security for deployment on prod

This commit is contained in:
Alex 2022-12-22 23:59:51 +01:00
parent 0e1574a82b
commit 94a9c8afa8
No known key found for this signature in database
GPG key ID: 09EC5284AA804D3C
2 changed files with 16 additions and 5 deletions

View file

@ -11,8 +11,17 @@ if [ "$CLUSTER" = "staging" ]; then
copy nix/nomad-driver-nix2.nix /etc/nixos/nomad-driver-nix2.nix
fi
# use ./upgrade_nixos instead to upgrade NixOS
#cmd "nix-channel --add https://nixos.org/channels/nixos-22.05 nixos"
#cmd nixos-rebuild switch --upgrade --show-trace
if [ "$CLUSTER" = "prod" ]; then
cmd nixos-rebuild boot
message "-------------------------------------------------------------------------------------"
message "New NixOS configuration hasn't been applied, to avoid disturbing production services."
message "Please apply the following procedure to node '$NIXHOST':"
message "1. Drain node in Nomad so that all jobs are relocated elsewhere"
message "2. Reboot node manually. You can also take the opportunity to upgrade with:"
message " REBOOT_NODES=yes ./upgrade_nixos prod $NIXHOST"
message "3. Mark node as eligible again in Nomad"
message "-------------------------------------------------------------------------------------"
else
cmd nixos-rebuild switch
fi

View file

@ -45,7 +45,9 @@ function footer {
}
function message {
echo "echo '$@'"
echo "base64 -d <<EOG"
echo "$@" | base64
echo "EOG"
}
function cmd {