diff options
Diffstat (limited to 'nixops')
-rw-r--r-- | nixops/Makefile | 87 | ||||
-rw-r--r-- | nixops/default.nix | 11 | ||||
-rwxr-xr-x | nixops/scripts/setup | 16 | ||||
-rwxr-xr-x | nixops/scripts/with_env | 6 | ||||
m--------- | nixops/secrets | 0 | ||||
-rw-r--r-- | nixops/state/.gitkeep | 0 |
6 files changed, 34 insertions, 86 deletions
diff --git a/nixops/Makefile b/nixops/Makefile index 18d48eb..0bebaf8 100644 --- a/nixops/Makefile +++ b/nixops/Makefile | |||
@@ -2,8 +2,6 @@ ifndef NIXOPS_ENV_LOADED | |||
2 | $(error "Please load environment with direnv") | 2 | $(error "Please load environment with direnv") |
3 | endif | 3 | endif |
4 | 4 | ||
5 | NIXOPS_PRIV = ./scripts/with_env nixops | ||
6 | |||
7 | ###### Current channel information | 5 | ###### Current channel information |
8 | nix-info: | 6 | nix-info: |
9 | @version=$$(nix eval --raw nixpkgs.lib.version) && \ | 7 | @version=$$(nix eval --raw nixpkgs.lib.version) && \ |
@@ -17,100 +15,69 @@ setup: | |||
17 | ./scripts/setup | 15 | ./scripts/setup |
18 | .PHONY: setup | 16 | .PHONY: setup |
19 | 17 | ||
20 | ###### Nixops regular tasks | 18 | ###### Morph regular tasks |
19 | PROFILE=/nix/var/nix/profiles/per-user/immae/morph/immaeEu | ||
21 | TARGET ?= | 20 | TARGET ?= |
22 | NIXOPS_ARGS ?= | 21 | MORPH_ARGS ?= |
23 | ifdef TARGET | 22 | ifdef TARGET |
24 | override NIXOPS_ARGS +=--include=$(TARGET) | 23 | # multiple targets: --on="{machine1,machine2}" (works with * glob too) |
24 | override MORPH_ARGS +=--on=$(TARGET) | ||
25 | endif | 25 | endif |
26 | SSH_ARGS ?= | 26 | SSH_ARGS ?= |
27 | 27 | ||
28 | edit_env: | 28 | edit_env: |
29 | pass edit Nixops/files/environment.nix || true | 29 | pass edit Nixops/files/environment.nix || true |
30 | 30 | ||
31 | nixops: | ||
32 | $(NIXOPS_PRIV) $(NIXOPS_ARGS) | ||
33 | |||
34 | ssh-eldiron: | 31 | ssh-eldiron: |
35 | $(NIXOPS_PRIV) ssh eldiron -- $(SSH_ARGS) | 32 | ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@eldiron $(SSH_ARGS)' |
36 | 33 | ||
37 | ssh-dilion: | 34 | ssh-dilion: |
38 | $(NIXOPS_PRIV) ssh dilion -- $(SSH_ARGS) | 35 | ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@dilion $(SSH_ARGS)' |
39 | 36 | ||
40 | ssh-backup-2: | 37 | ssh-backup-2: |
41 | $(NIXOPS_PRIV) ssh backup-2 -- $(SSH_ARGS) | 38 | ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@backup-2 $(SSH_ARGS)' |
42 | 39 | ||
43 | ssh-monitoring-1: | 40 | ssh-monitoring-1: |
44 | $(NIXOPS_PRIV) ssh monitoring-1 -- $(SSH_ARGS) | 41 | ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@monitoring-1 $(SSH_ARGS)' |
45 | |||
46 | info: | ||
47 | $(NIXOPS_PRIV) list | ||
48 | $(NIXOPS_PRIV) info | ||
49 | 42 | ||
50 | debug: | 43 | debug: |
51 | $(NIXOPS_PRIV) deploy --build-only --show-trace $(NIXOPS_ARGS) | 44 | ./scripts/with_env morph build --show-trace default.nix $(MORPH_ARGS) |
52 | |||
53 | dry-run: | ||
54 | $(NIXOPS_PRIV) deploy --dry-run $(NIXOPS_ARGS) | ||
55 | 45 | ||
56 | build: | 46 | build: |
57 | $(NIXOPS_PRIV) deploy --build-only $(NIXOPS_ARGS) | 47 | ./scripts/with_env morph build default.nix $(MORPH_ARGS) |
58 | 48 | ||
59 | upload: | 49 | upload: |
60 | $(NIXOPS_PRIV) deploy --copy-only $(NIXOPS_ARGS) | 50 | ./scripts/with_env morph push default.nix $(MORPH_ARGS) |
61 | 51 | ||
62 | deploy: | 52 | deploy: |
63 | $(NIXOPS_PRIV) deploy $(NIXOPS_ARGS) | 53 | ./scripts/with_env morph deploy default.nix switch --keep-result --upload-secrets $(MORPH_ARGS) |
54 | nix-env -p $(PROFILE) --set .gcroots/default.nix | ||
64 | 55 | ||
65 | deploy-reboot: | 56 | deploy-reboot: |
66 | $(NIXOPS_PRIV) deploy --force-reboot $(NIXOPS_ARGS) | 57 | ./scripts/with_env morph deploy default.nix boot --reboot --upload-secrets $(MORPH_ARGS) |
67 | 58 | ||
68 | reboot: | 59 | .PHONY: ssh-eldiron ssh-dilion ssh-monitoring-1 ssh-backup-2 debug build upload deploy deploy-reboot |
69 | $(NIXOPS_PRIV) reboot --include=$(TARGET) | ||
70 | .PHONY: nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot | ||
71 | 60 | ||
72 | ###### Cleanup generations and garbage collection | 61 | ###### Cleanup generations and garbage collection |
73 | profile := $$($(NIXOPS_PRIV) info | grep "^Nix profile: " | sed -e "s/^Nix profile: //") | ||
74 | GEN ?= "+3" | 62 | GEN ?= "+3" |
75 | 63 | ||
76 | list-generations: | 64 | list-generations: |
77 | nix-env -p $(profile) --list-generations | 65 | nix-env -p $(PROFILE) --list-generations |
78 | $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations | 66 | $(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --list-generations" |
79 | .PHONY: list-generations | 67 | .PHONY: list-generations |
80 | 68 | ||
81 | delete-generations: | 69 | delete-generations: |
82 | nix-env -p $(profile) --delete-generations $(GEN) | 70 | nix-env -p $(PROFILE) --delete-generations $(GEN) |
83 | $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) | 71 | $(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)" |
84 | $(NIXOPS_PRIV) ssh dilion -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) | 72 | $(MAKE) ssh-dilion SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)" |
85 | $(NIXOPS_PRIV) ssh backup-2 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) | 73 | $(MAKE) ssh-backup-2 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)" |
86 | $(NIXOPS_PRIV) ssh monitoring-1 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) | 74 | $(MAKE) ssh-monitoring-1 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)" |
87 | .PHONY: delete-generations | 75 | .PHONY: delete-generations |
88 | 76 | ||
89 | cleanup: delete-generations | 77 | cleanup: delete-generations |
90 | nix-store --gc | 78 | nix-store --gc |
91 | $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc | 79 | $(MAKE) ssh-eldiron SSH_ARGS="nix-store --gc" |
92 | $(NIXOPS_PRIV) ssh dilion -- nix-store --gc | 80 | $(MAKE) ssh-dilion SSH_ARGS="nix-store --gc" |
93 | $(NIXOPS_PRIV) ssh backup-2 -- nix-store --gc | 81 | $(MAKE) ssh-backup-2 SSH_ARGS="nix-store --gc" |
94 | $(NIXOPS_PRIV) ssh monitoring-1 -- nix-store --gc | 82 | $(MAKE) ssh-monitoring-1 SSH_ARGS="nix-store --gc" |
95 | .PHONY: cleanup | 83 | .PHONY: cleanup |
96 | |||
97 | ###### Pull environment and deployment from remote | ||
98 | pull_deployment: | ||
99 | @if nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \ | ||
100 | echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \ | ||
101 | read y && \ | ||
102 | [ "$$y" = "y" -o "$$y" = "Y" ] && \ | ||
103 | nixops delete --force -d $(NIXOPS_DEPLOYMENT); \ | ||
104 | fi | ||
105 | pass show Nixops/Deployment | nixops import | ||
106 | nixops modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix" | ||
107 | .PHONY: pull_deployment | ||
108 | |||
109 | deployment_is_set: | ||
110 | nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null | ||
111 | .PHONY: deployment_is_set | ||
112 | |||
113 | ###### Push deployment information to password store | ||
114 | push_deployment: | ||
115 | nixops export | pass insert -m Nixops/Deployment | ||
116 | .PHONY: push | ||
diff --git a/nixops/default.nix b/nixops/default.nix index 56b86e8..7c6dd38 100644 --- a/nixops/default.nix +++ b/nixops/default.nix | |||
@@ -1,12 +1,7 @@ | |||
1 | { privateFiles ? ./. }: | 1 | let |
2 | privateFiles = <privateFiles>; | ||
3 | in | ||
2 | { | 4 | { |
3 | network = { | ||
4 | description = "Immae's network"; | ||
5 | enableRollback = true; | ||
6 | }; | ||
7 | |||
8 | # Used by hetzner cloud to provision machines | ||
9 | resources.sshKeyPairs.ssh-key = {}; | ||
10 | dilion = import ../modules/private/system/dilion.nix { inherit privateFiles; }; | 5 | dilion = import ../modules/private/system/dilion.nix { inherit privateFiles; }; |
11 | eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; }; | 6 | eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; }; |
12 | backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; }; | 7 | backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; }; |
diff --git a/nixops/scripts/setup b/nixops/scripts/setup index 22f43ce..e161e43 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup | |||
@@ -2,8 +2,6 @@ | |||
2 | 2 | ||
3 | set -euo pipefail | 3 | set -euo pipefail |
4 | 4 | ||
5 | MAKEFILE_DIR="$( cd "$( dirname $( dirname "${BASH_SOURCE[0]}" ))" >/dev/null 2>&1 && pwd )" | ||
6 | |||
7 | if ! which nix 2>/dev/null >/dev/null; then | 5 | if ! which nix 2>/dev/null >/dev/null; then |
8 | cat <<-EOF | 6 | cat <<-EOF |
9 | nix is needed, please install it: | 7 | nix is needed, please install it: |
@@ -62,20 +60,6 @@ if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then | |||
62 | read y | 60 | read y |
63 | fi | 61 | fi |
64 | 62 | ||
65 | if ! make -C $MAKEFILE_DIR deployment_is_set 2>/dev/null >/dev/null; then | ||
66 | cat <<-EOF | ||
67 | Importing deployment file into nixops: | ||
68 | Continue? [y/N] | ||
69 | EOF | ||
70 | read y | ||
71 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
72 | make -C $MAKEFILE_DIR pull_deployment | ||
73 | else | ||
74 | echo "Aborting" | ||
75 | exit 1 | ||
76 | fi | ||
77 | fi | ||
78 | |||
79 | cat <<-EOF | 63 | cat <<-EOF |
80 | All set up. | 64 | All set up. |
81 | Please make sure you’re using make commands when deploying | 65 | Please make sure you’re using make commands when deploying |
diff --git a/nixops/scripts/with_env b/nixops/scripts/with_env index 9882f78..f8e5537 100755 --- a/nixops/scripts/with_env +++ b/nixops/scripts/with_env | |||
@@ -5,12 +5,12 @@ if [ -z "$NIXOPS_ENV_LOADED" ]; then | |||
5 | exit 1; | 5 | exit 1; |
6 | fi | 6 | fi |
7 | 7 | ||
8 | umask 0077 | ||
8 | TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) | 9 | TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) |
9 | chmod go-rwx $TEMP | 10 | chmod go-rwx $TEMP |
10 | 11 | ||
11 | finish() { | 12 | finish() { |
12 | rm -rf "$TEMP" | 13 | rm -rf "$TEMP" |
13 | nixops set-args --unset privateFiles | ||
14 | } | 14 | } |
15 | 15 | ||
16 | trap finish EXIT | 16 | trap finish EXIT |
@@ -21,6 +21,8 @@ files=$(pass ls Nixops/files | sed -e '1d' -e 's/^.* //') | |||
21 | for file in $files; do | 21 | for file in $files; do |
22 | pass show "Nixops/files/$file" > $TEMP/$file | 22 | pass show "Nixops/files/$file" > $TEMP/$file |
23 | done | 23 | done |
24 | nixops set-args --argstr privateFiles "$TEMP" | 24 | |
25 | export NIX_PATH="privateFiles=$TEMP:$NIX_PATH" | ||
26 | export SSH_IDENTITY_FILE="$TEMP/id_ed25519" | ||
25 | 27 | ||
26 | "$@" | 28 | "$@" |
diff --git a/nixops/secrets b/nixops/secrets | |||
Subproject 79b991028b09aa59f719059de8dc1fba7d6b04f | Subproject def4146f0e703ca9a32735fbbc3820d6f9bb22e | ||
diff --git a/nixops/state/.gitkeep b/nixops/state/.gitkeep deleted file mode 100644 index e69de29..0000000 --- a/nixops/state/.gitkeep +++ /dev/null | |||