-subrecipes = setup ssh-eldiron info debug dry-run build upload deploy reboot push pull pull-deployment list-generations delete-generations cleanup
+subrecipes = setup
+subrecipes += nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot
+subrecipes += list-generations delete-generations cleanup
+subrecipes += pull pull_environment pull_deployment deployment_is_set push push_deployment push_environment
${subrecipes}:
@$(MAKE) --no-print-directory -C nixops/ $@
+.PHONY: ${subrecipes}
+
+# This will automatically upgrade to latest version at each build
+nixpkgs ?= https://nixos.org/channels/nixos-19.03/nixexprs.tar.xz
+NIX_PATH = nixpkgs=${nixpkgs}:nixpkgsNext=${nixpkgs}:nixpkgsPrevious=${nixpkgs}
+
+nix-path:
+ @echo "export NIX_PATH=$(NIX_PATH)"
env:
./scripts/make-env
./scripts/make-env --dry-run
nix-info:
- NIXOPS_DEPLOYMENT="" ./scripts/nix_infos
+ @version=$$(nix eval --raw nixpkgs.lib.version) && \
+ mainversion=$$(echo $$version | cut -d"." -f -2) && \
+ echo "https://releases.nixos.org/nixos/$$mainversion/nixos-$$version/nixexprs.tar.xz" && \
+ nix eval --raw nixpkgs.bc.meta.position | cut -d"/" -f-4
nix-info-nixops:
- NIXOPS_DEPLOYMENT="n" ./scripts/nix_infos
+ @$(MAKE) --no-print-directory -C nixops/ nix-info
nur:
./scripts/make-nur
shellcheck:
shellcheck scripts/* nixops/scripts/* modules/private/gitolite/gitolite_ldap_groups.sh modules/private/ssh/ldap_authorized_keys.sh modules/private/pub/restrict
-.PHONY: env env-dry-run nix-info nix-info-nixops nur shellcheck
+.PHONY: env env-dry-run nix-info nur shellcheck
+export
+ifndef NIXOPS_CONFIG_PASS_SUBTREE_PATH
+ $(error Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path)
+endif
+
+NIXOPS_STATE ?= ./state/eldiron.nixops
+NIXOPS_DEPLOYMENT = cef694f3-081d-11e9-b31f-0242ec186adf
+nixpkgs ?= https://releases.nixos.org/nixos/19.03/nixos-19.03.172731.3efdf45dbd1/nixexprs.tar.xz
+NIX_PATH = nixpkgs=${nixpkgs}:nixpkgsNext=${nixpkgs}:nixpkgsPrevious=${nixpkgs}
+
+NIXOPS := $(shell NIX_PATH=$(NIX_PATH) nix-build --no-out-link -E "with import <nixpkgs> { overlays = builtins.attrValues (import ../overlays); }; nixops")/bin/nixops
+NIXOPS_PRIV = ./scripts/with_env $(NIXOPS)
+
+###### Current channel information
+nix-info:
+ @version=$$(nix eval --raw nixpkgs.lib.version) && \
+ mainversion=$$(echo $$version | cut -d"." -f -2) && \
+ echo "https://releases.nixos.org/nixos/$$mainversion/nixos-$$version/nixexprs.tar.xz" && \
+ nix eval --raw nixpkgs.bc.meta.position | cut -d"/" -f-4
+.PHONY: nix-info
+
+###### Initial setup
setup:
./scripts/setup
+.PHONY: setup
+###### Nixops regular tasks
+NIXOPS_ARGS ?=
+nixops:
+ $(NIXOPS_PRIV) $(NIXOPS_ARGS)
+
+SSH_ARGS ?=
ssh-eldiron:
- ./scripts/nixops_wrap ssh eldiron
+ $(NIXOPS_PRIV) ssh eldiron -- $(SSH_ARGS)
info:
- ./scripts/nixops_wrap list
- ./scripts/nixops_wrap info
+ $(NIXOPS_PRIV) list
+ $(NIXOPS_PRIV) info
debug:
- ./scripts/nixops_wrap deploy --build-only --show-trace
+ $(NIXOPS_PRIV) deploy --build-only --show-trace
dry-run:
- ./scripts/nixops_wrap deploy --dry-run
+ $(NIXOPS_PRIV) deploy --dry-run
build:
- ./scripts/nixops_wrap deploy --build-only
+ $(NIXOPS_PRIV) deploy --build-only
upload:
- ./scripts/nixops_wrap deploy --copy-only
+ $(NIXOPS_PRIV) deploy --copy-only
deploy:
- ./scripts/nixops_wrap deploy
-
-reboot:
- ./scripts/nixops_wrap reboot --include=eldiron
+ $(NIXOPS_PRIV) deploy
-push:
- ./scripts/push_deployment
- ./scripts/push_environment
+deploy-reboot:
+ $(NIXOPS_PRIV) deploy --force-reboot
-pull:
- ./scripts/pull_environment
-
-pull-deployment:
- ./scripts/pull_deployment
+reboot:
+ $(NIXOPS_PRIV) reboot --include=eldiron
+.PHONY: nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot
-profile = $(shell ./scripts/nixops_wrap info | grep "^Nix profile: " | sed -e "s/^Nix profile: //")
+###### Cleanup generations and garbage collection
+profile := $$($(NIXOPS_PRIV) info | grep "^Nix profile: " | sed -e "s/^Nix profile: //")
GEN ?= "+3"
list-generations:
nix-env -p $(profile) --list-generations
- ./scripts/nixops_wrap ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations
+ $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations
+.PHONY: list-generations
delete-generations:
nix-env -p $(profile) --delete-generations $(GEN)
- ./scripts/nixops_wrap ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
+ $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
+.PHONY: delete-generations
cleanup: delete-generations
nix-store --gc
- ./scripts/nixops_wrap ssh eldiron -- nix-store --gc
-
-.PHONY: setup ssh-eldiron info debug dry-run build upload deploy push pull pull-deployment list-generations delete-generations cleanup
+ $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc
+.PHONY: cleanup
+
+###### Pull environment and deployment from remote
+# Don't include pull_deployment by default as this should happen only rarely
+pull: pull_environment;
+.PHONY: pull
+
+pull_environment:
+ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE
+ $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name")
+endif
+ pass git subtree pull --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master
+.PHONY: pull_environment
+
+pull_deployment:
+ @if $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \
+ echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \
+ read y && \
+ [ "$$y" = "y" -o "$$y" = "Y" ] && \
+ $(NIXOPS) delete --force -d $(NIXOPS_DEPLOYMENT); \
+ fi
+ pass show $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment | $(NIXOPS) import
+ $(NIXOPS) modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix"
+.PHONY: pull_deployment
+
+deployment_is_set:
+ $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null
+.PHONY: deployment_is_set
+
+###### Push environment and deployment information to password store
+push: push_deployment push_environment;
+.PHONY: push
+
+push_deployment:
+ $(NIXOPS) export | pass insert -m $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment
+.PHONY: push_deployment
+
+push_environment:
+ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE
+ $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name")
+endif
+ pass git subtree push --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master
+.PHONY: push_environment
+++ /dev/null
-#!/bin/bash
-
-DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
-if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
- echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
- exit 1;
-fi
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
-export NIXOPS_DEPLOYMENT="$DeploymentUuid"
-source $(dirname $(dirname $DIR))/scripts/nix_env
-
-export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
-
-if nixops_custom info -d $DeploymentUuid 2>/dev/null >/dev/null; then
- cat <<EOF
-This will remove your current deployment file and recreate it!
-Continue? [y/N]
-EOF
- read y
- if [ "$y" = "y" -o "$y" = "Y" ]; then
- nixops_custom delete --force -d $DeploymentUuid
- else
- echo "Aborting"
- exit 1
- fi
-fi
-
-deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)
-
-echo "$deployment" | nixops_custom import
-
-nixops_custom modify -d "$DeploymentUuid" "$(dirname $DIR)/default.nix"
+++ /dev/null
-#!/bin/bash
-
-if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
- echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
- exit 1;
-fi
-
-if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then
- echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name"
- exit 1;
-fi
-
-pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
+++ /dev/null
-#!/bin/bash
-
-DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
-if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
- echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
- exit 1;
-fi
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
-export NIXOPS_DEPLOYMENT="$DeploymentUuid"
-source $(dirname $(dirname $DIR))/scripts/nix_env
-
-nixops_custom export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment
+++ /dev/null
-#!/bin/bash
-
-if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
- echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
- exit 1;
-fi
-
-if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then
- echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name"
- exit 1;
-fi
-
-pass git subtree push --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
set -euo pipefail
RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Sites"
-DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
+MAKEFILE_DIR="$( cd "$( dirname $( dirname "${BASH_SOURCE[0]}" ))" >/dev/null 2>&1 && pwd )"
if ! which nix 2>/dev/null >/dev/null; then
cat <<-EOF
fi
fi
-# Repull it before using it, just in case
-pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
+# Repull it before adding keys, just in case
+make -C $MAKEFILE_DIR pull_environment
gpg_keys=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/GPGKeys | sed -e "1d" | cut -d" " -f2)
for key in $gpg_keys; do
read y
fi
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
-export NIXOPS_DEPLOYMENT="$DeploymentUuid"
-source $(dirname $(dirname $DIR))/scripts/nix_env
-
-if ! nixops_custom info 2>/dev/null >/dev/null; then
+if ! make -C $MAKEFILE_DIR deployment_is_set 2>/dev/null >/dev/null; then
cat <<-EOF
Importing deployment file into nixops:
Continue? [y/N]
EOF
read y
if [ "$y" = "y" -o "$y" = "Y" ]; then
- deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment)
- echo "$deployment" | nixops_custom import
+ make -C $MAKEFILE_DIR pull_deployment
else
echo "Aborting"
exit 1
fi
fi
-nixops_custom modify "$(dirname $DIR)/default.nix"
-
cat <<-EOF
All set up.
- Please make sure you’re using scripts/nixops_wrap when deploying
+ Please make sure you’re using make commands when deploying
EOF
#!/bin/bash
-DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
+if [ -z "$NIXOPS" ]; then
+ echo "Please set NIXOPS to the nixops command"
+ exit 1;
+fi
+
if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
exit 1;
fi
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
-export NIXOPS_DEPLOYMENT="$DeploymentUuid"
-source $(dirname $(dirname $DIR))/scripts/nix_env
TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files)
chmod go-rwx $TEMP
finish() {
rm -rf "$TEMP"
- nixops_custom set-args --unset privateFiles
+ $NIXOPS set-args --unset privateFiles
}
trap finish EXIT
for file in $files; do
pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file
done
-nixops_custom set-args --argstr privateFiles "$TEMP"
+$NIXOPS set-args --argstr privateFiles "$TEMP"
-nixops_custom "$@"
+"$@"
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-source $DIR/nix_env
+eval "$(make --no-print-directory -C $(dirname $DIR) nix-path)"
nix-env -r -i -A myEnvironments.immae-eu -f "<nixpkgs>" "$@"
result=$?
cat >> $(dirname $DIR)/versions_log <<EOF
Ran $(date) with args "$@" and returned "$result"
-$($DIR/nix_infos | sed -e "s/^/ /")
+$(make --no-print-directory -C $(dirname $DIR) nix-info | sed -e "s/^/ /")
EOF
#!/bin/bash
-if [ -z "$NIXOPS_DEPLOYMENT" ]; then
- # This will automatically upgrade to latest version at each build
- nixpkgs="https://nixos.org/channels/nixos-19.03/nixexprs.tar.xz"
-else
- nixpkgs="https://releases.nixos.org/nixos/19.03/nixos-19.03.172731.3efdf45dbd1/nixexprs.tar.xz"
-fi
+# This will automatically upgrade to latest version at each build
+nixpkgs="https://nixos.org/channels/nixos-19.03/nixexprs.tar.xz"
nixpkgsPrevious="$nixpkgs"
nixpkgsNext="$nixpkgs"
export NIX_PATH="nixpkgs=$nixpkgs:nixpkgsNext=$nixpkgsNext:nixpkgsPrevious=$nixpkgsPrevious"
-
-nixops_custom () {
- _DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
- d=$(nix-build --no-out-link -E "with import <nixpkgs> { overlays = builtins.attrValues (import $(dirname $_DIR)/overlays); }; nixops")
- ${d}/bin/nixops "$@"
-}
+++ /dev/null
-#!/bin/bash
-
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-
-source $DIR/nix_env
-version=$(nix eval --raw nixpkgs.lib.version)
-mainversion=$(echo $version | cut -d"." -f -2)
-
-echo "https://releases.nixos.org/nixos/$mainversion/nixos-$version/nixexprs.tar.xz"
-nix eval --raw nixpkgs.bc.meta.position | cut -d"/" -f-4