sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

dev/effect: refactor

Browse source
This commit is contained in:
zowoq 2023-06-12 10:10:59 +10:00
parent d48d3ff41f
commit 0065d9388f
1 changed files with 12 additions and 6 deletions

18
dev/effect.nix
View file

@ -5,11 +5,16 @@
let let
# using the drv path here avoids downloading the closure on the deploying machine # using the drv path here avoids downloading the closure on the deploying machine
drv = builtins.unsafeDiscardStringContext self.darwinConfigurations.darwin02.config.system.build.toplevel.drvPath; drv = builtins.unsafeDiscardStringContext self.darwinConfigurations.darwin02.config.system.build.toplevel.drvPath;
inherit (config.repo) ref;
inherit (hci-effects) mkEffect runIf;
inherit (pkgs.lib) hasPrefix;
in in
{ {
onPush.default.outputs.effects = { onPush.default.outputs.effects = {
darwin-deploy = hci-effects.runIf (pkgs.lib.hasPrefix "refs/heads/gh-readonly-queue/master/" config.repo.ref) darwin-deploy = runIf (hasPrefix "refs/heads/gh-readonly-queue/master/" ref)
(hci-effects.mkEffect { (mkEffect {
name = "darwin-deploy";
secretsMap.hercules-ssh = "hercules-ssh"; secretsMap.hercules-ssh = "hercules-ssh";
effectScript = '' effectScript = ''
writeSSHKey hercules-ssh writeSSHKey hercules-ssh
@ -17,18 +22,18 @@
darwin02.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBt6uTauhRbs5A6jwAT3p3i3P1keNC6RpaA1Na859BCa darwin02.nix-community.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBt6uTauhRbs5A6jwAT3p3i3P1keNC6RpaA1Na859BCa
EOF EOF
${hci-effects.ssh { destination = "m1@darwin02.nix-community.org"; } '' ${hci-effects.ssh { destination = "m1@darwin02.nix-community.org"; } ''
set -eu set -eux
newProfile=$(nix-store --realise ${drv}) newProfile=$(nix-store --realise ${drv})
sudo -H nix-env --profile /nix/var/nix/profiles/system --set $newProfile sudo -H nix-env --profile /nix/var/nix/profiles/system --set $newProfile
$newProfile/sw/bin/darwin-rebuild activate $newProfile/sw/bin/darwin-rebuild activate
''} ''}
''; '';
}); });
terraform-deploy = hci-effects.runIf (pkgs.lib.hasPrefix "refs/heads/gh-readonly-queue/master/" config.repo.ref) terraform-deploy = runIf (hasPrefix "refs/heads/gh-readonly-queue/master/" ref)
(hci-effects.mkEffect { (mkEffect {
name = "terraform-deploy"; name = "terraform-deploy";
inputs = [ self'.devShells.terraform.nativeBuildInputs ]; inputs = [ self'.devShells.terraform.nativeBuildInputs ];
src = toString self; src = self;
secretsMap.tf-secrets = "tf-secrets"; secretsMap.tf-secrets = "tf-secrets";
effectScript = '' effectScript = ''
export TF_IN_AUTOMATION=1 export TF_IN_AUTOMATION=1
@ -36,6 +41,7 @@
export SOPS_AGE_KEY="$(readSecretString tf-secrets .SOPS_AGE_KEY)" export SOPS_AGE_KEY="$(readSecretString tf-secrets .SOPS_AGE_KEY)"
export TF_TOKEN_app_terraform_io="$(readSecretString tf-secrets .TF_TOKEN_app_terraform_io)" export TF_TOKEN_app_terraform_io="$(readSecretString tf-secrets .TF_TOKEN_app_terraform_io)"
set -eux
pushd terraform pushd terraform
terraform init terraform init
terraform validate terraform validate