feat: implement NATS-based NixOS deployment system

Implement the complete homelab-deploy system with three operational modes: - Listener mode: Runs on NixOS hosts as a systemd service, subscribes to NATS subjects with configurable templates, executes nixos-rebuild on deployment requests with concurrency control - MCP mode: MCP server exposing deploy, deploy_admin, and list_hosts tools for AI assistants with tiered access control - CLI mode: Manual deployment commands with subject alias support via environment variables Key components: - internal/messages: Request/response types with validation - internal/nats: Client wrapper with NKey authentication - internal/deploy: Executor with timeout and lock for concurrency - internal/listener: Subject template expansion and request handling - internal/cli: Deploy logic with alias resolution - internal/mcp: MCP server with mcp-go integration - nixos/module.nix: NixOS module with hardened systemd service Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-07 04:19:47 +01:00
parent ad7d1a650c
commit fa49e9322a
27 changed files with 2929 additions and 26 deletions
--- a/internal/cli/aliases_test.go
+++ b/internal/cli/aliases_test.go
@@ -0,0 +1,112 @@
+package cli
+
+import (
+	"testing"
+)
+
+func TestResolveAlias(t *testing.T) {
+	// Set up test environment variables
+	t.Setenv("HOMELAB_DEPLOY_ALIAS_TEST", "deploy.test.all")
+	t.Setenv("HOMELAB_DEPLOY_ALIAS_PROD", "deploy.prod.all")
+	t.Setenv("HOMELAB_DEPLOY_ALIAS_PROD_DNS", "deploy.prod.role.dns")
+
+	tests := []struct {
+		name  string
+		input string
+		want  string
+	}{
+		{
+			name:  "full subject unchanged",
+			input: "deploy.prod.ns1",
+			want:  "deploy.prod.ns1",
+		},
+		{
+			name:  "subject with multiple dots",
+			input: "deploy.test.role.web",
+			want:  "deploy.test.role.web",
+		},
+		{
+			name:  "lowercase alias",
+			input: "test",
+			want:  "deploy.test.all",
+		},
+		{
+			name:  "uppercase alias",
+			input: "TEST",
+			want:  "deploy.test.all",
+		},
+		{
+			name:  "mixed case alias",
+			input: "TeSt",
+			want:  "deploy.test.all",
+		},
+		{
+			name:  "alias with hyphen",
+			input: "prod-dns",
+			want:  "deploy.prod.role.dns",
+		},
+		{
+			name:  "alias with hyphen uppercase",
+			input: "PROD-DNS",
+			want:  "deploy.prod.role.dns",
+		},
+		{
+			name:  "unknown alias returns as-is",
+			input: "unknown",
+			want:  "unknown",
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			got := ResolveAlias(tc.input)
+			if got != tc.want {
+				t.Errorf("ResolveAlias(%q) = %q, want %q", tc.input, got, tc.want)
+			}
+		})
+	}
+}
+
+func TestIsAlias(t *testing.T) {
+	tests := []struct {
+		input string
+		want  bool
+	}{
+		{"test", true},
+		{"prod-dns", true},
+		{"PROD", true},
+		{"deploy.test.all", false},
+		{"deploy.prod.ns1", false},
+		{"a.b", false},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.input, func(t *testing.T) {
+			got := IsAlias(tc.input)
+			if got != tc.want {
+				t.Errorf("IsAlias(%q) = %v, want %v", tc.input, got, tc.want)
+			}
+		})
+	}
+}
+
+func TestGetAliasEnvVar(t *testing.T) {
+	tests := []struct {
+		alias string
+		want  string
+	}{
+		{"test", "HOMELAB_DEPLOY_ALIAS_TEST"},
+		{"prod", "HOMELAB_DEPLOY_ALIAS_PROD"},
+		{"prod-dns", "HOMELAB_DEPLOY_ALIAS_PROD_DNS"},
+		{"my-long-alias", "HOMELAB_DEPLOY_ALIAS_MY_LONG_ALIAS"},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.alias, func(t *testing.T) {
+			got := GetAliasEnvVar(tc.alias)
+			if got != tc.want {
+				t.Errorf("GetAliasEnvVar(%q) = %q, want %q", tc.alias, got, tc.want)
+			}
+		})
+	}
+}