security for deployment on prod

2022-12-22 23:59:51 +01:00 · 2022-12-22 23:59:51 +01:00 · 94a9c8afa8
parent 0e1574a82b
commit 94a9c8afa8
2 changed files with 16 additions and 5 deletions
--- a/17
+++ b/17
@ -11,8 +11,17 @@ if [ "$CLUSTER" = "staging" ]; then
 	copy nix/nomad-driver-nix2.nix /etc/nixos/nomad-driver-nix2.nix
 fi

-# use ./upgrade_nixos instead to upgrade NixOS
-#cmd "nix-channel --add https://nixos.org/channels/nixos-22.05 nixos"
-#cmd nixos-rebuild switch --upgrade --show-trace

-cmd nixos-rebuild switch
+if [ "$CLUSTER" = "prod" ]; then
+	cmd nixos-rebuild boot
+	message "-------------------------------------------------------------------------------------"
+	message "New NixOS configuration hasn't been applied, to avoid disturbing production services."
+	message "Please apply the following procedure to node '$NIXHOST':"
+	message "1. Drain node in Nomad so that all jobs are relocated elsewhere"
+	message "2. Reboot node manually. You can also take the opportunity to upgrade with:"
+	message "         REBOOT_NODES=yes ./upgrade_nixos prod $NIXHOST"
+	message "3. Mark node as eligible again in Nomad"
+	message "-------------------------------------------------------------------------------------"
+else
+	cmd nixos-rebuild switch
+fi
--- a/4
+++ b/4
@ -45,7 +45,9 @@ function footer {
 }

 function message {
-	echo "echo '$@'"
+	echo "base64 -d <<EOG"
+	echo "$@" | base64
+	echo "EOG"
 }

 function cmd {