aboutsummaryrefslogtreecommitdiff
path: root/nixops
diff options
context:
space:
mode:
Diffstat (limited to 'nixops')
-rw-r--r--nixops/Makefile87
-rw-r--r--nixops/default.nix11
-rwxr-xr-xnixops/scripts/setup16
-rwxr-xr-xnixops/scripts/with_env6
m---------nixops/secrets0
-rw-r--r--nixops/state/.gitkeep0
6 files changed, 34 insertions, 86 deletions
diff --git a/nixops/Makefile b/nixops/Makefile
index 18d48eb..0bebaf8 100644
--- a/nixops/Makefile
+++ b/nixops/Makefile
@@ -2,8 +2,6 @@ ifndef NIXOPS_ENV_LOADED
2 $(error "Please load environment with direnv") 2 $(error "Please load environment with direnv")
3endif 3endif
4 4
5NIXOPS_PRIV = ./scripts/with_env nixops
6
7###### Current channel information 5###### Current channel information
8nix-info: 6nix-info:
9 @version=$$(nix eval --raw nixpkgs.lib.version) && \ 7 @version=$$(nix eval --raw nixpkgs.lib.version) && \
@@ -17,100 +15,69 @@ setup:
17 ./scripts/setup 15 ./scripts/setup
18.PHONY: setup 16.PHONY: setup
19 17
20###### Nixops regular tasks 18###### Morph regular tasks
19PROFILE=/nix/var/nix/profiles/per-user/immae/morph/immaeEu
21TARGET ?= 20TARGET ?=
22NIXOPS_ARGS ?= 21MORPH_ARGS ?=
23ifdef TARGET 22ifdef TARGET
24 override NIXOPS_ARGS +=--include=$(TARGET) 23 # multiple targets: --on="{machine1,machine2}" (works with * glob too)
24 override MORPH_ARGS +=--on=$(TARGET)
25endif 25endif
26SSH_ARGS ?= 26SSH_ARGS ?=
27 27
28edit_env: 28edit_env:
29 pass edit Nixops/files/environment.nix || true 29 pass edit Nixops/files/environment.nix || true
30 30
31nixops:
32 $(NIXOPS_PRIV) $(NIXOPS_ARGS)
33
34ssh-eldiron: 31ssh-eldiron:
35 $(NIXOPS_PRIV) ssh eldiron -- $(SSH_ARGS) 32 ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@eldiron $(SSH_ARGS)'
36 33
37ssh-dilion: 34ssh-dilion:
38 $(NIXOPS_PRIV) ssh dilion -- $(SSH_ARGS) 35 ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@dilion $(SSH_ARGS)'
39 36
40ssh-backup-2: 37ssh-backup-2:
41 $(NIXOPS_PRIV) ssh backup-2 -- $(SSH_ARGS) 38 ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@backup-2 $(SSH_ARGS)'
42 39
43ssh-monitoring-1: 40ssh-monitoring-1:
44 $(NIXOPS_PRIV) ssh monitoring-1 -- $(SSH_ARGS) 41 ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@monitoring-1 $(SSH_ARGS)'
45
46info:
47 $(NIXOPS_PRIV) list
48 $(NIXOPS_PRIV) info
49 42
50debug: 43debug:
51 $(NIXOPS_PRIV) deploy --build-only --show-trace $(NIXOPS_ARGS) 44 ./scripts/with_env morph build --show-trace default.nix $(MORPH_ARGS)
52
53dry-run:
54 $(NIXOPS_PRIV) deploy --dry-run $(NIXOPS_ARGS)
55 45
56build: 46build:
57 $(NIXOPS_PRIV) deploy --build-only $(NIXOPS_ARGS) 47 ./scripts/with_env morph build default.nix $(MORPH_ARGS)
58 48
59upload: 49upload:
60 $(NIXOPS_PRIV) deploy --copy-only $(NIXOPS_ARGS) 50 ./scripts/with_env morph push default.nix $(MORPH_ARGS)
61 51
62deploy: 52deploy:
63 $(NIXOPS_PRIV) deploy $(NIXOPS_ARGS) 53 ./scripts/with_env morph deploy default.nix switch --keep-result --upload-secrets $(MORPH_ARGS)
54 nix-env -p $(PROFILE) --set .gcroots/default.nix
64 55
65deploy-reboot: 56deploy-reboot:
66 $(NIXOPS_PRIV) deploy --force-reboot $(NIXOPS_ARGS) 57 ./scripts/with_env morph deploy default.nix boot --reboot --upload-secrets $(MORPH_ARGS)
67 58
68reboot: 59.PHONY: ssh-eldiron ssh-dilion ssh-monitoring-1 ssh-backup-2 debug build upload deploy deploy-reboot
69 $(NIXOPS_PRIV) reboot --include=$(TARGET)
70.PHONY: nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot
71 60
72###### Cleanup generations and garbage collection 61###### Cleanup generations and garbage collection
73profile := $$($(NIXOPS_PRIV) info | grep "^Nix profile: " | sed -e "s/^Nix profile: //")
74GEN ?= "+3" 62GEN ?= "+3"
75 63
76list-generations: 64list-generations:
77 nix-env -p $(profile) --list-generations 65 nix-env -p $(PROFILE) --list-generations
78 $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations 66 $(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --list-generations"
79.PHONY: list-generations 67.PHONY: list-generations
80 68
81delete-generations: 69delete-generations:
82 nix-env -p $(profile) --delete-generations $(GEN) 70 nix-env -p $(PROFILE) --delete-generations $(GEN)
83 $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) 71 $(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
84 $(NIXOPS_PRIV) ssh dilion -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) 72 $(MAKE) ssh-dilion SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
85 $(NIXOPS_PRIV) ssh backup-2 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) 73 $(MAKE) ssh-backup-2 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
86 $(NIXOPS_PRIV) ssh monitoring-1 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) 74 $(MAKE) ssh-monitoring-1 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)"
87.PHONY: delete-generations 75.PHONY: delete-generations
88 76
89cleanup: delete-generations 77cleanup: delete-generations
90 nix-store --gc 78 nix-store --gc
91 $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc 79 $(MAKE) ssh-eldiron SSH_ARGS="nix-store --gc"
92 $(NIXOPS_PRIV) ssh dilion -- nix-store --gc 80 $(MAKE) ssh-dilion SSH_ARGS="nix-store --gc"
93 $(NIXOPS_PRIV) ssh backup-2 -- nix-store --gc 81 $(MAKE) ssh-backup-2 SSH_ARGS="nix-store --gc"
94 $(NIXOPS_PRIV) ssh monitoring-1 -- nix-store --gc 82 $(MAKE) ssh-monitoring-1 SSH_ARGS="nix-store --gc"
95.PHONY: cleanup 83.PHONY: cleanup
96
97###### Pull environment and deployment from remote
98pull_deployment:
99 @if nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \
100 echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \
101 read y && \
102 [ "$$y" = "y" -o "$$y" = "Y" ] && \
103 nixops delete --force -d $(NIXOPS_DEPLOYMENT); \
104 fi
105 pass show Nixops/Deployment | nixops import
106 nixops modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix"
107.PHONY: pull_deployment
108
109deployment_is_set:
110 nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null
111.PHONY: deployment_is_set
112
113###### Push deployment information to password store
114push_deployment:
115 nixops export | pass insert -m Nixops/Deployment
116.PHONY: push
diff --git a/nixops/default.nix b/nixops/default.nix
index 56b86e8..7c6dd38 100644
--- a/nixops/default.nix
+++ b/nixops/default.nix
@@ -1,12 +1,7 @@
1{ privateFiles ? ./. }: 1let
2 privateFiles = <privateFiles>;
3in
2{ 4{
3 network = {
4 description = "Immae's network";
5 enableRollback = true;
6 };
7
8 # Used by hetzner cloud to provision machines
9 resources.sshKeyPairs.ssh-key = {};
10 dilion = import ../modules/private/system/dilion.nix { inherit privateFiles; }; 5 dilion = import ../modules/private/system/dilion.nix { inherit privateFiles; };
11 eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; }; 6 eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; };
12 backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; }; 7 backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; };
diff --git a/nixops/scripts/setup b/nixops/scripts/setup
index 22f43ce..e161e43 100755
--- a/nixops/scripts/setup
+++ b/nixops/scripts/setup
@@ -2,8 +2,6 @@
2 2
3set -euo pipefail 3set -euo pipefail
4 4
5MAKEFILE_DIR="$( cd "$( dirname $( dirname "${BASH_SOURCE[0]}" ))" >/dev/null 2>&1 && pwd )"
6
7if ! which nix 2>/dev/null >/dev/null; then 5if ! which nix 2>/dev/null >/dev/null; then
8 cat <<-EOF 6 cat <<-EOF
9 nix is needed, please install it: 7 nix is needed, please install it:
@@ -62,20 +60,6 @@ if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then
62 read y 60 read y
63fi 61fi
64 62
65if ! make -C $MAKEFILE_DIR deployment_is_set 2>/dev/null >/dev/null; then
66 cat <<-EOF
67 Importing deployment file into nixops:
68 Continue? [y/N]
69 EOF
70 read y
71 if [ "$y" = "y" -o "$y" = "Y" ]; then
72 make -C $MAKEFILE_DIR pull_deployment
73 else
74 echo "Aborting"
75 exit 1
76 fi
77fi
78
79cat <<-EOF 63cat <<-EOF
80 All set up. 64 All set up.
81 Please make sure you’re using make commands when deploying 65 Please make sure you’re using make commands when deploying
diff --git a/nixops/scripts/with_env b/nixops/scripts/with_env
index 9882f78..f8e5537 100755
--- a/nixops/scripts/with_env
+++ b/nixops/scripts/with_env
@@ -5,12 +5,12 @@ if [ -z "$NIXOPS_ENV_LOADED" ]; then
5 exit 1; 5 exit 1;
6fi 6fi
7 7
8umask 0077
8TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) 9TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files)
9chmod go-rwx $TEMP 10chmod go-rwx $TEMP
10 11
11finish() { 12finish() {
12 rm -rf "$TEMP" 13 rm -rf "$TEMP"
13 nixops set-args --unset privateFiles
14} 14}
15 15
16trap finish EXIT 16trap finish EXIT
@@ -21,6 +21,8 @@ files=$(pass ls Nixops/files | sed -e '1d' -e 's/^.* //')
21for file in $files; do 21for file in $files; do
22 pass show "Nixops/files/$file" > $TEMP/$file 22 pass show "Nixops/files/$file" > $TEMP/$file
23done 23done
24nixops set-args --argstr privateFiles "$TEMP" 24
25export NIX_PATH="privateFiles=$TEMP:$NIX_PATH"
26export SSH_IDENTITY_FILE="$TEMP/id_ed25519"
25 27
26"$@" 28"$@"
diff --git a/nixops/secrets b/nixops/secrets
Subproject 79b991028b09aa59f719059de8dc1fba7d6b04f Subproject def4146f0e703ca9a32735fbbc3820d6f9bb22e
diff --git a/nixops/state/.gitkeep b/nixops/state/.gitkeep
deleted file mode 100644
index e69de29..0000000
--- a/nixops/state/.gitkeep
+++ /dev/null