torjus/homelab-deploy
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement NATS-based NixOS deployment system

Browse Source 
Implement the complete homelab-deploy system with three operational modes:

- Listener mode: Runs on NixOS hosts as a systemd service, subscribes to
  NATS subjects with configurable templates, executes nixos-rebuild on
  deployment requests with concurrency control

- MCP mode: MCP server exposing deploy, deploy_admin, and list_hosts
  tools for AI assistants with tiered access control

- CLI mode: Manual deployment commands with subject alias support via
  environment variables

Key components:
- internal/messages: Request/response types with validation
- internal/nats: Client wrapper with NKey authentication
- internal/deploy: Executor with timeout and lock for concurrency
- internal/listener: Subject template expansion and request handling
- internal/cli: Deploy logic with alias resolution
- internal/mcp: MCP server with mcp-go integration
- nixos/module.nix: NixOS module with hardened systemd service

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-07 04:19:47 +01:00
parent ad7d1a650c
commit fa49e9322a
27 changed files with 2929 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
internal/deploy/lock.go Normal file
View File

@@ -0,0 +1,56 @@
// Package deploy provides deployment execution logic.
package deploy
import (
"sync"
)
// Lock provides a simple in-memory lock for single-deployment concurrency control.
type Lock struct {
mu sync.Mutex
held bool
holder string
}
// NewLock creates a new deployment lock.
func NewLock() *Lock {
return &Lock{}
}
// TryAcquire attempts to acquire the lock. Returns true if successful.
// The holder parameter identifies who is holding the lock.
func (l *Lock) TryAcquire(holder string) bool {
l.mu.Lock()
defer l.mu.Unlock()
if l.held {
return false
}
l.held = true
l.holder = holder
return true
}
// Release releases the lock.
func (l *Lock) Release() {
l.mu.Lock()
defer l.mu.Unlock()
l.held = false
l.holder = ""
}
// IsHeld returns true if the lock is currently held.
func (l *Lock) IsHeld() bool {
l.mu.Lock()
defer l.mu.Unlock()
return l.held
}
// Holder returns the current holder of the lock, or empty string if not held.
func (l *Lock) Holder() string {
l.mu.Lock()
defer l.mu.Unlock()
return l.holder
}