From d91d6808cf97eb3c92b2d692e743de0cb584664b Mon Sep 17 00:00:00 2001
From: Madeline Haraj <madeline.haraj@obsidian.systems>
Date: Tue, 2 Aug 2022 18:10:47 -0400
Subject: [PATCH 1/4] Move deploy activation to script; add reboot logic

---
 lib/command/src/Obelisk/Command/Deploy.hs | 27 +++++++++++++++++++----
 1 file changed, 23 insertions(+), 4 deletions(-)

diff --git a/lib/command/src/Obelisk/Command/Deploy.hs b/lib/command/src/Obelisk/Command/Deploy.hs
index af45c149a..6670d6a71 100644
--- a/lib/command/src/Obelisk/Command/Deploy.hs
+++ b/lib/command/src/Obelisk/Command/Deploy.hs
@@ -224,10 +224,8 @@ deployPush deployPath builders = do
       proc sshPath $ sshOpts <>
         [ "root@" <> host
         , unwords
-            -- Note that we don't want to $(staticWhich "nix-env") here, because this is executing on a remote machine
-            [ "nix-env -p /nix/var/nix/profiles/system --set " <> outputPath
-            , "&&"
-            , "/nix/var/nix/profiles/system/bin/switch-to-configuration switch"
+            [ "bash -c"
+            , bashEscape (deployActivationScript outputPath)
             ]
         ]
   isClean <- checkGitCleanStatus deployPath True
@@ -243,6 +241,27 @@ deployPush deployPath builders = do
       let p = setEnvOverride (envMap <>) $ setDelegateCtlc True $ proc cmd args
       callProcessAndLogOutput (Notice, Notice) p
 
+-- | Bash command that will be run on the deployed machine to actually switch the NixOS configuration
+-- This has some more involved logic than merely activating the right profile. It also determines
+-- whether the kernel parameters have changed so that the deployed NixOS instance should be restarted.
+deployActivationScript
+  :: String
+  -- ^ The out path of the configuration to activate
+  -> String
+deployActivationScript outPath =
+-- Note that we don't want to $(staticWhich "nix-env") here, because this is executing on a remote machine
+  [i|set -euxo pipefail
+nix-env -p /nix/var/nix/profiles/system --set "${outPath}"
+/nix/var/nix/profiles/system/bin/switch-to-configuration boot
+booted="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
+built="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"
+if [ "$booted" = "$built" ]; then
+  /nix/var/nix/profiles/system/bin/switch-to-configuration switch
+else
+  /run/current-system/sw/bin/shutdown -r +1
+fi
+|]
+
 -- | Update the source thunk in the staging directory to the HEAD of the branch.
 deployUpdate :: MonadObelisk m => FilePath -> m ()
 deployUpdate deployPath = updateThunkToLatest (ThunkUpdateConfig Nothing (ThunkConfig Nothing)) (deployPath </> "src")

From 79d25517d444ec5769a9257e2e9ce23ab19ad648 Mon Sep 17 00:00:00 2001
From: Madeline Haraj <madeline.haraj@obsidian.systems>
Date: Tue, 2 Aug 2022 21:44:01 -0400
Subject: [PATCH 2/4] Add ChangeLog entry

---
 ChangeLog.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ChangeLog.md b/ChangeLog.md
index a9ae33783..6a7086c3c 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -23,6 +23,7 @@ This project's release branch is `master`. This log is written from the perspect
   * [#915](https://github.com/obsidiansystems/obelisk/pull/915): Add routeLinkAttr to Obelisk.Route.Frontend. This allows the creation of route links with additional, user-specified attributes.
   * [#918](https://github.com/obsidiansystems/obelisk/pull/918): Add GHC 8.10.7 support for `obelisk-route`
   * [#952](https://github.com/obsidiansystems/obelisk/pull/952): Add a `Semigroupoid` instance for the `Encoder` type, compatible with its existing `Category` instance.
+  * [#957](https://github.com/obsidiansystems/obelisk/pull/957): ob deploy will now detect when the target machine needs to be rebooted after deployment and automatically do so. This is necessary, for example, when the kernel has been updated.
 * Javascript FFI
   * [#844](https://github.com/obsidiansystems/obelisk/pull/844): Jsaddle FFI example extended in skeleton (example project which is installed by `ob init`). Note the remark on minifier renaming in /skeleton/static/lib.js
   * [#903](https://github.com/obsidiansystems/obelisk/pull/903): Added support for a file which allows users to specify global variables and namespaces in JS, that should not be used by the Google Closure Compiler during minification of the GHCJS produced JS. See the [FAQ](FAQ.md).

From 102eea8ddd7d8af4cb0df8908e85fb7c62ed9bf3 Mon Sep 17 00:00:00 2001
From: Madeline Haraj <madeline.haraj@obsidian.systems>
Date: Tue, 2 Aug 2022 22:56:24 -0400
Subject: [PATCH 3/4] Escape outPath in deploy activation script

---
 lib/command/src/Obelisk/Command/Deploy.hs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/command/src/Obelisk/Command/Deploy.hs b/lib/command/src/Obelisk/Command/Deploy.hs
index 6670d6a71..8fcdee886 100644
--- a/lib/command/src/Obelisk/Command/Deploy.hs
+++ b/lib/command/src/Obelisk/Command/Deploy.hs
@@ -251,7 +251,7 @@ deployActivationScript
 deployActivationScript outPath =
 -- Note that we don't want to $(staticWhich "nix-env") here, because this is executing on a remote machine
   [i|set -euxo pipefail
-nix-env -p /nix/var/nix/profiles/system --set "${outPath}"
+nix-env -p /nix/var/nix/profiles/system --set "${bashEscape outPath}"
 /nix/var/nix/profiles/system/bin/switch-to-configuration boot
 booted="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
 built="$(readlink /nix/var/nix/profiles/system/{initrd,kernel,kernel-modules})"

From 0b80e17740aa88a796496083a646e84ae86aa7fd Mon Sep 17 00:00:00 2001
From: Madeline Haraj <madeline.haraj@obsidian.systems>
Date: Wed, 3 Aug 2022 12:51:49 -0400
Subject: [PATCH 4/4] Explain origin of deploy activation logic and future
 directions it can take

---
 lib/command/src/Obelisk/Command/Deploy.hs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/command/src/Obelisk/Command/Deploy.hs b/lib/command/src/Obelisk/Command/Deploy.hs
index 8fcdee886..21d6cd9d3 100644
--- a/lib/command/src/Obelisk/Command/Deploy.hs
+++ b/lib/command/src/Obelisk/Command/Deploy.hs
@@ -250,6 +250,9 @@ deployActivationScript
   -> String
 deployActivationScript outPath =
 -- Note that we don't want to $(staticWhich "nix-env") here, because this is executing on a remote machine
+-- This logic follows the nixos auto-upgrade module as of writing.
+-- If the workflow is added to switch-to-configuration proper, we can simplify this:
+-- https://github.com/obsidiansystems/obelisk/issues/958
   [i|set -euxo pipefail
 nix-env -p /nix/var/nix/profiles/system --set "${bashEscape outPath}"
 /nix/var/nix/profiles/system/bin/switch-to-configuration boot