diff options
Diffstat (limited to 'nixops')
-rw-r--r-- | nixops/Makefile | 117 | ||||
-rwxr-xr-x | nixops/scripts/pull_deployment | 33 | ||||
-rwxr-xr-x | nixops/scripts/pull_environment | 13 | ||||
-rwxr-xr-x | nixops/scripts/push_deployment | 13 | ||||
-rwxr-xr-x | nixops/scripts/push_environment | 13 | ||||
-rwxr-xr-x | nixops/scripts/setup | 20 | ||||
-rwxr-xr-x | nixops/scripts/with_env (renamed from nixops/scripts/nixops_wrap) | 16 |
7 files changed, 106 insertions, 119 deletions
diff --git a/nixops/Makefile b/nixops/Makefile index cce57ff..69603a0 100644 --- a/nixops/Makefile +++ b/nixops/Makefile | |||
@@ -1,54 +1,121 @@ | |||
1 | export | ||
2 | ifndef NIXOPS_CONFIG_PASS_SUBTREE_PATH | ||
3 | $(error Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path) | ||
4 | endif | ||
5 | |||
6 | NIXOPS_STATE ?= ./state/eldiron.nixops | ||
7 | NIXOPS_DEPLOYMENT = cef694f3-081d-11e9-b31f-0242ec186adf | ||
8 | nixpkgs ?= https://releases.nixos.org/nixos/19.03/nixos-19.03.172731.3efdf45dbd1/nixexprs.tar.xz | ||
9 | NIX_PATH = nixpkgs=${nixpkgs}:nixpkgsNext=${nixpkgs}:nixpkgsPrevious=${nixpkgs} | ||
10 | |||
11 | NIXOPS := $(shell NIX_PATH=$(NIX_PATH) nix-build --no-out-link -E "with import <nixpkgs> { overlays = builtins.attrValues (import ../overlays); }; nixops")/bin/nixops | ||
12 | NIXOPS_PRIV = ./scripts/with_env $(NIXOPS) | ||
13 | |||
14 | ###### Current channel information | ||
15 | nix-info: | ||
16 | @version=$$(nix eval --raw nixpkgs.lib.version) && \ | ||
17 | mainversion=$$(echo $$version | cut -d"." -f -2) && \ | ||
18 | echo "https://releases.nixos.org/nixos/$$mainversion/nixos-$$version/nixexprs.tar.xz" && \ | ||
19 | nix eval --raw nixpkgs.bc.meta.position | cut -d"/" -f-4 | ||
20 | .PHONY: nix-info | ||
21 | |||
22 | ###### Initial setup | ||
1 | setup: | 23 | setup: |
2 | ./scripts/setup | 24 | ./scripts/setup |
25 | .PHONY: setup | ||
3 | 26 | ||
27 | ###### Nixops regular tasks | ||
28 | NIXOPS_ARGS ?= | ||
29 | nixops: | ||
30 | $(NIXOPS_PRIV) $(NIXOPS_ARGS) | ||
31 | |||
32 | SSH_ARGS ?= | ||
4 | ssh-eldiron: | 33 | ssh-eldiron: |
5 | ./scripts/nixops_wrap ssh eldiron | 34 | $(NIXOPS_PRIV) ssh eldiron -- $(SSH_ARGS) |
6 | 35 | ||
7 | info: | 36 | info: |
8 | ./scripts/nixops_wrap list | 37 | $(NIXOPS_PRIV) list |
9 | ./scripts/nixops_wrap info | 38 | $(NIXOPS_PRIV) info |
10 | 39 | ||
11 | debug: | 40 | debug: |
12 | ./scripts/nixops_wrap deploy --build-only --show-trace | 41 | $(NIXOPS_PRIV) deploy --build-only --show-trace |
13 | 42 | ||
14 | dry-run: | 43 | dry-run: |
15 | ./scripts/nixops_wrap deploy --dry-run | 44 | $(NIXOPS_PRIV) deploy --dry-run |
16 | 45 | ||
17 | build: | 46 | build: |
18 | ./scripts/nixops_wrap deploy --build-only | 47 | $(NIXOPS_PRIV) deploy --build-only |
19 | 48 | ||
20 | upload: | 49 | upload: |
21 | ./scripts/nixops_wrap deploy --copy-only | 50 | $(NIXOPS_PRIV) deploy --copy-only |
22 | 51 | ||
23 | deploy: | 52 | deploy: |
24 | ./scripts/nixops_wrap deploy | 53 | $(NIXOPS_PRIV) deploy |
25 | |||
26 | reboot: | ||
27 | ./scripts/nixops_wrap reboot --include=eldiron | ||
28 | 54 | ||
29 | push: | 55 | deploy-reboot: |
30 | ./scripts/push_deployment | 56 | $(NIXOPS_PRIV) deploy --force-reboot |
31 | ./scripts/push_environment | ||
32 | 57 | ||
33 | pull: | 58 | reboot: |
34 | ./scripts/pull_environment | 59 | $(NIXOPS_PRIV) reboot --include=eldiron |
35 | 60 | .PHONY: nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot | |
36 | pull-deployment: | ||
37 | ./scripts/pull_deployment | ||
38 | 61 | ||
39 | profile = $(shell ./scripts/nixops_wrap info | grep "^Nix profile: " | sed -e "s/^Nix profile: //") | 62 | ###### Cleanup generations and garbage collection |
63 | profile := $$($(NIXOPS_PRIV) info | grep "^Nix profile: " | sed -e "s/^Nix profile: //") | ||
40 | GEN ?= "+3" | 64 | GEN ?= "+3" |
41 | 65 | ||
42 | list-generations: | 66 | list-generations: |
43 | nix-env -p $(profile) --list-generations | 67 | nix-env -p $(profile) --list-generations |
44 | ./scripts/nixops_wrap ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations | 68 | $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations |
69 | .PHONY: list-generations | ||
45 | 70 | ||
46 | delete-generations: | 71 | delete-generations: |
47 | nix-env -p $(profile) --delete-generations $(GEN) | 72 | nix-env -p $(profile) --delete-generations $(GEN) |
48 | ./scripts/nixops_wrap ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) | 73 | $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) |
74 | .PHONY: delete-generations | ||
49 | 75 | ||
50 | cleanup: delete-generations | 76 | cleanup: delete-generations |
51 | nix-store --gc | 77 | nix-store --gc |
52 | ./scripts/nixops_wrap ssh eldiron -- nix-store --gc | 78 | $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc |
53 | 79 | .PHONY: cleanup | |
54 | .PHONY: setup ssh-eldiron info debug dry-run build upload deploy push pull pull-deployment list-generations delete-generations cleanup | 80 | |
81 | ###### Pull environment and deployment from remote | ||
82 | # Don't include pull_deployment by default as this should happen only rarely | ||
83 | pull: pull_environment; | ||
84 | .PHONY: pull | ||
85 | |||
86 | pull_environment: | ||
87 | ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE | ||
88 | $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name") | ||
89 | endif | ||
90 | pass git subtree pull --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master | ||
91 | .PHONY: pull_environment | ||
92 | |||
93 | pull_deployment: | ||
94 | @if $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \ | ||
95 | echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \ | ||
96 | read y && \ | ||
97 | [ "$$y" = "y" -o "$$y" = "Y" ] && \ | ||
98 | $(NIXOPS) delete --force -d $(NIXOPS_DEPLOYMENT); \ | ||
99 | fi | ||
100 | pass show $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment | $(NIXOPS) import | ||
101 | $(NIXOPS) modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix" | ||
102 | .PHONY: pull_deployment | ||
103 | |||
104 | deployment_is_set: | ||
105 | $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null | ||
106 | .PHONY: deployment_is_set | ||
107 | |||
108 | ###### Push environment and deployment information to password store | ||
109 | push: push_deployment push_environment; | ||
110 | .PHONY: push | ||
111 | |||
112 | push_deployment: | ||
113 | $(NIXOPS) export | pass insert -m $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment | ||
114 | .PHONY: push_deployment | ||
115 | |||
116 | push_environment: | ||
117 | ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE | ||
118 | $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name") | ||
119 | endif | ||
120 | pass git subtree push --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master | ||
121 | .PHONY: push_environment | ||
diff --git a/nixops/scripts/pull_deployment b/nixops/scripts/pull_deployment deleted file mode 100755 index 08b9915..0000000 --- a/nixops/scripts/pull_deployment +++ /dev/null | |||
@@ -1,33 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | ||
4 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
5 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | ||
6 | exit 1; | ||
7 | fi | ||
8 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
9 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
10 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | ||
11 | source $(dirname $(dirname $DIR))/scripts/nix_env | ||
12 | |||
13 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
14 | |||
15 | if nixops_custom info -d $DeploymentUuid 2>/dev/null >/dev/null; then | ||
16 | cat <<EOF | ||
17 | This will remove your current deployment file and recreate it! | ||
18 | Continue? [y/N] | ||
19 | EOF | ||
20 | read y | ||
21 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
22 | nixops_custom delete --force -d $DeploymentUuid | ||
23 | else | ||
24 | echo "Aborting" | ||
25 | exit 1 | ||
26 | fi | ||
27 | fi | ||
28 | |||
29 | deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment) | ||
30 | |||
31 | echo "$deployment" | nixops_custom import | ||
32 | |||
33 | nixops_custom modify -d "$DeploymentUuid" "$(dirname $DIR)/default.nix" | ||
diff --git a/nixops/scripts/pull_environment b/nixops/scripts/pull_environment deleted file mode 100755 index e508a2e..0000000 --- a/nixops/scripts/pull_environment +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
4 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | ||
5 | exit 1; | ||
6 | fi | ||
7 | |||
8 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then | ||
9 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name" | ||
10 | exit 1; | ||
11 | fi | ||
12 | |||
13 | pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | ||
diff --git a/nixops/scripts/push_deployment b/nixops/scripts/push_deployment deleted file mode 100755 index f2d25f9..0000000 --- a/nixops/scripts/push_deployment +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | ||
4 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
5 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | ||
6 | exit 1; | ||
7 | fi | ||
8 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
9 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
10 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | ||
11 | source $(dirname $(dirname $DIR))/scripts/nix_env | ||
12 | |||
13 | nixops_custom export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment | ||
diff --git a/nixops/scripts/push_environment b/nixops/scripts/push_environment deleted file mode 100755 index 8b59240..0000000 --- a/nixops/scripts/push_environment +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
4 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | ||
5 | exit 1; | ||
6 | fi | ||
7 | |||
8 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then | ||
9 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name" | ||
10 | exit 1; | ||
11 | fi | ||
12 | |||
13 | pass git subtree push --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | ||
diff --git a/nixops/scripts/setup b/nixops/scripts/setup index 793b7c3..3b364ac 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup | |||
@@ -3,7 +3,7 @@ | |||
3 | set -euo pipefail | 3 | set -euo pipefail |
4 | 4 | ||
5 | RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Sites" | 5 | RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Sites" |
6 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | 6 | MAKEFILE_DIR="$( cd "$( dirname $( dirname "${BASH_SOURCE[0]}" ))" >/dev/null 2>&1 && pwd )" |
7 | 7 | ||
8 | if ! which nix 2>/dev/null >/dev/null; then | 8 | if ! which nix 2>/dev/null >/dev/null; then |
9 | cat <<-EOF | 9 | cat <<-EOF |
@@ -52,8 +52,8 @@ if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then | |||
52 | fi | 52 | fi |
53 | fi | 53 | fi |
54 | 54 | ||
55 | # Repull it before using it, just in case | 55 | # Repull it before adding keys, just in case |
56 | pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | 56 | make -C $MAKEFILE_DIR pull_environment |
57 | 57 | ||
58 | gpg_keys=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/GPGKeys | sed -e "1d" | cut -d" " -f2) | 58 | gpg_keys=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/GPGKeys | sed -e "1d" | cut -d" " -f2) |
59 | for key in $gpg_keys; do | 59 | for key in $gpg_keys; do |
@@ -97,29 +97,21 @@ if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then | |||
97 | read y | 97 | read y |
98 | fi | 98 | fi |
99 | 99 | ||
100 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | 100 | if ! make -C $MAKEFILE_DIR deployment_is_set 2>/dev/null >/dev/null; then |
101 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
102 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | ||
103 | source $(dirname $(dirname $DIR))/scripts/nix_env | ||
104 | |||
105 | if ! nixops_custom info 2>/dev/null >/dev/null; then | ||
106 | cat <<-EOF | 101 | cat <<-EOF |
107 | Importing deployment file into nixops: | 102 | Importing deployment file into nixops: |
108 | Continue? [y/N] | 103 | Continue? [y/N] |
109 | EOF | 104 | EOF |
110 | read y | 105 | read y |
111 | if [ "$y" = "y" -o "$y" = "Y" ]; then | 106 | if [ "$y" = "y" -o "$y" = "Y" ]; then |
112 | deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment) | 107 | make -C $MAKEFILE_DIR pull_deployment |
113 | echo "$deployment" | nixops_custom import | ||
114 | else | 108 | else |
115 | echo "Aborting" | 109 | echo "Aborting" |
116 | exit 1 | 110 | exit 1 |
117 | fi | 111 | fi |
118 | fi | 112 | fi |
119 | 113 | ||
120 | nixops_custom modify "$(dirname $DIR)/default.nix" | ||
121 | |||
122 | cat <<-EOF | 114 | cat <<-EOF |
123 | All set up. | 115 | All set up. |
124 | Please make sure you’re using scripts/nixops_wrap when deploying | 116 | Please make sure you’re using make commands when deploying |
125 | EOF | 117 | EOF |
diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/with_env index 28aa917..a442ced 100755 --- a/nixops/scripts/nixops_wrap +++ b/nixops/scripts/with_env | |||
@@ -1,21 +1,21 @@ | |||
1 | #!/bin/bash | 1 | #!/bin/bash |
2 | 2 | ||
3 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | 3 | if [ -z "$NIXOPS" ]; then |
4 | echo "Please set NIXOPS to the nixops command" | ||
5 | exit 1; | ||
6 | fi | ||
7 | |||
4 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | 8 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then |
5 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | 9 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" |
6 | exit 1; | 10 | exit 1; |
7 | fi | 11 | fi |
8 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
9 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
10 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | ||
11 | source $(dirname $(dirname $DIR))/scripts/nix_env | ||
12 | 12 | ||
13 | TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) | 13 | TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) |
14 | chmod go-rwx $TEMP | 14 | chmod go-rwx $TEMP |
15 | 15 | ||
16 | finish() { | 16 | finish() { |
17 | rm -rf "$TEMP" | 17 | rm -rf "$TEMP" |
18 | nixops_custom set-args --unset privateFiles | 18 | $NIXOPS set-args --unset privateFiles |
19 | } | 19 | } |
20 | 20 | ||
21 | trap finish EXIT | 21 | trap finish EXIT |
@@ -26,6 +26,6 @@ files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e ' | |||
26 | for file in $files; do | 26 | for file in $files; do |
27 | pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file | 27 | pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file |
28 | done | 28 | done |
29 | nixops_custom set-args --argstr privateFiles "$TEMP" | 29 | $NIXOPS set-args --argstr privateFiles "$TEMP" |
30 | 30 | ||
31 | nixops_custom "$@" | 31 | "$@" |