-export
-ifndef NIXOPS_CONFIG_PASS_SUBTREE_PATH
- $(error Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path)
+ifndef NIXOPS_ENV_LOADED
+ $(error "Please load environment with direnv")
endif
-NIXOPS_STATE ?= ./state/eldiron.nixops
-NIXOPS_DEPLOYMENT = cef694f3-081d-11e9-b31f-0242ec186adf
-nixpkgs ?= https://releases.nixos.org/nixos/19.03/nixos-19.03.173677.daf861a810d/nixexprs.tar.xz
-NIX_PATH = nixpkgs=${nixpkgs}:nixpkgsNext=${nixpkgs}:nixpkgsPrevious=${nixpkgs}
-
-NIXOPS := $(shell NIX_PATH=$(NIX_PATH) nix-build --no-out-link -E "with import <nixpkgs> { overlays = builtins.attrValues (import ../overlays); }; nixops")/bin/nixops
-NIXOPS_PRIV = ./scripts/with_env $(NIXOPS)
-
###### Current channel information
nix-info:
@version=$$(nix eval --raw nixpkgs.lib.version) && \
./scripts/setup
.PHONY: setup
-###### Nixops regular tasks
-NIXOPS_ARGS ?=
-nixops:
- $(NIXOPS_PRIV) $(NIXOPS_ARGS)
-
+###### Morph regular tasks
+PROFILE=/nix/var/nix/profiles/per-user/immae/morph/immaeEu
+TARGET ?=
+MORPH_ARGS ?=
+ifdef TARGET
+ # multiple targets: --on="{machine1,machine2}" (works with * glob too)
+ override MORPH_ARGS +=--on=$(TARGET)
+endif
SSH_ARGS ?=
+
+edit_env:
+ $(EDITOR) secrets/environment.nix || true
+ git -C secrets add environment.nix || true
+ git -C secrets commit -m "Edit environment.nix" environment.nix || true
+
+edit_vars:
+ sops secrets/vars.yml || true
+ git -C secrets add vars.yml || true
+ git -C secrets commit -m "Edit password for vars.yml using sops." vars.yml || true
+
ssh-eldiron:
- $(NIXOPS_PRIV) ssh eldiron -- $(SSH_ARGS)
+ ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@eldiron $(SSH_ARGS)'
ssh-dilion:
- $(NIXOPS_PRIV) ssh dilion -- $(SSH_ARGS)
+ ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@dilion $(SSH_ARGS)'
ssh-backup-2:
- $(NIXOPS_PRIV) ssh backup-2 -- $(SSH_ARGS)
+ ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@backup-2 $(SSH_ARGS)'
ssh-monitoring-1:
- $(NIXOPS_PRIV) ssh monitoring-1 -- $(SSH_ARGS)
+ ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@monitoring-1 $(SSH_ARGS)'
-info:
- $(NIXOPS_PRIV) list
- $(NIXOPS_PRIV) info
+ssh-4c:
+ ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@quatresaisons $(SSH_ARGS)'
debug:
- $(NIXOPS_PRIV) deploy --build-only --show-trace
-
-dry-run:
- $(NIXOPS_PRIV) deploy --dry-run
+ ./scripts/with_env morph build --show-trace default.nix $(MORPH_ARGS)
build:
- $(NIXOPS_PRIV) deploy --build-only
+ ./scripts/with_env morph build default.nix $(MORPH_ARGS)
+
+dry-run:
+ ./scripts/with_env morph build --dry-run default.nix $(MORPH_ARGS)
upload:
- $(NIXOPS_PRIV) deploy --copy-only
+ ./scripts/with_env morph push default.nix $(MORPH_ARGS)
deploy:
- $(NIXOPS_PRIV) deploy
+ ./scripts/with_env morph deploy default.nix switch --keep-result --upload-secrets $(MORPH_ARGS)
+ nix-env -p $(PROFILE) --set .gcroots/default.nix
+
+next-boot:
+ ./scripts/with_env morph deploy default.nix boot --keep-result --upload-secrets $(MORPH_ARGS)
+ nix-env -p $(PROFILE) --set .gcroots/default.nix
deploy-reboot:
- $(NIXOPS_PRIV) deploy --force-reboot
+ ./scripts/with_env morph deploy default.nix boot --reboot --upload-secrets $(MORPH_ARGS)
-reboot:
- $(NIXOPS_PRIV) reboot --include=eldiron
-.PHONY: nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot
+.PHONY: ssh-eldiron ssh-dilion ssh-monitoring-1 ssh-backup-2 debug build upload deploy deploy-reboot
###### Cleanup generations and garbage collection
-profile := $$($(NIXOPS_PRIV) info | grep "^Nix profile: " | sed -e "s/^Nix profile: //")
GEN ?= "+3"
list-generations:
- nix-env -p $(profile) --list-generations
- $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations
+ nix-env -p $(PROFILE) --list-generations
+ $(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --list-generations"
.PHONY: list-generations
delete-generations:
- nix-env -p $(profile) --delete-generations $(GEN)
- $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
- $(NIXOPS_PRIV) ssh dilion -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
- $(NIXOPS_PRIV) ssh backup-2 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
- $(NIXOPS_PRIV) ssh monitoring-1 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
+ @echo "making sure that a complete build is done before cleaning up"
+ $(MAKE) build MORPH_ARGS=--keep-result
+ nix-env -p $(PROFILE) --delete-generations $(GEN)
+ $(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
+ $(MAKE) ssh-dilion SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
+ $(MAKE) ssh-backup-2 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
+ $(MAKE) ssh-monitoring-1 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
.PHONY: delete-generations
cleanup: delete-generations
nix-store --gc
- $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc
- $(NIXOPS_PRIV) ssh dilion -- nix-store --gc
- $(NIXOPS_PRIV) ssh backup-2 -- nix-store --gc
- $(NIXOPS_PRIV) ssh monitoring-1 -- nix-store --gc
+ $(MAKE) ssh-eldiron SSH_ARGS="nix-store --gc"
+ $(MAKE) ssh-dilion SSH_ARGS="nix-store --gc"
+ $(MAKE) ssh-backup-2 SSH_ARGS="nix-store --gc"
+ $(MAKE) ssh-monitoring-1 SSH_ARGS="nix-store --gc"
.PHONY: cleanup
-
-###### Pull environment and deployment from remote
-# Don't include pull_deployment by default as this should happen only rarely
-pull: pull_environment;
-.PHONY: pull
-
-pull_environment:
-ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE
- $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name")
-endif
- pass git subtree pull --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master
-.PHONY: pull_environment
-
-pull_deployment:
- @if $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \
- echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \
- read y && \
- [ "$$y" = "y" -o "$$y" = "Y" ] && \
- $(NIXOPS) delete --force -d $(NIXOPS_DEPLOYMENT); \
- fi
- pass show $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment | $(NIXOPS) import
- $(NIXOPS) modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix"
-.PHONY: pull_deployment
-
-deployment_is_set:
- $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null
-.PHONY: deployment_is_set
-
-###### Push environment and deployment information to password store
-push: push_deployment push_environment;
-.PHONY: push
-
-push_deployment:
- $(NIXOPS) export | pass insert -m $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment
-.PHONY: push_deployment
-
-push_environment:
-ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE
- $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name")
-endif
- pass git subtree push --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master
-.PHONY: push_environment