diff options
-rw-r--r-- | nixops/.gitignore | 1 | ||||
-rwxr-xr-x | nixops/scripts/nixops_wrap | 6 | ||||
-rwxr-xr-x | nixops/scripts/pull_deployment | 31 | ||||
-rwxr-xr-x | nixops/scripts/push_deployment | 14 | ||||
-rwxr-xr-x | nixops/scripts/setup | 132 | ||||
-rw-r--r-- | nixops/state/.gitkeep | 0 |
6 files changed, 144 insertions, 40 deletions
diff --git a/nixops/.gitignore b/nixops/.gitignore new file mode 100644 index 0000000..2ea467b --- /dev/null +++ b/nixops/.gitignore | |||
@@ -0,0 +1 @@ | |||
/state | |||
diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap index 1de38f5..24b8381 100755 --- a/nixops/scripts/nixops_wrap +++ b/nixops/scripts/nixops_wrap | |||
@@ -1,5 +1,6 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | ||
3 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | 4 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then |
4 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | 5 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" |
5 | exit 1; | 6 | exit 1; |
@@ -15,9 +16,12 @@ finish() { | |||
15 | 16 | ||
16 | trap finish EXIT | 17 | trap finish EXIT |
17 | 18 | ||
19 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
20 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
21 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | ||
22 | |||
18 | pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixConfig" >> $TEMP | 23 | pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixConfig" >> $TEMP |
19 | nixops set-args --argstr environment "$TEMP" | 24 | nixops set-args --argstr environment "$TEMP" |
20 | 25 | ||
21 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
22 | export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs" | 26 | export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:nixpkgs=$HOME/.nix-defexpr/channels/immaeNixpkgs" |
23 | nixops "$@" | 27 | nixops "$@" |
diff --git a/nixops/scripts/pull_deployment b/nixops/scripts/pull_deployment new file mode 100755 index 0000000..796ff9b --- /dev/null +++ b/nixops/scripts/pull_deployment | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | ||
4 | |||
5 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
6 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | ||
7 | exit 1; | ||
8 | fi | ||
9 | |||
10 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
11 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
12 | |||
13 | if nixops info -d $DeploymentUuid 2>/dev/null >/dev/null; then | ||
14 | cat <<EOF | ||
15 | This will remove your current deployment file and recreate it! | ||
16 | Continue? [y/N] | ||
17 | EOF | ||
18 | read y | ||
19 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
20 | nixops delete --force -d $DeploymentUuid | ||
21 | else | ||
22 | echo "Aborting" | ||
23 | exit 1 | ||
24 | fi | ||
25 | fi | ||
26 | |||
27 | deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment) | ||
28 | |||
29 | echo "$deployment" | nixops import | ||
30 | |||
31 | nixops modify -d "$DeploymentUuid" "$(dirname $DIR)/eldiron.nix" | ||
diff --git a/nixops/scripts/push_deployment b/nixops/scripts/push_deployment new file mode 100755 index 0000000..07a804e --- /dev/null +++ b/nixops/scripts/push_deployment | |||
@@ -0,0 +1,14 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | ||
4 | |||
5 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
6 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | ||
7 | exit 1; | ||
8 | fi | ||
9 | |||
10 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
11 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
12 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | ||
13 | |||
14 | nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment | ||
diff --git a/nixops/scripts/setup b/nixops/scripts/setup index d9d4258..bb433ba 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup | |||
@@ -3,28 +3,38 @@ | |||
3 | RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul" | 3 | RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Mes_Sites/Paul" |
4 | NixChannelUrl='https://releases.nixos.org/nixos/18.09/nixos-18.09.1834.9d608a6f592' | 4 | NixChannelUrl='https://releases.nixos.org/nixos/18.09/nixos-18.09.1834.9d608a6f592' |
5 | NixChannelName='immaeNixpkgs' | 5 | NixChannelName='immaeNixpkgs' |
6 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | ||
7 | |||
8 | if ! which nix 2>/dev/null >/dev/null; then | ||
9 | cat <<-EOF | ||
10 | nix is needed, please install it: | ||
11 | > curl https://nixos.org/nix/install | sh | ||
12 | (or any other way handled by your distribution) | ||
13 | EOF | ||
14 | exit 1 | ||
15 | fi | ||
6 | 16 | ||
7 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \ | 17 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \ |
8 | -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | 18 | -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then |
9 | cat <<-EOF | 19 | cat <<-EOF |
10 | Two environment variables are needed to setup the password store: | 20 | Two environment variables are needed to setup the password store: |
11 | NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported | 21 | NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported |
12 | NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository | 22 | NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository |
13 | EOF | 23 | EOF |
14 | exit 1 | 24 | exit 1 |
15 | fi | 25 | fi |
16 | 26 | ||
17 | if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then | 27 | if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then |
18 | cat <<-EOF | 28 | cat <<-EOF |
19 | /!\ This will modify your password store to add and import a subtree | 29 | /!\ This will modify your password store to add and import a subtree |
20 | with the specific passwords files. Choose a path that doesn’t exist | 30 | with the specific passwords files. Choose a path that doesn’t exist |
21 | yet in your password store. | 31 | yet in your password store. |
22 | > pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo | 32 | > pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo |
23 | > pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | 33 | > pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master |
24 | Later, you can use pull_environment and push_environment scripts to | 34 | Later, you can use pull_environment and push_environment scripts to |
25 | update the passwords when needed | 35 | update the passwords when needed |
26 | Continue? [y/N] | 36 | Continue? [y/N] |
27 | EOF | 37 | EOF |
28 | read y | 38 | read y |
29 | if [ "$y" = "y" -o "$y" = "Y" ]; then | 39 | if [ "$y" = "y" -o "$y" = "Y" ]; then |
30 | pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo | 40 | pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo |
@@ -36,16 +46,16 @@ EOF | |||
36 | fi | 46 | fi |
37 | 47 | ||
38 | if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then | 48 | if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then |
39 | cat <<EOF | 49 | cat <<-EOF |
40 | The key to access private git repositories (websites hosted by the | 50 | The key to access private git repositories (websites hosted by the |
41 | server) needs to be accessible to nix builders. It will be put in | 51 | server) needs to be accessible to nix builders. It will be put in |
42 | /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) | 52 | /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) |
43 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null | 53 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null |
44 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null | 54 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixSshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null |
45 | > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops | 55 | > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops |
46 | > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub | 56 | > sudo chown nixbld1:nixbld /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub |
47 | Continue? [y/N] | 57 | Continue? [y/N] |
48 | EOF | 58 | EOF |
49 | read y | 59 | read y |
50 | if [ "$y" = "y" -o "$y" = "Y" ]; then | 60 | if [ "$y" = "y" -o "$y" = "Y" ]; then |
51 | if ! id -u nixbld1 2>/dev/null >/dev/null; then | 61 | if ! id -u nixbld1 2>/dev/null >/dev/null; then |
@@ -70,26 +80,70 @@ EOF | |||
70 | fi | 80 | fi |
71 | 81 | ||
72 | if ! nix-channel --list | grep -q "$NixChannelName $NixChannelUrl"; then | 82 | if ! nix-channel --list | grep -q "$NixChannelName $NixChannelUrl"; then |
73 | cat <<EOF | 83 | cat <<-EOF |
74 | A new nix channel will be installed (or upgraded) to freeze the packages | 84 | A new nix channel will be installed (or upgraded) to freeze the packages |
75 | version: | 85 | version: |
76 | $NixChannelName $NixChannelUrl | 86 | $NixChannelName $NixChannelUrl |
77 | > nix-channel --add $NixChannelUrl $NixChannelName | 87 | > nix-channel --add $NixChannelUrl $NixChannelName |
78 | > nix-channel --update | 88 | > nix-channel --update |
79 | If this step fail, you may have to disable sandboxing in | 89 | If this step fail, you may have to disable sandboxing in |
80 | /etc/nix/nix.conf and rerun | 90 | /etc/nix/nix.conf and rerun |
81 | > nix-channel --update | 91 | > nix-channel --update |
82 | manually. | 92 | manually. |
83 | Continue? [y/N] | 93 | Continue? [y/N] |
84 | EOF | 94 | EOF |
85 | read y | 95 | read y |
86 | if [ "$y" = "y" -o "$y" = "Y" ]; then | 96 | if [ "$y" = "y" -o "$y" = "Y" ]; then |
87 | nix-channel --add $NixChannelUrl $NixChannelName | 97 | nix-channel --add $NixChannelUrl $NixChannelName |
88 | nix-channel --update | 98 | nix-channel --update |
99 | else | ||
100 | echo "Aborting" | ||
101 | exit 1 | ||
102 | fi | ||
103 | fi | ||
104 | |||
105 | if ! which nixops 2>/dev/null >/dev/null; then | ||
106 | cat <<-EOF | ||
107 | nixops is needed: | ||
108 | > nix-env -i nixops | ||
109 | If it fails, please check that $HOME/.nix-profile/bin is in your PATH. | ||
110 | Continue? [y/N] | ||
111 | EOF | ||
112 | read y | ||
113 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
114 | nix-env -i nixops | ||
115 | if ! which nixops 2>/dev/null >/dev/null; then | ||
116 | echo "Installation failed, please check that $HOME/.nix-profile/bin is in your path." | ||
117 | exit 1 | ||
118 | fi | ||
119 | else | ||
120 | echo "Aborting" | ||
121 | exit 1 | ||
122 | fi | ||
123 | fi | ||
124 | |||
125 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
126 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
127 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | ||
128 | |||
129 | if ! nixops info 2>/dev/null >/dev/null; then | ||
130 | cat <<-EOF | ||
131 | Importing deployment file into nixops: | ||
132 | Continue? [y/N] | ||
133 | EOF | ||
134 | read y | ||
135 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
136 | deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/NixDeployment) | ||
137 | echo "$deployment" | nixops import | ||
138 | |||
139 | nixops modify "$(dirname $DIR)/eldiron.nix" | ||
140 | else | ||
141 | echo "Aborting" | ||
142 | exit 1 | ||
89 | fi | 143 | fi |
90 | fi | 144 | fi |
91 | 145 | ||
92 | cat <<EOF | 146 | cat <<-EOF |
93 | All set up. | 147 | All set up. |
94 | Please make sure you’re using scripts/nixops_wrap when deploying | 148 | Please make sure you’re using scripts/nixops_wrap when deploying |
95 | EOF | 149 | EOF |
diff --git a/nixops/state/.gitkeep b/nixops/state/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/nixops/state/.gitkeep | |||