serokell
diff --git a/‎README.md
Lines changed: 14 additions & 5 deletions b/‎README.md
Lines changed: 14 additions & 5 deletions
diff --git a/‎src/bin/activate.rs
Lines changed: 39 additions & 7 deletions b/‎src/bin/activate.rs
Lines changed: 39 additions & 7 deletions
@@ -1,5 +1,6 @@
 <!--
 SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
+SPDX-FileCopyrightText: 2021 Yannik Sander <contact@ysndr.de>
 
 SPDX-License-Identifier: MPL-2.0
 -->
@@ -16,18 +17,26 @@ Questions? Need help? Join us on Matrix: [`#deploy-rs:matrix.org`](https://matri
 
 Basic usage: `deploy [options] <flake>`.
 
-The given flake can be just a source `my-flake`, or optionally specify the node to deploy `my-flake#my-node`, or specify a profile too `my-flake#my-node.my-profile`. If your profile or node name has a `.` in it, simply wrap it in quotes, and the flake path in quotes (to avoid shell escaping), for example `'my-flake."myserver.com".system'`.
+Using this method all profiles specified in the given `<flake>` will be deployed (taking into account the [`profilesOrder`](#node)).
+
+ Optionally the flake can be constrained to deploy just a single node (`my-flake#my-node`) or a profile (`my-flake#my-node.my-profile`).
+
+If your profile or node name has a . in it, simply wrap it in quotes, and the flake path in quotes (to avoid shell escaping), for example 'my-flake."myserver.com".system'.
+
+Any "extra" arguments will be passed into the Nix calls, so for instance to deploy an impure profile, you may use `deploy . -- --impure` (note the explicit flake path is necessary for doing this).
 
 You can try out this tool easily with `nix run`:
 - `nix run github:serokell/deploy-rs your-flake`
 
-Any "extra" arguments will be passed into the Nix calls, so for instance to deploy an impure profile, you may use `deploy . -- --impure` (note the explicit flake path is necessary for doing this).
+In you want to deploy multiple flakes or a subset of profiles with one invocation, instead of calling `deploy <flake>` you can issue `deploy --targets <flake> [<flake> ...]` where `<flake>` is supposed to take the same format as discussed before.
+
+Running in this mode, if any of the deploys fails, the deploy will be aborted and all successful deploys rolled back. `--rollback-succeeded false` can be used to override this behavior, otherwise the `auto-rollback` argument takes precedent.
 
 If you require a signing key to push closures to your server, specify the path to it in the `LOCAL_KEY` environment variable.
 
 Check out `deploy --help` for CLI flags! Remember to check there before making one-time changes to things like hostnames.
 
-There is also an `activate` binary though this should be ignored, it is only used internally and for testing/hacking purposes.
+There is also an `activate` binary though this should be ignored, it is only used internally (on the deployed system) and for testing/hacking purposes.
 
 ## Ideas
 
@@ -79,7 +88,7 @@ A basic example of a flake that works with `deploy-rs` and deploys a simple NixO
 
 ### Profile
 
-This is the core of how `deploy-rs` was designed, any number of these can run on a node, as any user (see further down for specifying user information). If you want to mimick the behaviour of traditional tools like NixOps or Morph, try just defining one `profile` called `system`, as root, containing a nixosSystem, and you can even similarly use [home-manager](https://github.com/nix-community/home-manager) on any non-privileged user.
+This is the core of how `deploy-rs` was designed, any number of these can run on a node, as any user (see further down for specifying user information). If you want to mimic the behaviour of traditional tools like NixOps or Morph, try just defining one `profile` called `system`, as root, containing a nixosSystem, and you can even similarly use [home-manager](https://github.com/nix-community/home-manager) on any non-privileged user.
 
 ```nix
 {
@@ -128,7 +137,7 @@ This is the top level attribute containing all of the options for this tool
 {
   nodes = {
     # Definition format shown above
-    my-node = {}; 
+    my-node = {};
     another-node = {};
   };
 
 
@@ -1,5 +1,6 @@
 // SPDX-FileCopyrightText: 2020 Serokell <https://serokell.io/>
 // SPDX-FileCopyrightText: 2020 Andreas Fuchs <asf@boinkor.net>
+// SPDX-FileCopyrightText: 2021 Yannik Sander <contact@ysndr.de>
 //
 // SPDX-License-Identifier: MPL-2.0
 
@@ -33,10 +34,6 @@ struct Opts {
     #[clap(long)]
     log_dir: Option<String>,
 
-    /// Path for any temporary files that may be needed during activation
-    #[clap(long)]
-    temp_path: String,
-
     #[clap(subcommand)]
     subcmd: SubCommand,
 }
@@ -45,6 +42,7 @@ struct Opts {
 enum SubCommand {
     Activate(ActivateOpts),
     Wait(WaitOpts),
+    Revoke(RevokeOpts),
 }
 
 /// Activate a profile
@@ -70,13 +68,28 @@ struct ActivateOpts {
     /// Show what will be activated on the machines
     #[clap(long)]
     dry_activate: bool,
+
+    /// Path for any temporary files that may be needed during activation
+    #[clap(long)]
+    temp_path: String,
 }
 
 /// Activate a profile
 #[derive(Clap, Debug)]
 struct WaitOpts {
     /// The closure to wait for
     closure: String,
+
+    /// Path for any temporary files that may be needed during activation
+    #[clap(long)]
+    temp_path: String,
+}
+
+/// Activate a profile
+#[derive(Clap, Debug)]
+struct RevokeOpts {
+    /// The profile path to revoke
+    profile_path: String,
 }
 
 #[derive(Error, Debug)]
@@ -377,7 +390,11 @@ pub async fn activate(
 
     debug!("Running activation script");
 
-    let activation_location = if dry_activate { &closure } else { &profile_path };
+    let activation_location = if dry_activate {
+        &closure
+    } else {
+        &profile_path
+    };
 
     let activate_status = match Command::new(format!("{}/deploy-rs-activate", activation_location))
         .env("PROFILE", activation_location)
@@ -429,6 +446,16 @@ pub async fn activate(
     Ok(())
 }
 
+#[derive(Error, Debug)]
+pub enum RevokeError {
+    #[error("There was an error de-activating after an error was encountered: {0}")]
+    DeactivateError(#[from] DeactivateError),
+}
+async fn revoke(profile_path: String) -> Result<(), RevokeError> {
+    deactivate(profile_path.as_str()).await?;
+    Ok(())
+}
+
 #[tokio::main]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
     // Ensure that this process stays alive after the SSH connection dies
@@ -447,6 +474,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         match opts.subcmd {
             SubCommand::Activate(_) => deploy::LoggerType::Activate,
             SubCommand::Wait(_) => deploy::LoggerType::Wait,
+            SubCommand::Revoke(_) => deploy::LoggerType::Revoke,
         },
     )?;
 
@@ -455,15 +483,19 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
             activate_opts.profile_path,
             activate_opts.closure,
             activate_opts.auto_rollback,
-            opts.temp_path,
+            activate_opts.temp_path,
             activate_opts.confirm_timeout,
             activate_opts.magic_rollback,
             activate_opts.dry_activate,
         )
         .await
         .map_err(|x| Box::new(x) as Box<dyn std::error::Error>),
 
-        SubCommand::Wait(wait_opts) => wait(opts.temp_path, wait_opts.closure)
+        SubCommand::Wait(wait_opts) => wait(wait_opts.temp_path, wait_opts.closure)
+            .await
+            .map_err(|x| Box::new(x) as Box<dyn std::error::Error>),
+
+        SubCommand::Revoke(revoke_opts) => revoke(revoke_opts.profile_path)
             .await
             .map_err(|x| Box::new(x) as Box<dyn std::error::Error>),
     };