#!/bin/sh # Wrapper around nixos-rebuild and deploy-rs for the three hosts. # # Usage: # ./deploy.sh # nixos-rebuild boot on current host (mreow/yarn) # ./deploy.sh switch # apply immediately on current host # ./deploy.sh test # apply without adding boot entry # ./deploy.sh build # build only, no activation # ./deploy.sh muffin # build + deploy to muffin via deploy-rs # ./deploy.sh muffin --force # bypass the deploy guard (active-user check) # # muffin cannot be rebuilt locally from another host — this script only issues # the remote deploy via deploy-rs when explicitly named. # # DEPLOY_GUARD_FORCE=1 is equivalent to passing --force. set -eu host="$(hostname -s)" arg="${1:-boot}" case "$arg" in muffin) shift # consume "muffin" force=0 if [ "${DEPLOY_GUARD_FORCE:-0}" = "1" ]; then force=1; fi if [ "${1:-}" = "--force" ]; then force=1; shift; fi if [ "$force" = "1" ]; then echo "deploy-guard: bypass requested; setting remote marker" ssh -o BatchMode=yes -o ConnectTimeout=3 root@server-public \ 'touch /run/deploy-guard-bypass' \ || echo "deploy-guard: warning: could not write remote bypass marker" >&2 else # Single SSH probe — if exit 255 it's a connectivity failure (skip # preflight; the activation-time guard still enforces). Any other # non-zero is the guard blocking the deploy. output=$(ssh -o BatchMode=yes -o ConnectTimeout=5 \ root@server-public deploy-guard-check 2>&1) && rc=0 || rc=$? if [ "$rc" -eq 255 ]; then echo "deploy-guard: muffin unreachable for preflight;" \ "activation will still enforce" >&2 elif [ "$rc" -ne 0 ]; then printf '%s\n' "$output" echo >&2 echo "Blocked by deploy guard. Bypass: ./deploy.sh muffin --force" >&2 exit 1 elif [ -n "$output" ]; then printf '%s\n' "$output" fi fi exec nix run .#deploy -- .#muffin "$@" ;; boot | switch | test | build) exec nixos-rebuild "$arg" --flake ".#$host" --use-remote-sudo ;; *) echo "usage: $0 [muffin [--force] | boot | switch | test | build]" >&2 exit 2 ;; esac