diff options
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/build.sh | 7 | ||||
| -rwxr-xr-x | scripts/check.sh | 20 | ||||
| -rwxr-xr-x | scripts/get_dns.sh | 55 | ||||
| -rwxr-xr-x | scripts/ping_hosts.sh | 12 | ||||
| -rwxr-xr-x | scripts/system_info.sh | 25 | ||||
| -rwxr-xr-x | scripts/test.sh | 12 | ||||
| -rwxr-xr-x | scripts/test_build.sh | 13 | ||||
| -rwxr-xr-x | scripts/test_interactive.sh | 4 | ||||
| -rw-r--r-- | scripts/update_hosts.remote | 41 | ||||
| -rwxr-xr-x | scripts/update_hosts.sh | 24 |
10 files changed, 212 insertions, 1 deletions
diff --git a/scripts/build.sh b/scripts/build.sh new file mode 100755 index 0000000..a3ff064 --- /dev/null +++ b/scripts/build.sh @@ -0,0 +1,7 @@ +#! /usr/bin/env sh + +for host in "server2" "server3"; do + nix build ".#nixosConfigurations.$host.config.system.build.toplevel" --print-out-paths --no-link --option max-jobs 1 +done + +# vim: ft=sh diff --git a/scripts/check.sh b/scripts/check.sh new file mode 100755 index 0000000..f152cbb --- /dev/null +++ b/scripts/check.sh @@ -0,0 +1,20 @@ +#! /usr/bin/env sh + +# --log-format multiline-with-logs \ +nix build \ + --option max-jobs 1 \ + --print-out-paths --no-link \ + .#checks.x86_64-linux.atuin-sync \ + .#checks.x86_64-linux.back \ + .#checks.x86_64-linux.deploy-activate \ + .#checks.x86_64-linux.deploy-schema \ + .#checks.x86_64-linux.dns \ + .#checks.x86_64-linux.formatting \ + .#checks.x86_64-linux.git-server \ + .#checks.x86_64-linux.rust-motd \ + .#checks.x86_64-linux.sharkey \ + .#checks.x86_64-linux.sharkey-cpu \ + .#checks.x86_64-linux.taskchampion-sync +# .#checks.x86_64-linux.email-dns \ +# .#checks.x86_64-linux.email-http \ +# .#checks.x86_64-linux.email-ip \ diff --git a/scripts/get_dns.sh b/scripts/get_dns.sh new file mode 100755 index 0000000..2d82925 --- /dev/null +++ b/scripts/get_dns.sh @@ -0,0 +1,55 @@ +#! /usr/bin/env nix-shell +#! nix-shell -p dig -p dash -i dash --impure +# shellcheck shell=dash + +get_dns_types() { + cat <<EOF + A + AAAA + CAA + CNAME + DNAME + MX + NS + SOA + SRV + TXT + PTR + DNSKEY + DS + SSHFP + TLSA + OPENPGPKEY + SVCB + HTTPS +EOF +} + +check_type() { + domain="$1" + type="$2" + + if [ "$(dig +short -t "$type" "$domain" | wc -c)" -ne 0 ]; then + dig +short -t "$type" "$domain" | while IFS="$(printf "\n")" read -r output; do + printf "(%s) %s [%s]\n" "$type" "$output" "$domain" + done + else + printf "(%s) <Not set> [%s]\n" "$type" "$domain" + fi +} + +get_dns() { + original_domain="$1" + + get_dns_types | while read -r type; do + check_type "$original_domain" "$type" + done + + # DKIM + check_type "mail._domainkey.$original_domain" "TXT" + + # DMARC + check_type "_dmarc.$original_domain" "TXT" +} + +get_dns "$1" diff --git a/scripts/ping_hosts.sh b/scripts/ping_hosts.sh new file mode 100755 index 0000000..fba2490 --- /dev/null +++ b/scripts/ping_hosts.sh @@ -0,0 +1,12 @@ +#! /usr/bin/env sh + +user="${1-$USER}" +hosts="${2-server2 server3}" + +for host in $hosts; do + echo "Checking status of '$user@$host.vhack.eu' ..." + + ssh "$user@$host.vhack.eu" "set -x; systemctl --failed" +done + +# vim: ft=sh diff --git a/scripts/system_info.sh b/scripts/system_info.sh new file mode 100755 index 0000000..940406a --- /dev/null +++ b/scripts/system_info.sh @@ -0,0 +1,25 @@ +#!/usr/bin/env sh + +# Take a host name and return the nix store path to the host's system info. +# Type +# _system_info :: String -> Path +_system_info() { + nix --option warn-dirty false build .#nixosConfigurations."$1".config.vhack.system-info.markdown --print-out-paths --no-link +} + +_glow() { + if command -v glow >/dev/null; then + glow --width 0 + else + cat + fi +} + +# The expression is not meant to be expanded by the shell +# shellcheck disable=SC2016 +nix eval --expr '"${builtins.concatStringsSep "\n" (builtins.attrNames (builtins.fromTOML (builtins.readFile ./hosts/host-names.toml)))}\n"' --impure --raw | while read -r host; do + echo "# $host" | _glow + _glow <"$(_system_info "$host")" +done + +# vim: ft=sh diff --git a/scripts/test.sh b/scripts/test.sh new file mode 100755 index 0000000..58c3343 --- /dev/null +++ b/scripts/test.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env sh + +test_target="$1" + +[ -z "$test_target" ] && { + echo "You need to select a test target!" 1>&2 + echo "Usage: test_interactive TEST_TARGET" 1>&2 + exit 1 +} + +nix build --log-format multiline-with-logs .#checks.x86_64-linux."$test_target" +# vim: ft=sh diff --git a/scripts/test_build.sh b/scripts/test_build.sh new file mode 100755 index 0000000..eeb8572 --- /dev/null +++ b/scripts/test_build.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env sh + +[ "$#" -ne 2 ] && { + echo "Usage: test_build <TEST_TARGET> <BUILD_NODE>" 1>&2 + exit 2 +} + +test_target="$1" +build_node="$2" + +nix build .#checks.x86_64-linux."$test_target".nodes."$build_node".system.build.toplevel + +# vim: ft=sh diff --git a/scripts/test_interactive.sh b/scripts/test_interactive.sh index 3b3fe0d..230f5a0 100755 --- a/scripts/test_interactive.sh +++ b/scripts/test_interactive.sh @@ -8,7 +8,9 @@ test_target="$1" exit 1 } -nix build .#checks.x86_64-linux."$test_target".driver +nix build .#checks.x86_64-linux."$test_target".driverInteractive || { + exit 1 +} ./result/bin/nixos-test-driver --interactive diff --git a/scripts/update_hosts.remote b/scripts/update_hosts.remote new file mode 100644 index 0000000..7323a33 --- /dev/null +++ b/scripts/update_hosts.remote @@ -0,0 +1,41 @@ +#! /usr/bin/env sh + +# This is the remote side of `update_hosts.sh`, it will be copied to the remote host +# and is responsible for performing the update. + +set -e + +PATH_add() { + nix_expr="$1" + what="$(nix build "nixpkgs#$nix_expr.out" --print-out-paths --no-link)" + + printf "Adding '%s' (%s/bin) to PATH..\n" "$nix_expr" "$what" + + PATH="$what/bin:$PATH" + export PATH +} + +branch="$1" + +# We don't have access to git by default, so evaluate it here +PATH_add git + +# By-default these systems use cppnix, which can't build our config. So let's switch to +# lix. +PATH_add lixPackageSets.latest.lix + +# We might or might not have python, and we need it, because we use the unwrapped +# `nixos-update`. +PATH_add python3 +PATH_add nixos-rebuild-ng + +set -x +cd /etc/nixos + +sudo git fetch --all --prune +sudo git switch "$branch" +sudo git pull --rebase + +PYTHONNOUSERSITE='true' sudo --preserve-env=PATH --preserve-env=PYTHONNOUSERSITE ".nixos-rebuild-ng-wrapped" --no-reexec boot + +sudo reboot diff --git a/scripts/update_hosts.sh b/scripts/update_hosts.sh new file mode 100755 index 0000000..505f061 --- /dev/null +++ b/scripts/update_hosts.sh @@ -0,0 +1,24 @@ +#! /usr/bin/env sh +set -e + +base_dir="$(git rev-parse --show-toplevel)" + +user="${1-$USER}" +hosts="${2-server2 server3}" +branch="${3-main}" + +for host in $hosts; do + echo "Updating '$user@$host.vhack.eu' ..." + + new_system="$(nix build ".#nixosConfigurations.$host.config.system.build.toplevel" --no-link --print-out-paths)" + + printf "Copying closure ..\n" + nix-copy-closure "$user@$host.vhack.eu" "$new_system" + + printf "Deploying remote side script ..\n" + scp "$base_dir/scripts/update_hosts.remote" "$user@$host.vhack.eu:update_host.remote" + + printf "Executing remote side script ..\n" + ssh -t "$user@$host.vhack.eu" "chmod +x update_host.remote; ./update_host.remote '$branch'" +done +# vim: ft=sh |