feat(ops/nixos): Add generic rebuild-system script

This adds a first crack at one idea for a generic, non-user-specific
rebuild-system script to ops.nixos.rebuild-system. The idea here is that
we enumerate all the nixos systems stored in the monorepo (similarly to
what we do for ci-builds right now) then search through them by hostname
to find the one matching the hostname of the current system, which is an
attempt at a more generic version of tazjin's rebuilder script which
does the same thing but with an explicit case block.

As a caveat, it feels like there's a slight possibility that this way of
finding systems is going to get slow to evaluate - on my system it feels
fine but if it grows out of hand it's probably feasible to just bake
this into the built script as a dynamically generated case statement.

Change-Id: I2e4c5401913b6f4d936ab48ba2f95f96e0e78eb4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/894
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>

bin/__dispatch.sh

@@ -52,6 +52,9 @@ case "${TARGET_TOOL}" in
   hash-password)
     attr="tools.hash-password"
     ;;
+  rebuild-system)
+    attr="ops.nixos.rebuild-system"
+    ;;
   *)
     echo "The tool '${TARGET_TOOL}' is currently not installed in this repository."
     exit 1

bin/rebuild-system

@@ -0,0 +1 @@
+__dispatch.sh

ci-builds.nix

@@ -16,6 +16,10 @@ let
     owo = lib.generators.toPretty {} exp;
   };
 
+  systemFor = configuration: (depot.third_party.nixos {
+    inherit configuration;
+  }).system;
+
 in lib.fix (self: {
   __apprehendEvaluators = throw ''
     Do not evaluate this attribute set directly. It exists only to group builds
@@ -28,18 +32,10 @@ in lib.fix (self: {
   # used to trigger builds for each key.
   __evaluatable = filter (key: (substring 0 2 key) != "__") (attrNames self);
 
-  # List of non-public targets, these are only used in local builds
-  # and not in CI.
-  __nonpublic = with depot; [
-    users.tazjin.nixos.camdenSystem
-    users.tazjin.nixos.frogSystem
-  ];
-
   # Combined list of all the targets, used for building everything locally.
   __allTargets =
     (with depot.nix.yants; list drv)
-      (foldl' (x: y: x ++ y) self.__nonpublic
-        (map (k: getAttr k self) self.__evaluatable));
+    (foldl' (x: y: x ++ y) [] (map (k: getAttr k self) self.__evaluatable));
 
   fun = with depot.fun; [
     amsterdump
@@ -57,7 +53,7 @@ in lib.fix (self: {
     journaldriver
     kontemplate
     mq_cli
-    nixos.whitby
+    (systemFor nixos.whitby)
   ];
 
   third_party = with depot.third_party; [
@@ -98,10 +94,12 @@ in lib.fix (self: {
     emacs
     finito
     homepage
+    (systemFor nixos.camden)
+    (systemFor nixos.frog)
   ];
 
   glittershark = with depot.users.glittershark; [
-    system.system.chupacabra
+    (systemFor system.system.chupacabra)
     xanthous
   ];
 })

ops/nixos/all-systems.nix

@@ -0,0 +1,14 @@
+{ depot, ... }:
+
+(with depot.ops.nixos; [
+  whitby
+]) ++
+
+(with depot.users.tazjin.nixos; [
+  camden
+  frog
+]) ++
+
+(with depot.users.glittershark.system.system; [
+  chupacabra
+])

ops/nixos/default.nix

@@ -6,8 +6,40 @@
 #
 # TODO(tazjin): Find a more elegant solution for the whole module
 # situation.
-{ ... }@args:
+{ lib, pkgs, depot, ... }@args:
 
-{
+let
+  inherit (lib) findFirst isAttrs;
+in
+
+rec {
   whitby = import ./whitby/default.nix args;
+
+  # System installation
+
+  allSystems = import ./all-systems.nix args;
+
+  nixosFor = configuration: depot.third_party.nixos {
+    inherit configuration;
+  };
+
+  findSystem = hostname:
+    (findFirst
+      (system: system.config.networking.hostName == hostname)
+      (throw "${hostname} is not a known NixOS host")
+      (map nixosFor allSystems));
+
+  rebuild-system = pkgs.writeShellScriptBin "rebuild-system" ''
+    set -ue
+    if [[ $EUID -ne 0 ]]; then
+      echo "Oh no! Only root is allowed to rebuild the system!" >&2
+      exit 1
+    fi
+
+    echo "Rebuilding NixOS for $HOSTNAME"
+    system=$(nix-build -E "((import ${toString depot.depotPath} {}).ops.nixos.findSystem \"$HOSTNAME\").system" --no-out-link --show-trace)
+
+    nix-env -p /nix/var/nix/profiles/system --set $system
+    $system/bin/switch-to-configuration switch
+  '';
 }

ops/nixos/whitby/default.nix

@@ -12,11 +12,7 @@ let
     mkdir -p $out/bin
     ln -s ${depot.ops.besadii}/bin/besadii $out/bin/post-command
   '';
-
-  systemForConfig = configuration: (depot.third_party.nixos {
-    inherit configuration;
-  }).system;
-in systemForConfig {
+in {
   inherit depot;
   imports = [
     "${depot.depotPath}/ops/nixos/depot.nix"

users/glittershark/system/system/default.nix

@@ -1,9 +1,7 @@
 { depot, ... }:
 
 rec {
-  chupacabra = (depot.third_party.nixos {
-    configuration = import ./machines/chupacabra.nix;
-  }).system;
+  chupacabra = import ./machines/chupacabra.nix;
 
   rebuilder =
     let