infra/Justfile

_usage:
	just -l

_get_nix_path versionsPath:
	echo $(set -x; nix-build --no-link --show-trace {{invocation_directory()}}/nix/default.nix -A channelSources --argstr versionsPath  {{versionsPath}} --argstr rebuildarg "dummy")

_device recipe dir +moreargs="":
	#!/usr/bin/env bash
	set -ex
	source $(just -v _get_nix_path {{invocation_directory()}}/{{dir}}/versions.nix)
	$(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A recipes.{{recipe}} --argstr dir {{dir}} {{moreargs}})

_render_templates:
	#!/usr/bin/env bash
	set -ex
	source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix)
	nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix

_rebuild-device dir rebuildarg="dry-activate" +moreargs="": _render_templates
	#!/usr/bin/env bash
	set -ex
	just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} {{moreargs}}

rebuild-remote-device dir target rebuildarg="dry-activate" :
	#!/usr/bin/env bash
	set -ex
	just -v _rebuild-device {{dir}} {{rebuildarg}} --argstr moreargs "'--target-host\ {{target}}'"

# Rebulid this device's NixOS
rebuild-this-device rebuildarg="dry-activate":
	#!/usr/bin/env bash
	set -e

	function parse_hm_rebuildarg() {
		case $1 in
			switch)
				echo switch
				;;
			*)
				echo build
				;;
		esac
	}

	export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log
	export HOMEREBUILD_LOG=.$(hostname -s)_homerebuild.log

	echo Rebuilding system in {{rebuildarg}}-mode...
	if just -v _rebuild-device nix/os/devices/$(hostname -s) {{rebuildarg}} > ${SYSREBUILD_LOG} 2>&1 ; then
		echo System rebuild successful
	else
		cat ${SYSREBUILD_LOG}
		echo System rebuild failed
	fi

	if type home-manager > /dev/null 2>&1; then
		echo Rebuilding home in $(parse_hm_rebuildarg {{rebuildarg}})-mode...
		source $(just -v _get_nix_path {{invocation_directory()}}/nix/os/devices/$(hostname -s)/versions.nix)
		if home-manager -v $(parse_hm_rebuildarg {{rebuildarg}}) > ${HOMEREBUILD_LOG} 2>&1 ; then
			echo Home rebuild successful
		else
			cat ${HOMEREBUILD_LOG}
			echo Home rebuild failed
		fi
	fi

# This could be used to inject another channel
# --argstr moreargs "\'-I nixos-unstable=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz\'"


# Update nix-channels and switch to updated NixOS and home environments
update-this-device:
	#!/usr/bin/env bash
	set -e
	export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log

	echo Updating system channels...
	sudo nix-channel --update
	just -v rebuild-this-device switch

# Iterate on a qtile config by running it inside Xephyr. (un-/grab the mouse with Ctrl + Shift-L)
hm-iterate-qtile:
	#!/usr/bin/env bash
	set -xe
	home-manager switch || just -v rebuild-this-device switch
	Xephyr -ac -br -resizeable :1 &
	XEPHYR_PID=$!
	echo ${XEPHYR_PID}
	DISPLAY=:1 $(grep qtile ~/.xsession) &
	wait $!
	kill ${XEPHYR_PID}

# !!! DANGERIOUS !!! This wipes the disk which is configured for the given device.
disk-prepare dir:
	just -v _device diskPrepare {{dir}} --argstr rebuildarg "dummy"

disk-relabel dir previous:
	just -v _device diskRelabel {{dir}} --argstr rebuildarg "dummy" --argstr previousDiskId {{previous}}

# Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6'
disk-mount dir:
	just -v _device diskMount {{dir}} --argstr rebuildarg "dummy"

# Unmount target disk, specified by device configuration directory
disk-umount dir:
	just -v _device diskUmount {{dir}} --argstr rebuildarg "dummy"

# Perform an offline installation on the mounted target disk, specified by device configuration directory
disk-install dir: _render_templates
	just -v _device diskInstall {{dir}} --argstr rebuildarg "dummy"

verify-n-unlock sshserver attempts="10":
	#!/usr/bin/env bash
	set -e
	: ${VNCSOCK:?VNCSOCK must be set}
	: ${VNCPW:?VNCPW must be set}

	export MAGICK_ARGS="-filter Catrom -density 72 -resample 300 -contrast -normalize -despeckle -type grayscale -sharpen 1 -posterize 3 -negate -gamma 100 -blur 1x65535"
	export TESS_ARGS="-c debug_file=/dev/null --psm 4"

	function send() {
		local what="${1:?need something to send}"
		ssh -4 ${SSHOPTS:?need sshopts} root@{{sshserver}} "echo -e ${what}>> /dev/tty0" &>/dev/null
	}

	function expect() {
		local what="${1:?need something to expect}"
		vncdo --server=${VNCSOCK} --password=${VNCPW} --disable-desktop-resizing --nocursor capture $PWD/screenshot.bmp
		convert ${MAGICK_ARGS} screenshot.bmp screenshot.tiff
		tesseract ${TESS_ARGS} screenshot.tiff screenshot
		grep --quiet "${what}" screenshot.txt
	}

	function send_and_expect() {
		local send="${1:?need something to send}"
		local expect="${2:?need something to expect}"
		if ! send "${send}"; then
			echo warning: cannot send > /dev/stderr
			return -1
		fi
		expect "${expect}"
	}

	trap 'E=$?; set +e; rm screenshot.*; echo Exiting...; kill $(jobs -p | cut -d " " -f 4); exit $E' EXIT

	for i in `seq 1 {{attempts}}`; do
		echo Attempt $i...
		expect="$(pwgen -0 12)"
		send="'\0033\0143'${expect}"
		if send_and_expect "${send}" "${expect}"; then
			pipe=$(mktemp -u)
			mkfifo ${pipe}
			exec 3<>${pipe}
			rm ${pipe}

			echo Verification succeeded at attempt $i. Unlocking remote drive...
			ssh -4 ${SSHOPTS} root@{{sshserver}} "cryptsetup-askpass" <&3 &>/dev/null &
			eval ${GETPW} | head -n1 >&3

			for j in `seq 1 120`; do
				sleep 0.5
				if expect '— success'; then
					echo Unlock successful.
					exit 0
				fi
			done

			echo Unlock failed...
			exit 1
		fi
	done
	echo Verification failed {{attempts}} times. Giving up...
	exit 1

_get_pass_entry path key:
	pass show {{path}}| grep -E "^{{key}}:" | awk '{ print $2 }'
	# jq -sR 'split("\n") | map(split(":"))' <(pass show Infrastructure/VPS/CFB4ED74 | grep -E "^[A-Za-z_]+:")
	#
run-with-channels +cmds:
	#/usr/bin/env bash
	source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix)
	{{cmds}}
nix: add channel configuration and rework update process 2018-11-03 11:45:40 +01:00			`_usage:`
			`just -l`

nix,steveej-t480s-work: introduce pure versioning 2018-12-17 13:10:06 +01:00			`_get_nix_path versionsPath:`
			`echo $(set -x; nix-build --no-link --show-trace {{invocation_directory()}}/nix/default.nix -A channelSources --argstr versionsPath {{versionsPath}} --argstr rebuildarg "dummy")`

nix/os/devices: refactor expressions 2018-11-19 02:04:26 +01:00			`_device recipe dir +moreargs="":`
make * composable; add install medium; archive prevoius code 2018-10-30 13:38:36 +01:00			`#!/usr/bin/env bash`
nix: add channel configuration and rework update process 2018-11-03 11:45:40 +01:00			`set -ex`
nix,steveej-t480s-work: introduce pure versioning 2018-12-17 13:10:06 +01:00			`source $(just -v _get_nix_path {{invocation_directory()}}/{{dir}}/versions.nix)`
Justfile,nix/devices: sudo only when needed 2018-12-16 21:57:20 +01:00			`$(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A recipes.{{recipe}} --argstr dir {{dir}} {{moreargs}})`
make * composable; add install medium; archive prevoius code 2018-10-30 13:38:36 +01:00
just: render templates for offline installations 2018-11-10 19:49:25 +01:00			`_render_templates:`
dotfiles/vcsh: populate nix store with dotfiles mirror 2018-11-04 22:04:22 +01:00			`#!/usr/bin/env bash`
just: render templates for offline installations 2018-11-10 19:49:25 +01:00			`set -ex`
nix,steveej-t480s-work: introduce pure versioning 2018-12-17 13:10:06 +01:00			`source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix)`
dotfiles/vcsh: populate nix store with dotfiles mirror 2018-11-04 22:04:22 +01:00			`nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix`
just: render templates for offline installations 2018-11-10 19:49:25 +01:00
			`_rebuild-device dir rebuildarg="dry-activate" +moreargs="": _render_templates`
			`#!/usr/bin/env bash`
			`set -ex`
nix: add channel configuration and rework update process 2018-11-03 11:45:40 +01:00			`just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} {{moreargs}}`
make * composable; add install medium; archive prevoius code 2018-10-30 13:38:36 +01:00
Justfile: support rebuild of remote device 2018-11-12 23:37:31 +01:00			`rebuild-remote-device dir target rebuildarg="dry-activate" :`
			`#!/usr/bin/env bash`
			`set -ex`
			`just -v _rebuild-device {{dir}} {{rebuildarg}} --argstr moreargs "'--target-host\ {{target}}'"`

nix config udpate; polish top-level Justfile 2018-11-03 11:03:03 +01:00			`# Rebulid this device's NixOS`
			`rebuild-this-device rebuildarg="dry-activate":`
Justfile: move rebuild functionality into rebuild 2018-11-03 22:55:50 +01:00			`#!/usr/bin/env bash`
			`set -e`
make * composable; add install medium; archive prevoius code 2018-10-30 13:38:36 +01:00
Justfile: move rebuild functionality into rebuild 2018-11-03 22:55:50 +01:00			`function parse_hm_rebuildarg() {`
			`case $1 in`
			`switch)`
			`echo switch`
			`;;`
			`*)`
			`echo build`
			`;;`
			`esac`
			`}`
nix: add channel configuration and rework update process 2018-11-03 11:45:40 +01:00
Justfile: move rebuild functionality into rebuild 2018-11-03 22:55:50 +01:00			`export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log`
			`export HOMEREBUILD_LOG=.$(hostname -s)_homerebuild.log`
nix: add channel configuration and rework update process 2018-11-03 11:45:40 +01:00
Justfile: move rebuild functionality into rebuild 2018-11-03 22:55:50 +01:00			`echo Rebuilding system in {{rebuildarg}}-mode...`
			`if just -v _rebuild-device nix/os/devices/$(hostname -s) {{rebuildarg}} > ${SYSREBUILD_LOG} 2>&1 ; then`
			`echo System rebuild successful`
nix config udpate; polish top-level Justfile 2018-11-03 11:03:03 +01:00			`else`
Justfile: move rebuild functionality into rebuild 2018-11-03 22:55:50 +01:00			`cat ${SYSREBUILD_LOG}`
			`echo System rebuild failed`
nix config udpate; polish top-level Justfile 2018-11-03 11:03:03 +01:00			`fi`

			`if type home-manager > /dev/null 2>&1; then`
Justfile: move rebuild functionality into rebuild 2018-11-03 22:55:50 +01:00			`echo Rebuilding home in $(parse_hm_rebuildarg {{rebuildarg}})-mode...`
nix: handle ref/rev correctly for channel fetch 2019-01-06 02:05:48 +01:00			`source $(just -v _get_nix_path {{invocation_directory()}}/nix/os/devices/$(hostname -s)/versions.nix)`
Justfile: move rebuild functionality into rebuild 2018-11-03 22:55:50 +01:00			`if home-manager -v $(parse_hm_rebuildarg {{rebuildarg}}) > ${HOMEREBUILD_LOG} 2>&1 ; then`
			`echo Home rebuild successful`
nix: add channel configuration and rework update process 2018-11-03 11:45:40 +01:00			`else`
Justfile: move rebuild functionality into rebuild 2018-11-03 22:55:50 +01:00			`cat ${HOMEREBUILD_LOG}`
			`echo Home rebuild failed`
nix config udpate; polish top-level Justfile 2018-11-03 11:03:03 +01:00			`fi`
			`fi`

Justfile: move rebuild functionality into rebuild 2018-11-03 22:55:50 +01:00			`# This could be used to inject another channel`
			`# --argstr moreargs "\'-I nixos-unstable=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz\'"`


			`# Update nix-channels and switch to updated NixOS and home environments`
			`update-this-device:`
			`#!/usr/bin/env bash`
			`set -e`
			`export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log`

			`echo Updating system channels...`
			`sudo nix-channel --update`
			`just -v rebuild-this-device switch`

qtile: fix mute state filepath and add usage note 2018-11-15 18:24:28 +01:00			`# Iterate on a qtile config by running it inside Xephyr. (un-/grab the mouse with Ctrl + Shift-L)`
home/qtile: add volume keys and ease testing 2018-11-03 18:43:22 +01:00			`hm-iterate-qtile:`
			`#!/usr/bin/env bash`
			`set -xe`
Justfile/hm-iterate-qtile: fallback to building system 2018-11-04 14:07:02 +01:00			`home-manager switch \|\| just -v rebuild-this-device switch`
home/qtile: add volume keys and ease testing 2018-11-03 18:43:22 +01:00			`Xephyr -ac -br -resizeable :1 &`
			`XEPHYR_PID=$!`
			`echo ${XEPHYR_PID}`
			`DISPLAY=:1 $(grep qtile ~/.xsession) &`
			`wait $!`
			`kill ${XEPHYR_PID}`

nix/devices: implement disk-prepare 2018-11-10 19:24:24 +01:00			`# !!! DANGERIOUS !!! This wipes the disk which is configured for the given device.`
			`disk-prepare dir:`
			`just -v _device diskPrepare {{dir}} --argstr rebuildarg "dummy"`
nix config udpate; polish top-level Justfile 2018-11-03 11:03:03 +01:00
nix/os/devices: add relabel command After bytewise-copying from a prevoius disk, the partition labels and logical volume groupnames need to be renamed according to the new disk id. 2019-01-12 22:24:30 +01:00			`disk-relabel dir previous:`
			`just -v _device diskRelabel {{dir}} --argstr rebuildarg "dummy" --argstr previousDiskId {{previous}}`

nix config udpate; polish top-level Justfile 2018-11-03 11:03:03 +01:00			`# Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6'`
			`disk-mount dir:`
nix/os: more work on partition handling 2018-11-04 23:56:36 +01:00			`just -v _device diskMount {{dir}} --argstr rebuildarg "dummy"`
nix config udpate; polish top-level Justfile 2018-11-03 11:03:03 +01:00
			`# Unmount target disk, specified by device configuration directory`
			`disk-umount dir:`
nix/os: more work on partition handling 2018-11-04 23:56:36 +01:00			`just -v _device diskUmount {{dir}} --argstr rebuildarg "dummy"`
nix config udpate; polish top-level Justfile 2018-11-03 11:03:03 +01:00
nix/devices: implement disk-prepare 2018-11-10 19:24:24 +01:00			`# Perform an offline installation on the mounted target disk, specified by device configuration directory`
just: render templates for offline installations 2018-11-10 19:49:25 +01:00			`disk-install dir: _render_templates`
nix/os: more work on partition handling 2018-11-04 23:56:36 +01:00			`just -v _device diskInstall {{dir}} --argstr rebuildarg "dummy"`
Justfile/shell: experiment to verify server via VNC/SSH 2018-11-19 18:25:06 +01:00
Justfile: rename remote unlock recipe 2019-01-10 23:31:33 +01:00			`verify-n-unlock sshserver attempts="10":`
Justfile/shell: experiment to verify server via VNC/SSH 2018-11-19 18:25:06 +01:00			`#!/usr/bin/env bash`
			`set -e`
Justfile: prototype remote drive unlock 2018-12-17 13:38:12 +01:00			`: ${VNCSOCK:?VNCSOCK must be set}`
			`: ${VNCPW:?VNCPW must be set}`

Justfile/shell: experiment to verify server via VNC/SSH 2018-11-19 18:25:06 +01:00			`export MAGICK_ARGS="-filter Catrom -density 72 -resample 300 -contrast -normalize -despeckle -type grayscale -sharpen 1 -posterize 3 -negate -gamma 100 -blur 1x65535"`
			`export TESS_ARGS="-c debug_file=/dev/null --psm 4"`

Justfile: prototype remote drive unlock 2018-12-17 13:38:12 +01:00			`function send() {`
			`local what="${1:?need something to send}"`
			`ssh -4 ${SSHOPTS:?need sshopts} root@{{sshserver}} "echo -e ${what}>> /dev/tty0" &>/dev/null`
			`}`

			`function expect() {`
			`local what="${1:?need something to expect}"`
Justfile/shell: experiment to verify server via VNC/SSH 2018-11-19 18:25:06 +01:00			`vncdo --server=${VNCSOCK} --password=${VNCPW} --disable-desktop-resizing --nocursor capture $PWD/screenshot.bmp`
			`convert ${MAGICK_ARGS} screenshot.bmp screenshot.tiff`
			`tesseract ${TESS_ARGS} screenshot.tiff screenshot`
Justfile: prototype remote drive unlock 2018-12-17 13:38:12 +01:00			`grep --quiet "${what}" screenshot.txt`
			`}`

			`function send_and_expect() {`
			`local send="${1:?need something to send}"`
			`local expect="${2:?need something to expect}"`
Justfile/remote-unlock: warn on failed SSH send 2019-01-02 12:19:55 +01:00			`if ! send "${send}"; then`
			`echo warning: cannot send > /dev/stderr`
			`return -1`
			`fi`
Justfile: prototype remote drive unlock 2018-12-17 13:38:12 +01:00			`expect "${expect}"`
Justfile/shell: experiment to verify server via VNC/SSH 2018-11-19 18:25:06 +01:00			`}`

Justfile: prototype remote drive unlock 2018-12-17 13:38:12 +01:00			`trap 'E=$?; set +e; rm screenshot.*; echo Exiting...; kill $(jobs -p \| cut -d " " -f 4); exit $E' EXIT`
Justfile/shell: experiment to verify server via VNC/SSH 2018-11-19 18:25:06 +01:00
			for i in `seq 1 {{attempts}}`; do
Justfile: prototype remote drive unlock 2018-12-17 13:38:12 +01:00			`echo Attempt $i...`
			`expect="$(pwgen -0 12)"`
			`send="'\0033\0143'${expect}"`
			`if send_and_expect "${send}" "${expect}"; then`
			`pipe=$(mktemp -u)`
			`mkfifo ${pipe}`
			`exec 3<>${pipe}`
			`rm ${pipe}`

Justfile/shell: experiment to verify server via VNC/SSH 2018-11-19 18:25:06 +01:00			`echo Verification succeeded at attempt $i. Unlocking remote drive...`
Justfile: prototype remote drive unlock 2018-12-17 13:38:12 +01:00			`ssh -4 ${SSHOPTS} root@{{sshserver}} "cryptsetup-askpass" <&3 &>/dev/null &`
			`eval ${GETPW} \| head -n1 >&3`

			for j in `seq 1 120`; do
			`sleep 0.5`
			`if expect '— success'; then`
			`echo Unlock successful.`
			`exit 0`
			`fi`
			`done`

Justfile: add logic to unlock remote drive 2018-12-12 11:02:46 +01:00			`echo Unlock failed...`
Justfile: prototype remote drive unlock 2018-12-17 13:38:12 +01:00			`exit 1`
Justfile/shell: experiment to verify server via VNC/SSH 2018-11-19 18:25:06 +01:00			`fi`
			`done`
			`echo Verification failed {{attempts}} times. Giving up...`
			`exit 1`
Justfile: prototype remote drive unlock 2018-12-17 13:38:12 +01:00
			`_get_pass_entry path key:`
			`pass show {{path}}\| grep -E "^{{key}}:" \| awk '{ print $2 }'`
			`# jq -sR 'split("\n") \| map(split(":"))' <(pass show Infrastructure/VPS/CFB4ED74 \| grep -E "^[A-Za-z_]+:")`
Justfile: add a recipe to run cmds with NIX_PATH set 2019-01-12 22:34:08 +01:00			`#`
			`run-with-channels +cmds:`
			`#/usr/bin/env bash`
			`source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix)`
			`{{cmds}}`