Squash changes containing private information

There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository
author: Ismaël Bouya <ismael.bouya@normalesup.org> 2023-10-04 01:35:06 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2023-10-04 02:11:48 +0200
commit: 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree: 1b9df4838f894577a09b9b260151756272efeb53 /Makefile
parent: fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
download: Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst
Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip
1 files changed, 121 insertions, 9 deletions
diff --git a/Makefile b/Makefile
index 50fa09f..6282df2 100644
--- a/Makefile
+++ b/Makefile
@@ -1,16 +1,128 @@
-subrecipes = setup nix-info edit_env edit_vars
-subrecipes += ssh-eldiron ssh-backup-2 ssh-monitoring-1 ssh-4c
-subrecipes += debug build dry-run upload deploy next-boot deploy-reboot
-subrecipes += list-generations delete-generations cleanup
-${subrecipes}:
-        @$(MAKE) --no-print-directory -C nixops/ $@
-.PHONY: ${subrecipes}
 nur:
        ./scripts/make-nur
        curl -o /dev/null -XPOST "https://nur-update.herokuapp.com/update?repo=immae"
 shellcheck:
-        shellcheck scripts/* nixops/scripts/* modules/private/gitolite/gitolite_ldap_groups.sh modules/private/ssh/ldap_authorized_keys.sh modules/private/pub/restrict
+        shellcheck scripts/* deploy/scripts/* modules/private/gitolite/gitolite_ldap_groups.sh modules/private/ssh/ldap_authorized_keys.sh modules/private/pub/restrict
 .PHONY: nur shellcheck
+###### Initial setup
+setup:
+        ./scripts/setup
+.PHONY: setup
+###### Morph regular tasks
+PROFILE=./deploy/history
+TARGET ?=
+COMMON_COLEMNA_ARGS = -f ./deploy/flake.nix -v
+#Only enabled in colemna 0.4: --nix-option allow-unsafe-native-code-during-evaluation true --nix-option allow-import-from-derivation true --nix-option substituters https://cache.nixos.org/
+MORPH_ARGS ?=
+ifdef TARGET
+  # multiple targets: --on="{machine1,machine2}" (works with * glob too)
+  override MORPH_ARGS +=--on=$(TARGET)
+endif
+SSH_ARGS ?=
+nodes= dilion eldiron backup-2 monitoring-1 quatresaisons zoldene
+refresh_flakes:
+        @if [ -n "$(TARGET)" ]; then \
+                ./scripts/refresh_flakes --no-new-inputs ./systems/$(TARGET)/flake.nix; \
+                nix --no-warn-dirty flake lock --update-input n-$(TARGET) ./flakes; \
+                nix --no-warn-dirty flake lock --update-input main-flake ./deploy; \
+                else \
+                ./scripts/refresh_flakes --no-new-inputs; \
+                fi
+        (cd deploy ; nix flake lock --update-input secrets-local || true)
+.PHONY: refresh_flakes
+.PHONY: build $(addprefix build-,$(nodes))
+build-dilion build-eldiron build-backup-2 build-monitoring-1 build-quatresaisons build-zoldene:
+        $(MAKE) build TARGET=$(@:build-%=%)
+build: refresh_flakes
+        colmena build $(COMMON_COLEMNA_ARGS) $(MORPH_ARGS)
+.PHONY: deploy $(addprefix deploy-,$(nodes))
+deploy-dilion deploy-eldiron deploy-backup-2 deploy-monitoring-1 deploy-quatresaisons deploy-zoldene:
+        $(MAKE) deploy TARGET=$(@:deploy-%=%)
+deploy: refresh_flakes
+        ./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) switch --keep-result $(MORPH_ARGS)
+        $(MAKE) keep-roots
+.PHONY: ssh $(addprefix ssh-,$(nodes))
+ssh-4c: ssh-quatresaisons
+ssh-dilion ssh-eldiron ssh-backup-2 ssh-monitoring-1 ssh-quatresaisons ssh-zoldene:
+        $(MAKE) ssh TARGET=$(@:ssh-%=%)
+ssh:
+        ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@$(TARGET) $(SSH_ARGS)'
+.PHONY: ssh-decrypt $(addsuffix -decrypt,$(addprefix ssh-,$(nodes)))
+ssh-zoldene-decrypt:
+        $(MAKE) ssh-decrypt TARGET=$(@:ssh-%-decrypt=%)
+ssh-decrypt:
+        ./scripts/with_env bash -c 'ssh -p 2222 -i $$SSH_IDENTITY_FILE root@$(TARGET) $(SSH_ARGS)'
+.PHONY: debug $(addprefix debug-,$(nodes))
+debug-dilion debug-eldiron debug-backup-2 debug-monitoring-1 debug-quatresaisons debug-zoldene:
+        $(MAKE) debug TARGET=$(@:debug-%=%)
+debug: refresh_flakes
+        colmena build $(COMMON_COLEMNA_ARGS) --show-trace $(MORPH_ARGS)
+.PHONY: upload $(addprefix upload-,$(nodes))
+upload-dilion upload-eldiron upload-backup-2 upload-monitoring-1 upload-quatresaisons upload-zoldene:
+        $(MAKE) upload TARGET=$(@:upload-%=%)
+upload: refresh_flakes
+        ./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) push $(MORPH_ARGS)
+.PHONY: test-deploy $(addprefix test-deploy-,$(nodes))
+test-deploy-dilion test-deploy-eldiron test-deploy-backup-2 test-deploy-monitoring-1 test-deploy-quatresaisons test-deploy-zoldene:
+        $(MAKE) test-deploy TARGET=$(@:test-deploy-%=%)
+test-deploy: refresh_flakes
+        ./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) test $(MORPH_ARGS)
+.PHONY: next-boot $(addprefix next-boot-,$(nodes))
+next-boot-dilion next-boot-eldiron next-boot-backup-2 next-boot-monitoring-1 next-boot-quatresaisons next-boot-zoldene:
+        $(MAKE) next-boot TARGET=$(@:next-boot-%=%)
+next-boot: refresh_flakes
+        ./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) boot $(MORPH_ARGS)
+.PHONY: deploy-reboot $(addprefix deploy-reboot-,$(nodes))
+deploy-reboot-dilion deploy-reboot-eldiron deploy-reboot-backup-2 deploy-reboot-monitoring-1 deploy-reboot-quatresaisons deploy-reboot-zoldene:
+        $(MAKE) deploy-reboot TARGET=$(@:deploy-reboot-%=%)
+deploy-reboot: refresh_flakes
+        ./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) boot --reboot $(MORPH_ARGS)
+        # Run it a second time because first time uploads the secrets
+        # before rebooting
+        $(MAKE) deploy
+keep-roots:
+        mkdir -p $(PROFILE)
+        for i in deploy/.gcroots/node-*; do nix-env -p $(PROFILE)/$$(basename $$i | sed -e "s/node-//") --set "$$i"; done
+systems := $(shell find $(PROFILE) -type l -not -name "*link" -printf "%f ")
+###### Cleanup generations and garbage collection
+GEN ?= "+3"
+list-generations:
+        @$(foreach system, $(systems), echo $(system);\
+                nix-env -p $(PROFILE)/$(system) --list-generations;\
+                $(MAKE) ssh-$(system) SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --list-generations";\
+                )
+.PHONY: list-generations
+delete-generations:
+        $(MAKE) keep-roots
+        @$(foreach system, $(systems), echo $(system); \
+                nix-env -p $(PROFILE)/$(system) --delete-generations $(GEN);\
+                $(MAKE) ssh-$(system) SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)";\
+                )
+.PHONY: delete-generations
+cleanup: delete-generations
+        nix-store --gc
+        @$(foreach system, $(systems), echo $(system); \
+                $(MAKE) ssh-$(system) SSH_ARGS="nix-store --gc";\
+                )
+.PHONY: cleanup
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2023-10-04 01:35:06 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2023-10-04 02:11:48 +0200
commit	1a64deeb894dc95e2645a75771732c6cc53a79ad (patch)
tree	1b9df4838f894577a09b9b260151756272efeb53 /Makefile
parent	fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff)
download	Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip

diff --git a/Makefile b/Makefile index 50fa09f..6282df2 100644 --- a/Makefile +++ b/Makefile
@@ -1,16 +1,128 @@
1	subrecipes = setup nix-info edit_env edit_vars
2	subrecipes += ssh-eldiron ssh-backup-2 ssh-monitoring-1 ssh-4c
3	subrecipes += debug build dry-run upload deploy next-boot deploy-reboot
4	subrecipes += list-generations delete-generations cleanup
5	${subrecipes}:
6	@$(MAKE) --no-print-directory -C nixops/ $@
7	.PHONY: ${subrecipes}
8
9	nur:	1	nur:
10	./scripts/make-nur	2	./scripts/make-nur
11	curl -o /dev/null -XPOST "https://nur-update.herokuapp.com/update?repo=immae"	3	curl -o /dev/null -XPOST "https://nur-update.herokuapp.com/update?repo=immae"
12		4
13	shellcheck:	5	shellcheck:
14	shellcheck scripts/* nixops/scripts/* modules/private/gitolite/gitolite_ldap_groups.sh modules/private/ssh/ldap_authorized_keys.sh modules/private/pub/restrict	6	shellcheck scripts/* deploy/scripts/* modules/private/gitolite/gitolite_ldap_groups.sh modules/private/ssh/ldap_authorized_keys.sh modules/private/pub/restrict
15		7
16	.PHONY: nur shellcheck	8	.PHONY: nur shellcheck
		9
		10	###### Initial setup
		11	setup:
		12	./scripts/setup
		13	.PHONY: setup
		14
		15	###### Morph regular tasks
		16	PROFILE=./deploy/history
		17	TARGET ?=
		18	COMMON_COLEMNA_ARGS = -f ./deploy/flake.nix -v
		19	#Only enabled in colemna 0.4: --nix-option allow-unsafe-native-code-during-evaluation true --nix-option allow-import-from-derivation true --nix-option substituters https://cache.nixos.org/
		20	MORPH_ARGS ?=
		21	ifdef TARGET
		22	# multiple targets: --on="{machine1,machine2}" (works with * glob too)
		23	override MORPH_ARGS +=--on=$(TARGET)
		24	endif
		25	SSH_ARGS ?=
		26
		27	nodes= dilion eldiron backup-2 monitoring-1 quatresaisons zoldene
		28
		29	refresh_flakes:
		30	@if [ -n "$(TARGET)" ]; then \
		31	./scripts/refresh_flakes --no-new-inputs ./systems/$(TARGET)/flake.nix; \
		32	nix --no-warn-dirty flake lock --update-input n-$(TARGET) ./flakes; \
		33	nix --no-warn-dirty flake lock --update-input main-flake ./deploy; \
		34	else \
		35	./scripts/refresh_flakes --no-new-inputs; \
		36	fi
		37	(cd deploy ; nix flake lock --update-input secrets-local \|\| true)
		38
		39	.PHONY: refresh_flakes
		40
		41	.PHONY: build $(addprefix build-,$(nodes))
		42	build-dilion build-eldiron build-backup-2 build-monitoring-1 build-quatresaisons build-zoldene:
		43	$(MAKE) build TARGET=$(@:build-%=%)
		44	build: refresh_flakes
		45	colmena build $(COMMON_COLEMNA_ARGS) $(MORPH_ARGS)
		46
		47	.PHONY: deploy $(addprefix deploy-,$(nodes))
		48	deploy-dilion deploy-eldiron deploy-backup-2 deploy-monitoring-1 deploy-quatresaisons deploy-zoldene:
		49	$(MAKE) deploy TARGET=$(@:deploy-%=%)
		50	deploy: refresh_flakes
		51	./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) switch --keep-result $(MORPH_ARGS)
		52	$(MAKE) keep-roots
		53
		54	.PHONY: ssh $(addprefix ssh-,$(nodes))
		55	ssh-4c: ssh-quatresaisons
		56	ssh-dilion ssh-eldiron ssh-backup-2 ssh-monitoring-1 ssh-quatresaisons ssh-zoldene:
		57	$(MAKE) ssh TARGET=$(@:ssh-%=%)
		58	ssh:
		59	./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@$(TARGET) $(SSH_ARGS)'
		60
		61	.PHONY: ssh-decrypt $(addsuffix -decrypt,$(addprefix ssh-,$(nodes)))
		62	ssh-zoldene-decrypt:
		63	$(MAKE) ssh-decrypt TARGET=$(@:ssh-%-decrypt=%)
		64	ssh-decrypt:
		65	./scripts/with_env bash -c 'ssh -p 2222 -i $$SSH_IDENTITY_FILE root@$(TARGET) $(SSH_ARGS)'
		66
		67	.PHONY: debug $(addprefix debug-,$(nodes))
		68	debug-dilion debug-eldiron debug-backup-2 debug-monitoring-1 debug-quatresaisons debug-zoldene:
		69	$(MAKE) debug TARGET=$(@:debug-%=%)
		70	debug: refresh_flakes
		71	colmena build $(COMMON_COLEMNA_ARGS) --show-trace $(MORPH_ARGS)
		72
		73	.PHONY: upload $(addprefix upload-,$(nodes))
		74	upload-dilion upload-eldiron upload-backup-2 upload-monitoring-1 upload-quatresaisons upload-zoldene:
		75	$(MAKE) upload TARGET=$(@:upload-%=%)
		76	upload: refresh_flakes
		77	./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) push $(MORPH_ARGS)
		78
		79	.PHONY: test-deploy $(addprefix test-deploy-,$(nodes))
		80	test-deploy-dilion test-deploy-eldiron test-deploy-backup-2 test-deploy-monitoring-1 test-deploy-quatresaisons test-deploy-zoldene:
		81	$(MAKE) test-deploy TARGET=$(@:test-deploy-%=%)
		82	test-deploy: refresh_flakes
		83	./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) test $(MORPH_ARGS)
		84
		85	.PHONY: next-boot $(addprefix next-boot-,$(nodes))
		86	next-boot-dilion next-boot-eldiron next-boot-backup-2 next-boot-monitoring-1 next-boot-quatresaisons next-boot-zoldene:
		87	$(MAKE) next-boot TARGET=$(@:next-boot-%=%)
		88	next-boot: refresh_flakes
		89	./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) boot $(MORPH_ARGS)
		90
		91	.PHONY: deploy-reboot $(addprefix deploy-reboot-,$(nodes))
		92	deploy-reboot-dilion deploy-reboot-eldiron deploy-reboot-backup-2 deploy-reboot-monitoring-1 deploy-reboot-quatresaisons deploy-reboot-zoldene:
		93	$(MAKE) deploy-reboot TARGET=$(@:deploy-reboot-%=%)
		94	deploy-reboot: refresh_flakes
		95	./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) boot --reboot $(MORPH_ARGS)
		96	# Run it a second time because first time uploads the secrets
		97	# before rebooting
		98	$(MAKE) deploy
		99
		100	keep-roots:
		101	mkdir -p $(PROFILE)
		102	for i in deploy/.gcroots/node-*; do nix-env -p $(PROFILE)/$$(basename $$i \| sed -e "s/node-//") --set "$$i"; done
		103
		104	systems := $(shell find $(PROFILE) -type l -not -name "*link" -printf "%f ")
		105	###### Cleanup generations and garbage collection
		106	GEN ?= "+3"
		107
		108	list-generations:
		109	@$(foreach system, $(systems), echo $(system);\
		110	nix-env -p $(PROFILE)/$(system) --list-generations;\
		111	$(MAKE) ssh-$(system) SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --list-generations";\
		112	)
		113	.PHONY: list-generations
		114
		115	delete-generations:
		116	$(MAKE) keep-roots
		117	@$(foreach system, $(systems), echo $(system); \
		118	nix-env -p $(PROFILE)/$(system) --delete-generations $(GEN);\
		119	$(MAKE) ssh-$(system) SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)";\
		120	)
		121	.PHONY: delete-generations
		122
		123	cleanup: delete-generations
		124	nix-store --gc
		125	@$(foreach system, $(systems), echo $(system); \
		126	$(MAKE) ssh-$(system) SSH_ARGS="nix-store --gc";\
		127	)
		128	.PHONY: cleanup