security for deployment on prod
This commit is contained in:
parent
0e1574a82b
commit
94a9c8afa8
17
deploy_nixos
17
deploy_nixos
|
@ -11,8 +11,17 @@ if [ "$CLUSTER" = "staging" ]; then
|
|||
copy nix/nomad-driver-nix2.nix /etc/nixos/nomad-driver-nix2.nix
|
||||
fi
|
||||
|
||||
# use ./upgrade_nixos instead to upgrade NixOS
|
||||
#cmd "nix-channel --add https://nixos.org/channels/nixos-22.05 nixos"
|
||||
#cmd nixos-rebuild switch --upgrade --show-trace
|
||||
|
||||
cmd nixos-rebuild switch
|
||||
if [ "$CLUSTER" = "prod" ]; then
|
||||
cmd nixos-rebuild boot
|
||||
message "-------------------------------------------------------------------------------------"
|
||||
message "New NixOS configuration hasn't been applied, to avoid disturbing production services."
|
||||
message "Please apply the following procedure to node '$NIXHOST':"
|
||||
message "1. Drain node in Nomad so that all jobs are relocated elsewhere"
|
||||
message "2. Reboot node manually. You can also take the opportunity to upgrade with:"
|
||||
message " REBOOT_NODES=yes ./upgrade_nixos prod $NIXHOST"
|
||||
message "3. Mark node as eligible again in Nomad"
|
||||
message "-------------------------------------------------------------------------------------"
|
||||
else
|
||||
cmd nixos-rebuild switch
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue