From 4506dbe51901f66406a02042b2097b3b3856e8a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 25 May 2019 15:11:11 +0200 Subject: Use Makefile for some env/deploy scripts --- Makefile | 22 ++++++-- nixops/Makefile | 117 +++++++++++++++++++++++++++++++--------- nixops/scripts/nixops_wrap | 31 ----------- nixops/scripts/pull_deployment | 33 ------------ nixops/scripts/pull_environment | 13 ----- nixops/scripts/push_deployment | 13 ----- nixops/scripts/push_environment | 13 ----- nixops/scripts/setup | 20 +++---- nixops/scripts/with_env | 31 +++++++++++ scripts/make-env | 4 +- scripts/nix_env | 14 +---- scripts/nix_infos | 10 ---- 12 files changed, 151 insertions(+), 170 deletions(-) delete mode 100755 nixops/scripts/nixops_wrap delete mode 100755 nixops/scripts/pull_deployment delete mode 100755 nixops/scripts/pull_environment delete mode 100755 nixops/scripts/push_deployment delete mode 100755 nixops/scripts/push_environment create mode 100755 nixops/scripts/with_env delete mode 100755 scripts/nix_infos diff --git a/Makefile b/Makefile index 62a0f9d..3ab58cf 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,17 @@ -subrecipes = setup ssh-eldiron info debug dry-run build upload deploy reboot push pull pull-deployment list-generations delete-generations cleanup +subrecipes = setup +subrecipes += nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot +subrecipes += list-generations delete-generations cleanup +subrecipes += pull pull_environment pull_deployment deployment_is_set push push_deployment push_environment ${subrecipes}: @$(MAKE) --no-print-directory -C nixops/ $@ +.PHONY: ${subrecipes} + +# This will automatically upgrade to latest version at each build +nixpkgs ?= https://nixos.org/channels/nixos-19.03/nixexprs.tar.xz +NIX_PATH = nixpkgs=${nixpkgs}:nixpkgsNext=${nixpkgs}:nixpkgsPrevious=${nixpkgs} + +nix-path: + @echo "export NIX_PATH=$(NIX_PATH)" env: ./scripts/make-env @@ -9,10 +20,13 @@ env-dry-run: ./scripts/make-env --dry-run nix-info: - NIXOPS_DEPLOYMENT="" ./scripts/nix_infos + @version=$$(nix eval --raw nixpkgs.lib.version) && \ + mainversion=$$(echo $$version | cut -d"." -f -2) && \ + echo "https://releases.nixos.org/nixos/$$mainversion/nixos-$$version/nixexprs.tar.xz" && \ + nix eval --raw nixpkgs.bc.meta.position | cut -d"/" -f-4 nix-info-nixops: - NIXOPS_DEPLOYMENT="n" ./scripts/nix_infos + @$(MAKE) --no-print-directory -C nixops/ nix-info nur: ./scripts/make-nur @@ -21,4 +35,4 @@ nur: shellcheck: shellcheck scripts/* nixops/scripts/* modules/private/gitolite/gitolite_ldap_groups.sh modules/private/ssh/ldap_authorized_keys.sh modules/private/pub/restrict -.PHONY: env env-dry-run nix-info nix-info-nixops nur shellcheck +.PHONY: env env-dry-run nix-info nur shellcheck diff --git a/nixops/Makefile b/nixops/Makefile index cce57ff..69603a0 100644 --- a/nixops/Makefile +++ b/nixops/Makefile @@ -1,54 +1,121 @@ +export +ifndef NIXOPS_CONFIG_PASS_SUBTREE_PATH + $(error Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path) +endif + +NIXOPS_STATE ?= ./state/eldiron.nixops +NIXOPS_DEPLOYMENT = cef694f3-081d-11e9-b31f-0242ec186adf +nixpkgs ?= https://releases.nixos.org/nixos/19.03/nixos-19.03.172731.3efdf45dbd1/nixexprs.tar.xz +NIX_PATH = nixpkgs=${nixpkgs}:nixpkgsNext=${nixpkgs}:nixpkgsPrevious=${nixpkgs} + +NIXOPS := $(shell NIX_PATH=$(NIX_PATH) nix-build --no-out-link -E "with import { overlays = builtins.attrValues (import ../overlays); }; nixops")/bin/nixops +NIXOPS_PRIV = ./scripts/with_env $(NIXOPS) + +###### Current channel information +nix-info: + @version=$$(nix eval --raw nixpkgs.lib.version) && \ + mainversion=$$(echo $$version | cut -d"." -f -2) && \ + echo "https://releases.nixos.org/nixos/$$mainversion/nixos-$$version/nixexprs.tar.xz" && \ + nix eval --raw nixpkgs.bc.meta.position | cut -d"/" -f-4 +.PHONY: nix-info + +###### Initial setup setup: ./scripts/setup +.PHONY: setup +###### Nixops regular tasks +NIXOPS_ARGS ?= +nixops: + $(NIXOPS_PRIV) $(NIXOPS_ARGS) + +SSH_ARGS ?= ssh-eldiron: - ./scripts/nixops_wrap ssh eldiron + $(NIXOPS_PRIV) ssh eldiron -- $(SSH_ARGS) info: - ./scripts/nixops_wrap list - ./scripts/nixops_wrap info + $(NIXOPS_PRIV) list + $(NIXOPS_PRIV) info debug: - ./scripts/nixops_wrap deploy --build-only --show-trace + $(NIXOPS_PRIV) deploy --build-only --show-trace dry-run: - ./scripts/nixops_wrap deploy --dry-run + $(NIXOPS_PRIV) deploy --dry-run build: - ./scripts/nixops_wrap deploy --build-only + $(NIXOPS_PRIV) deploy --build-only upload: - ./scripts/nixops_wrap deploy --copy-only + $(NIXOPS_PRIV) deploy --copy-only deploy: - ./scripts/nixops_wrap deploy - -reboot: - ./scripts/nixops_wrap reboot --include=eldiron + $(NIXOPS_PRIV) deploy -push: - ./scripts/push_deployment - ./scripts/push_environment +deploy-reboot: + $(NIXOPS_PRIV) deploy --force-reboot -pull: - ./scripts/pull_environment - -pull-deployment: - ./scripts/pull_deployment +reboot: + $(NIXOPS_PRIV) reboot --include=eldiron +.PHONY: nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot -profile = $(shell ./scripts/nixops_wrap info | grep "^Nix profile: " | sed -e "s/^Nix profile: //") +###### Cleanup generations and garbage collection +profile := $$($(NIXOPS_PRIV) info | grep "^Nix profile: " | sed -e "s/^Nix profile: //") GEN ?= "+3" list-generations: nix-env -p $(profile) --list-generations - ./scripts/nixops_wrap ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations + $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations +.PHONY: list-generations delete-generations: nix-env -p $(profile) --delete-generations $(GEN) - ./scripts/nixops_wrap ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) + $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) +.PHONY: delete-generations cleanup: delete-generations nix-store --gc - ./scripts/nixops_wrap ssh eldiron -- nix-store --gc - -.PHONY: setup ssh-eldiron info debug dry-run build upload deploy push pull pull-deployment list-generations delete-generations cleanup + $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc +.PHONY: cleanup + +###### Pull environment and deployment from remote +# Don't include pull_deployment by default as this should happen only rarely +pull: pull_environment; +.PHONY: pull + +pull_environment: +ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE + $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name") +endif + pass git subtree pull --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master +.PHONY: pull_environment + +pull_deployment: + @if $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \ + echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \ + read y && \ + [ "$$y" = "y" -o "$$y" = "Y" ] && \ + $(NIXOPS) delete --force -d $(NIXOPS_DEPLOYMENT); \ + fi + pass show $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment | $(NIXOPS) import + $(NIXOPS) modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix" +.PHONY: pull_deployment + +deployment_is_set: + $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null +.PHONY: deployment_is_set + +###### Push environment and deployment information to password store +push: push_deployment push_environment; +.PHONY: push + +push_deployment: + $(NIXOPS) export | pass insert -m $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment +.PHONY: push_deployment + +push_environment: +ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE + $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name") +endif + pass git subtree push --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master +.PHONY: push_environment diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap deleted file mode 100755 index 28aa917..0000000 --- a/nixops/scripts/nixops_wrap +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" -if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then - echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" - exit 1; -fi -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" -export NIXOPS_DEPLOYMENT="$DeploymentUuid" -source $(dirname $(dirname $DIR))/scripts/nix_env - -TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) -chmod go-rwx $TEMP - -finish() { - rm -rf "$TEMP" - nixops_custom set-args --unset privateFiles -} - -trap finish EXIT - -# pass cannot "just" list files in a directory without showing a tree :( -files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e 's/^.* //') - -for file in $files; do - pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file -done -nixops_custom set-args --argstr privateFiles "$TEMP" - -nixops_custom "$@" diff --git a/nixops/scripts/pull_deployment b/nixops/scripts/pull_deployment deleted file mode 100755 index 08b9915..0000000 --- a/nixops/scripts/pull_deployment +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" -if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then - echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" - exit 1; -fi -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" -export NIXOPS_DEPLOYMENT="$DeploymentUuid" -source $(dirname $(dirname $DIR))/scripts/nix_env - -export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" - -if nixops_custom info -d $DeploymentUuid 2>/dev/null >/dev/null; then - cat </dev/null 2>&1 && pwd )" -export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" -export NIXOPS_DEPLOYMENT="$DeploymentUuid" -source $(dirname $(dirname $DIR))/scripts/nix_env - -nixops_custom export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment diff --git a/nixops/scripts/push_environment b/nixops/scripts/push_environment deleted file mode 100755 index 8b59240..0000000 --- a/nixops/scripts/push_environment +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then - echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" - exit 1; -fi - -if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then - echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name" - exit 1; -fi - -pass git subtree push --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master diff --git a/nixops/scripts/setup b/nixops/scripts/setup index 793b7c3..3b364ac 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup @@ -3,7 +3,7 @@ set -euo pipefail RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Sites" -DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" +MAKEFILE_DIR="$( cd "$( dirname $( dirname "${BASH_SOURCE[0]}" ))" >/dev/null 2>&1 && pwd )" if ! which nix 2>/dev/null >/dev/null; then cat <<-EOF @@ -52,8 +52,8 @@ if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then fi fi -# Repull it before using it, just in case -pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master +# Repull it before adding keys, just in case +make -C $MAKEFILE_DIR pull_environment gpg_keys=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/GPGKeys | sed -e "1d" | cut -d" " -f2) for key in $gpg_keys; do @@ -97,29 +97,21 @@ if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then read y fi -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" -export NIXOPS_DEPLOYMENT="$DeploymentUuid" -source $(dirname $(dirname $DIR))/scripts/nix_env - -if ! nixops_custom info 2>/dev/null >/dev/null; then +if ! make -C $MAKEFILE_DIR deployment_is_set 2>/dev/null >/dev/null; then cat <<-EOF Importing deployment file into nixops: Continue? [y/N] EOF read y if [ "$y" = "y" -o "$y" = "Y" ]; then - deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment) - echo "$deployment" | nixops_custom import + make -C $MAKEFILE_DIR pull_deployment else echo "Aborting" exit 1 fi fi -nixops_custom modify "$(dirname $DIR)/default.nix" - cat <<-EOF All set up. - Please make sure you’re using scripts/nixops_wrap when deploying + Please make sure you’re using make commands when deploying EOF diff --git a/nixops/scripts/with_env b/nixops/scripts/with_env new file mode 100755 index 0000000..a442ced --- /dev/null +++ b/nixops/scripts/with_env @@ -0,0 +1,31 @@ +#!/bin/bash + +if [ -z "$NIXOPS" ]; then + echo "Please set NIXOPS to the nixops command" + exit 1; +fi + +if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then + echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" + exit 1; +fi + +TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) +chmod go-rwx $TEMP + +finish() { + rm -rf "$TEMP" + $NIXOPS set-args --unset privateFiles +} + +trap finish EXIT + +# pass cannot "just" list files in a directory without showing a tree :( +files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e 's/^.* //') + +for file in $files; do + pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file +done +$NIXOPS set-args --argstr privateFiles "$TEMP" + +"$@" diff --git a/scripts/make-env b/scripts/make-env index 983a359..25aa869 100755 --- a/scripts/make-env +++ b/scripts/make-env @@ -2,11 +2,11 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -source $DIR/nix_env +eval "$(make --no-print-directory -C $(dirname $DIR) nix-path)" nix-env -r -i -A myEnvironments.immae-eu -f "" "$@" result=$? cat >> $(dirname $DIR)/versions_log </dev/null 2>&1 && pwd )" - d=$(nix-build --no-out-link -E "with import { overlays = builtins.attrValues (import $(dirname $_DIR)/overlays); }; nixops") - ${d}/bin/nixops "$@" -} diff --git a/scripts/nix_infos b/scripts/nix_infos deleted file mode 100755 index 56e5b19..0000000 --- a/scripts/nix_infos +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" - -source $DIR/nix_env -version=$(nix eval --raw nixpkgs.lib.version) -mainversion=$(echo $version | cut -d"." -f -2) - -echo "https://releases.nixos.org/nixos/$mainversion/nixos-$version/nixexprs.tar.xz" -nix eval --raw nixpkgs.bc.meta.position | cut -d"/" -f-4 -- cgit v1.2.3