_usage: just -l _get_nix_path versionsPath: echo $(set -x; nix-build --no-link --show-trace {{invocation_directory()}}/nix/default.nix -A channelSources --argstr versionsPath {{versionsPath}} --argstr rebuildarg "dummy") _device recipe dir +moreargs="": #!/usr/bin/env bash set -ex source $(just -v _get_nix_path {{invocation_directory()}}/{{dir}}/versions.nix) $(set -x; nix-build --no-link --show-trace $(dirname {{dir}})/default.nix -A recipes.{{recipe}} --argstr dir {{dir}} {{moreargs}}) _render_templates: #!/usr/bin/env bash set -ex source $(just -v _get_nix_path {{invocation_directory()}}/nix/variables/versions.nix) nix/scripts/pre-eval-fixed.sh nix/home-manager/profiles/dotfiles/vcsh{.tmpl,}.nix _rebuild-device dir rebuildarg="dry-activate" +moreargs="": _render_templates #!/usr/bin/env bash set -ex just -v _device rebuild {{dir}} --argstr rebuildarg {{rebuildarg}} {{moreargs}} rebuild-remote-device dir target rebuildarg="dry-activate" : #!/usr/bin/env bash set -ex just -v _rebuild-device {{dir}} {{rebuildarg}} --argstr moreargs "'--target-host\ {{target}}'" # Rebulid this device's NixOS rebuild-this-device rebuildarg="dry-activate": #!/usr/bin/env bash set -e function parse_hm_rebuildarg() { case $1 in switch) echo switch ;; *) echo build ;; esac } export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log export HOMEREBUILD_LOG=.$(hostname -s)_homerebuild.log echo Rebuilding system in {{rebuildarg}}-mode... if just -v _rebuild-device nix/os/devices/$(hostname -s) {{rebuildarg}} > ${SYSREBUILD_LOG} 2>&1 ; then echo System rebuild successful else cat ${SYSREBUILD_LOG} echo System rebuild failed fi if type home-manager > /dev/null 2>&1; then echo Rebuilding home in $(parse_hm_rebuildarg {{rebuildarg}})-mode... if home-manager -v $(parse_hm_rebuildarg {{rebuildarg}}) > ${HOMEREBUILD_LOG} 2>&1 ; then echo Home rebuild successful else cat ${HOMEREBUILD_LOG} echo Home rebuild failed fi fi # This could be used to inject another channel # --argstr moreargs "\'-I nixos-unstable=https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz\'" # Update nix-channels and switch to updated NixOS and home environments update-this-device: #!/usr/bin/env bash set -e export SYSREBUILD_LOG=.$(hostname -s)_sysrebuild.log echo Updating system channels... sudo nix-channel --update just -v rebuild-this-device switch # Iterate on a qtile config by running it inside Xephyr. (un-/grab the mouse with Ctrl + Shift-L) hm-iterate-qtile: #!/usr/bin/env bash set -xe home-manager switch || just -v rebuild-this-device switch Xephyr -ac -br -resizeable :1 & XEPHYR_PID=$! echo ${XEPHYR_PID} DISPLAY=:1 $(grep qtile ~/.xsession) & wait $! kill ${XEPHYR_PID} # !!! DANGERIOUS !!! This wipes the disk which is configured for the given device. disk-prepare dir: just -v _device diskPrepare {{dir}} --argstr rebuildarg "dummy" # Mount the target disk specified by device configuration directory. The 'dir' argument points to a device configuration, e.g. 'nix/os/devices/steveej-live-mmc-SL32G_0x259093f6' disk-mount dir: just -v _device diskMount {{dir}} --argstr rebuildarg "dummy" # Unmount target disk, specified by device configuration directory disk-umount dir: just -v _device diskUmount {{dir}} --argstr rebuildarg "dummy" # Perform an offline installation on the mounted target disk, specified by device configuration directory disk-install dir: _render_templates just -v _device diskInstall {{dir}} --argstr rebuildarg "dummy" verify-vnc sshserver attempts="10": #!/usr/bin/env bash set -e : ${VNCSOCK:?VNCSOCK must be set} : ${VNCPW:?VNCPW must be set} export MAGICK_ARGS="-filter Catrom -density 72 -resample 300 -contrast -normalize -despeckle -type grayscale -sharpen 1 -posterize 3 -negate -gamma 100 -blur 1x65535" export TESS_ARGS="-c debug_file=/dev/null --psm 4" function send() { local what="${1:?need something to send}" ssh -4 ${SSHOPTS:?need sshopts} root@{{sshserver}} "echo -e ${what}>> /dev/tty0" &>/dev/null } function expect() { local what="${1:?need something to expect}" vncdo --server=${VNCSOCK} --password=${VNCPW} --disable-desktop-resizing --nocursor capture $PWD/screenshot.bmp convert ${MAGICK_ARGS} screenshot.bmp screenshot.tiff tesseract ${TESS_ARGS} screenshot.tiff screenshot grep --quiet "${what}" screenshot.txt } function send_and_expect() { local send="${1:?need something to send}" local expect="${2:?need something to expect}" if ! send "${send}"; then echo warning: cannot send > /dev/stderr return -1 fi expect "${expect}" } trap 'E=$?; set +e; rm screenshot.*; echo Exiting...; kill $(jobs -p | cut -d " " -f 4); exit $E' EXIT for i in `seq 1 {{attempts}}`; do echo Attempt $i... expect="$(pwgen -0 12)" send="'\0033\0143'${expect}" if send_and_expect "${send}" "${expect}"; then pipe=$(mktemp -u) mkfifo ${pipe} exec 3<>${pipe} rm ${pipe} echo Verification succeeded at attempt $i. Unlocking remote drive... ssh -4 ${SSHOPTS} root@{{sshserver}} "cryptsetup-askpass" <&3 &>/dev/null & eval ${GETPW} | head -n1 >&3 for j in `seq 1 120`; do sleep 0.5 if expect '— success'; then echo Unlock successful. exit 0 fi done echo Unlock failed... exit 1 fi done echo Verification failed {{attempts}} times. Giving up... exit 1 _get_pass_entry path key: pass show {{path}}| grep -E "^{{key}}:" | awk '{ print $2 }' # jq -sR 'split("\n") | map(split(":"))' <(pass show Infrastructure/VPS/CFB4ED74 | grep -E "^[A-Za-z_]+:")