aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2020-08-29 18:37:54 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2020-08-29 18:37:54 +0200
commitda28a4e2afef21710f73860b26893fa18dd32858 (patch)
tree3ce951ff67ab7eb8d55fa79415bacaca85896256
parent1052bfda27ad0607cd4dc5dc91e2d8e8220c30c7 (diff)
downloadNix-da28a4e2afef21710f73860b26893fa18dd32858.tar.gz
Nix-da28a4e2afef21710f73860b26893fa18dd32858.tar.zst
Nix-da28a4e2afef21710f73860b26893fa18dd32858.zip
Add environment file instead of hardcoding everything in makefiles
-rw-r--r--.envrc13
-rw-r--r--.gitignore1
-rw-r--r--modules/private/system.nix4
-rw-r--r--nix/sources.json24
-rw-r--r--nixops/Makefile28
-rwxr-xr-xnixops/scripts/with_env8
-rw-r--r--shell.nix4
7 files changed, 33 insertions, 49 deletions
diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..6eeaba9
--- /dev/null
+++ b/.envrc
@@ -0,0 +1,13 @@
1# vim: filetype=bash
2export PASSWORD_STORE_DIR=$(expand_path nixops/secrets)
3export NIXOPS_STATE=$(expand_path nixops/state/immaeEu.nixops)
4export NIXOPS_DEPLOYMENT=cef694f3-081d-11e9-b31f-0242ec186adf
5export NIX_PATH=nixpkgs=$(cat $(expand_path nix/sources.json) | jq -r '."nixpkgs-nixops".url')
6
7export NIXOPS_ENV_LOADED=1
8
9PATH_add $(expand_path scripts)
10PATH_add $(expand_path nixops/scripts)
11
12use nix
13watch_file $(expand_path nix/sources.json)
diff --git a/.gitignore b/.gitignore
index feb036e..6786d42 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
1/result* 1/result*
2/versions_log 2/versions_log
3.direnv/
diff --git a/modules/private/system.nix b/modules/private/system.nix
index bca6e19..8c7a6f3 100644
--- a/modules/private/system.nix
+++ b/modules/private/system.nix
@@ -18,10 +18,6 @@
18 mariadb = self.mariadb_pam; 18 mariadb = self.mariadb_pam;
19 }) # don’t put them as generic overlay because of home-manager 19 }) # don’t put them as generic overlay because of home-manager
20 ]; 20 ];
21 _module.args = {
22 pkgsNext = import <nixpkgsNext> {};
23 pkgsPrevious = import <nixpkgsPrevious> {};
24 };
25 21
26 services.journald.extraConfig = '' 22 services.journald.extraConfig = ''
27 MaxLevelStore="warning" 23 MaxLevelStore="warning"
diff --git a/nix/sources.json b/nix/sources.json
index 265552f..063d3da 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -117,30 +117,6 @@
117 "url": "https://github.com/NixOS/nixpkgs-channels/archive/840c782d507d60aaa49aa9e3f6d0b0e780912742.tar.gz", 117 "url": "https://github.com/NixOS/nixpkgs-channels/archive/840c782d507d60aaa49aa9e3f6d0b0e780912742.tar.gz",
118 "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" 118 "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
119 }, 119 },
120 "nixpkgs-nixops-next": {
121 "branch": "nixos-19.03",
122 "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
123 "homepage": "https://github.com/NixOS/nixpkgs",
124 "owner": "NixOS",
125 "repo": "nixpkgs-channels",
126 "rev": "34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59",
127 "sha256": "11z6ajj108fy2q5g8y4higlcaqncrbjm3dnv17pvif6avagw4mcb",
128 "type": "tarball",
129 "url": "https://github.com/NixOS/nixpkgs-channels/archive/34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59.tar.gz",
130 "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
131 },
132 "nixpkgs-nixops-previous": {
133 "branch": "nixos-19.03",
134 "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to",
135 "homepage": "https://github.com/NixOS/nixpkgs",
136 "owner": "NixOS",
137 "repo": "nixpkgs-channels",
138 "rev": "34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59",
139 "sha256": "11z6ajj108fy2q5g8y4higlcaqncrbjm3dnv17pvif6avagw4mcb",
140 "type": "tarball",
141 "url": "https://github.com/NixOS/nixpkgs-channels/archive/34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59.tar.gz",
142 "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
143 },
144 "overlays-ldapvi": { 120 "overlays-ldapvi": {
145 "ref": "master", 121 "ref": "master",
146 "repo": "http://www.lichteblau.com/git/ldapvi.git", 122 "repo": "http://www.lichteblau.com/git/ldapvi.git",
diff --git a/nixops/Makefile b/nixops/Makefile
index a7b24cd..18d48eb 100644
--- a/nixops/Makefile
+++ b/nixops/Makefile
@@ -1,14 +1,8 @@
1export 1ifndef NIXOPS_ENV_LOADED
2PASSWORD_STORE_DIR = $(shell pwd)/secrets 2 $(error "Please load environment with direnv")
3NIXOPS_STATE ?= ./state/eldiron.nixops 3endif
4NIXOPS_DEPLOYMENT = cef694f3-081d-11e9-b31f-0242ec186adf 4
5nixpkgs ?= $(shell cat ../nix/sources.json | jq -r '."nixpkgs-nixops".url') 5NIXOPS_PRIV = ./scripts/with_env nixops
6nixpkgsNext ?= $(shell cat ../nix/sources.json | jq -r '."nixpkgs-nixops-next".url')
7nixpkgsPrevious ?= $(shell cat ../nix/sources.json | jq -r '."nixpkgs-nixops-previous".url')
8NIX_PATH = nixpkgs=${nixpkgs}:nixpkgsNext=${nixpkgsNext}:nixpkgsPrevious=${nixpkgsPrevious}
9
10NIXOPS := $(shell NIX_PATH=$(NIX_PATH) nix-build --no-out-link -E "with import <nixpkgs> { overlays = builtins.attrValues (import ../overlays); }; nixops")/bin/nixops
11NIXOPS_PRIV = ./scripts/with_env $(NIXOPS)
12 6
13###### Current channel information 7###### Current channel information
14nix-info: 8nix-info:
@@ -102,21 +96,21 @@ cleanup: delete-generations
102 96
103###### Pull environment and deployment from remote 97###### Pull environment and deployment from remote
104pull_deployment: 98pull_deployment:
105 @if $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \ 99 @if nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \
106 echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \ 100 echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \
107 read y && \ 101 read y && \
108 [ "$$y" = "y" -o "$$y" = "Y" ] && \ 102 [ "$$y" = "y" -o "$$y" = "Y" ] && \
109 $(NIXOPS) delete --force -d $(NIXOPS_DEPLOYMENT); \ 103 nixops delete --force -d $(NIXOPS_DEPLOYMENT); \
110 fi 104 fi
111 pass show Nixops/Deployment | $(NIXOPS) import 105 pass show Nixops/Deployment | nixops import
112 $(NIXOPS) modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix" 106 nixops modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix"
113.PHONY: pull_deployment 107.PHONY: pull_deployment
114 108
115deployment_is_set: 109deployment_is_set:
116 $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null 110 nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null
117.PHONY: deployment_is_set 111.PHONY: deployment_is_set
118 112
119###### Push deployment information to password store 113###### Push deployment information to password store
120push_deployment: 114push_deployment:
121 $(NIXOPS) export | pass insert -m Nixops/Deployment 115 nixops export | pass insert -m Nixops/Deployment
122.PHONY: push 116.PHONY: push
diff --git a/nixops/scripts/with_env b/nixops/scripts/with_env
index 26e74b5..9882f78 100755
--- a/nixops/scripts/with_env
+++ b/nixops/scripts/with_env
@@ -1,7 +1,7 @@
1#!/usr/bin/env bash 1#!/usr/bin/env bash
2 2
3if [ -z "$NIXOPS" ]; then 3if [ -z "$NIXOPS_ENV_LOADED" ]; then
4 echo "Please set NIXOPS to the nixops command" 4 echo "Please load the environment with direnv"
5 exit 1; 5 exit 1;
6fi 6fi
7 7
@@ -10,7 +10,7 @@ chmod go-rwx $TEMP
10 10
11finish() { 11finish() {
12 rm -rf "$TEMP" 12 rm -rf "$TEMP"
13 $NIXOPS set-args --unset privateFiles 13 nixops set-args --unset privateFiles
14} 14}
15 15
16trap finish EXIT 16trap finish EXIT
@@ -21,6 +21,6 @@ files=$(pass ls Nixops/files | sed -e '1d' -e 's/^.* //')
21for file in $files; do 21for file in $files; do
22 pass show "Nixops/files/$file" > $TEMP/$file 22 pass show "Nixops/files/$file" > $TEMP/$file
23done 23done
24$NIXOPS set-args --argstr privateFiles "$TEMP" 24nixops set-args --argstr privateFiles "$TEMP"
25 25
26"$@" 26"$@"
diff --git a/shell.nix b/shell.nix
new file mode 100644
index 0000000..70c7604
--- /dev/null
+++ b/shell.nix
@@ -0,0 +1,4 @@
1{ pkgs ? import <nixpkgs> { overlays = builtins.attrValues (import ./overlays); } }:
2pkgs.mkShell {
3 buildInputs = [ pkgs.nixops pkgs.niv pkgs.pass pkgs.curl pkgs.shellcheck pkgs.jq pkgs.gnumake ];
4}