applyset-deploy.sh

@@ -3,10 +3,9 @@
 set -euo pipefail
 
 first_server="${SERVERS%% *}"
-previous_manifest=$(
-	envsubst <<EOF | ssh -T "root@$first_server"
-if [[ -f "$GCROOTDIR/$NAME.yml" ]]; then
-	cat "$GCROOTDIR/$NAME.yml"
+previous_manifest=$(ssh -T "root@$first_server" << EOF
+if [[ -f "$GCROOTDIR/${NAME}.yml" ]]; then
+	cat "$GCROOTDIR/${NAME}.yml"
 fi
 EOF
 )
@@ -15,26 +14,30 @@ set +e
 if [ -z "$previous_manifest" ]; then
 	echo No previous manifest found!
 else
-	$DYFF between <(echo "$previous_manifest") "$MANIFEST" \
+	$DYFF between <(echo $previous_manifest) $MANIFEST \
 		--exclude-regexp metadata.labels.kubenix/hash \
 		--exclude-regexp labels.kubenix/hash \
-		--set-exit-code
+		--set-exit-code 
+
+	if [ $? -eq 0 ]; then
+		exit 0
+	fi
 fi
 set -e
 
-read -r -p "Continue? " _
+read -r -p "Continue? " response
 
 echo Uploading closure...
 for server in $SERVERS; do
-	echo Uploading closure to "$server"...
-	nix copy --to "ssh://root@$server.dmz" "$MANIFEST"
+	echo Uploading closure to $server...
+	nix copy --to "ssh://root@$server.dmz" $MANIFEST
 	ssh "root@$server.dmz" "mkdir -p $GCROOTDIR && ln -sf $MANIFEST $GCROOTDIR/${NAME}.yml"
 done
 
 echo Applying Kubernetes manifest...
 export KUBECTL_APPLYSET=true
-vals eval -fail-on-missing-key-in-map <"$MANIFEST" |
-	kubectl apply -f - \
-		--prune \
-		--applyset applyset-"$NAME" \
-		--namespace "$NAMESPACE"
+vals eval -fail-on-missing-key-in-map <$MANIFEST | \
+kubectl apply -f - \
+	--prune \
+	--applyset applyset-$NAME \
+	--namespace $NAMESPACE

globals.nix

@@ -20,7 +20,7 @@
       immich-postgres = "docker.io/tensorchord/pgvecto-rs:pg14-v0.2.0@sha256:90724186f0a3517cf6914295b5ab410db9ce23190a2d9d0b9dd6463e3fa298f0";
       kitchenowl = "tombursch/kitchenowl:v0.6.4";
       cyberchef = "mpepping/cyberchef:latest";
-      freshrss = "freshrss/freshrss:1.25.0";
+      freshrss = "freshrss/freshrss:1.24.3";
       bind9 = "ubuntu/bind9:9.18-22.04_beta";
       hedgedoc = "quay.io/hedgedoc/hedgedoc:1.10.0";
       minecraft = "itzg/minecraft-server:latest";

kubenix.nix

@@ -64,7 +64,7 @@ flake-utils.lib.eachDefaultSystem
       pkgs.symlinkJoin
       {
         name = "applyset-deploy.sh";
-        paths = [deployScript pkgs.vals pkgs.kubectl pkgs.gettext];
+        paths = [deployScript pkgs.vals pkgs.kubectl];
         buildInputs = [pkgs.makeWrapper];
         passthru.manifest = result;
         meta.mainProgram = "applyset-deploy.sh";