diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-08-29 18:37:54 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2020-08-29 18:37:54 +0200 |
commit | da28a4e2afef21710f73860b26893fa18dd32858 (patch) | |
tree | 3ce951ff67ab7eb8d55fa79415bacaca85896256 | |
parent | 1052bfda27ad0607cd4dc5dc91e2d8e8220c30c7 (diff) | |
download | Nix-da28a4e2afef21710f73860b26893fa18dd32858.tar.gz Nix-da28a4e2afef21710f73860b26893fa18dd32858.tar.zst Nix-da28a4e2afef21710f73860b26893fa18dd32858.zip |
Add environment file instead of hardcoding everything in makefiles
-rw-r--r-- | .envrc | 13 | ||||
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | modules/private/system.nix | 4 | ||||
-rw-r--r-- | nix/sources.json | 24 | ||||
-rw-r--r-- | nixops/Makefile | 28 | ||||
-rwxr-xr-x | nixops/scripts/with_env | 8 | ||||
-rw-r--r-- | shell.nix | 4 |
7 files changed, 33 insertions, 49 deletions
@@ -0,0 +1,13 @@ | |||
1 | # vim: filetype=bash | ||
2 | export PASSWORD_STORE_DIR=$(expand_path nixops/secrets) | ||
3 | export NIXOPS_STATE=$(expand_path nixops/state/immaeEu.nixops) | ||
4 | export NIXOPS_DEPLOYMENT=cef694f3-081d-11e9-b31f-0242ec186adf | ||
5 | export NIX_PATH=nixpkgs=$(cat $(expand_path nix/sources.json) | jq -r '."nixpkgs-nixops".url') | ||
6 | |||
7 | export NIXOPS_ENV_LOADED=1 | ||
8 | |||
9 | PATH_add $(expand_path scripts) | ||
10 | PATH_add $(expand_path nixops/scripts) | ||
11 | |||
12 | use nix | ||
13 | watch_file $(expand_path nix/sources.json) | ||
@@ -1,2 +1,3 @@ | |||
1 | /result* | 1 | /result* |
2 | /versions_log | 2 | /versions_log |
3 | .direnv/ | ||
diff --git a/modules/private/system.nix b/modules/private/system.nix index bca6e19..8c7a6f3 100644 --- a/modules/private/system.nix +++ b/modules/private/system.nix | |||
@@ -18,10 +18,6 @@ | |||
18 | mariadb = self.mariadb_pam; | 18 | mariadb = self.mariadb_pam; |
19 | }) # don’t put them as generic overlay because of home-manager | 19 | }) # don’t put them as generic overlay because of home-manager |
20 | ]; | 20 | ]; |
21 | _module.args = { | ||
22 | pkgsNext = import <nixpkgsNext> {}; | ||
23 | pkgsPrevious = import <nixpkgsPrevious> {}; | ||
24 | }; | ||
25 | 21 | ||
26 | services.journald.extraConfig = '' | 22 | services.journald.extraConfig = '' |
27 | MaxLevelStore="warning" | 23 | MaxLevelStore="warning" |
diff --git a/nix/sources.json b/nix/sources.json index 265552f..063d3da 100644 --- a/nix/sources.json +++ b/nix/sources.json | |||
@@ -117,30 +117,6 @@ | |||
117 | "url": "https://github.com/NixOS/nixpkgs-channels/archive/840c782d507d60aaa49aa9e3f6d0b0e780912742.tar.gz", | 117 | "url": "https://github.com/NixOS/nixpkgs-channels/archive/840c782d507d60aaa49aa9e3f6d0b0e780912742.tar.gz", |
118 | "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" | 118 | "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" |
119 | }, | 119 | }, |
120 | "nixpkgs-nixops-next": { | ||
121 | "branch": "nixos-19.03", | ||
122 | "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to", | ||
123 | "homepage": "https://github.com/NixOS/nixpkgs", | ||
124 | "owner": "NixOS", | ||
125 | "repo": "nixpkgs-channels", | ||
126 | "rev": "34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59", | ||
127 | "sha256": "11z6ajj108fy2q5g8y4higlcaqncrbjm3dnv17pvif6avagw4mcb", | ||
128 | "type": "tarball", | ||
129 | "url": "https://github.com/NixOS/nixpkgs-channels/archive/34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59.tar.gz", | ||
130 | "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" | ||
131 | }, | ||
132 | "nixpkgs-nixops-previous": { | ||
133 | "branch": "nixos-19.03", | ||
134 | "description": "A read-only mirror of NixOS/nixpkgs tracking the released channels. Send issues and PRs to", | ||
135 | "homepage": "https://github.com/NixOS/nixpkgs", | ||
136 | "owner": "NixOS", | ||
137 | "repo": "nixpkgs-channels", | ||
138 | "rev": "34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59", | ||
139 | "sha256": "11z6ajj108fy2q5g8y4higlcaqncrbjm3dnv17pvif6avagw4mcb", | ||
140 | "type": "tarball", | ||
141 | "url": "https://github.com/NixOS/nixpkgs-channels/archive/34c7eb7545d155cc5b6f499b23a7cb1c96ab4d59.tar.gz", | ||
142 | "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" | ||
143 | }, | ||
144 | "overlays-ldapvi": { | 120 | "overlays-ldapvi": { |
145 | "ref": "master", | 121 | "ref": "master", |
146 | "repo": "http://www.lichteblau.com/git/ldapvi.git", | 122 | "repo": "http://www.lichteblau.com/git/ldapvi.git", |
diff --git a/nixops/Makefile b/nixops/Makefile index a7b24cd..18d48eb 100644 --- a/nixops/Makefile +++ b/nixops/Makefile | |||
@@ -1,14 +1,8 @@ | |||
1 | export | 1 | ifndef NIXOPS_ENV_LOADED |
2 | PASSWORD_STORE_DIR = $(shell pwd)/secrets | 2 | $(error "Please load environment with direnv") |
3 | NIXOPS_STATE ?= ./state/eldiron.nixops | 3 | endif |
4 | NIXOPS_DEPLOYMENT = cef694f3-081d-11e9-b31f-0242ec186adf | 4 | |
5 | nixpkgs ?= $(shell cat ../nix/sources.json | jq -r '."nixpkgs-nixops".url') | 5 | NIXOPS_PRIV = ./scripts/with_env nixops |
6 | nixpkgsNext ?= $(shell cat ../nix/sources.json | jq -r '."nixpkgs-nixops-next".url') | ||
7 | nixpkgsPrevious ?= $(shell cat ../nix/sources.json | jq -r '."nixpkgs-nixops-previous".url') | ||
8 | NIX_PATH = nixpkgs=${nixpkgs}:nixpkgsNext=${nixpkgsNext}:nixpkgsPrevious=${nixpkgsPrevious} | ||
9 | |||
10 | NIXOPS := $(shell NIX_PATH=$(NIX_PATH) nix-build --no-out-link -E "with import <nixpkgs> { overlays = builtins.attrValues (import ../overlays); }; nixops")/bin/nixops | ||
11 | NIXOPS_PRIV = ./scripts/with_env $(NIXOPS) | ||
12 | 6 | ||
13 | ###### Current channel information | 7 | ###### Current channel information |
14 | nix-info: | 8 | nix-info: |
@@ -102,21 +96,21 @@ cleanup: delete-generations | |||
102 | 96 | ||
103 | ###### Pull environment and deployment from remote | 97 | ###### Pull environment and deployment from remote |
104 | pull_deployment: | 98 | pull_deployment: |
105 | @if $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \ | 99 | @if nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \ |
106 | echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \ | 100 | echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \ |
107 | read y && \ | 101 | read y && \ |
108 | [ "$$y" = "y" -o "$$y" = "Y" ] && \ | 102 | [ "$$y" = "y" -o "$$y" = "Y" ] && \ |
109 | $(NIXOPS) delete --force -d $(NIXOPS_DEPLOYMENT); \ | 103 | nixops delete --force -d $(NIXOPS_DEPLOYMENT); \ |
110 | fi | 104 | fi |
111 | pass show Nixops/Deployment | $(NIXOPS) import | 105 | pass show Nixops/Deployment | nixops import |
112 | $(NIXOPS) modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix" | 106 | nixops modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix" |
113 | .PHONY: pull_deployment | 107 | .PHONY: pull_deployment |
114 | 108 | ||
115 | deployment_is_set: | 109 | deployment_is_set: |
116 | $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null | 110 | nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null |
117 | .PHONY: deployment_is_set | 111 | .PHONY: deployment_is_set |
118 | 112 | ||
119 | ###### Push deployment information to password store | 113 | ###### Push deployment information to password store |
120 | push_deployment: | 114 | push_deployment: |
121 | $(NIXOPS) export | pass insert -m Nixops/Deployment | 115 | nixops export | pass insert -m Nixops/Deployment |
122 | .PHONY: push | 116 | .PHONY: push |
diff --git a/nixops/scripts/with_env b/nixops/scripts/with_env index 26e74b5..9882f78 100755 --- a/nixops/scripts/with_env +++ b/nixops/scripts/with_env | |||
@@ -1,7 +1,7 @@ | |||
1 | #!/usr/bin/env bash | 1 | #!/usr/bin/env bash |
2 | 2 | ||
3 | if [ -z "$NIXOPS" ]; then | 3 | if [ -z "$NIXOPS_ENV_LOADED" ]; then |
4 | echo "Please set NIXOPS to the nixops command" | 4 | echo "Please load the environment with direnv" |
5 | exit 1; | 5 | exit 1; |
6 | fi | 6 | fi |
7 | 7 | ||
@@ -10,7 +10,7 @@ chmod go-rwx $TEMP | |||
10 | 10 | ||
11 | finish() { | 11 | finish() { |
12 | rm -rf "$TEMP" | 12 | rm -rf "$TEMP" |
13 | $NIXOPS set-args --unset privateFiles | 13 | nixops set-args --unset privateFiles |
14 | } | 14 | } |
15 | 15 | ||
16 | trap finish EXIT | 16 | trap finish EXIT |
@@ -21,6 +21,6 @@ files=$(pass ls Nixops/files | sed -e '1d' -e 's/^.* //') | |||
21 | for file in $files; do | 21 | for file in $files; do |
22 | pass show "Nixops/files/$file" > $TEMP/$file | 22 | pass show "Nixops/files/$file" > $TEMP/$file |
23 | done | 23 | done |
24 | $NIXOPS set-args --argstr privateFiles "$TEMP" | 24 | nixops set-args --argstr privateFiles "$TEMP" |
25 | 25 | ||
26 | "$@" | 26 | "$@" |
diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000..70c7604 --- /dev/null +++ b/shell.nix | |||
@@ -0,0 +1,4 @@ | |||
1 | { pkgs ? import <nixpkgs> { overlays = builtins.attrValues (import ./overlays); } }: | ||
2 | pkgs.mkShell { | ||
3 | buildInputs = [ pkgs.nixops pkgs.niv pkgs.pass pkgs.curl pkgs.shellcheck pkgs.jq pkgs.gnumake ]; | ||
4 | } | ||