diff options
Diffstat (limited to 'infest')
-rwxr-xr-x | infest | 188 |
1 files changed, 8 insertions, 180 deletions
@@ -1,187 +1,15 @@ #! /bin/sh -set -xeuf +# +# usage: ./infest cac-servername hostname +# +set -euf -. ./lib/prelude.sh -. ./lib/cac.sh -. ./lib/cacnixos.sh +PATH="$PWD/bin${PATH+:$PATH}" +export PATH nix_url=https://nixos.org/releases/nix/nix-1.8/nix-1.8-x86_64-linux.tar.bz2 nix_sha256=52fab207b4ce4d098a12d85357d0353e972c492bab0aa9e08e1600363e76fefb nix_find_sha1sum=86f8775bd4f0841edd4c816df861cebf509d58c3 +export nix_url nix_sha256 nix_find_sha1sum -# This is somewhat required because cloudatcost requires whitelisting -# of hosts. If you whitelist your localhost, then leave this empty. -# cac_via= -# -# cac_key= -# cac_login= -# cac_servername= - -# hostname= - -main() { - server=$(cac_getserver_by_servername "$cac_servername") - - serverstatus=$(echo $server | jq -r .status) - case $serverstatus in - 'Powered On') : ;; - *) - echo $0: bad server status: $serverstatus >&2 - exit 2 - esac - - template=$(echo $server | jq -r .template) - case $template in - 'CentOS-7-64bit') infest_centos7_64bit "$server";; - *) - echo $0: bad template: $template >&2 - exit 3 - esac -} - - -infest_centos7_64bit() { - server=$1 - address=$(echo $server | jq -r .ip) - RSYNC_RSH='sshpass -e ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' - SSHPASS=$(echo $server | jq -r .rootpass) - export SSHPASS - export RSYNC_RSH - - main="modules/$hostname/default.nix" - target="root@$address" - - cacnixos_networking "$server" $hostname \ - > modules/$hostname/networking.nix - - echo '( - set -xeuf - type bzip2 || yum install -y bzip2 - type rsync || yum install -y rsync - )' \ - | sshpass -e ssh \ - -o StrictHostKeyChecking=no \ - -o UserKnownHostsFile=/dev/null \ - "root@$address" \ - /bin/sh - - rsync_filter "$main" \ - | rsync -f '. -' -zvrlptD --delete-excluded ./ "$target":/etc/nixos/ - - # - # - # - echo '( - set -xeuf - groupadd -g 30000 nixbld || : - for i in `seq 1 10`; do - useradd -c "foolsgarden Nix build user $i" \ - -d /var/empty \ - -s /sbin/nologin \ - -g 30000 \ - -G 30000 \ - -l -u $(expr 30000 + $i) \ - nixbld$i || : - rm -f /var/spool/mail/nixbld$i - done - - #curl https://nixos.org/nix/install | sh - nix_tar=$nix_basename.tar.bz2 - if ! echo $nix_sha256 $nix_tar | sha256sum -c; then - curl -O -C - $nix_url || : - if ! echo $nix_sha256 $nix_tar | sha256sum -c; then - curl -O $nix_url || : - if ! echo $nix_sha256 $nix_tar | sha256sum -c; then - echo $0: cannot download $nix_url >&2 - exit 5 - fi - fi - fi - - if ! test -d $nix_basename; then - tar jxf $nix_basename.tar.bz2 - fi - - nix_find=$nix_basename.find.txt - if ! echo $nix_find_sha1sum $nix_find | sha1sum -c; then - find $nix_basename | sort > $nix_find - if ! echo $nix_find_sha1sum $nix_find | sha1sum -c; then - echo $0: cannot unpack $nix_basename.tar.bz2 >&2 - # TODO we could retry - exit 6 - fi - fi - - mkdir -p bin - PATH=$HOME/bin:$PATH - export PATH - - # generate fake sudo because - # sudo: sorry, you must have a tty to run sudo - { - echo "#! /bin/sh" - echo "exec env \"\$@\"" - } > bin/sudo - chmod +x bin/sudo - - ./$nix_basename/install - - . /root/.nix-profile/etc/profile.d/nix.sh - - nixpkgs_expr="import <nixpkgs> { system = builtins.currentSystem; }" - nixpkgs_path=$( - find /nix/store -mindepth 1 -maxdepth 1 -name *-nixpkgs-* -type d - ) - - for i in nixos-generate-config nixos-install; do - nix-env \ - --arg config "{ nix.package = ($nixpkgs_expr).nix; }" \ - --arg pkgs "$nixpkgs_expr" \ - --arg modulesPath "throw \"no modulesPath\"" \ - -f $nixpkgs_path/nixpkgs/nixos/modules/installer/tools/tools.nix \ - -iA config.system.build.$i - done - - # TODO following fail when aborted in-between - if ! test -d /int; then - mkdir -p /int - mount --bind /int /mnt - fi - if ! test -d /mnt/boot; then - mkdir -p /mnt/boot - mount /dev/sda1 /mnt/boot - fi - - mkdir -p /mnt/etc/nixos - rsync -zvrlptD --delete-excluded /etc/nixos/ /mnt/etc/nixos/ - - mkdir -m 0444 -p /mnt/var/empty - - ln -s $main /mnt/etc/nixos/configuration.nix - nixos-install \ - -I secrets=/etc/nixos/secrets - - rsync -va --force /int/ / - - # find / -type f -mtime +1 -exec rm -v {} \; 2>&1 > rm.log - # ^ too aggressive, kills journal which is bad - # shutdown -r now - # nix-channel --add https://nixos.org/channels/nixos-unstable nixos - # nix-channel --remove nixpkgs - # nix-channel --update - - )' \ - | sshpass -e ssh \ - -o StrictHostKeyChecking=no \ - -o UserKnownHostsFile=/dev/null \ - "root@$address" \ - -T /usr/bin/env \ - nix_url="$nix_url" \ - nix_basename="$(basename $nix_url .tar.bz2)" \ - nix_sha256="$nix_sha256" \ - nix_find_sha1sum="$nix_find_sha1sum" \ - main="$main" \ - /bin/sh -} - -main "$@" +exec infest-cac "$@" |