Deployment and lifecycle management for Nix
activator: simplify start binary, handle duplicate nixos in admin
+24
-7
+15
-5
apps/sower_agent/lib/sower_agent/admin.ex
+15
-5
apps/sower_agent/lib/sower_agent/admin.ex
···
3
3
Admin tools for the agent. Useful on local repl
4
4
"""
5
5
6
-
def latest(:nixos) do
7
-
SowerAgent.Storage.read().subscriptions |> Enum.find(&(&1.seed_type == "nixos"))
6
+
require Logger
7
+
8
+
def subs(:nixos) do
9
+
SowerAgent.Storage.read().subscriptions |> Enum.filter(&(&1.seed_type == "nixos"))
8
10
end
9
11
10
12
def deploy(:nixos) do
11
-
case latest(:nixos) do
12
-
nil -> :error
13
-
sub -> SowerAgent.Client.deploy(sub)
13
+
case subs(:nixos) do
14
+
[] ->
15
+
Logger.error(msg: "nixos subscription not found")
16
+
{:error, :subscription_not_found}
17
+
18
+
[sub] ->
19
+
SowerAgent.Client.deploy(sub)
20
+
21
+
[_ | _] ->
22
+
Logger.error(msg: "too many nixos subscriptions found")
23
+
{:error, :too_many_results}
14
24
end
15
25
end
16
26
end
+6
nix/flake/part.nix
+6
nix/flake/part.nix
+3
-2
nix/nixos/activator.nix
+3
-2
nix/nixos/activator.nix
···
84
84
additionalGroupsArg = lib.concatStringsSep " " additionalGroups;
85
85
debugFlag = lib.optionalString cfg.debug "--debug";
86
86
in
87
-
pkgs.writeShellScript "sower-activator-start" ''
87
+
pkgs.writeShellScriptBin "sower-activator-start" ''
88
88
# Look up socket group GID at runtime
89
89
SOCKET_GID=$(getent group ${cfg.socketGroup} | cut -f 3 -d :)
90
90
···
98
98
--socket-mode \
99
99
--allowed-gids "$ALLOWED_GIDS" \
100
100
${debugFlag}
101
-
'';
101
+
''
102
+
|> lib.getExe;
102
103
103
104
# TODO security hardening is limited, but we could probably turn on some things
104
105
# NoNewPrivileges = false;