From 1052bfda27ad0607cd4dc5dc91e2d8e8220c30c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 27 Aug 2020 23:53:36 +0200 Subject: Simplify management of secrets in nixops --- nixops/Makefile | 37 ++++++++----------------------------- 1 file changed, 8 insertions(+), 29 deletions(-) (limited to 'nixops/Makefile') diff --git a/nixops/Makefile b/nixops/Makefile index c521682..a7b24cd 100644 --- a/nixops/Makefile +++ b/nixops/Makefile @@ -1,8 +1,5 @@ export -ifndef NIXOPS_CONFIG_PASS_SUBTREE_PATH - $(error Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path) -endif - +PASSWORD_STORE_DIR = $(shell pwd)/secrets NIXOPS_STATE ?= ./state/eldiron.nixops NIXOPS_DEPLOYMENT = cef694f3-081d-11e9-b31f-0242ec186adf nixpkgs ?= $(shell cat ../nix/sources.json | jq -r '."nixpkgs-nixops".url') @@ -34,6 +31,9 @@ ifdef TARGET endif SSH_ARGS ?= +edit_env: + pass edit Nixops/files/environment.nix || true + nixops: $(NIXOPS_PRIV) $(NIXOPS_ARGS) @@ -101,17 +101,6 @@ cleanup: delete-generations .PHONY: cleanup ###### Pull environment and deployment from remote -# Don't include pull_deployment by default as this should happen only rarely -pull: pull_environment; -.PHONY: pull - -pull_environment: -ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE - $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name") -endif - pass git subtree pull --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master -.PHONY: pull_environment - pull_deployment: @if $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \ echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \ @@ -119,7 +108,7 @@ pull_deployment: [ "$$y" = "y" -o "$$y" = "Y" ] && \ $(NIXOPS) delete --force -d $(NIXOPS_DEPLOYMENT); \ fi - pass show $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment | $(NIXOPS) import + pass show Nixops/Deployment | $(NIXOPS) import $(NIXOPS) modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix" .PHONY: pull_deployment @@ -127,17 +116,7 @@ deployment_is_set: $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null .PHONY: deployment_is_set -###### Push environment and deployment information to password store -push: push_deployment push_environment; -.PHONY: push - +###### Push deployment information to password store push_deployment: - $(NIXOPS) export | pass insert -m $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment -.PHONY: push_deployment - -push_environment: -ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE - $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name") -endif - pass git subtree push --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master -.PHONY: push_environment + $(NIXOPS) export | pass insert -m Nixops/Deployment +.PHONY: push -- cgit v1.2.3