From 4bed25e00a5873f27554c385d669756d2da15660 Mon Sep 17 00:00:00 2001
From: Benedikt Peetz <benedikt.peetz@b-peetz.de>
Date: Sun, 22 Mar 2026 18:02:28 +0100
Subject: scripts/update_hosts: Init

That works cleaner than the `deploy-rs` based solution.
---
 scripts/update_hosts.remote | 41 +++++++++++++++++++++++++++++++++++++++++
 scripts/update_hosts.sh     | 24 ++++++++++++++++++++++++
 2 files changed, 65 insertions(+)
 create mode 100644 scripts/update_hosts.remote
 create mode 100755 scripts/update_hosts.sh

diff --git a/scripts/update_hosts.remote b/scripts/update_hosts.remote
new file mode 100644
index 0000000..7323a33
--- /dev/null
+++ b/scripts/update_hosts.remote
@@ -0,0 +1,41 @@
+#! /usr/bin/env sh
+
+# This is the remote side of `update_hosts.sh`, it will be copied to the remote host
+# and is responsible for performing the update.
+
+set -e
+
+PATH_add() {
+    nix_expr="$1"
+    what="$(nix build "nixpkgs#$nix_expr.out" --print-out-paths --no-link)"
+
+    printf "Adding '%s' (%s/bin) to PATH..\n" "$nix_expr" "$what"
+
+    PATH="$what/bin:$PATH"
+    export PATH
+}
+
+branch="$1"
+
+# We don't have access to git by default, so evaluate it here
+PATH_add git
+
+# By-default these systems use cppnix, which can't build our config. So let's switch to
+# lix.
+PATH_add lixPackageSets.latest.lix
+
+# We might or might not have python, and we need it, because we use the unwrapped
+# `nixos-update`.
+PATH_add python3
+PATH_add nixos-rebuild-ng
+
+set -x
+cd /etc/nixos
+
+sudo git fetch --all --prune
+sudo git switch "$branch"
+sudo git pull --rebase
+
+PYTHONNOUSERSITE='true' sudo --preserve-env=PATH --preserve-env=PYTHONNOUSERSITE ".nixos-rebuild-ng-wrapped" --no-reexec boot
+
+sudo reboot
diff --git a/scripts/update_hosts.sh b/scripts/update_hosts.sh
new file mode 100755
index 0000000..505f061
--- /dev/null
+++ b/scripts/update_hosts.sh
@@ -0,0 +1,24 @@
+#! /usr/bin/env sh
+set -e
+
+base_dir="$(git rev-parse --show-toplevel)"
+
+user="${1-$USER}"
+hosts="${2-server2 server3}"
+branch="${3-main}"
+
+for host in $hosts; do
+    echo "Updating '$user@$host.vhack.eu' ..."
+
+    new_system="$(nix build ".#nixosConfigurations.$host.config.system.build.toplevel" --no-link --print-out-paths)"
+
+    printf "Copying closure ..\n"
+    nix-copy-closure "$user@$host.vhack.eu" "$new_system"
+
+    printf "Deploying remote side script ..\n"
+    scp "$base_dir/scripts/update_hosts.remote" "$user@$host.vhack.eu:update_host.remote"
+
+    printf "Executing remote side script ..\n"
+    ssh -t "$user@$host.vhack.eu" "chmod +x update_host.remote; ./update_host.remote '$branch'"
+done
+# vim: ft=sh
-- 
cgit 1.4.1