-
Notifications
You must be signed in to change notification settings - Fork 0
/
justfile
50 lines (42 loc) · 1.64 KB
/
justfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
default:
@just --list
# nixos-rebuild switch
switch:
sudo nixos-rebuild switch --flake .
# pwd-agnostic agenix -d
get-secret secret:
cd ./secrets && agenix -d {{ secret }}
# send sources to the target, build and activate remotely
deploy tgt:
rsync --exclude-from=.gitignore --filter=':- .gitignore' \
. {{ tgt }}:/tmp/config -azv
ssh -tt {{ tgt }} ' \
set -ex; \
sys="$(nix build \
/tmp/config#nixosConfigurations.{{ tgt }}.config.system.build.toplevel \
--no-link --print-out-paths)"; \
sudo "$sys/bin/switch-to-configuration" switch;'
change-nixos-release from to:
rg --files-with-matches {{ from }} | rg -v '^flake.lock$' | \
xargs -I _ sh -c "echo --- _; sed -n 's/{{ from }}/{{ to }}/p' _"
read -p "Ok? (y/n) " ok && [ "$ok" == "y" ] || exit 1
rg --files-with-matches {{ from }} | rg -v '^flake.lock$' | \
xargs -I _ sh -c "echo --- _; sed -i 's/{{ from }}/{{ to }}/' _"
nix flake lock
# build system locally, send it and activate it on the remote
build-deploy tgt:
#! /usr/bin/env bash
set -ex
sys="$(nix build .#nixosConfigurations.{{ tgt }}.config.system.build.toplevel \
--no-link --print-out-paths)"
nix copy --to ssh://{{ tgt }} "$sys"
ssh -tt {{ tgt }} sudo "$sys/bin/switch-to-configuration" switch
# stop autoupgrade timer on the remote
stop-upgrade tgt:
ssh -tt {{ tgt }} sudo systemctl stop nixos-upgrade.timer
# eval and pretty print an option in a config
eval-opt host opt:
nix eval .#nixosConfigurations.{{ host }}.config.{{ opt }} --json --show-trace | jq .
# decrypt, decompress and mount a backup
receive-backup path:
cat {{ path }} | gpg --decrypt | gunzip --stdout | btrfs receive .