From 4506dbe51901f66406a02042b2097b3b3856e8a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 25 May 2019 15:11:11 +0200 Subject: Use Makefile for some env/deploy scripts --- nixops/Makefile | 117 +++++++++++++++++++++++++++++++--------- nixops/scripts/nixops_wrap | 31 ----------- nixops/scripts/pull_deployment | 33 ------------ nixops/scripts/pull_environment | 13 ----- nixops/scripts/push_deployment | 13 ----- nixops/scripts/push_environment | 13 ----- nixops/scripts/setup | 20 +++---- nixops/scripts/with_env | 31 +++++++++++ 8 files changed, 129 insertions(+), 142 deletions(-) delete mode 100755 nixops/scripts/nixops_wrap delete mode 100755 nixops/scripts/pull_deployment delete mode 100755 nixops/scripts/pull_environment delete mode 100755 nixops/scripts/push_deployment delete mode 100755 nixops/scripts/push_environment create mode 100755 nixops/scripts/with_env (limited to 'nixops') diff --git a/nixops/Makefile b/nixops/Makefile index cce57ff..69603a0 100644 --- a/nixops/Makefile +++ b/nixops/Makefile @@ -1,54 +1,121 @@ +export +ifndef NIXOPS_CONFIG_PASS_SUBTREE_PATH + $(error Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path) +endif + +NIXOPS_STATE ?= ./state/eldiron.nixops +NIXOPS_DEPLOYMENT = cef694f3-081d-11e9-b31f-0242ec186adf +nixpkgs ?= https://releases.nixos.org/nixos/19.03/nixos-19.03.172731.3efdf45dbd1/nixexprs.tar.xz +NIX_PATH = nixpkgs=${nixpkgs}:nixpkgsNext=${nixpkgs}:nixpkgsPrevious=${nixpkgs} + +NIXOPS := $(shell NIX_PATH=$(NIX_PATH) nix-build --no-out-link -E "with import { overlays = builtins.attrValues (import ../overlays); }; nixops")/bin/nixops +NIXOPS_PRIV = ./scripts/with_env $(NIXOPS) + +###### Current channel information +nix-info: + @version=$$(nix eval --raw nixpkgs.lib.version) && \ + mainversion=$$(echo $$version | cut -d"." -f -2) && \ + echo "https://releases.nixos.org/nixos/$$mainversion/nixos-$$version/nixexprs.tar.xz" && \ + nix eval --raw nixpkgs.bc.meta.position | cut -d"/" -f-4 +.PHONY: nix-info + +###### Initial setup setup: ./scripts/setup +.PHONY: setup +###### Nixops regular tasks +NIXOPS_ARGS ?= +nixops: + $(NIXOPS_PRIV) $(NIXOPS_ARGS) + +SSH_ARGS ?= ssh-eldiron: - ./scripts/nixops_wrap ssh eldiron + $(NIXOPS_PRIV) ssh eldiron -- $(SSH_ARGS) info: - ./scripts/nixops_wrap list - ./scripts/nixops_wrap info + $(NIXOPS_PRIV) list + $(NIXOPS_PRIV) info debug: - ./scripts/nixops_wrap deploy --build-only --show-trace + $(NIXOPS_PRIV) deploy --build-only --show-trace dry-run: - ./scripts/nixops_wrap deploy --dry-run + $(NIXOPS_PRIV) deploy --dry-run build: - ./scripts/nixops_wrap deploy --build-only + $(NIXOPS_PRIV) deploy --build-only upload: - ./scripts/nixops_wrap deploy --copy-only + $(NIXOPS_PRIV) deploy --copy-only deploy: - ./scripts/nixops_wrap deploy - -reboot: - ./scripts/nixops_wrap reboot --include=eldiron + $(NIXOPS_PRIV) deploy -push: - ./scripts/push_deployment - ./scripts/push_environment +deploy-reboot: + $(NIXOPS_PRIV) deploy --force-reboot -pull: - ./scripts/pull_environment - -pull-deployment: - ./scripts/pull_deployment +reboot: + $(NIXOPS_PRIV) reboot --include=eldiron +.PHONY: nixops ssh-eldiron info debug dry-run build upload deploy deploy-reboot reboot -profile = $(shell ./scripts/nixops_wrap info | grep "^Nix profile: " | sed -e "s/^Nix profile: //") +###### Cleanup generations and garbage collection +profile := $$($(NIXOPS_PRIV) info | grep "^Nix profile: " | sed -e "s/^Nix profile: //") GEN ?= "+3" list-generations: nix-env -p $(profile) --list-generations - ./scripts/nixops_wrap ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations + $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations +.PHONY: list-generations delete-generations: nix-env -p $(profile) --delete-generations $(GEN) - ./scripts/nixops_wrap ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) + $(NIXOPS_PRIV) ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) +.PHONY: delete-generations cleanup: delete-generations nix-store --gc - ./scripts/nixops_wrap ssh eldiron -- nix-store --gc - -.PHONY: setup ssh-eldiron info debug dry-run build upload deploy push pull pull-deployment list-generations delete-generations cleanup + $(NIXOPS_PRIV) ssh eldiron -- nix-store --gc +.PHONY: cleanup + +###### Pull environment and deployment from remote +# Don't include pull_deployment by default as this should happen only rarely +pull: pull_environment; +.PHONY: pull + +pull_environment: +ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE + $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name") +endif + pass git subtree pull --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master +.PHONY: pull_environment + +pull_deployment: + @if $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null ; then \ + echo "This will remove your current deployment file and recreate it!. Continue? [y/N]" && \ + read y && \ + [ "$$y" = "y" -o "$$y" = "Y" ] && \ + $(NIXOPS) delete --force -d $(NIXOPS_DEPLOYMENT); \ + fi + pass show $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment | $(NIXOPS) import + $(NIXOPS) modify -d $(NIXOPS_DEPLOYMENT) "$$(pwd)/default.nix" +.PHONY: pull_deployment + +deployment_is_set: + $(NIXOPS) info -d $(NIXOPS_DEPLOYMENT) 2>/dev/null >/dev/null +.PHONY: deployment_is_set + +###### Push environment and deployment information to password store +push: push_deployment push_environment; +.PHONY: push + +push_deployment: + $(NIXOPS) export | pass insert -m $(NIXOPS_CONFIG_PASS_SUBTREE_PATH)/Nixops/Deployment +.PHONY: push_deployment + +push_environment: +ifndef NIXOPS_CONFIG_PASS_SUBTREE_REMOTE + $(error "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name") +endif + pass git subtree push --prefix=$(NIXOPS_CONFIG_PASS_SUBTREE_PATH) $(NIXOPS_CONFIG_PASS_SUBTREE_REMOTE) master +.PHONY: push_environment diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap deleted file mode 100755 index 28aa917..0000000 --- a/nixops/scripts/nixops_wrap +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" -if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then - echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" - exit 1; -fi -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" -export NIXOPS_DEPLOYMENT="$DeploymentUuid" -source $(dirname $(dirname $DIR))/scripts/nix_env - -TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) -chmod go-rwx $TEMP - -finish() { - rm -rf "$TEMP" - nixops_custom set-args --unset privateFiles -} - -trap finish EXIT - -# pass cannot "just" list files in a directory without showing a tree :( -files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e 's/^.* //') - -for file in $files; do - pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file -done -nixops_custom set-args --argstr privateFiles "$TEMP" - -nixops_custom "$@" diff --git a/nixops/scripts/pull_deployment b/nixops/scripts/pull_deployment deleted file mode 100755 index 08b9915..0000000 --- a/nixops/scripts/pull_deployment +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" -if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then - echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" - exit 1; -fi -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" -export NIXOPS_DEPLOYMENT="$DeploymentUuid" -source $(dirname $(dirname $DIR))/scripts/nix_env - -export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" - -if nixops_custom info -d $DeploymentUuid 2>/dev/null >/dev/null; then - cat </dev/null 2>&1 && pwd )" -export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" -export NIXOPS_DEPLOYMENT="$DeploymentUuid" -source $(dirname $(dirname $DIR))/scripts/nix_env - -nixops_custom export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment diff --git a/nixops/scripts/push_environment b/nixops/scripts/push_environment deleted file mode 100755 index 8b59240..0000000 --- a/nixops/scripts/push_environment +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then - echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" - exit 1; -fi - -if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then - echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name" - exit 1; -fi - -pass git subtree push --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master diff --git a/nixops/scripts/setup b/nixops/scripts/setup index 793b7c3..3b364ac 100755 --- a/nixops/scripts/setup +++ b/nixops/scripts/setup @@ -3,7 +3,7 @@ set -euo pipefail RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Sites" -DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" +MAKEFILE_DIR="$( cd "$( dirname $( dirname "${BASH_SOURCE[0]}" ))" >/dev/null 2>&1 && pwd )" if ! which nix 2>/dev/null >/dev/null; then cat <<-EOF @@ -52,8 +52,8 @@ if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then fi fi -# Repull it before using it, just in case -pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master +# Repull it before adding keys, just in case +make -C $MAKEFILE_DIR pull_environment gpg_keys=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/GPGKeys | sed -e "1d" | cut -d" " -f2) for key in $gpg_keys; do @@ -97,29 +97,21 @@ if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then read y fi -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" -export NIXOPS_DEPLOYMENT="$DeploymentUuid" -source $(dirname $(dirname $DIR))/scripts/nix_env - -if ! nixops_custom info 2>/dev/null >/dev/null; then +if ! make -C $MAKEFILE_DIR deployment_is_set 2>/dev/null >/dev/null; then cat <<-EOF Importing deployment file into nixops: Continue? [y/N] EOF read y if [ "$y" = "y" -o "$y" = "Y" ]; then - deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment) - echo "$deployment" | nixops_custom import + make -C $MAKEFILE_DIR pull_deployment else echo "Aborting" exit 1 fi fi -nixops_custom modify "$(dirname $DIR)/default.nix" - cat <<-EOF All set up. - Please make sure you’re using scripts/nixops_wrap when deploying + Please make sure you’re using make commands when deploying EOF diff --git a/nixops/scripts/with_env b/nixops/scripts/with_env new file mode 100755 index 0000000..a442ced --- /dev/null +++ b/nixops/scripts/with_env @@ -0,0 +1,31 @@ +#!/bin/bash + +if [ -z "$NIXOPS" ]; then + echo "Please set NIXOPS to the nixops command" + exit 1; +fi + +if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then + echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" + exit 1; +fi + +TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) +chmod go-rwx $TEMP + +finish() { + rm -rf "$TEMP" + $NIXOPS set-args --unset privateFiles +} + +trap finish EXIT + +# pass cannot "just" list files in a directory without showing a tree :( +files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e 's/^.* //') + +for file in $files; do + pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file +done +$NIXOPS set-args --argstr privateFiles "$TEMP" + +"$@" -- cgit v1.2.3