security for deployment on prod
This commit is contained in:
parent
0e1574a82b
commit
94a9c8afa8
2 changed files with 16 additions and 5 deletions
17
deploy_nixos
17
deploy_nixos
|
@ -11,8 +11,17 @@ if [ "$CLUSTER" = "staging" ]; then
|
|||
copy nix/nomad-driver-nix2.nix /etc/nixos/nomad-driver-nix2.nix
|
||||
fi
|
||||
|
||||
# use ./upgrade_nixos instead to upgrade NixOS
|
||||
#cmd "nix-channel --add https://nixos.org/channels/nixos-22.05 nixos"
|
||||
#cmd nixos-rebuild switch --upgrade --show-trace
|
||||
|
||||
cmd nixos-rebuild switch
|
||||
if [ "$CLUSTER" = "prod" ]; then
|
||||
cmd nixos-rebuild boot
|
||||
message "-------------------------------------------------------------------------------------"
|
||||
message "New NixOS configuration hasn't been applied, to avoid disturbing production services."
|
||||
message "Please apply the following procedure to node '$NIXHOST':"
|
||||
message "1. Drain node in Nomad so that all jobs are relocated elsewhere"
|
||||
message "2. Reboot node manually. You can also take the opportunity to upgrade with:"
|
||||
message " REBOOT_NODES=yes ./upgrade_nixos prod $NIXHOST"
|
||||
message "3. Mark node as eligible again in Nomad"
|
||||
message "-------------------------------------------------------------------------------------"
|
||||
else
|
||||
cmd nixos-rebuild switch
|
||||
fi
|
||||
|
|
4
sshtool
4
sshtool
|
@ -45,7 +45,9 @@ function footer {
|
|||
}
|
||||
|
||||
function message {
|
||||
echo "echo '$@'"
|
||||
echo "base64 -d <<EOG"
|
||||
echo "$@" | base64
|
||||
echo "EOG"
|
||||
}
|
||||
|
||||
function cmd {
|
||||
|
|
Loading…
Reference in a new issue