aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--nixops/.gitignore1
-rwxr-xr-xnixops/scripts/nixops_wrap6
-rwxr-xr-xnixops/scripts/pull_deployment31
-rwxr-xr-xnixops/scripts/push_deployment14
-rwxr-xr-xnixops/scripts/setup132
-rw-r--r--nixops/state/.gitkeep0
6 files changed, 144 insertions, 40 deletions
diff --git a/nixops/.gitignore b/nixops/.gitignore
new file mode 100644
index 0000000..2ea467b
--- /dev/null
+++ b/nixops/.gitignore
@@ -0,0 +1 @@
/state
diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap
index 1de38f5..24b8381 100755
--- a/nixops/scripts/nixops_wrap
+++ b/nixops/scripts/nixops_wrap
@@ -1,5 +1,6 @@
1#!/bin/bash 1#!/bin/bash
2 2
3DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
3if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then 4if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
4 echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" 5 echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
5 exit 1; 6 exit 1;
@@ -15,9 +16,12 @@ finish() {
15 16
16trap finish EXIT 17trap finish EXIT
17 18
19DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
20export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
21export NIXOPS_DEPLOYMENT="$DeploymentUuid"
22
18pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixConfig" >> $TEMP 23pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixConfig" >> $TEMP
19nixops set-args --argstr environment "$TEMP" 24nixops set-args --argstr environment "$TEMP"
20 25
21DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
22export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs" 26export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs"
23nixops "$@" 27nixops "$@"
diff --git a/nixops/scripts/pull_deployment b/nixops/scripts/pull_deployment
new file mode 100755
index 0000000..796ff9b
--- /dev/null
+++ b/nixops/scripts/pull_deployment
@@ -0,0 +1,31 @@
1#!/bin/bash
2
3DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
4
5if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
6 echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
7 exit 1;
8fi
9
10DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
11export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
12
13if nixops info -d $DeploymentUuid 2>/dev/null >/dev/null; then
14 cat <<EOF
15This will remove your current deployment file and recreate it!
16Continue? [y/N]
17EOF
18 read y
19 if [ "$y" = "y" -o "$y" = "Y" ]; then
20 nixops delete --force -d $DeploymentUuid
21 else
22 echo "Aborting"
23 exit 1
24 fi
25fi
26
27deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment)
28
29echo "$deployment" | nixops import
30
31nixops modify -d "$DeploymentUuid" "$(dirname $DIR)/eldiron.nix"
diff --git a/nixops/scripts/push_deployment b/nixops/scripts/push_deployment
new file mode 100755
index 0000000..07a804e
--- /dev/null
+++ b/nixops/scripts/push_deployment
@@ -0,0 +1,14 @@
1#!/bin/bash
2
3DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
4
5if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
6 echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path"
7 exit 1;
8fi
9
10DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
11export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
12export NIXOPS_DEPLOYMENT="$DeploymentUuid"
13
14nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment
diff --git a/nixops/scripts/setup b/nixops/scripts/setup
index d9d4258..bb433ba 100755
--- a/nixops/scripts/setup
+++ b/nixops/scripts/setup
@@ -3,28 +3,38 @@
3RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul" 3RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul"
4NixChannelUrl='https://releases.nixos.org/nixos/18.09/nixos-18.09.1834.9d608a6f592' 4NixChannelUrl='https://releases.nixos.org/nixos/18.09/nixos-18.09.1834.9d608a6f592'
5NixChannelName='immaeNixpkgs' 5NixChannelName='immaeNixpkgs'
6DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf"
7
8if ! which nix 2>/dev/null >/dev/null; then
9 cat <<-EOF
10 nix is needed, please install it:
11 > curl https://nixos.org/nix/install | sh
12 (or any other way handled by your distribution)
13 EOF
14 exit 1
15fi
6 16
7if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \ 17if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \
8 -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then 18 -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then
9 cat <<-EOF 19 cat <<-EOF
10Two environment variables are needed to setup the password store: 20 Two environment variables are needed to setup the password store:
11NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported 21 NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported
12NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository 22 NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository
13EOF 23 EOF
14 exit 1 24 exit 1
15fi 25fi
16 26
17if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then 27if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then
18 cat <<-EOF 28 cat <<-EOF
19/!\ This will modify your password store to add and import a subtree 29 /!\ This will modify your password store to add and import a subtree
20with the specific passwords files. Choose a path that doesn’t exist 30 with the specific passwords files. Choose a path that doesn’t exist
21yet in your password store. 31 yet in your password store.
22> pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo 32 > pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
23> pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master 33 > pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master
24Later, you can use pull_environment and push_environment scripts to 34 Later, you can use pull_environment and push_environment scripts to
25update the passwords when needed 35 update the passwords when needed
26Continue? [y/N] 36 Continue? [y/N]
27EOF 37 EOF
28 read y 38 read y
29 if [ "$y" = "y" -o "$y" = "Y" ]; then 39 if [ "$y" = "y" -o "$y" = "Y" ]; then
30 pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo 40 pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo
@@ -36,16 +46,16 @@ EOF
36fi 46fi
37 47
38if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then 48if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then
39 cat <<EOF 49 cat <<-EOF
40The key to access private git repositories (websites hosted by the 50 The key to access private git repositories (websites hosted by the
41server) needs to be accessible to nix builders. It will be put in 51 server) needs to be accessible to nix builders. It will be put in
42/etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) 52 /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that)
43> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null 53 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null
44> pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null 54 > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null
45> sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops 55 > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops
46> sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub 56 > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub
47Continue? [y/N] 57 Continue? [y/N]
48EOF 58 EOF
49 read y 59 read y
50 if [ "$y" = "y" -o "$y" = "Y" ]; then 60 if [ "$y" = "y" -o "$y" = "Y" ]; then
51 if ! id -u nixbld1 2>/dev/null >/dev/null; then 61 if ! id -u nixbld1 2>/dev/null >/dev/null; then
@@ -70,26 +80,70 @@ EOF
70fi 80fi
71 81
72if ! nix-channel --list | grep -q "$NixChannelName $NixChannelUrl"; then 82if ! nix-channel --list | grep -q "$NixChannelName $NixChannelUrl"; then
73cat <<EOF 83 cat <<-EOF
74A new nix channel will be installed (or upgraded) to freeze the packages 84 A new nix channel will be installed (or upgraded) to freeze the packages
75version: 85 version:
76$NixChannelName $NixChannelUrl 86 $NixChannelName $NixChannelUrl
77> nix-channel --add $NixChannelUrl $NixChannelName 87 > nix-channel --add $NixChannelUrl $NixChannelName
78> nix-channel --update 88 > nix-channel --update
79If this step fail, you may have to disable sandboxing in 89 If this step fail, you may have to disable sandboxing in
80/etc/nix/nix.conf and rerun 90 /etc/nix/nix.conf and rerun
81> nix-channel --update 91 > nix-channel --update
82manually. 92 manually.
83Continue? [y/N] 93 Continue? [y/N]
84EOF 94 EOF
85 read y 95 read y
86 if [ "$y" = "y" -o "$y" = "Y" ]; then 96 if [ "$y" = "y" -o "$y" = "Y" ]; then
87 nix-channel --add $NixChannelUrl $NixChannelName 97 nix-channel --add $NixChannelUrl $NixChannelName
88 nix-channel --update 98 nix-channel --update
99 else
100 echo "Aborting"
101 exit 1
102 fi
103fi
104
105if ! which nixops 2>/dev/null >/dev/null; then
106 cat <<-EOF
107 nixops is needed:
108 > nix-env -i nixops
109 If it fails, please check that $HOME/.nix-profile/bin is in your PATH.
110 Continue? [y/N]
111 EOF
112 read y
113 if [ "$y" = "y" -o "$y" = "Y" ]; then
114 nix-env -i nixops
115 if ! which nixops 2>/dev/null >/dev/null; then
116 echo "Installation failed, please check that $HOME/.nix-profile/bin is in your path."
117 exit 1
118 fi
119 else
120 echo "Aborting"
121 exit 1
122 fi
123fi
124
125DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
126export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops"
127export NIXOPS_DEPLOYMENT="$DeploymentUuid"
128
129if ! nixops info 2>/dev/null >/dev/null; then
130 cat <<-EOF
131 Importing deployment file into nixops:
132 Continue? [y/N]
133 EOF
134 read y
135 if [ "$y" = "y" -o "$y" = "Y" ]; then
136 deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment)
137 echo "$deployment" | nixops import
138
139 nixops modify "$(dirname $DIR)/eldiron.nix"
140 else
141 echo "Aborting"
142 exit 1
89 fi 143 fi
90fi 144fi
91 145
92cat <<EOF 146cat <<-EOF
93All set up. 147 All set up.
94Please make sure you’re using scripts/nixops_wrap when deploying 148 Please make sure you’re using scripts/nixops_wrap when deploying
95EOF 149 EOF
diff --git a/nixops/state/.gitkeep b/nixops/state/.gitkeep
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/nixops/state/.gitkeep