cli: support updating nix-darwin machines
This commit is contained in:
Michael Hoang
@@ -7,11 +7,12 @@ from functools import cached_property
|
||||
from pathlib import Path
|
||||
from typing import TYPE_CHECKING, Any, Literal
|
||||
|
||||
from clan_cli.cmd import Log, RunOpts, run_no_stdout
|
||||
from clan_cli.errors import ClanCmdError, ClanError
|
||||
from clan_cli.facts import public_modules as facts_public_modules
|
||||
from clan_cli.facts import secret_modules as facts_secret_modules
|
||||
from clan_cli.flake import Flake
|
||||
from clan_cli.nix import nix_config, nix_test_store
|
||||
from clan_cli.nix import nix_config, nix_eval, nix_test_store
|
||||
from clan_cli.ssh.host import Host
|
||||
from clan_cli.ssh.host_key import HostKeyCheck
|
||||
from clan_cli.ssh.parse import parse_deployment_address
|
||||
@@ -196,6 +197,27 @@ class Machine:
|
||||
meta={"machine": self, "target_host": self.target_host},
|
||||
)
|
||||
|
||||
@cached_property
|
||||
def deploy_as_root(self) -> bool:
|
||||
if self._class_ == "nixos":
|
||||
return True
|
||||
|
||||
# Currently nix-darwin HEAD requires you to deploy as a non-root user
|
||||
# however there is a soon to be merged PR that requires deployment
|
||||
# as root to match NixOS: https://github.com/nix-darwin/nix-darwin/pull/1341
|
||||
return json.loads(
|
||||
run_no_stdout(
|
||||
nix_eval(
|
||||
[
|
||||
f"{self.flake}#darwinConfigurations.{self.name}.options.system",
|
||||
"--apply",
|
||||
"system: system ? primaryUser",
|
||||
]
|
||||
),
|
||||
RunOpts(log=Log.NONE),
|
||||
).stdout.strip()
|
||||
)
|
||||
|
||||
def nix(
|
||||
self,
|
||||
attr: str,
|
||||
|
||||
@@ -138,7 +138,6 @@ def deploy_machines(machines: list[Machine]) -> None:
|
||||
|
||||
nix_options = [
|
||||
"--show-trace",
|
||||
"--fast",
|
||||
"--option",
|
||||
"keep-going",
|
||||
"true",
|
||||
@@ -146,27 +145,30 @@ def deploy_machines(machines: list[Machine]) -> None:
|
||||
"accept-flake-config",
|
||||
"true",
|
||||
"-L",
|
||||
"--build-host",
|
||||
"",
|
||||
*machine.nix_options,
|
||||
"--flake",
|
||||
f"{path}#{machine.name}",
|
||||
]
|
||||
|
||||
switch_cmd = ["nixos-rebuild", "switch", *nix_options]
|
||||
test_cmd = ["nixos-rebuild", "test", *nix_options]
|
||||
become_root = machine.deploy_as_root
|
||||
|
||||
become_root = True
|
||||
if machine._class_ == "nixos":
|
||||
nix_options += [
|
||||
"--fast",
|
||||
"--build-host",
|
||||
"",
|
||||
]
|
||||
|
||||
target_host: Host | None = host.meta.get("target_host")
|
||||
if target_host:
|
||||
become_root = False
|
||||
switch_cmd.extend(["--target-host", target_host.target])
|
||||
test_cmd.extend(["--target-host", target_host.target])
|
||||
target_host: Host | None = host.meta.get("target_host")
|
||||
if target_host:
|
||||
become_root = False
|
||||
nix_options += ["--target-host", target_host.target]
|
||||
|
||||
if target_host.user != "root":
|
||||
switch_cmd.extend(["--use-remote-sudo"])
|
||||
test_cmd.extend(["--use-remote-sudo"])
|
||||
if target_host.user != "root":
|
||||
nix_options += ["--use-remote-sudo"]
|
||||
|
||||
switch_cmd = [f"{machine._class_}-rebuild", "switch", *nix_options]
|
||||
test_cmd = [f"{machine._class_}-rebuild", "test", *nix_options]
|
||||
|
||||
env = host.nix_ssh_env(None)
|
||||
ret = host.run(
|
||||
@@ -201,6 +203,11 @@ def deploy_machines(machines: list[Machine]) -> None:
|
||||
|
||||
with AsyncRuntime() as runtime:
|
||||
for machine in machines:
|
||||
if machine._class_ == "darwin":
|
||||
if not machine.deploy_as_root and machine.target_host.user == "root":
|
||||
msg = f"'TargetHost' should be set to a non-root user for deploying to nix-darwin on machine '{machine.name}'"
|
||||
raise ClanError(msg)
|
||||
|
||||
machine.info(f"Updating {machine.name}")
|
||||
runtime.async_run(
|
||||
AsyncOpts(
|
||||
|
||||
Reference in New Issue
Block a user