From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- Makefile | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 121 insertions(+), 9 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 50fa09f..6282df2 100644 --- a/Makefile +++ b/Makefile @@ -1,16 +1,128 @@ -subrecipes = setup nix-info edit_env edit_vars -subrecipes += ssh-eldiron ssh-backup-2 ssh-monitoring-1 ssh-4c -subrecipes += debug build dry-run upload deploy next-boot deploy-reboot -subrecipes += list-generations delete-generations cleanup -${subrecipes}: - @$(MAKE) --no-print-directory -C nixops/ $@ -.PHONY: ${subrecipes} - nur: ./scripts/make-nur curl -o /dev/null -XPOST "https://nur-update.herokuapp.com/update?repo=immae" shellcheck: - shellcheck scripts/* nixops/scripts/* modules/private/gitolite/gitolite_ldap_groups.sh modules/private/ssh/ldap_authorized_keys.sh modules/private/pub/restrict + shellcheck scripts/* deploy/scripts/* modules/private/gitolite/gitolite_ldap_groups.sh modules/private/ssh/ldap_authorized_keys.sh modules/private/pub/restrict .PHONY: nur shellcheck + +###### Initial setup +setup: + ./scripts/setup +.PHONY: setup + +###### Morph regular tasks +PROFILE=./deploy/history +TARGET ?= +COMMON_COLEMNA_ARGS = -f ./deploy/flake.nix -v +#Only enabled in colemna 0.4: --nix-option allow-unsafe-native-code-during-evaluation true --nix-option allow-import-from-derivation true --nix-option substituters https://cache.nixos.org/ +MORPH_ARGS ?= +ifdef TARGET + # multiple targets: --on="{machine1,machine2}" (works with * glob too) + override MORPH_ARGS +=--on=$(TARGET) +endif +SSH_ARGS ?= + +nodes= dilion eldiron backup-2 monitoring-1 quatresaisons zoldene + +refresh_flakes: + @if [ -n "$(TARGET)" ]; then \ + ./scripts/refresh_flakes --no-new-inputs ./systems/$(TARGET)/flake.nix; \ + nix --no-warn-dirty flake lock --update-input n-$(TARGET) ./flakes; \ + nix --no-warn-dirty flake lock --update-input main-flake ./deploy; \ + else \ + ./scripts/refresh_flakes --no-new-inputs; \ + fi + (cd deploy ; nix flake lock --update-input secrets-local || true) + +.PHONY: refresh_flakes + +.PHONY: build $(addprefix build-,$(nodes)) +build-dilion build-eldiron build-backup-2 build-monitoring-1 build-quatresaisons build-zoldene: + $(MAKE) build TARGET=$(@:build-%=%) +build: refresh_flakes + colmena build $(COMMON_COLEMNA_ARGS) $(MORPH_ARGS) + +.PHONY: deploy $(addprefix deploy-,$(nodes)) +deploy-dilion deploy-eldiron deploy-backup-2 deploy-monitoring-1 deploy-quatresaisons deploy-zoldene: + $(MAKE) deploy TARGET=$(@:deploy-%=%) +deploy: refresh_flakes + ./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) switch --keep-result $(MORPH_ARGS) + $(MAKE) keep-roots + +.PHONY: ssh $(addprefix ssh-,$(nodes)) +ssh-4c: ssh-quatresaisons +ssh-dilion ssh-eldiron ssh-backup-2 ssh-monitoring-1 ssh-quatresaisons ssh-zoldene: + $(MAKE) ssh TARGET=$(@:ssh-%=%) +ssh: + ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@$(TARGET) $(SSH_ARGS)' + +.PHONY: ssh-decrypt $(addsuffix -decrypt,$(addprefix ssh-,$(nodes))) +ssh-zoldene-decrypt: + $(MAKE) ssh-decrypt TARGET=$(@:ssh-%-decrypt=%) +ssh-decrypt: + ./scripts/with_env bash -c 'ssh -p 2222 -i $$SSH_IDENTITY_FILE root@$(TARGET) $(SSH_ARGS)' + +.PHONY: debug $(addprefix debug-,$(nodes)) +debug-dilion debug-eldiron debug-backup-2 debug-monitoring-1 debug-quatresaisons debug-zoldene: + $(MAKE) debug TARGET=$(@:debug-%=%) +debug: refresh_flakes + colmena build $(COMMON_COLEMNA_ARGS) --show-trace $(MORPH_ARGS) + +.PHONY: upload $(addprefix upload-,$(nodes)) +upload-dilion upload-eldiron upload-backup-2 upload-monitoring-1 upload-quatresaisons upload-zoldene: + $(MAKE) upload TARGET=$(@:upload-%=%) +upload: refresh_flakes + ./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) push $(MORPH_ARGS) + +.PHONY: test-deploy $(addprefix test-deploy-,$(nodes)) +test-deploy-dilion test-deploy-eldiron test-deploy-backup-2 test-deploy-monitoring-1 test-deploy-quatresaisons test-deploy-zoldene: + $(MAKE) test-deploy TARGET=$(@:test-deploy-%=%) +test-deploy: refresh_flakes + ./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) test $(MORPH_ARGS) + +.PHONY: next-boot $(addprefix next-boot-,$(nodes)) +next-boot-dilion next-boot-eldiron next-boot-backup-2 next-boot-monitoring-1 next-boot-quatresaisons next-boot-zoldene: + $(MAKE) next-boot TARGET=$(@:next-boot-%=%) +next-boot: refresh_flakes + ./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) boot $(MORPH_ARGS) + +.PHONY: deploy-reboot $(addprefix deploy-reboot-,$(nodes)) +deploy-reboot-dilion deploy-reboot-eldiron deploy-reboot-backup-2 deploy-reboot-monitoring-1 deploy-reboot-quatresaisons deploy-reboot-zoldene: + $(MAKE) deploy-reboot TARGET=$(@:deploy-reboot-%=%) +deploy-reboot: refresh_flakes + ./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) boot --reboot $(MORPH_ARGS) + # Run it a second time because first time uploads the secrets + # before rebooting + $(MAKE) deploy + +keep-roots: + mkdir -p $(PROFILE) + for i in deploy/.gcroots/node-*; do nix-env -p $(PROFILE)/$$(basename $$i | sed -e "s/node-//") --set "$$i"; done + +systems := $(shell find $(PROFILE) -type l -not -name "*link" -printf "%f ") +###### Cleanup generations and garbage collection +GEN ?= "+3" + +list-generations: + @$(foreach system, $(systems), echo $(system);\ + nix-env -p $(PROFILE)/$(system) --list-generations;\ + $(MAKE) ssh-$(system) SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --list-generations";\ + ) +.PHONY: list-generations + +delete-generations: + $(MAKE) keep-roots + @$(foreach system, $(systems), echo $(system); \ + nix-env -p $(PROFILE)/$(system) --delete-generations $(GEN);\ + $(MAKE) ssh-$(system) SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)";\ + ) +.PHONY: delete-generations + +cleanup: delete-generations + nix-store --gc + @$(foreach system, $(systems), echo $(system); \ + $(MAKE) ssh-$(system) SSH_ARGS="nix-store --gc";\ + ) +.PHONY: cleanup -- cgit v1.2.3