1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
nur:
./scripts/make-nur
curl -o /dev/null -XPOST "https://nur-update.herokuapp.com/update?repo=immae"
push_remote:
git push origin $$(stg id {base}):master
shellcheck:
shellcheck scripts/* deploy/scripts/* modules/private/gitolite/gitolite_ldap_groups.sh modules/private/ssh/ldap_authorized_keys.sh modules/private/pub/restrict
.PHONY: nur shellcheck
###### Initial setup
setup:
./scripts/setup
.PHONY: setup
###### Morph regular tasks
PROFILE=./deploy/history
TARGET ?=
COMMON_COLEMNA_ARGS = -f ./deploy/flake.nix -v
#Only enabled in colemna 0.4: --nix-option allow-unsafe-native-code-during-evaluation true --nix-option allow-import-from-derivation true --nix-option substituters https://cache.nixos.org/
MORPH_ARGS ?=
ifdef TARGET
# multiple targets: --on="{machine1,machine2}" (works with * glob too)
override MORPH_ARGS +=--on=$(TARGET)
endif
SSH_ARGS ?=
nodes= dilion eldiron backup-2 monitoring-1 quatresaisons zoldene
refresh_flakes:
@if [ -n "$(TARGET)" ]; then \
./scripts/refresh_flakes --no-new-inputs ./systems/$(TARGET)/flake.nix; \
nix --no-warn-dirty flake lock --update-input n-$(TARGET) ./flakes; \
nix --no-warn-dirty flake lock --update-input main-flake ./deploy; \
else \
./scripts/refresh_flakes --no-new-inputs; \
fi
(cd deploy ; nix flake lock --update-input secrets || true)
(cd deploy ; nix flake lock --update-input secrets-local || true)
.PHONY: refresh_flakes
.PHONY: build $(addprefix build-,$(nodes))
build-dilion build-eldiron build-backup-2 build-monitoring-1 build-quatresaisons build-zoldene:
$(MAKE) build TARGET=$(@:build-%=%)
build: refresh_flakes
colmena build $(COMMON_COLEMNA_ARGS) $(MORPH_ARGS)
.PHONY: deploy $(addprefix deploy-,$(nodes))
deploy-dilion deploy-eldiron deploy-backup-2 deploy-monitoring-1 deploy-quatresaisons deploy-zoldene:
$(MAKE) deploy TARGET=$(@:deploy-%=%)
deploy: refresh_flakes
./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) switch --keep-result $(MORPH_ARGS)
$(MAKE) keep-roots
.PHONY: ssh $(addprefix ssh-,$(nodes))
ssh-4c: ssh-quatresaisons
ssh-dilion ssh-eldiron ssh-backup-2 ssh-monitoring-1 ssh-quatresaisons ssh-zoldene:
$(MAKE) ssh TARGET=$(@:ssh-%=%)
ssh:
./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@$(TARGET) $(SSH_ARGS)'
.PHONY: ssh-decrypt $(addsuffix -decrypt,$(addprefix ssh-,$(nodes)))
ssh-zoldene-decrypt:
$(MAKE) ssh-decrypt TARGET=$(@:ssh-%-decrypt=%)
ssh-decrypt:
until ping -c1 $(TARGET); do :; done
./scripts/with_env bash -c 'ssh -p 2222 -i $$SSH_IDENTITY_FILE root@$(TARGET) $(SSH_ARGS)'
.PHONY: debug $(addprefix debug-,$(nodes))
debug-dilion debug-eldiron debug-backup-2 debug-monitoring-1 debug-quatresaisons debug-zoldene:
$(MAKE) debug TARGET=$(@:debug-%=%)
debug: refresh_flakes
colmena build $(COMMON_COLEMNA_ARGS) --show-trace $(MORPH_ARGS)
.PHONY: upload $(addprefix upload-,$(nodes))
upload-dilion upload-eldiron upload-backup-2 upload-monitoring-1 upload-quatresaisons upload-zoldene:
$(MAKE) upload TARGET=$(@:upload-%=%)
upload: refresh_flakes
./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) push $(MORPH_ARGS)
.PHONY: test-deploy $(addprefix test-deploy-,$(nodes))
test-deploy-dilion test-deploy-eldiron test-deploy-backup-2 test-deploy-monitoring-1 test-deploy-quatresaisons test-deploy-zoldene:
$(MAKE) test-deploy TARGET=$(@:test-deploy-%=%)
test-deploy: refresh_flakes
./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) test $(MORPH_ARGS)
.PHONY: next-boot $(addprefix next-boot-,$(nodes))
next-boot-dilion next-boot-eldiron next-boot-backup-2 next-boot-monitoring-1 next-boot-quatresaisons next-boot-zoldene:
$(MAKE) next-boot TARGET=$(@:next-boot-%=%)
next-boot: refresh_flakes
./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) boot $(MORPH_ARGS)
.PHONY: deploy-reboot $(addprefix deploy-reboot-,$(nodes))
deploy-reboot-dilion deploy-reboot-eldiron deploy-reboot-backup-2 deploy-reboot-monitoring-1 deploy-reboot-quatresaisons deploy-reboot-zoldene:
$(MAKE) deploy-reboot TARGET=$(@:deploy-reboot-%=%)
deploy-reboot: refresh_flakes
./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) boot --reboot $(MORPH_ARGS)
# Run it a second time because first time uploads the secrets
# before rebooting
$(MAKE) deploy
keep-roots:
mkdir -p $(PROFILE)
for i in deploy/.gcroots/node-*; do nix-env -p $(PROFILE)/$$(basename $$i | sed -e "s/node-//") --set "$$i"; done
systems := $(shell find $(PROFILE) -type l -not -name "*link" -printf "%f ")
###### Cleanup generations and garbage collection
GEN ?= "+3"
list-generations:
@$(foreach system, $(systems), echo $(system);\
nix-env -p $(PROFILE)/$(system) --list-generations;\
$(MAKE) ssh-$(system) SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --list-generations";\
)
.PHONY: list-generations
delete-generations:
$(MAKE) keep-roots
@$(foreach system, $(systems), echo $(system); \
nix-env -p $(PROFILE)/$(system) --delete-generations $(GEN);\
$(MAKE) ssh-$(system) SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)";\
)
.PHONY: delete-generations
cleanup: delete-generations
nix-store --gc
@$(foreach system, $(systems), echo $(system); \
$(MAKE) ssh-$(system) SSH_ARGS="nix-store --gc";\
)
.PHONY: cleanup
|
