize = "confirmTimeout"))] - pub confirm_timeout: Option, - #[serde(rename(deserialize = "tempPath"))] - pub temp_path: Option, - #[serde(rename(deserialize = "magicRollback"))] - pub magic_rollback: Option, +use thiserror::Error; +use clap::Clap; + +use crate::settings; + +#[derive(PartialEq, Debug)] +pub struct Target { + pub repo: String, + pub node: Option, + pub profile: Option, +} + +#[derive(Error, Debug)] +pub enum ParseTargetError { + #[error("The given path was too long, did you mean to put something in quotes?")] + PathTooLong, + #[error("Unrecognized node or token encountered")] + Unrecognized, +} + +#[derive(Error, Debug)] +pub enum ResolveTargetError { + #[error("No node named `{0}` was found in repo `{1}`")] + NodeNotFound(String, String), + #[error("No profile named `{0}` was on node `{1}` found in repo `{2}`")] + ProfileNotFound(String, String, String), + #[error("Profile was provided without a node name for repo `{0}`")] + ProfileWithoutNode(String), + #[error("Deployment data invalid: {0}")] + InvalidDeployDataError(#[from] DeployDataError), +} + +impl<'a> Target { + pub fn resolve( + self, + r: &'a settings::Root, + cs: &'a settings::GenericSettings, + cf: &'a Flags, + hostname: Option<&'a str>, + ) -> Result>, ResolveTargetError> { + match self { + Target{repo, node: Some(node), profile} => { + let node_ = match r.nodes.get(&node) { + Some(x) => x, + None => return Err(ResolveTargetError::NodeNotFound( + node.to_owned(), repo.to_owned() + )), + }; + if let Some(profile) = profile { + let profile_ = match node_.node_settings.profiles.get(&profile) { + Some(x) => x, + None => return Err(ResolveTargetError::ProfileNotFound( + profile.to_owned(), node.to_owned(), repo.to_owned() + )), + }; + Ok({ + let d = DeployData::new( + repo.to_owned(), + node.to_owned(), + profile.to_owned(), + &r.generic_settings, + cs, + cf, + node_, + profile_, + hostname, + )?; + vec![d] + }) + } else { + let ordered_profile_names: LinkedHashSet:: = node_.node_settings.profiles_order.iter().cloned().collect(); + let profile_names: LinkedHashSet:: = node_.node_settings.profiles.keys().cloned().collect(); + let prioritized_profile_names: LinkedHashSet::<&String> = ordered_profile_names.union(&profile_names).collect(); + Ok( + prioritized_profile_names + .iter() + .map( + |p| + Target{repo: repo.to_owned(), node: Some(node.to_owned()), profile: Some(p.to_string())}.resolve( + r, cs, cf, hostname, + ) + ) + .collect::>>, ResolveTargetError>>()? + .into_iter().flatten().collect::>>() + ) + } + }, + Target{repo, node: None, profile: None} => { + if let Some(hostname) = hostname { + todo!() // create issue to discuss: + // if allowed, it would be really awkward + // to override the hostname for a series of nodes at once + } + Ok( + r.nodes + .iter() + .map( + |(n, _)| + Target{repo: repo.to_owned(), node: Some(n.to_string()), profile: None}.resolve( + r, cs, cf, hostname, + ) + ) + .collect::>>, ResolveTargetError>>()? + .into_iter().flatten().collect::>>() + ) + }, + Target{repo, node: None, profile: Some(_)} => return Err(ResolveTargetError::ProfileWithoutNode( + repo.to_owned() + )) + } + } +} + +impl std::str::FromStr for Target { + type Err = ParseTargetError; + + fn from_str(s: &str) -> Result { + let flake_fragment_start = s.find('#'); + let (repo, maybe_fragment) = match flake_fragment_start { + Some(i) => (s[..i].to_string(), Some(&s[i + 1..])), + None => (s.to_string(), None), + }; + + let mut node: Option = None; + let mut profile: Option = None; + + if let Some(fragment) = maybe_fragment { + let ast = rnix::parse(fragment); + + let first_child = match ast.root().node().first_child() { + Some(x) => x, + None => { + return Ok(Target { + repo: repo.to_owned(), + node: None, + profile: None, + }) + } + }; + + let mut node_over = false; + + for entry in first_child.children_with_tokens() { + let x = match (entry.kind(), node_over) { + (TOKEN_DOT, false) => { + node_over = true; + None + } + (TOKEN_DOT, true) => { + return Err(ParseTargetError::PathTooLong); + } + (NODE_IDENT, _) => Some(entry.into_node().unwrap().text().to_string()), + (TOKEN_IDENT, _) => Some(entry.into_token().unwrap().text().to_string()), + (NODE_STRING, _) => { + let c = entry + .into_node() + .unwrap() + .children_with_tokens() + .nth(1) + .unwrap(); + + Some(c.into_token().unwrap().text().to_string()) + } + _ => return Err(ParseTargetError::Unrecognized), + }; + + if !node_over { + node = x; + } else { + profile = x; + } + } + } + + Ok(Target { + repo: repo.to_owned(), + node: node, + profile: profile, + }) + } } -#[derive(Deserialize, Debug, Clone)] -pub struct NodeSettings { - pub hostname: String, - pub profiles: HashMap, - #[serde( - skip_serializing_if = "Vec::is_empty", - default, - rename(deserialize = "profilesOrder") - )] - pub profiles_order: Vec, +#[test] +fn test_deploy_target_from_str() { + assert_eq!( + "../deploy/examples/system".parse::().unwrap(), + Target { + repo: "../deploy/examples/system", + node: None, + profile: None, + } + ); + + assert_eq!( + "../deploy/examples/system#".parse::().unwrap(), + Target { + repo: "../deploy/examples/system", + node: None, + profile: None, + } + ); + + assert_eq!( + "../deploy/examples/system#computer.\"something.nix\"".parse::().unwrap(), + Target { + repo: "../deploy/examples/system", + node: Some("computer".to_string()), + profile: Some("something.nix".to_string()), + } + ); + + assert_eq!( + "../deploy/examples/system#\"example.com\".system".parse::().unwrap(), + Target { + repo: "../deploy/examples/system", + node: Some("example.com".to_string()), + profile: Some("system".to_string()), + } + ); + + assert_eq!( + "../deploy/examples/system#example".parse::().unwrap(), + Target { + repo: "../deploy/examples/system", + node: Some("example".to_string()), + profile: None + } + ); + + assert_eq!( + "../deploy/examples/system#example.system".parse::().unwrap(), + Target { + repo: "../deploy/examples/system", + node: Some("example".to_string()), + profile: Some("system".to_string()) + } + ); + + assert_eq!( + "../deploy/examples/system".parse::().unwrap(), + Target { + repo: "../deploy/examples/system", + node: None, + profile: None, + } + ); } -#[derive(Deserialize, Debug, Clone)] -pub struct ProfileSettings { - pub path: String, - #[serde(rename(deserialize = "profilePath"))] - pub profile_path: Option, +#[derive(Debug, Clone)] +pub struct DeployData<'a> { + pub repo: String, + pub node_name: String, + pub profile_name: String, + + pub flags: &'a Flags, + pub node: &'a settings::Node, + pub profile: &'a settings::Profile, + pub merged_settings: settings::GenericSettings, + + pub hostname: &'a str, + + pub ssh_user: String, + pub ssh_uri: String, + pub temp_path: String, + pub profile_path: String, + pub profile_user: String, + pub sudo: Option, } -#[derive(Deserialize, Debug, Clone)] -pub struct Profile { - #[serde(flatten)] - pub profile_settings: ProfileSettings, - #[serde(flatten)] - pub generic_settings: GenericSettings, +#[derive(Error, Debug)] +pub enum DeployDataError { + #[error("Neither `user` nor `sshUser` are set for profile {0} of node {1}")] + NoProfileUser(String, String), + #[error("Value `hostname` is not define for profile {0} of node {1}")] + NoProfileHost(String, String), } -#[derive(Deserialize, Debug, Clone)] -pub struct Node { - #[serde(flatten)] - pub generic_settings: GenericSettings, - #[serde(flatten)] - pub node_settings: NodeSettings, +#[derive(Clap, Debug, Clone)] +pub struct Flags { + /// Check signatures when using `nix copy` + #[clap(short, long)] + pub checksigs: bool, + /// Use the interactive prompt before deployment + #[clap(short, long)] + pub interactive: bool, + /// Extra arguments to be passed to nix build + pub extra_build_args: Vec, + + /// Print debug logs to output + #[clap(short, long)] + pub debug_logs: bool, + /// Directory to print logs to (including the background activation process) + #[clap(long)] + pub log_dir: Option, + + /// Keep the build outputs of each built profile + #[clap(short, long)] + pub keep_result: bool, + /// Location to keep outputs from built profiles in + #[clap(short, long)] + pub result_path: Option, + + /// Skip the automatic pre-build checks + #[clap(short, long)] + pub skip_checks: bool, + /// Make activation wait for confirmation, or roll back after a period of time + /// Show what will be activated on the machines + #[clap(long)] + pub dry_activate: bool, + /// Revoke all previously succeeded deploys when deploying multiple profiles + #[clap(long)] + pub rollback_succeeded: bool, + /// Install profile onto a mounted disk (bootstrap NixOS) + #[clap(long)] + pub mount_point: Option, } -#[derive(Deserialize, Debug, Clone)] -pub struct Data { - #[serde(flatten)] - pub generic_settings: GenericSettings, - pub nodes: HashMap, +impl<'a> DeployData<'a> { + + fn new( + repo: String, + node_name: String, + profile_name: String, + top_settings: &'a settings::GenericSettings, + cmd_settings: &'a settings::GenericSettings, + flags: &'a Flags, + node: &'a settings::Node, + profile: &'a settings::Profile, + hostname: Option<&'a str>, + ) -> Result, DeployDataError> { + let mut merged_settings = cmd_settings.clone(); + merged_settings.merge(profile.generic_settings.clone()); + merged_settings.merge(node.generic_settings.clone()); + merged_settings.merge(top_settings.clone()); + + // if let Some(ref ssh_opts) = cmd_overrides.ssh_opts { + // merged_settings.ssh_opts = ssh_opts.split(' ').map(|x| x.to_owned()).collect(); + // } + let temp_path = match merged_settings.temp_path { + Some(ref x) => x.to_owned(), + None => "/tmp".to_string(), + }; + let profile_user = if let Some(ref x) = merged_settings.user { x.to_owned() } else { + if let Some(ref x) = merged_settings.ssh_user { x.to_owned() } else { + return Err(DeployDataError::NoProfileUser(profile_name, node_name)) + } + }; + let profile_path = match profile.profile_settings.profile_path { + None => format!("/nix/var/nix/profiles/{}", match &profile_user[..] { + "root" => profile_name.to_owned(), + _ => format!("per-user/{}/{}", profile_user, profile_name), + }), + Some(ref x) => x.to_owned(), + }; + let ssh_user = match merged_settings.ssh_user { + Some(ref u) => u.to_owned(), + None => whoami::username(), + }; + let sudo = match merged_settings.user { + Some(ref user) if user != &ssh_user => Some(format!("sudo -u {}", user)), + _ => None, + }; + let hostname = match hostname { + Some(x) => x, + None => &node.node_settings.hostname, + }; + let ssh_uri = format!("ssh://{}@{}", &ssh_user, &hostname); + + Ok(DeployData { + repo, + node_name, + profile_name, + node, + profile, + hostname, + ssh_user, + ssh_uri, + temp_path, + profile_path, + profile_user, + sudo, + flags, + merged_settings, + }) + } } diff --git a/src/deploy.rs b/src/deploy.rs index 60297b56..76fb31f7 100644 --- a/src/deploy.rs +++ b/src/deploy.rs @@ -5,18 +5,38 @@ // SPDX-License-Identifier: MPL-2.0 use log::{debug, info}; -use std::borrow::Cow; use thiserror::Error; use tokio::process::Command; -use crate::DeployDataDefsError; +use crate::data; -struct ActivateCommandData<'a> { - sudo: &'a Option, +pub struct SshCommand<'a> { + hoststring: String, + opts: &'a Vec, +} + +impl<'a> SshCommand<'a> { + pub fn from_data(d: &'a data::DeployData) -> Result { + let hoststring = format!("{}@{}", &d.ssh_user, d.hostname); + let opts = d.merged_settings.ssh_opts.as_ref(); + Ok(SshCommand {hoststring, opts}) + } + + fn build(&self) -> Command { + let mut cmd = Command::new("ssh"); + cmd.arg(&self.hoststring); + cmd.args(self.opts.iter()); + cmd + } +} + +pub struct ActivateCommand<'a> { + mount_point: Option<&'a str>, + sudo: Option<&'a str>, profile_path: &'a str, + temp_path: &'a str, closure: &'a str, auto_rollback: bool, - temp_path: &'a str, confirm_timeout: u16, magic_rollback: bool, debug_logs: bool, @@ -24,48 +44,73 @@ struct ActivateCommandData<'a> { dry_activate: bool, } -fn build_activate_command(data: ActivateCommandData) -> String { - let mut self_activate_command = format!("{}/activate-rs", data.closure); - - if data.debug_logs { - self_activate_command = format!("{} --debug-logs", self_activate_command); +impl<'a> ActivateCommand<'a> { + pub fn from_data(d: &'a data::DeployData) -> Self { + ActivateCommand { + mount_point: d.flags.mount_point.as_deref(), + sudo: d.sudo.as_deref(), + profile_path: &d.profile_path, + temp_path: &d.temp_path, + closure: &d.profile.profile_settings.path, + auto_rollback: d.merged_settings.auto_rollback.unwrap_or(true), + confirm_timeout: d.merged_settings.confirm_timeout.unwrap_or(30), + magic_rollback: d.merged_settings.magic_rollback.unwrap_or(true), + debug_logs: d.flags.debug_logs, + log_dir: d.flags.log_dir.as_deref(), + dry_activate: d.flags.dry_activate, + } } - if let Some(log_dir) = data.log_dir { - self_activate_command = format!("{} --log-dir {}", self_activate_command, log_dir); - } + fn build(self) -> String { + let mut cmd = format!("{}/activate-rs", self.closure); - self_activate_command = format!( - "{} activate '{}' '{}' --temp-path '{}'", - self_activate_command, data.closure, data.profile_path, data.temp_path - ); + // Exec trough our chroot wrapper that lives within the profile + // down there on the mounted filesystem. + if let Some(mount_point) = self.mount_point { + cmd = format!("bash {0}$(readlink -m {0}{1}/deploy-rs-chroot-wrapper) --root {0} -- {2}", mount_point, self.closure, cmd); + } - self_activate_command = format!( - "{} --confirm-timeout {}", - self_activate_command, data.confirm_timeout - ); + if self.debug_logs { + cmd = format!("{} --debug-logs", cmd); + } - if data.magic_rollback { - self_activate_command = format!("{} --magic-rollback", self_activate_command); - } + if let Some(log_dir) = self.log_dir { + cmd = format!("{} --log-dir {}", cmd, log_dir); + } - if data.auto_rollback { - self_activate_command = format!("{} --auto-rollback", self_activate_command); - } + cmd = format!( + "{} activate '{}' '{}' --temp-path '{}'", + cmd, self.closure, self.profile_path, self.temp_path + ); - if data.dry_activate { - self_activate_command = format!("{} --dry-activate", self_activate_command); - } + cmd = format!( + "{} --confirm-timeout {}", + cmd, self.confirm_timeout + ); - if let Some(sudo_cmd) = &data.sudo { - self_activate_command = format!("{} {}", sudo_cmd, self_activate_command); - } + if self.magic_rollback { + cmd = format!("{} --magic-rollback", cmd); + } - self_activate_command + if self.auto_rollback { + cmd = format!("{} --auto-rollback", cmd); + } + + if self.dry_activate { + cmd = format!("{} --dry-activate", cmd); + } + + if let Some(sudo_cmd) = &self.sudo { + cmd = format!("{} {}", sudo_cmd, cmd); + } + + cmd + } } #[test] fn test_activation_command_builder() { + let mount_point = Some("/mnt"); let sudo = Some("sudo -u test".to_string()); let profile_path = "/blah/profiles/test"; let closure = "/nix/store/blah/etc"; @@ -78,7 +123,7 @@ fn test_activation_command_builder() { let log_dir = Some("/tmp/something.txt"); assert_eq!( - build_activate_command(ActivateCommandData { + ActivateCommand { sudo: &sudo, profile_path, closure, @@ -89,45 +134,66 @@ fn test_activation_command_builder() { debug_logs, log_dir, dry_activate - }), + }.build(), "sudo -u test /nix/store/blah/etc/activate-rs --debug-logs --log-dir /tmp/something.txt activate '/nix/store/blah/etc' '/blah/profiles/test' --temp-path '/tmp' --confirm-timeout 30 --magic-rollback --auto-rollback" .to_string(), ); } -struct WaitCommandData<'a> { - sudo: &'a Option, +pub struct WaitCommand<'a> { + mount_point: Option<&'a str>, + sudo: Option<&'a str>, closure: &'a str, temp_path: &'a str, debug_logs: bool, log_dir: Option<&'a str>, } -fn build_wait_command(data: WaitCommandData) -> String { - let mut self_activate_command = format!("{}/activate-rs", data.closure); - - if data.debug_logs { - self_activate_command = format!("{} --debug-logs", self_activate_command); +impl<'a> WaitCommand<'a> { + pub fn from_data(d: &'a data::DeployData) -> Self { + WaitCommand { + mount_point: d.flags.mount_point.as_deref(), + sudo: d.sudo.as_deref(), + temp_path: &d.temp_path, + closure: &d.profile.profile_settings.path, + debug_logs: d.flags.debug_logs, + log_dir: d.flags.log_dir.as_deref(), + } } - if let Some(log_dir) = data.log_dir { - self_activate_command = format!("{} --log-dir {}", self_activate_command, log_dir); - } + fn build(self) -> String { + let mut cmd = format!("{}/activate-rs", self.closure); - self_activate_command = format!( - "{} wait '{}' --temp-path '{}'", - self_activate_command, data.closure, data.temp_path, - ); + // Exec trough our chroot wrapper that lives within the profile + // down there on the mounted filesystem. + if let Some(mount_point) = self.mount_point { + cmd = format!("bash {0}$(readlink -m {0}{1}/deploy-rs-chroot-wrapper) --root {0} -- {2}", mount_point, self.closure, cmd); + } - if let Some(sudo_cmd) = &data.sudo { - self_activate_command = format!("{} {}", sudo_cmd, self_activate_command); - } + if self.debug_logs { + cmd = format!("{} --debug-logs", cmd); + } + + if let Some(log_dir) = self.log_dir { + cmd = format!("{} --log-dir {}", cmd, log_dir); + } + + cmd = format!( + "{} wait '{}' --temp-path '{}'", + cmd, self.closure, self.temp_path, + ); - self_activate_command + if let Some(sudo_cmd) = &self.sudo { + cmd = format!("{} {}", sudo_cmd, cmd); + } + + cmd + } } #[test] fn test_wait_command_builder() { + let mount_point = Some("/mnt"); let sudo = Some("sudo -u test".to_string()); let closure = "/nix/store/blah/etc"; let temp_path = "/tmp"; @@ -135,48 +201,70 @@ fn test_wait_command_builder() { let log_dir = Some("/tmp/something.txt"); assert_eq!( - build_wait_command(WaitCommandData { + WaitCommand { sudo: &sudo, closure, temp_path, debug_logs, log_dir - }), + }.build(), "sudo -u test /nix/store/blah/etc/activate-rs --debug-logs --log-dir /tmp/something.txt wait '/nix/store/blah/etc' --temp-path '/tmp'" .to_string(), ); } -struct RevokeCommandData<'a> { - sudo: &'a Option, +pub struct RevokeCommand<'a> { + mount_point: Option<&'a str>, + sudo: Option<&'a str>, closure: &'a str, profile_path: &'a str, debug_logs: bool, log_dir: Option<&'a str>, } -fn build_revoke_command(data: RevokeCommandData) -> String { - let mut self_activate_command = format!("{}/activate-rs", data.closure); - - if data.debug_logs { - self_activate_command = format!("{} --debug-logs", self_activate_command); +impl<'a> RevokeCommand<'a> { + pub fn from_data(d: &'a data::DeployData) -> Self { + RevokeCommand { + mount_point: d.flags.mount_point.as_deref(), + sudo: d.sudo.as_deref(), + profile_path: &d.profile_path, + closure: &d.profile.profile_settings.path, + debug_logs: d.flags.debug_logs, + log_dir: d.flags.log_dir.as_deref(), + } } - if let Some(log_dir) = data.log_dir { - self_activate_command = format!("{} --log-dir {}", self_activate_command, log_dir); - } - self_activate_command = format!("{} revoke '{}'", self_activate_command, data.profile_path); + fn build(self) -> String { + let mut cmd = format!("{}/activate-rs", self.closure); - if let Some(sudo_cmd) = &data.sudo { - self_activate_command = format!("{} {}", sudo_cmd, self_activate_command); - } + // Exec trough our chroot wrapper that lives within the profile + // down there on the mounted filesystem. + if let Some(mount_point) = self.mount_point { + cmd = format!("bash {0}$(readlink -m {0}{1}/deploy-rs-chroot-wrapper) --root {0} -- {2}", mount_point, self.closure, cmd); + } + + if self.debug_logs { + cmd = format!("{} --debug-logs", cmd); + } + + if let Some(log_dir) = self.log_dir { + cmd = format!("{} --log-dir {}", cmd, log_dir); + } + + cmd = format!("{} revoke '{}'", cmd, self.profile_path); + + if let Some(sudo_cmd) = &self.sudo { + cmd = format!("{} {}", sudo_cmd, cmd); + } - self_activate_command + cmd + } } #[test] fn test_revoke_command_builder() { + let mount_point = Some("/mnt"); let sudo = Some("sudo -u test".to_string()); let closure = "/nix/store/blah/etc"; let profile_path = "/nix/var/nix/per-user/user/profile"; @@ -184,18 +272,52 @@ fn test_revoke_command_builder() { let log_dir = Some("/tmp/something.txt"); assert_eq!( - build_revoke_command(RevokeCommandData { + RevokeCommandData { sudo: &sudo, closure, profile_path, debug_logs, log_dir - }), + }.build(), "sudo -u test /nix/store/blah/etc/activate-rs --debug-logs --log-dir /tmp/something.txt revoke '/nix/var/nix/per-user/user/profile'" .to_string(), ); } +pub struct ConfirmCommand<'a> { + mount_point: Option<&'a str>, + sudo: Option<&'a str>, + temp_path: &'a str, + closure: &'a str, +} + +impl<'a> ConfirmCommand<'a> { + pub fn from_data(d: &'a data::DeployData) -> Self { + ConfirmCommand { + mount_point: d.flags.mount_point.as_deref(), + sudo: d.sudo.as_deref(), + temp_path: &d.temp_path, + closure: &d.profile.profile_settings.path, + } + } + + + fn build(self) -> String { + let lock_path = super::make_lock_path(&self.temp_path, &self.closure); + + let mut cmd; + if let Some(mount_point) = self.mount_point { + cmd = format!("rm {}{}", mount_point, lock_path); + } else { + cmd = format!("rm {}", lock_path); + } + if let Some(sudo_cmd) = &self.sudo { + cmd = format!("{} {}", sudo_cmd, cmd); + } + cmd + } +} + #[derive(Error, Debug)] pub enum ConfirmProfileError { #[error("Failed to run confirmation command over SSH (the server should roll back): {0}")] @@ -207,32 +329,21 @@ pub enum ConfirmProfileError { } pub async fn confirm_profile( - deploy_data: &super::DeployData<'_>, - deploy_defs: &super::DeployDefs, - temp_path: Cow<'_, str>, - ssh_addr: &str, + ssh: SshCommand<'_>, + confirm: ConfirmCommand<'_>, ) -> Result<(), ConfirmProfileError> { - let mut ssh_confirm_command = Command::new("ssh"); - ssh_confirm_command.arg(ssh_addr); - - for ssh_opt in &deploy_data.merged_settings.ssh_opts { - ssh_confirm_command.arg(ssh_opt); - } - let lock_path = super::make_lock_path(&temp_path, &deploy_data.profile.profile_settings.path); + let mut ssh_confirm_cmd = ssh.build(); - let mut confirm_command = format!("rm {}", lock_path); - if let Some(sudo_cmd) = &deploy_defs.sudo { - confirm_command = format!("{} {}", sudo_cmd, confirm_command); - } + let confirm_cmd = confirm.build(); debug!( "Attempting to run command to confirm deployment: {}", - confirm_command + confirm_cmd ); - let ssh_confirm_exit_status = ssh_confirm_command - .arg(confirm_command) + let ssh_confirm_exit_status = ssh_confirm_cmd + .arg(confirm_cmd) .status() .await .map_err(ConfirmProfileError::SSHConfirmError)?; @@ -267,60 +378,28 @@ pub enum DeployProfileError { } pub async fn deploy_profile( - deploy_data: &super::DeployData<'_>, - deploy_defs: &super::DeployDefs, - dry_activate: bool, + node_name: &str, + profile_name: &str, + ssh: SshCommand<'_>, + activate: ActivateCommand<'_>, + wait: WaitCommand<'_>, + confirm: ConfirmCommand<'_>, ) -> Result<(), DeployProfileError> { - if !dry_activate { - info!( - "Activating profile `{}` for node `{}`", - deploy_data.profile_name, deploy_data.node_name - ); + if !activate.dry_activate { + info!("Activating profile `{}` for node `{}`", profile_name, node_name); } + let dry_activate = &activate.dry_activate.clone(); + let magic_rollback = &activate.magic_rollback.clone(); - let temp_path: Cow = match &deploy_data.merged_settings.temp_path { - Some(x) => x.into(), - None => "/tmp".into(), - }; - - let confirm_timeout = deploy_data.merged_settings.confirm_timeout.unwrap_or(30); + let activate_cmd = activate.build(); - let magic_rollback = deploy_data.merged_settings.magic_rollback.unwrap_or(true); + debug!("Constructed activation command: {}", activate_cmd); - let auto_rollback = deploy_data.merged_settings.auto_rollback.unwrap_or(true); + let mut ssh_activate_cmd = ssh.build(); - let self_activate_command = build_activate_command(ActivateCommandData { - sudo: &deploy_defs.sudo, - profile_path: &deploy_defs.profile_path, - closure: &deploy_data.profile.profile_settings.path, - auto_rollback, - temp_path: &temp_path, - confirm_timeout, - magic_rollback, - debug_logs: deploy_data.debug_logs, - log_dir: deploy_data.log_dir, - dry_activate, - }); - - debug!("Constructed activation command: {}", self_activate_command); - - let hostname = match deploy_data.cmd_overrides.hostname { - Some(ref x) => x, - None => &deploy_data.node.node_settings.hostname, - }; - - let ssh_addr = format!("{}@{}", deploy_defs.ssh_user, hostname); - - let mut ssh_activate_command = Command::new("ssh"); - ssh_activate_command.arg(&ssh_addr); - - for ssh_opt in &deploy_data.merged_settings.ssh_opts { - ssh_activate_command.arg(&ssh_opt); - } - - if !magic_rollback || dry_activate { - let ssh_activate_exit_status = ssh_activate_command - .arg(self_activate_command) + if !*magic_rollback || *dry_activate { + let ssh_activate_exit_status = ssh_activate_cmd + .arg(activate_cmd) .status() .await .map_err(DeployProfileError::SSHActivateError)?; @@ -330,35 +409,25 @@ pub async fn deploy_profile( a => return Err(DeployProfileError::SSHActivateExitError(a)), }; - if dry_activate { + if *dry_activate { info!("Completed dry-activate!"); } else { info!("Success activating, done!"); } } else { - let self_wait_command = build_wait_command(WaitCommandData { - sudo: &deploy_defs.sudo, - closure: &deploy_data.profile.profile_settings.path, - temp_path: &temp_path, - debug_logs: deploy_data.debug_logs, - log_dir: deploy_data.log_dir, - }); + let wait_cmd = wait.build(); - debug!("Constructed wait command: {}", self_wait_command); + debug!("Constructed wait command: {}", wait_cmd); - let ssh_activate = ssh_activate_command - .arg(self_activate_command) + let ssh_activate = ssh_activate_cmd + .arg(activate_cmd) .spawn() .map_err(DeployProfileError::SSHSpawnActivateError)?; info!("Creating activation waiter"); - let mut ssh_wait_command = Command::new("ssh"); - ssh_wait_command.arg(&ssh_addr); - for ssh_opt in &deploy_data.merged_settings.ssh_opts { - ssh_wait_command.arg(ssh_opt); - } + let mut ssh_wait_cmd = ssh.build(); let (send_activate, recv_activate) = tokio::sync::oneshot::channel(); let (send_activated, recv_activated) = tokio::sync::oneshot::channel(); @@ -381,7 +450,7 @@ pub async fn deploy_profile( send_activated.send(()).unwrap(); }); tokio::select! { - x = ssh_wait_command.arg(self_wait_command).status() => { + x = ssh_wait_cmd.arg(wait_cmd).status() => { debug!("Wait command ended"); match x.map_err(DeployProfileError::SSHWaitError)?.code() { Some(0) => (), @@ -396,7 +465,7 @@ pub async fn deploy_profile( info!("Success activating, attempting to confirm activation"); - let c = confirm_profile(deploy_data, deploy_defs, temp_path, &ssh_addr).await; + let c = confirm_profile(ssh, confirm).await; recv_activated.await.unwrap(); c?; } @@ -413,44 +482,26 @@ pub enum RevokeProfileError { SSHRevokeError(std::io::Error), #[error("Revoking over SSH resulted in a bad exit code: {0:?}")] SSHRevokeExitError(Option), - - #[error("Deployment data invalid: {0}")] - InvalidDeployDataDefsError(#[from] DeployDataDefsError), } pub async fn revoke( - deploy_data: &crate::DeployData<'_>, - deploy_defs: &crate::DeployDefs, + node_name: &str, + profile_name: &str, + ssh: SshCommand<'_>, + revoke: RevokeCommand<'_>, ) -> Result<(), RevokeProfileError> { - let self_revoke_command = build_revoke_command(RevokeCommandData { - sudo: &deploy_defs.sudo, - closure: &deploy_data.profile.profile_settings.path, - profile_path: &deploy_data.get_profile_path()?, - debug_logs: deploy_data.debug_logs, - log_dir: deploy_data.log_dir, - }); - - debug!("Constructed revoke command: {}", self_revoke_command); - - let hostname = match deploy_data.cmd_overrides.hostname { - Some(ref x) => x, - None => &deploy_data.node.node_settings.hostname, - }; + info!("Revoking profile `{}` for node `{}`", profile_name, node_name); - let ssh_addr = format!("{}@{}", deploy_defs.ssh_user, hostname); + let revoke_cmd = revoke.build(); + debug!("Constructed revoke command: {}", revoke_cmd); - let mut ssh_activate_command = Command::new("ssh"); - ssh_activate_command.arg(&ssh_addr); - - for ssh_opt in &deploy_data.merged_settings.ssh_opts { - ssh_activate_command.arg(&ssh_opt); - } + let mut ssh_revoke_cmd = ssh.build(); - let ssh_revoke = ssh_activate_command - .arg(self_revoke_command) + let ssh_revoke_cmd = ssh_revoke_cmd + .arg(revoke_cmd) .spawn() .map_err(RevokeProfileError::SSHSpawnRevokeError)?; - let result = ssh_revoke.wait_with_output().await; + let result = ssh_revoke_cmd.wait_with_output().await; match result { Err(x) => Err(RevokeProfileError::SSHRevokeError(x)), diff --git a/src/flake.rs b/src/flake.rs new file mode 100644 index 00000000..cf42da1f --- /dev/null +++ b/src/flake.rs @@ -0,0 +1,170 @@ +// SPDX-FileCopyrightText: 2020 Serokell +// SPDX-FileCopyrightText: 2021 Yannik Sander +// +// SPDX-License-Identifier: MPL-2.0 + +use crate as deploy; + +use self::deploy::{data, settings}; +use log::{error, info}; +use std::process::Stdio; +use futures_util::stream::{StreamExt, TryStreamExt}; +use thiserror::Error; +use tokio::process::Command; + +#[derive(Error, Debug)] +pub enum CheckDeploymentError { + #[error("Failed to execute Nix checking command: {0}")] + NixCheck(#[from] std::io::Error), + #[error("Nix checking command resulted in a bad exit code: {0:?}")] + NixCheckExit(Option), +} + +pub async fn check_deployment( + supports_flakes: bool, + repo: &str, + extra_build_args: &[String], +) -> Result<(), CheckDeploymentError> { + info!("Running checks for flake in {}", repo); + + let mut check_command = match supports_flakes { + true => Command::new("nix"), + false => Command::new("nix-build"), + }; + + match supports_flakes { + true => { + check_command.arg("flake").arg("check").arg(repo); + } + false => { + check_command.arg("-E") + .arg("--no-out-link") + .arg(format!("let r = import {}/.; x = (if builtins.isFunction r then (r {{}}) else r); in if x ? checks then x.checks.${{builtins.currentSystem}} else {{}}", repo)); + } + }; + + for extra_arg in extra_build_args { + check_command.arg(extra_arg); + } + + let check_status = check_command.status().await?; + + match check_status.code() { + Some(0) => (), + a => return Err(CheckDeploymentError::NixCheckExit(a)), + }; + + Ok(()) +} + +#[derive(Error, Debug)] +pub enum GetDeploymentDataError { + #[error("Failed to execute nix eval command: {0}")] + NixEval(std::io::Error), + #[error("Failed to read output from evaluation: {0}")] + NixEvalOut(std::io::Error), + #[error("Evaluation resulted in a bad exit code: {0:?}")] + NixEvalExit(Option), + #[error("Error converting evaluation output to utf8: {0}")] + DecodeUtf8(#[from] std::string::FromUtf8Error), + #[error("Error decoding the JSON from evaluation: {0}")] + DecodeJson(#[from] serde_json::error::Error), + #[error("Impossible happened: profile is set but node is not")] + ProfileNoNode, +} + +/// Evaluates the Nix in the given `repo` and return the processed Data from it +pub async fn get_deployment_data( + supports_flakes: bool, + flakes: &[data::Target], + extra_build_args: &[String], +) -> Result, GetDeploymentDataError> { + futures_util::stream::iter(flakes).then(|flake| async move { + + info!("Evaluating flake in {}", flake.repo); + + let mut c = if supports_flakes { + Command::new("nix") + } else { + Command::new("nix-instantiate") + }; + + if supports_flakes { + c.arg("eval") + .arg("--json") + .arg(format!("{}#deploy", flake.repo)) + // We use --apply instead of --expr so that we don't have to deal with builtins.getFlake + .arg("--apply"); + match (&flake.node, &flake.profile) { + (Some(node), Some(profile)) => { + // Ignore all nodes and all profiles but the one we're evaluating + c.arg(format!( + r#" + deploy: + (deploy // {{ + nodes = {{ + "{0}" = deploy.nodes."{0}" // {{ + profiles = {{ + inherit (deploy.nodes."{0}".profiles) "{1}"; + }}; + }}; + }}; + }}) + "#, + node, profile + )) + } + (Some(node), None) => { + // Ignore all nodes but the one we're evaluating + c.arg(format!( + r#" + deploy: + (deploy // {{ + nodes = {{ + inherit (deploy.nodes) "{}"; + }}; + }}) + "#, + node + )) + } + (None, None) => { + // We need to evaluate all profiles of all nodes anyway, so just do it strictly + c.arg("deploy: deploy") + } + (None, Some(_)) => return Err(GetDeploymentDataError::ProfileNoNode), + } + } else { + c + .arg("--strict") + .arg("--read-write-mode") + .arg("--json") + .arg("--eval") + .arg("-E") + .arg(format!("let r = import {}/.; in if builtins.isFunction r then (r {{}}).deploy else r.deploy", flake.repo)) + }; + + for extra_arg in extra_build_args { + c.arg(extra_arg); + } + + let build_child = c + .stdout(Stdio::piped()) + .spawn() + .map_err(GetDeploymentDataError::NixEval)?; + + let build_output = build_child + .wait_with_output() + .await + .map_err(GetDeploymentDataError::NixEvalOut)?; + + match build_output.status.code() { + Some(0) => (), + a => return Err(GetDeploymentDataError::NixEvalExit(a)), + }; + + let data_json = String::from_utf8(build_output.stdout)?; + + Ok(serde_json::from_str(&data_json)?) +}).try_collect().await +} diff --git a/src/lib.rs b/src/lib.rs index 08dcccd5..9238f2a0 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -4,12 +4,6 @@ // // SPDX-License-Identifier: MPL-2.0 -use rnix::{types::*, SyntaxKind::*}; - -use merge::Merge; - -use thiserror::Error; - use flexi_logger::*; pub fn make_lock_path(temp_path: &str, closure: &str) -> String { @@ -145,296 +139,9 @@ pub fn init_logger( Ok(()) } +pub mod settings; pub mod data; +pub mod flake; pub mod deploy; pub mod push; pub mod cli; - -#[derive(Debug)] -pub struct CmdOverrides { - pub ssh_user: Option, - pub profile_user: Option, - pub ssh_opts: Option, - pub fast_connection: Option, - pub auto_rollback: Option, - pub hostname: Option, - pub magic_rollback: Option, - pub temp_path: Option, - pub confirm_timeout: Option, - pub dry_activate: bool, -} - -#[derive(PartialEq, Debug)] -pub struct DeployFlake<'a> { - pub repo: &'a str, - pub node: Option, - pub profile: Option, -} - -#[derive(Error, Debug)] -pub enum ParseFlakeError { - #[error("The given path was too long, did you mean to put something in quotes?")] - PathTooLong, - #[error("Unrecognized node or token encountered")] - Unrecognized, -} -pub fn parse_flake(flake: &str) -> Result { - let flake_fragment_start = flake.find('#'); - let (repo, maybe_fragment) = match flake_fragment_start { - Some(s) => (&flake[..s], Some(&flake[s + 1..])), - None => (flake, None), - }; - - let mut node: Option = None; - let mut profile: Option = None; - - if let Some(fragment) = maybe_fragment { - let ast = rnix::parse(fragment); - - let first_child = match ast.root().node().first_child() { - Some(x) => x, - None => { - return Ok(DeployFlake { - repo, - node: None, - profile: None, - }) - } - }; - - let mut node_over = false; - - for entry in first_child.children_with_tokens() { - let x: Option = match (entry.kind(), node_over) { - (TOKEN_DOT, false) => { - node_over = true; - None - } - (TOKEN_DOT, true) => { - return Err(ParseFlakeError::PathTooLong); - } - (NODE_IDENT, _) => Some(entry.into_node().unwrap().text().to_string()), - (TOKEN_IDENT, _) => Some(entry.into_token().unwrap().text().to_string()), - (NODE_STRING, _) => { - let c = entry - .into_node() - .unwrap() - .children_with_tokens() - .nth(1) - .unwrap(); - - Some(c.into_token().unwrap().text().to_string()) - } - _ => return Err(ParseFlakeError::Unrecognized), - }; - - if !node_over { - node = x; - } else { - profile = x; - } - } - } - - Ok(DeployFlake { - repo, - node, - profile, - }) -} - -#[test] -fn test_parse_flake() { - assert_eq!( - parse_flake("../deploy/examples/system").unwrap(), - DeployFlake { - repo: "../deploy/examples/system", - node: None, - profile: None, - } - ); - - assert_eq!( - parse_flake("../deploy/examples/system#").unwrap(), - DeployFlake { - repo: "../deploy/examples/system", - node: None, - profile: None, - } - ); - - assert_eq!( - parse_flake("../deploy/examples/system#computer.\"something.nix\"").unwrap(), - DeployFlake { - repo: "../deploy/examples/system", - node: Some("computer".to_string()), - profile: Some("something.nix".to_string()), - } - ); - - assert_eq!( - parse_flake("../deploy/examples/system#\"example.com\".system").unwrap(), - DeployFlake { - repo: "../deploy/examples/system", - node: Some("example.com".to_string()), - profile: Some("system".to_string()), - } - ); - - assert_eq!( - parse_flake("../deploy/examples/system#example").unwrap(), - DeployFlake { - repo: "../deploy/examples/system", - node: Some("example".to_string()), - profile: None - } - ); - - assert_eq!( - parse_flake("../deploy/examples/system#example.system").unwrap(), - DeployFlake { - repo: "../deploy/examples/system", - node: Some("example".to_string()), - profile: Some("system".to_string()) - } - ); - - assert_eq!( - parse_flake("../deploy/examples/system").unwrap(), - DeployFlake { - repo: "../deploy/examples/system", - node: None, - profile: None, - } - ); -} - -#[derive(Debug, Clone)] -pub struct DeployData<'a> { - pub node_name: &'a str, - pub node: &'a data::Node, - pub profile_name: &'a str, - pub profile: &'a data::Profile, - - pub cmd_overrides: &'a CmdOverrides, - - pub merged_settings: data::GenericSettings, - - pub debug_logs: bool, - pub log_dir: Option<&'a str>, -} - -#[derive(Debug)] -pub struct DeployDefs { - pub ssh_user: String, - pub profile_user: String, - pub profile_path: String, - pub sudo: Option, -} - -#[derive(Error, Debug)] -pub enum DeployDataDefsError { - #[error("Neither `user` nor `sshUser` are set for profile {0} of node {1}")] - NoProfileUser(String, String), -} - -impl<'a> DeployData<'a> { - pub fn defs(&'a self) -> Result { - let ssh_user = match self.merged_settings.ssh_user { - Some(ref u) => u.clone(), - None => whoami::username(), - }; - - let profile_user = self.get_profile_user()?; - - let profile_path = self.get_profile_path()?; - - let sudo: Option = match self.merged_settings.user { - Some(ref user) if user != &ssh_user => Some(format!("sudo -u {}", user)), - _ => None, - }; - - Ok(DeployDefs { - ssh_user, - profile_user, - profile_path, - sudo, - }) - } - - fn get_profile_path(&'a self) -> Result { - let profile_user = self.get_profile_user()?; - let profile_path = match self.profile.profile_settings.profile_path { - None => match &profile_user[..] { - "root" => format!("/nix/var/nix/profiles/{}", self.profile_name), - _ => format!( - "/nix/var/nix/profiles/per-user/{}/{}", - profile_user, self.profile_name - ), - }, - Some(ref x) => x.clone(), - }; - Ok(profile_path) - } - - fn get_profile_user(&'a self) -> Result { - let profile_user = match self.merged_settings.user { - Some(ref x) => x.clone(), - None => match self.merged_settings.ssh_user { - Some(ref x) => x.clone(), - None => { - return Err(DeployDataDefsError::NoProfileUser( - self.profile_name.to_owned(), - self.node_name.to_owned(), - )) - } - }, - }; - Ok(profile_user) - } -} - -pub fn make_deploy_data<'a, 's>( - top_settings: &'s data::GenericSettings, - node: &'a data::Node, - node_name: &'a str, - profile: &'a data::Profile, - profile_name: &'a str, - cmd_overrides: &'a CmdOverrides, - debug_logs: bool, - log_dir: Option<&'a str>, -) -> DeployData<'a> { - let mut merged_settings = profile.generic_settings.clone(); - merged_settings.merge(node.generic_settings.clone()); - merged_settings.merge(top_settings.clone()); - - if cmd_overrides.ssh_user.is_some() { - merged_settings.ssh_user = cmd_overrides.ssh_user.clone(); - } - if cmd_overrides.profile_user.is_some() { - merged_settings.user = cmd_overrides.profile_user.clone(); - } - if let Some(ref ssh_opts) = cmd_overrides.ssh_opts { - merged_settings.ssh_opts = ssh_opts.split(' ').map(|x| x.to_owned()).collect(); - } - if let Some(fast_connection) = cmd_overrides.fast_connection { - merged_settings.fast_connection = Some(fast_connection); - } - if let Some(auto_rollback) = cmd_overrides.auto_rollback { - merged_settings.auto_rollback = Some(auto_rollback); - } - if let Some(magic_rollback) = cmd_overrides.magic_rollback { - merged_settings.magic_rollback = Some(magic_rollback); - } - - DeployData { - node_name, - node, - profile_name, - profile, - cmd_overrides, - merged_settings, - debug_logs, - log_dir, - } -} diff --git a/src/push.rs b/src/push.rs index fbf6ed7e..61de975e 100644 --- a/src/push.rs +++ b/src/push.rs @@ -9,6 +9,8 @@ use std::process::Stdio; use thiserror::Error; use tokio::process::Command; +use crate::data; + #[derive(Error, Debug)] pub enum PushProfileError { #[error("Failed to run Nix show-derivation command: {0}")] @@ -33,6 +35,9 @@ pub enum PushProfileError { #[error("Activation script activate-rs does not exist in profile.\n\ Is there a mismatch in deploy-rs used in the flake you're deploying and deploy-rs command you're running?")] ActivateRsDoesntExist, + #[error("Activation script helper deploy-rs-chroot-helper does not exist in profile.\n\ + Is there a mismatch in deploy-rs used in the flake you're deploying and deploy-rs command you're running?")] + DeployRsChrootWrapperDoesntExist, #[error("Failed to run Nix sign command: {0}")] SignError(std::io::Error), #[error("Nix sign command resulted in a bad exit code: {0:?}")] @@ -41,33 +46,172 @@ pub enum PushProfileError { CopyError(std::io::Error), #[error("Nix copy command resulted in a bad exit code: {0:?}")] CopyExitError(Option), + + #[error("Deployment data invalid: {0}")] + InvalidDeployDataError(#[from] data::DeployDataError), +} + +pub struct ShowDerivationCommand<'a> { + closure: &'a str, +} + +impl<'a> ShowDerivationCommand<'a> { + pub fn from_data(d: &'a data::DeployData) -> Self { + ShowDerivationCommand { + closure: d.profile.profile_settings.path.as_str(), + } + } + + fn build(self) -> Command { + // `nix-store --query --deriver` doesn't work on invalid paths, so we parse output of show-derivation :( + let mut cmd = Command::new("nix"); + + cmd + .arg("show-derivation") + .arg(&self.closure); + //cmd.what_is_this; + cmd + } +} + +pub struct SignCommand<'a> { + closure: &'a str, +} + +impl<'a> SignCommand<'a> { + pub fn from_data(d: &'a data::DeployData) -> Self { + SignCommand { + closure: d.profile.profile_settings.path.as_str(), + } + } + + fn build(self, local_key: String) -> Command { + let mut cmd = Command::new("nix"); + + cmd + .arg("sign-paths") + .arg("-r") + .arg("-k") + .arg(local_key) + .arg(&self.closure); + //cmd.what_is_this; + cmd + } +} + +pub struct CopyCommand<'a> { + closure: &'a str, + fast_connection: bool, + check_sigs: &'a bool, + ssh_opts: String, + target: String, +} + +impl<'a> CopyCommand<'a> { + pub fn from_data(d: &'a data::DeployData) -> Self { + + let target = { + if let Some(ref mount_point) = d.flags.mount_point { + format!("{0}?store={1}&remote-store={2}%3fstore={1}%26real={2}/{1}", &d.ssh_uri, "/nix/store", mount_point) + } else { + d.ssh_uri.to_owned() + } + }; + + CopyCommand { + closure: d.profile.profile_settings.path.as_str(), + fast_connection: d.merged_settings.fast_connection.unwrap_or(false), + check_sigs: &d.flags.checksigs, + ssh_opts: d.merged_settings.ssh_opts.iter().fold("".to_string(), |s, o| format!("{} {}", s, o)), + target, + } + } + + fn build(self) -> Command { + let mut cmd = Command::new("nix"); + + cmd.arg("copy"); + + if self.fast_connection { + cmd.arg("--substitute-on-destination"); + } + + if !self.check_sigs { + cmd.arg("--no-check-sigs"); + } + cmd + .arg("--to") + .arg(self.target) + .arg(self.closure) + .env("NIX_SSHOPTS", self.ssh_opts); + //cmd.what_is_this; + cmd + } } -pub struct PushProfileData<'a> { - pub supports_flakes: bool, - pub check_sigs: bool, - pub repo: &'a str, - pub deploy_data: &'a super::DeployData<'a>, - pub deploy_defs: &'a super::DeployDefs, - pub keep_result: bool, - pub result_path: Option<&'a str>, - pub extra_build_args: &'a [String], +pub struct BuildCommand<'a> { + node_name: &'a str, + profile_name: &'a str, + keep_result: &'a bool, + result_path: &'a str, + extra_build_args: &'a Vec, } -pub async fn push_profile(data: PushProfileData<'_>) -> Result<(), PushProfileError> { - debug!( - "Finding the deriver of store path for {}", - &data.deploy_data.profile.profile_settings.path - ); +impl<'a> BuildCommand<'a> { + pub fn from_data(d: &'a data::DeployData) -> Self { + BuildCommand { + node_name: d.node_name.as_str(), + profile_name: d.profile_name.as_str(), + keep_result: &d.flags.keep_result, + result_path: &d.flags.result_path.as_deref().unwrap_or("./.deploy-gc"), + extra_build_args: &d.flags.extra_build_args, + } + } + + fn build(self, derivation_name: &str, supports_flakes: bool) -> Command { + let mut cmd = if supports_flakes { + Command::new("nix") + } else { + Command::new("nix-build") + }; - // `nix-store --query --deriver` doesn't work on invalid paths, so we parse output of show-derivation :( - let mut show_derivation_command = Command::new("nix"); + if supports_flakes { + cmd.arg("build").arg(derivation_name) + } else { + cmd.arg(derivation_name) + }; - show_derivation_command - .arg("show-derivation") - .arg(&data.deploy_data.profile.profile_settings.path); + match (self.keep_result, supports_flakes) { + (true, _) => { + cmd.arg("--out-link").arg(format!( + "{}/{}/{}", + self.result_path, self.node_name, self.profile_name + )) + } + (false, false) => cmd.arg("--no-out-link"), + (false, true) => cmd.arg("--no-link"), + }; + cmd.args(self.extra_build_args.iter()); + // cmd.what_is_this; + cmd + } +} - let show_derivation_output = show_derivation_command +pub async fn push_profile( + supports_flakes: bool, + show_derivation: ShowDerivationCommand<'_>, + build: BuildCommand<'_>, + sign: SignCommand<'_>, + copy: CopyCommand<'_>, +) -> Result<(), PushProfileError> { + let node_name = build.node_name; + let profile_name = build.profile_name; + let closure = show_derivation.closure; + + debug!("Finding the deriver of store path for {}", closure); + let mut show_derivation_cmd = show_derivation.build(); + + let show_derivation_output = show_derivation_cmd .output() .await .map_err(PushProfileError::ShowDerivationError)?; @@ -88,41 +232,11 @@ pub async fn push_profile(data: PushProfileData<'_>) -> Result<(), PushProfileEr .next() .ok_or(PushProfileError::ShowDerivationEmpty)?; - info!( - "Building profile `{}` for node `{}`", - data.deploy_data.profile_name, data.deploy_data.node_name - ); - - let mut build_command = if data.supports_flakes { - Command::new("nix") - } else { - Command::new("nix-build") - }; - - if data.supports_flakes { - build_command.arg("build").arg(derivation_name) - } else { - build_command.arg(derivation_name) - }; - - match (data.keep_result, data.supports_flakes) { - (true, _) => { - let result_path = data.result_path.unwrap_or("./.deploy-gc"); + info!("Building profile `{}` for node `{}`", profile_name, node_name); - build_command.arg("--out-link").arg(format!( - "{}/{}/{}", - result_path, data.deploy_data.node_name, data.deploy_data.profile_name - )) - } - (false, false) => build_command.arg("--no-out-link"), - (false, true) => build_command.arg("--no-link"), - }; + let mut build_cmd = build.build(*derivation_name, supports_flakes); - for extra_arg in data.extra_build_args { - build_command.arg(extra_arg); - } - - let build_exit_status = build_command + let build_exit_status = build_cmd // Logging should be in stderr, this just stops the store path from printing for no reason .stdout(Stdio::null()) .status() @@ -134,42 +248,23 @@ pub async fn push_profile(data: PushProfileData<'_>) -> Result<(), PushProfileEr a => return Err(PushProfileError::BuildExitError(a)), }; - if !Path::new( - format!( - "{}/deploy-rs-activate", - data.deploy_data.profile.profile_settings.path - ) - .as_str(), - ) - .exists() - { + if !Path::new(format!("{}/deploy-rs-activate", closure).as_str()).exists() { return Err(PushProfileError::DeployRsActivateDoesntExist); } - if !Path::new( - format!( - "{}/activate-rs", - data.deploy_data.profile.profile_settings.path - ) - .as_str(), - ) - .exists() - { + if !Path::new(format!("{}/deploy-rs-chroot-wrapper", closure).as_str()).exists() { + return Err(PushProfileError::DeployRsChrootWrapperDoesntExist); + } + + if !Path::new(format!("{}/activate-rs", closure).as_str()).exists() { return Err(PushProfileError::ActivateRsDoesntExist); } if let Ok(local_key) = std::env::var("LOCAL_KEY") { - info!( - "Signing key present! Signing profile `{}` for node `{}`", - data.deploy_data.profile_name, data.deploy_data.node_name - ); + info!("Signing key present! Signing profile `{}` for node `{}`", profile_name, node_name); - let sign_exit_status = Command::new("nix") - .arg("sign-paths") - .arg("-r") - .arg("-k") - .arg(local_key) - .arg(&data.deploy_data.profile.profile_settings.path) + let mut sign_cmd = sign.build(local_key); + let sign_exit_status = sign_cmd .status() .await .map_err(PushProfileError::SignError)?; @@ -180,42 +275,11 @@ pub async fn push_profile(data: PushProfileData<'_>) -> Result<(), PushProfileEr }; } - info!( - "Copying profile `{}` to node `{}`", - data.deploy_data.profile_name, data.deploy_data.node_name - ); + info!("Copying profile `{}` to node `{}`", profile_name, node_name); - let mut copy_command = Command::new("nix"); - copy_command.arg("copy"); - - if data.deploy_data.merged_settings.fast_connection != Some(true) { - copy_command.arg("--substitute-on-destination"); - } - - if !data.check_sigs { - copy_command.arg("--no-check-sigs"); - } - - let ssh_opts_str = data - .deploy_data - .merged_settings - .ssh_opts - // This should provide some extra safety, but it also breaks for some reason, oh well - // .iter() - // .map(|x| format!("'{}'", x)) - // .collect::>() - .join(" "); - - let hostname = match data.deploy_data.cmd_overrides.hostname { - Some(ref x) => x, - None => &data.deploy_data.node.node_settings.hostname, - }; + let mut copy_cmd = copy.build(); - let copy_exit_status = copy_command - .arg("--to") - .arg(format!("ssh://{}@{}", data.deploy_defs.ssh_user, hostname)) - .arg(&data.deploy_data.profile.profile_settings.path) - .env("NIX_SSHOPTS", ssh_opts_str) + let copy_exit_status = copy_cmd .status() .await .map_err(PushProfileError::CopyError)?; diff --git a/src/settings.rs b/src/settings.rs new file mode 100644 index 00000000..6ec6da24 --- /dev/null +++ b/src/settings.rs @@ -0,0 +1,89 @@ +// SPDX-FileCopyrightText: 2020 Serokell +// +// SPDX-License-Identifier: MPL-2.0 + +use clap::Clap; +use merge::Merge; +use serde::Deserialize; +use std::collections::HashMap; + +#[derive(Clap, Deserialize, Debug, Clone, Merge)] +pub struct GenericSettings { + /// Override the SSH user with the given value + #[clap(long)] + #[serde(rename(deserialize = "sshUser"))] + pub ssh_user: Option, + /// Override the profile user with the given value + #[clap(long = "profile-user")] + pub user: Option, + /// Override the SSH options used + #[clap(long)] + #[serde( + skip_serializing_if = "Vec::is_empty", + default, + rename(deserialize = "sshOpts") + )] + #[merge(strategy = merge::vec::append)] + pub ssh_opts: Vec, // TODO: figure out type casting + /// Override if the connecting to the target node should be considered fast + #[clap(long)] + #[serde(rename(deserialize = "fastConnection"))] + pub fast_connection: Option, + /// Override if a rollback should be attempted if activation fails + #[clap(long)] + #[serde(rename(deserialize = "autoRollback"))] + pub auto_rollback: Option, + /// How long activation should wait for confirmation (if using magic-rollback) + #[clap(long)] + #[serde(rename(deserialize = "confirmTimeout"))] + pub confirm_timeout: Option, + /// Where to store temporary files (only used by magic-rollback) + #[clap(long)] + #[serde(rename(deserialize = "tempPath"))] + pub temp_path: Option, + #[clap(long)] + #[serde(rename(deserialize = "magicRollback"))] + pub magic_rollback: Option, +} + +#[derive(Deserialize, Debug, Clone)] +pub struct NodeSettings { + pub hostname: String, + pub profiles: HashMap, + #[serde( + skip_serializing_if = "Vec::is_empty", + default, + rename(deserialize = "profilesOrder") + )] + pub profiles_order: Vec, +} + +#[derive(Deserialize, Debug, Clone)] +pub struct ProfileSettings { + pub path: String, + #[serde(rename(deserialize = "profilePath"))] + pub profile_path: Option, +} + +#[derive(Deserialize, Debug, Clone)] +pub struct Profile { + #[serde(flatten)] + pub profile_settings: ProfileSettings, + #[serde(flatten)] + pub generic_settings: GenericSettings, +} + +#[derive(Deserialize, Debug, Clone)] +pub struct Node { + #[serde(flatten)] + pub generic_settings: GenericSettings, + #[serde(flatten)] + pub node_settings: NodeSettings, +} + +#[derive(Deserialize, Debug, Clone)] +pub struct Root { + #[serde(flatten)] + pub generic_settings: GenericSettings, + pub nodes: HashMap, +}