feat: first iteration of nixos updates

.harper-dictionary.txt

@@ -6,7 +6,9 @@ Comin
 Ctrl
 FIXME
 Fediversity
+GC
 MiB
+NAR
 NAT'ed
 NATS
 NGI

Justfile

@@ -1,6 +1,8 @@
 COORDINATOR_NODE_ID := "ba48d5a18a06a0348511b83ef8e8b900ea653c43086e55613344cdd8192f7f6c"
 AGENT_NODE_ID := "976f02e6c46cd53189128d7b72ec1a2eeff05012130debefc7a5dab8d0744139"
 
+DEFAULT_LOG_LEVEL := "debug"
+
 coordinator-nodeid:
     echo {{COORDINATOR_NODE_ID}}
 
@@ -9,7 +11,7 @@ agent-nodeid:
 
 run-coordinator relay_mode="disabled" +args="":
     #!/usr/bin/env bash
-    RUST_LOG=iroh=debug,flt=trace,flt_lib=trace \
+    RUST_LOG=flt={{DEFAULT_LOG_LEVEL}},flt_lib={{DEFAULT_LOG_LEVEL}},iroh_blobs=debug,iroh_docs=debug \
         cargo run -- \
             --maybe-secret-key=./fixtures/coordinator.ed25519 \
             --relay-mode={{relay_mode}} \
@@ -19,16 +21,17 @@ run-coordinator relay_mode="disabled" +args="":
 
 run-agent relay_mode="disabled" node_id=COORDINATOR_NODE_ID +args="":
     #!/usr/bin/env bash
-    RUST_LOG=flt=trace,flt_lib=trace \
+    RUST_LOG=flt={{DEFAULT_LOG_LEVEL}},flt_lib={{DEFAULT_LOG_LEVEL}} \
         cargo run -- \
             --maybe-secret-key=./fixtures/agent.ed25519 \
             --relay-mode={{relay_mode}} \
         agent \
             --coordinator="{{ node_id }}" \
+            --maybe-subscribe-loop-interval-seconds=99999 \
             {{args}}
 
 run-admin relay_mode="disabled" node_id=COORDINATOR_NODE_ID +args="":    #!/usr/bin/env bash
-    RUST_LOG=flt=trace,flt_lib=trace \
+    RUST_LOG=flt={{DEFAULT_LOG_LEVEL}},flt_lib={{DEFAULT_LOG_LEVEL}} \
         cargo run -- \
             --maybe-secret-key=./fixtures/admin.ed25519 \
             --relay-mode={{relay_mode}} \
@@ -37,21 +40,69 @@ run-admin relay_mode="disabled" node_id=COORDINATOR_NODE_ID +args="":    #!/usr/
             \
             {{args}}
 
+get-agent-facts:
+    just run-admin disabled $(just coordinator-nodeid) enrollment-service get-facts $(just agent-nodeid) | jq .
+
+bench:
+    cargo bench --features test
+
+test:
+    cargo nextest run
+
+
+### recipes specific to steveej's local environment
+
 run-agent-on-installer:
     #!/usr/bin/env bash
     scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no ./fixtures/agent.ed25519 nixos@nixos:/home/nixos/
     ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no  nixos@nixos sudo \
-        RUST_LOG=flt=trace \
+        RUST_LOG=flt={{DEFAULT_LOG_LEVEL}} \
             flt \
                 --relay-mode=default \
                 --maybe-secret-key=/home/nixos/agent.ed25519 \
-            agent --coordinator={{COORDINATOR_NODE_ID}}
+            agent \
+                --coordinator={{COORDINATOR_NODE_ID}}
 
-get-agent-facts:
-    just run-admin disabled $(just coordinator-nodeid) enrollment-service get-facts $(just agent-nodeid) | jq .
 
-bench:
-    cargo bench --features test
+stop-agent-on-steveej-sj-srv2:
+    ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no root@sj-srv2 "systemctl stop flt-agent-dev.service"
 
-test:
-    cargo nextest run
+run-agent-on-steveej-sj-srv2:
+    #!/usr/bin/env bash
+    set -xeE -o pipefail
+
+    just stop-agent-on-steveej-sj-srv2 || true
+
+    export FLT_PATH=$(nix build --no-link --print-out-paths --builders sj-srv2 .#packages.x86_64-linux.rust-workspace)/bin/flt
+    export AGENT_SECRET_KEY=/root/.flt_agent_secret.key
+
+    # TODO(MABYE): maybe set up cross compilation and make this work
+    # export FLT_PATH=/root/.flt-bin-dev
+    # cargo build --bin flt --target=x86_64-unknown-linux-gnu
+    # scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no ./target/debug/flt root@sj-srv2:${FLT_PATH}
+
+    scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no ./fixtures/agent.ed25519 root@sj-srv2:${AGENT_SECRET_KEY}
+    ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o CheckHostIP=no root@sj-srv2 \
+        systemd-run \
+                --unit="flt-agent-dev" \
+                --remain-after-exit --collect --send-sighup --collect \
+                --setenv=RUST_LOG=flt={{DEFAULT_LOG_LEVEL}} \
+                --setenv=PATH=\$PATH \
+            ${FLT_PATH} \
+            \
+                --relay-mode=default \
+                --maybe-secret-key=${AGENT_SECRET_KEY} \
+            agent \
+                --persistence-mode=filesystem --persistence-dir=/var/lib/flt/agent \
+                --maybe-subscribe-loop-interval-seconds=99999 \
+                --coordinator={{COORDINATOR_NODE_ID}} \
+        \; \
+        journalctl -f --unit flt-agent-dev.service --no-hostname -f -q -o cat
+
+
+push-closure-to-sj-srv2 args="":
+    #!/usr/bin/env bash
+    set -xeE -o pipefail
+
+    just run-admin disabled $(just coordinator-nodeid) enrollment-service assign-nixos-closure \
+            --node-id $(just agent-nodeid) --path $(nix build --no-link --print-out-paths ~/src/steveej/infra#nixosConfigurations.sj-srv2.config.system.build.toplevel) {{args}}

codebook.toml

@@ -10,6 +10,7 @@ words = [
     "justfile",
     "linters",
     "lnet",
+    "nar",
     "nat'ed",
     "natively",
     "nextest",
@@ -25,6 +26,7 @@ words = [
     "serde",
     "substituters",
     "substitutor",
+    "updatables",
     "uptime",
     "wip",
 ]

nix/packages/dummy-nixos-closure-failure.nix

@@ -0,0 +1,11 @@
+{
+  pkgs,
+  ...
+}:
+
+pkgs.writeShellScriptBin "switch-to-configuration" ''
+  echo Called with arguments: $@
+  echo This would\'ve failed!
+  echo This would\'ve failed! >&2
+  exit 1
+''

nix/packages/dummy-nixos-closure-success.nix

@@ -0,0 +1,10 @@
+{
+  pkgs,
+  ...
+}:
+
+pkgs.writeShellScriptBin "switch-to-configuration" ''
+  echo Called with arguments: $@
+  echo This would\'ve switched the system, congratulations!
+  exit 0
+''

rust/lib/Cargo.toml

@@ -44,6 +44,9 @@ linked-hash-map = { version = "0.5.6", features = ["serde", "serde_impl"] }
 linked_hash_set = { version = "0.1.6", features = ["serde"] }
 strum = { version = "0.27.2", features = ["derive", "strum_macros"] }
 erased-serde = "0.4.9"
+async-trait = "0.1.89"
+tokio-util = { version = "0.7.17", features = ["io"] }
+tokio-stream = { version = "0.1.17", features = ["io-util"] }
 
 [dev-dependencies]
 flt_lib = { path = ".", features = ["test"]}

rust/lib/src/admin.rs

@@ -16,6 +16,8 @@ pub async fn run(
 
     let timeout = std::time::Duration::from_secs_f64(timeout);
 
+    tracing::debug!("processing {cmd:?}");
+
     let json_value = match cmd {
         cli::AdminCmd::EchoHash { args } => {
             serde_json::to_value(crate::protocols::echo_hash::send(endpoint, args).await?)?
@@ -81,6 +83,13 @@ pub async fn run(
 
                     serde_json::to_value(response)?
                 }
+                cli::EnrollmentServiceCmd::AssignNixosClosure { node_id, path } => {
+                    client
+                        .upload_and_assign_nixos_closure(timeout, node_id, path)
+                        .await?;
+
+                    serde_json::to_value(())?
+                }
             }
         }
     };

rust/lib/src/admin/cli.rs

@@ -18,19 +18,24 @@ pub enum PersistenceMode {
 #[derive(Debug, Clone, Args, Default)]
 #[command(version, about)]
 pub struct CoordinatorArgs {
+    #[command(flatten)]
+    pub persistence_args: PersistenceArgs,
+}
+
+/// Definition for the top-level Admin command
+#[derive(Debug, Clone, Args, Default)]
+#[command(version, about)]
+pub struct PersistenceArgs {
     /// Persistence for the local document storage.
     #[arg(long, default_value_t = PersistenceModeDiscriminants::default())]
     pub persistence_mode: PersistenceModeDiscriminants,
 
-    #[arg(
-        long,
-        default_value = ".coordinator_files",
-        required_if_eq("persistence_mode", "filesystem")
-    )]
+    /// Directory in which the data will be persisted.
+    #[arg(long, required_if_eq("persistence_mode", "filesystem"))]
     pub persistence_dir: PathBuf,
 }
-impl CoordinatorArgs {
-    pub(crate) fn persistence_mode(&self) -> PersistenceMode {
+impl PersistenceArgs {
+    pub(crate) fn mode(&self) -> PersistenceMode {
         match self.persistence_mode {
             PersistenceModeDiscriminants::Memory => PersistenceMode::Memory,
             PersistenceModeDiscriminants::Filesystem => {
@@ -44,6 +49,9 @@ impl CoordinatorArgs {
 #[derive(Debug, Clone, Args, Default)]
 #[command(version, about)]
 pub struct AgentArgs {
+    #[command(flatten)]
+    pub persistence_args: PersistenceArgs,
+
     /// Pass one or multiple NodeIds that are used as coordinators
     #[arg(long = "coordinator")]
     pub maybe_coordinator: Option<iroh::PublicKey>,
@@ -54,6 +62,21 @@ pub struct AgentArgs {
 
     #[arg(long)]
     pub maybe_update_facts_loop_interval_seconds: Option<f64>,
+    //
+    // #[arg(long)]
+    // pub host_type: HostTypeDiscriminants,
+
+    // #[arg(long)]
+    // pub host_update: bool,
+}
+
+#[derive(Default, strum::EnumString, strum::Display, strum::EnumDiscriminants)]
+#[strum_discriminants(derive(Default, strum::Display, strum::EnumString))]
+pub enum HostType {
+    #[default]
+    #[strum_discriminants(default)]
+    Ignore,
+    Autodetect,
 }
 
 /// Definition for the top-level Admin command
@@ -108,6 +131,13 @@ pub enum EnrollmentServiceCmd {
     GetFacts {
         node_id: PublicKey,
     },
+
+    AssignNixosClosure {
+        #[arg(long)]
+        node_id: PublicKey,
+        #[arg(long)]
+        path: PathBuf,
+    },
 }
 
 /// All enrollment agent subcommands

rust/lib/src/agent.rs

@@ -2,7 +2,6 @@ use iroh::{
     protocol::{DynProtocolHandler, Router},
     SecretKey,
 };
-use iroh_docs::engine::ProtectCallbackHandler;
 use tokio::sync::mpsc::UnboundedReceiver;
 use tracing::info;
 
@@ -19,24 +18,13 @@ pub async fn run(
     info!("node_id: {node_id} listening on {bind_info:?}");
 
     // Enable iroh-docs and its dependencies
-    let (protect_callback_handler, protect_callback) = ProtectCallbackHandler::new();
-    let blob_store =
-        iroh_blobs::store::mem::MemStore::new_with_opts(iroh_blobs::store::mem::Options {
-            gc_config: Some(iroh_blobs::store::GcConfig {
-                interval: std::time::Duration::from_mins(10),
-                add_protected: Some(protect_callback),
-            }),
-        });
-    let blobs = iroh_blobs::BlobsProtocol::new(&blob_store, None);
-    let gossip = iroh_gossip::Gossip::builder().spawn(endpoint.clone());
-    let docs = iroh_docs::protocol::Docs::memory()
-        .protect_handler(protect_callback_handler)
-        .spawn(endpoint.clone(), (*blob_store).clone(), gossip.clone())
-        .await?;
+    let (blobs, blob_store, gossip, docs) =
+        crate::util::setup_iroh_docs_and_deps(&endpoint, &agent_args.persistence_args.mode())
+            .await?;
 
     let router_builder = Router::builder(endpoint.clone())
-        .accept(iroh_blobs::ALPN, blobs.clone())
         .accept(iroh_gossip::ALPN, gossip.clone())
+        .accept(iroh_blobs::ALPN, blobs.clone())
         .accept(iroh_docs::ALPN, docs.clone())
         .accept(
             enrollment_agent::ALPN,