From 34abd6afa44c620a56416bd423a2438a09bd1ce4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 4 Sep 2020 02:40:24 +0200 Subject: Migrate to morph as a replacement to nixops The deployment tasks are now independent of any state --- nixops/Makefile | 87 +++++++++++++++---------------------------------- nixops/default.nix | 11 ++----- nixops/scripts/setup | 16 --------- nixops/scripts/with_env | 6 ++-- nixops/secrets | 2 +- nixops/state/.gitkeep | 0 6 files changed, 35 insertions(+), 87 deletions(-) delete mode 100644 nixops/state/.gitkeep (limited to 'nixops') diff --git a/nixops/Makefile b/nixops/Makefile index 18d48eb..0bebaf8 100644 --- a/nixops/Makefile +++ b/nixops/Makefile @@ -2,8 +2,6 @@ ifndef NIXOPS_ENV_LOADED $(error "Please load environment with direnv") endif -NIXOPS_PRIV = ./scripts/with_env nixops - ###### Current channel information nix-info: @version=$$(nix eval --raw nixpkgs.lib.version) && \ @@ -17,100 +15,69 @@ setup: ./scripts/setup .PHONY: setup -###### Nixops regular tasks +###### Morph regular tasks +PROFILE=/nix/var/nix/profiles/per-user/immae/morph/immaeEu TARGET ?= -NIXOPS_ARGS ?= +MORPH_ARGS ?= ifdef TARGET - override NIXOPS_ARGS +=--include=$(TARGET) + # multiple targets: --on="{machine1,machine2}" (works with * glob too) + override MORPH_ARGS +=--on=$(TARGET) endif SSH_ARGS ?= edit_env: pass edit Nixops/files/environment.nix || true -nixops: - $(NIXOPS_PRIV) $(NIXOPS_ARGS) - ssh-eldiron: - $(NIXOPS_PRIV) ssh eldiron -- $(SSH_ARGS) + ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@eldiron $(SSH_ARGS)' ssh-dilion: - $(NIXOPS_PRIV) ssh dilion -- $(SSH_ARGS) + ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@dilion $(SSH_ARGS)' ssh-backup-2: - $(NIXOPS_PRIV) ssh backup-2 -- $(SSH_ARGS) + ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@backup-2 $(SSH_ARGS)' ssh-monitoring-1: - $(NIXOPS_PRIV) ssh monitoring-1 -- $(SSH_ARGS) - -info: - $(NIXOPS_PRIV) list - $(NIXOPS_PRIV) info + ./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@monitoring-1 $(SSH_ARGS)' debug: - $(NIXOPS_PRIV) deploy --build-only --show-trace $(NIXOPS_ARGS) - -dry-run: - $(NIXOPS_PRIV) deploy --dry-run $(NIXOPS_ARGS) + ./scripts/with_env morph build --show-trace default.nix $(MORPH_ARGS) build: - $(NIXOPS_PRIV) deploy --build-only $(NIXOPS_ARGS) + ./scripts/with_env morph build default.nix $(MORPH_ARGS) upload: - $(NIXOPS_PRIV) deploy --copy-only $(NIXOPS_ARGS) + ./scripts/with_env morph push default.nix $(MORPH_ARGS) deploy: - $(NIXOPS_PRIV) deploy $(NIXOPS_ARGS) + ./scripts/with_env morph deploy default.nix switch --keep-result --upload-secrets $(MORPH_ARGS) + nix-env -p $(PROFILE) --set .gcroots/default.nix deploy-reboot: - $(NIXOPS_PRIV) deploy --force-reboot $(NIXOPS_ARGS) + ./scripts/with_env morph deploy default.nix boot --reboot --upload-secrets $(MORPH_ARGS) -reboot: - $(NIXOPS_PRIV) reboot --include=$(TARGET) -.PHONY: nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot +.PHONY: ssh-eldiron ssh-dilion ssh-monitoring-1 ssh-backup-2 debug build upload deploy deploy-reboot ###### Cleanup generations and garbage collection -profile := $$($(NIXOPS_PRIV) info | grep "^Nix profile: " | sed -e "s/^Nix profile: //") GEN ?= "+3" list-generations: - nix-env -p $(profile) --list-generations - $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations + nix-env -p $(PROFILE) --list-generations + $(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --list-generations" .PHONY: list-generations delete-generations: - nix-env -p $(profile) --delete-generations $(GEN) - $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) - $(NIXOPS_PRIV) ssh dilion -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) - $(NIXOPS_PRIV) ssh backup-2 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) - $(NIXOPS_PRIV) ssh monitoring-1 -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) + nix-env -p $(PROFILE) --delete-generations $(GEN) + $(MAKE) ssh-eldiron SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)" + $(MAKE) ssh-dilion SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)" + $(MAKE) ssh-backup-2 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)" + $(MAKE) ssh-monitoring-1 SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)" .PHONY: delete-generations cleanup: delete-generations nix-store --gc - $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc - $(NIXOPS_PRIV) ssh dilion -- nix-store --gc - $(NIXOPS_PRIV) ssh backup-2 -- nix-store --gc - $(NIXOPS_PRIV) ssh monitoring-1 -- nix-store --gc + $(MAKE) ssh-eldiron SSH_ARGS="nix-store --gc" + $(MAKE) ssh-dilion SSH_ARGS="nix-store --gc" + $(MAKE) ssh-backup-2 SSH_ARGS="nix-store --gc" + $(MAKE) ssh-monitoring-1 SSH_ARGS="nix-store --gc" .PHONY: cleanup - -###### Pull environment and deployment from remote -pull_deployment: - @if nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \ - echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \ - read y && \ - [ "$$y" = "y" -o "$$y" = "Y" ] && \ - nixops delete --force -d $(NIXOPS_DEPLOYMENT); \ - fi - pass show Nixops/Deployment | nixops import - nixops modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix" -.PHONY: pull_deployment - -deployment_is_set: - nixops info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null -.PHONY: deployment_is_set - -###### Push deployment information to password store -push_deployment: - nixops export | pass insert -m Nixops/Deployment -.PHONY: push diff --git a/nixops/default.nix b/nixops/default.nix index 56b86e8..7c6dd38 100644 --- a/nixops/default.nix +++ b/nixops/default.nix @@ -1,12 +1,7 @@ -{ privateFiles ? ./. }: +let + privateFiles = ; +in { - network = { - description = "Immae's network"; - enableRollback = true; - }; - - # Used by hetzner cloud to provision machines - resources.sshKeyPairs.ssh-key = {}; dilion = import ../modules/private/system/dilion.nix { inherit privateFiles; }; eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; }; backup-2 = import ../modules/private/system/backup-2.nix { inherit privateFiles; }; diff --git a/nixops/scripts/setup b/nixops/scripts/setup index 22f43ce..e161e43 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup @@ -2,8 +2,6 @@ set -euo pipefail -MAKEFILE_DIR="$( cd "$( dirname $( dirname "${BASH_SOURCE[0]}" ))" >/dev/null 2>&1 && pwd )" - if ! which nix 2>/dev/null >/dev/null; then cat <<-EOF nix is needed, please install it: @@ -62,20 +60,6 @@ if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then read y fi -if ! make -C $MAKEFILE_DIR deployment_is_set 2>/dev/null >/dev/null; then - cat <<-EOF - Importing deployment file into nixops: - Continue? [y/N] - EOF - read y - if [ "$y" = "y" -o "$y" = "Y" ]; then - make -C $MAKEFILE_DIR pull_deployment - else - echo "Aborting" - exit 1 - fi -fi - cat <<-EOF All set up. Please make sure you’re using make commands when deploying diff --git a/nixops/scripts/with_env b/nixops/scripts/with_env index 9882f78..f8e5537 100755 --- a/nixops/scripts/with_env +++ b/nixops/scripts/with_env @@ -5,12 +5,12 @@ if [ -z "$NIXOPS_ENV_LOADED" ]; then exit 1; fi +umask 0077 TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) chmod go-rwx $TEMP finish() { rm -rf "$TEMP" - nixops set-args --unset privateFiles } trap finish EXIT @@ -21,6 +21,8 @@ files=$(pass ls Nixops/files | sed -e '1d' -e 's/^.* //') for file in $files; do pass show "Nixops/files/$file" > $TEMP/$file done -nixops set-args --argstr privateFiles "$TEMP" + +export NIX_PATH="privateFiles=$TEMP:$NIX_PATH" +export SSH_IDENTITY_FILE="$TEMP/id_ed25519" "$@" diff --git a/nixops/secrets b/nixops/secrets index 79b9910..def4146 160000 --- a/nixops/secrets +++ b/nixops/secrets @@ -1 +1 @@ -Subproject commit 79b991028b09aa59f719059de8dc1fba7d6b04fd +Subproject commit def4146f0e703ca9a32735fbbc3820d6f9bb22ef diff --git a/nixops/state/.gitkeep b/nixops/state/.gitkeep deleted file mode 100644 index e69de29..0000000 -- cgit v1.2.3