Migrate to morph as a replacement to nixops

The deployment tasks are now independent of any state
author: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-09-04 02:40:24 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2020-09-04 02:59:46 +0200
commit: 34abd6afa44c620a56416bd423a2438a09bd1ce4 (patch)
tree: b7eef613348fcb9d8fabd19c0437430c30678152 /nixops
parent: f5cbc6f767ee234e9cdd53baa113d5ab26edb6d8 (diff)
download: Nix-34abd6afa44c620a56416bd423a2438a09bd1ce4.tar.gz
Nix-34abd6afa44c620a56416bd423a2438a09bd1ce4.tar.zst
Nix-34abd6afa44c620a56416bd423a2438a09bd1ce4.zip
6 files changed, 34 insertions, 86 deletions
diff --git a/nixops/Makefile b/nixops/Makefile
index 18d48eb..0bebaf8 100644
--- a/nixops/Makefile
+++ b/nixops/Makefile
@@ -2,8 +2,6 @@ ifndef NIXOPS_ENV_LOADED
  $(error "Please load environment with direnv")
 endif
-NIXOPS_PRIV = ./scripts/with_env nixops
 ###### Current channel information
 nix-info:
        @version=$$(nix eval --raw nixpkgs.lib.version) && \
@@ -17,100 +15,69 @@ setup:
        ./scripts/setup
 .PHONY: setup
-###### Nixops regular tasks
+###### Morph regular tasks
+PROFILE=/nix/var/nix/profiles/per-user/immae/morph/immaeEu
 TARGET ?=
-NIXOPS_ARGS ?=
+MORPH_ARGS ?=
 ifdef TARGET
-  override NIXOPS_ARGS +=--include=$(TARGET)
+  # multiple targets: --on="{machine1,machine2}" (works with * glob too)
+  override MORPH_ARGS +=--on=$(TARGET)
 endif
 SSH_ARGS ?=
 edit_env:
        pass edit Nixops/files/environment.nix || true
-nixops:
-        $(NIXOPS_PRIV) $(NIXOPS_ARGS)
 ssh-eldiron:
-        $(NIXOPS_PRIV) ssh eldiron -- $(SSH_ARGS)
+        ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@eldiron $(SSH_ARGS)'
 ssh-dilion:
-        $(NIXOPS_PRIV) ssh dilion -- $(SSH_ARGS)
+        ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@dilion $(SSH_ARGS)'
 ssh-backup-2:
-        $(NIXOPS_PRIV) ssh backup-2 -- $(SSH_ARGS)
+        ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@backup-2 $(SSH_ARGS)'
 ssh-monitoring-1:
-        $(NIXOPS_PRIV) ssh monitoring-1 -- $(SSH_ARGS)
+        ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@monitoring-1 $(SSH_ARGS)'
-info:
-        $(NIXOPS_PRIV) list
-        $(NIXOPS_PRIV) info
 debug:
-        $(NIXOPS_PRIV) deploy --build-only --show-trace $(NIXOPS_ARGS)
+        ./scripts/with_env morph build --show-trace default.nix $(MORPH_ARGS)
-dry-run:
-        $(NIXOPS_PRIV) deploy --dry-run $(NIXOPS_ARGS)
 build:
-        $(NIXOPS_PRIV) deploy --build-only $(NIXOPS_ARGS)
+        ./scripts/with_env morph build default.nix $(MORPH_ARGS)
 upload:
-        $(NIXOPS_PRIV) deploy --copy-only $(NIXOPS_ARGS)
+        ./scripts/with_env morph push default.nix $(MORPH_ARGS)
 deploy:
-        $(NIXOPS_PRIV) deploy $(NIXOPS_ARGS)
+        ./scripts/with_env morph deploy default.nix switch --keep-result --upload-secrets $(MORPH_ARGS)
+        nix-env -p $(PROFILE) --set .gcroots/default.nix
 deploy-reboot:
-        $(NIXOPS_PRIV) deploy --force-reboot $(NIXOPS_ARGS)
+        ./scripts/with_env morph deploy default.nix boot --reboot --upload-secrets $(MORPH_ARGS)
-reboot:
+.PHONY: ssh-eldiron ssh-dilion ssh-monitoring-1 ssh-backup-2 debug build upload deploy deploy-reboot
-        $(NIXOPS_PRIV) reboot --include=$(TARGET)
-.PHONY: nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot
 ###### Cleanup generations and garbage collection
-profile := $$($(NIXOPS_PRIV) info | grep "^Nix profile: " | sed -e "s/^Nix profile: //")
 GEN ?= "+3"
 list-generations:
-        nix-env -p $(profile) --list-generations
+        nix-env -p $(PROFILE) --list-generations
-        $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations
+        $(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --list-generations"
 .PHONY: list-generations
 delete-generations:
-        nix-env -p $(profile) --delete-generations $(GEN)
+        nix-env -p $(PROFILE) --delete-generations $(GEN)
-        $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
+        $(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
-        $(NIXOPS_PRIV) ssh dilion -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
+        $(MAKE) ssh-dilion SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
-        $(NIXOPS_PRIV) ssh backup-2 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
+        $(MAKE) ssh-backup-2 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
-        $(NIXOPS_PRIV) ssh monitoring-1 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)
+        $(MAKE) ssh-monitoring-1 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
 .PHONY: delete-generations
 cleanup: delete-generations
        nix-store --gc
-        $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc
+        $(MAKE) ssh-eldiron SSH_ARGS="nix-store --gc"
-        $(NIXOPS_PRIV) ssh dilion -- nix-store --gc
+        $(MAKE) ssh-dilion SSH_ARGS="nix-store --gc"
-        $(NIXOPS_PRIV) ssh backup-2 -- nix-store --gc
+        $(MAKE) ssh-backup-2 SSH_ARGS="nix-store --gc"
-        $(NIXOPS_PRIV) ssh monitoring-1 -- nix-store --gc
+        $(MAKE) ssh-monitoring-1 SSH_ARGS="nix-store --gc"
 .PHONY: cleanup
-###### Pull environment and deployment from remote
-pull_deployment:
-        @if nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \
-          echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \
-          read y && \
-          [ "$$y" = "y" -o "$$y" = "Y" ] && \
-          nixops delete --force -d $(NIXOPS_DEPLOYMENT); \
-        fi
-        pass show Nixops/Deployment | nixops import
-        nixops modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix"
-.PHONY: pull_deployment
-deployment_is_set:
-        nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null
-.PHONY: deployment_is_set
-###### Push deployment information to password store
-push_deployment:
-        nixops export | pass insert -m Nixops/Deployment
-.PHONY: push
diff --git a/nixops/default.nix b/nixops/default.nix
index 56b86e8..7c6dd38 100644
--- a/nixops/default.nix
+++ b/nixops/default.nix
@@ -1,12 +1,7 @@
-{ privateFiles ? ./. }:
+let
+  privateFiles = <privateFiles>;
+in
 {
-  network = {
-    description = "Immae's network";
-    enableRollback = true;
-  };
-  # Used by hetzner cloud to provision machines
-  resources.sshKeyPairs.ssh-key = {};
  dilion = import ../modules/private/system/dilion.nix { inherit privateFiles; };
  eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; };
  backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; };
diff --git a/nixops/scripts/setup b/nixops/scripts/setup
index 22f43ce..e161e43 100755
--- a/nixops/scripts/setup
+++ b/nixops/scripts/setup
@@ -2,8 +2,6 @@
 set -euo pipefail
-MAKEFILE_DIR="$( cd "$( dirname $( dirname "${BASH_SOURCE[0]}" ))" >/dev/null 2>&1 && pwd )"
 if ! which nix 2>/dev/null >/dev/null; then
  cat <<-EOF
        nix is needed, please install it:
@@ -62,20 +60,6 @@ if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then
  read y
 fi
-if ! make -C $MAKEFILE_DIR deployment_is_set 2>/dev/null >/dev/null; then
-  cat <<-EOF
-        Importing deployment file into nixops:
-        Continue? [y/N]
-        EOF
-  read y
-  if [ "$y" = "y" -o "$y" = "Y" ]; then
-    make -C $MAKEFILE_DIR pull_deployment
-  else
-    echo "Aborting"
-    exit 1
-  fi
-fi
 cat <<-EOF
        All set up.
        Please make sure you’re using make commands when deploying
diff --git a/nixops/scripts/with_env b/nixops/scripts/with_env
index 9882f78..f8e5537 100755
--- a/nixops/scripts/with_env
+++ b/nixops/scripts/with_env
@@ -5,12 +5,12 @@ if [ -z "$NIXOPS_ENV_LOADED" ]; then
  exit 1;
 fi
+umask 0077
 TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files)
 chmod go-rwx $TEMP
 finish() {
  rm -rf "$TEMP"
-  nixops set-args --unset privateFiles
 }
 trap finish EXIT
@@ -21,6 +21,8 @@ files=$(pass ls Nixops/files | sed -e '1d' -e 's/^.* //')
 for file in $files; do
  pass show "Nixops/files/$file" > $TEMP/$file
 done
-nixops set-args --argstr privateFiles "$TEMP"
+export NIX_PATH="privateFiles=$TEMP:$NIX_PATH"
+export SSH_IDENTITY_FILE="$TEMP/id_ed25519"
 "$@"
diff --git a/nixops/secrets b/nixops/secrets
-Subproject 79b991028b09aa59f719059de8dc1fba7d6b04f
+Subproject def4146f0e703ca9a32735fbbc3820d6f9bb22e
diff --git a/nixops/state/.gitkeep b/nixops/state/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/nixops/state/.gitkeep
+++ /dev/null
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-09-04 02:40:24 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2020-09-04 02:59:46 +0200
commit	34abd6afa44c620a56416bd423a2438a09bd1ce4 (patch)
tree	b7eef613348fcb9d8fabd19c0437430c30678152 /nixops
parent	f5cbc6f767ee234e9cdd53baa113d5ab26edb6d8 (diff)
download	Nix-34abd6afa44c620a56416bd423a2438a09bd1ce4.tar.gz Nix-34abd6afa44c620a56416bd423a2438a09bd1ce4.tar.zst Nix-34abd6afa44c620a56416bd423a2438a09bd1ce4.zip

diff --git a/nixops/Makefile b/nixops/Makefile index 18d48eb..0bebaf8 100644 --- a/nixops/Makefile +++ b/nixops/Makefile
@@ -2,8 +2,6 @@ ifndef NIXOPS_ENV_LOADED
2	$(error "Please load environment with direnv")	2	$(error "Please load environment with direnv")
3	endif	3	endif
4		4
5	NIXOPS_PRIV = ./scripts/with_env nixops
6
7	###### Current channel information	5	###### Current channel information
8	nix-info:	6	nix-info:
9	@version=$$(nix eval --raw nixpkgs.lib.version) && \	7	@version=$$(nix eval --raw nixpkgs.lib.version) && \
@@ -17,100 +15,69 @@ setup:
17	./scripts/setup	15	./scripts/setup
18	.PHONY: setup	16	.PHONY: setup
19		17
20	###### Nixops regular tasks	18	###### Morph regular tasks
		19	PROFILE=/nix/var/nix/profiles/per-user/immae/morph/immaeEu
21	TARGET ?=	20	TARGET ?=
22	NIXOPS_ARGS ?=	21	MORPH_ARGS ?=
23	ifdef TARGET	22	ifdef TARGET
24	override NIXOPS_ARGS +=--include=$(TARGET)	23	# multiple targets: --on="{machine1,machine2}" (works with * glob too)
		24	override MORPH_ARGS +=--on=$(TARGET)
25	endif	25	endif
26	SSH_ARGS ?=	26	SSH_ARGS ?=
27		27
28	edit_env:	28	edit_env:
29	pass edit Nixops/files/environment.nix \|\| true	29	pass edit Nixops/files/environment.nix \|\| true
30		30
31	nixops:
32	$(NIXOPS_PRIV) $(NIXOPS_ARGS)
33
34	ssh-eldiron:	31	ssh-eldiron:
35	$(NIXOPS_PRIV) ssh eldiron -- $(SSH_ARGS)	32	./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@eldiron $(SSH_ARGS)'
36		33
37	ssh-dilion:	34	ssh-dilion:
38	$(NIXOPS_PRIV) ssh dilion -- $(SSH_ARGS)	35	./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@dilion $(SSH_ARGS)'
39		36
40	ssh-backup-2:	37	ssh-backup-2:
41	$(NIXOPS_PRIV) ssh backup-2 -- $(SSH_ARGS)	38	./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@backup-2 $(SSH_ARGS)'
42		39
43	ssh-monitoring-1:	40	ssh-monitoring-1:
44	$(NIXOPS_PRIV) ssh monitoring-1 -- $(SSH_ARGS)	41	./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@monitoring-1 $(SSH_ARGS)'
45
46	info:
47	$(NIXOPS_PRIV) list
48	$(NIXOPS_PRIV) info
49		42
50	debug:	43	debug:
51	$(NIXOPS_PRIV) deploy --build-only --show-trace $(NIXOPS_ARGS)	44	./scripts/with_env morph build --show-trace default.nix $(MORPH_ARGS)
52
53	dry-run:
54	$(NIXOPS_PRIV) deploy --dry-run $(NIXOPS_ARGS)
55		45
56	build:	46	build:
57	$(NIXOPS_PRIV) deploy --build-only $(NIXOPS_ARGS)	47	./scripts/with_env morph build default.nix $(MORPH_ARGS)
58		48
59	upload:	49	upload:
60	$(NIXOPS_PRIV) deploy --copy-only $(NIXOPS_ARGS)	50	./scripts/with_env morph push default.nix $(MORPH_ARGS)
61		51
62	deploy:	52	deploy:
63	$(NIXOPS_PRIV) deploy $(NIXOPS_ARGS)	53	./scripts/with_env morph deploy default.nix switch --keep-result --upload-secrets $(MORPH_ARGS)
		54	nix-env -p $(PROFILE) --set .gcroots/default.nix
64		55
65	deploy-reboot:	56	deploy-reboot:
66	$(NIXOPS_PRIV) deploy --force-reboot $(NIXOPS_ARGS)	57	./scripts/with_env morph deploy default.nix boot --reboot --upload-secrets $(MORPH_ARGS)
67		58
68	reboot:	59	.PHONY: ssh-eldiron ssh-dilion ssh-monitoring-1 ssh-backup-2 debug build upload deploy deploy-reboot
69	$(NIXOPS_PRIV) reboot --include=$(TARGET)
70	.PHONY: nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot
71		60
72	###### Cleanup generations and garbage collection	61	###### Cleanup generations and garbage collection
73	profile := $$($(NIXOPS_PRIV) info \| grep "^Nix profile: " \| sed -e "s/^Nix profile: //")
74	GEN ?= "+3"	62	GEN ?= "+3"
75		63
76	list-generations:	64	list-generations:
77	nix-env -p $(profile) --list-generations	65	nix-env -p $(PROFILE) --list-generations
78	$(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations	66	$(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --list-generations"
79	.PHONY: list-generations	67	.PHONY: list-generations
80		68
81	delete-generations:	69	delete-generations:
82	nix-env -p $(profile) --delete-generations $(GEN)	70	nix-env -p $(PROFILE) --delete-generations $(GEN)
83	$(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)	71	$(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
84	$(NIXOPS_PRIV) ssh dilion -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)	72	$(MAKE) ssh-dilion SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
85	$(NIXOPS_PRIV) ssh backup-2 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)	73	$(MAKE) ssh-backup-2 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
86	$(NIXOPS_PRIV) ssh monitoring-1 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)	74	$(MAKE) ssh-monitoring-1 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
87	.PHONY: delete-generations	75	.PHONY: delete-generations
88		76
89	cleanup: delete-generations	77	cleanup: delete-generations
90	nix-store --gc	78	nix-store --gc
91	$(NIXOPS_PRIV) ssh eldiron -- nix-store --gc	79	$(MAKE) ssh-eldiron SSH_ARGS="nix-store --gc"
92	$(NIXOPS_PRIV) ssh dilion -- nix-store --gc	80	$(MAKE) ssh-dilion SSH_ARGS="nix-store --gc"
93	$(NIXOPS_PRIV) ssh backup-2 -- nix-store --gc	81	$(MAKE) ssh-backup-2 SSH_ARGS="nix-store --gc"
94	$(NIXOPS_PRIV) ssh monitoring-1 -- nix-store --gc	82	$(MAKE) ssh-monitoring-1 SSH_ARGS="nix-store --gc"
95	.PHONY: cleanup	83	.PHONY: cleanup
96
97	###### Pull environment and deployment from remote
98	pull_deployment:
99	@if nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \
100	echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \
101	read y && \
102	[ "$$y" = "y" -o "$$y" = "Y" ] && \
103	nixops delete --force -d $(NIXOPS_DEPLOYMENT); \
104	fi
105	pass show Nixops/Deployment \| nixops import
106	nixops modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix"
107	.PHONY: pull_deployment
108
109	deployment_is_set:
110	nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null
111	.PHONY: deployment_is_set
112
113	###### Push deployment information to password store
114	push_deployment:
115	nixops export \| pass insert -m Nixops/Deployment
116	.PHONY: push


diff --git a/nixops/default.nix b/nixops/default.nix index 56b86e8..7c6dd38 100644 --- a/nixops/default.nix +++ b/nixops/default.nix
@@ -1,12 +1,7 @@
1	{ privateFiles ? ./. }:	1	let
		2	privateFiles = <privateFiles>;
		3	in
2	{	4	{
3	network = {
4	description = "Immae's network";
5	enableRollback = true;
6	};
7
8	# Used by hetzner cloud to provision machines
9	resources.sshKeyPairs.ssh-key = {};
10	dilion = import ../modules/private/system/dilion.nix { inherit privateFiles; };	5	dilion = import ../modules/private/system/dilion.nix { inherit privateFiles; };
11	eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; };	6	eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; };
12	backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; };	7	backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; };


diff --git a/nixops/scripts/setup b/nixops/scripts/setup index 22f43ce..e161e43 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup
@@ -2,8 +2,6 @@
2		2
3	set -euo pipefail	3	set -euo pipefail
4		4
5	MAKEFILE_DIR="$( cd "$( dirname $( dirname "${BASH_SOURCE[0]}" ))" >/dev/null 2>&1 && pwd )"
6
7	if ! which nix 2>/dev/null >/dev/null; then	5	if ! which nix 2>/dev/null >/dev/null; then
8	cat <<-EOF	6	cat <<-EOF
9	nix is needed, please install it:	7	nix is needed, please install it:
@@ -62,20 +60,6 @@ if nix show-config --json \| jq -e '.sandbox.value == "true"' >/dev/null; then
62	read y	60	read y
63	fi	61	fi
64		62
65	if ! make -C $MAKEFILE_DIR deployment_is_set 2>/dev/null >/dev/null; then
66	cat <<-EOF
67	Importing deployment file into nixops:
68	Continue? [y/N]
69	EOF
70	read y
71	if [ "$y" = "y" -o "$y" = "Y" ]; then
72	make -C $MAKEFILE_DIR pull_deployment
73	else
74	echo "Aborting"
75	exit 1
76	fi
77	fi
78
79	cat <<-EOF	63	cat <<-EOF
80	All set up.	64	All set up.
81	Please make sure you’re using make commands when deploying	65	Please make sure you’re using make commands when deploying


diff --git a/nixops/scripts/with_env b/nixops/scripts/with_env index 9882f78..f8e5537 100755 --- a/nixops/scripts/with_env +++ b/nixops/scripts/with_env
@@ -5,12 +5,12 @@ if [ -z "$NIXOPS_ENV_LOADED" ]; then
5	exit 1;	5	exit 1;
6	fi	6	fi
7		7
		8	umask 0077
8	TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files)	9	TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files)
9	chmod go-rwx $TEMP	10	chmod go-rwx $TEMP
10		11
11	finish() {	12	finish() {
12	rm -rf "$TEMP"	13	rm -rf "$TEMP"
13	nixops set-args --unset privateFiles
14	}	14	}
15		15
16	trap finish EXIT	16	trap finish EXIT
@@ -21,6 +21,8 @@ files=$(pass ls Nixops/files \| sed -e '1d' -e 's/^.* //')
21	for file in $files; do	21	for file in $files; do
22	pass show "Nixops/files/$file" > $TEMP/$file	22	pass show "Nixops/files/$file" > $TEMP/$file
23	done	23	done
24	nixops set-args --argstr privateFiles "$TEMP"	24
		25	export NIX_PATH="privateFiles=$TEMP:$NIX_PATH"
		26	export SSH_IDENTITY_FILE="$TEMP/id_ed25519"
25		27
26	"$@"	28	"$@"


diff --git a/nixops/secrets b/nixops/secrets
	Subproject 79b991028b09aa59f719059de8dc1fba7d6b04f		Subproject def4146f0e703ca9a32735fbbc3820d6f9bb22e


diff --git a/nixops/state/.gitkeep b/nixops/state/.gitkeep deleted file mode 100644 index e69de29..0000000 --- a/nixops/state/.gitkeep +++ /dev/null