1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
nur:
./scripts/make-nur
curl -o /dev/null -XPOST "https://nur-update.herokuapp.com/update?repo=immae"
shellcheck:
shellcheck scripts/* deploy/scripts/* modules/private/gitolite/gitolite_ldap_groups.sh modules/private/ssh/ldap_authorized_keys.sh modules/private/pub/restrict
.PHONY: nur shellcheck
###### Initial setup
setup:
./scripts/setup
.PHONY: setup
###### Morph regular tasks
PROFILE=./deploy/history
TARGET ?=
COMMON_COLEMNA_ARGS = -f ./deploy/flake.nix -v
#Only enabled in colemna 0.4: --nix-option allow-unsafe-native-code-during-evaluation true --nix-option allow-import-from-derivation true --nix-option substituters https://cache.nixos.org/
MORPH_ARGS ?=
ifdef TARGET
# multiple targets: --on="{machine1,machine2}" (works with * glob too)
override MORPH_ARGS +=--on=$(TARGET)
endif
SSH_ARGS ?=
nodes= dilion eldiron backup-2 monitoring-1 quatresaisons zoldene
refresh_flakes:
@if [ -n "$(TARGET)" ]; then \
./scripts/refresh_flakes --no-new-inputs ./systems/$(TARGET)/flake.nix; \
nix --no-warn-dirty flake lock --update-input n-$(TARGET) ./flakes; \
nix --no-warn-dirty flake lock --update-input main-flake ./deploy; \
else \
./scripts/refresh_flakes --no-new-inputs; \
fi
(cd deploy ; nix flake lock --update-input secrets-local || true)
.PHONY: refresh_flakes
.PHONY: build $(addprefix build-,$(nodes))
build-dilion build-eldiron build-backup-2 build-monitoring-1 build-quatresaisons build-zoldene:
$(MAKE) build TARGET=$(@:build-%=%)
build: refresh_flakes
colmena build $(COMMON_COLEMNA_ARGS) $(MORPH_ARGS)
.PHONY: deploy $(addprefix deploy-,$(nodes))
deploy-dilion deploy-eldiron deploy-backup-2 deploy-monitoring-1 deploy-quatresaisons deploy-zoldene:
$(MAKE) deploy TARGET=$(@:deploy-%=%)
deploy: refresh_flakes
./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) switch --keep-result $(MORPH_ARGS)
$(MAKE) keep-roots
.PHONY: ssh $(addprefix ssh-,$(nodes))
ssh-4c: ssh-quatresaisons
ssh-dilion ssh-eldiron ssh-backup-2 ssh-monitoring-1 ssh-quatresaisons ssh-zoldene:
$(MAKE) ssh TARGET=$(@:ssh-%=%)
ssh:
./scripts/with_env bash -c 'ssh -i $$SSH_IDENTITY_FILE root@$(TARGET) $(SSH_ARGS)'
.PHONY: ssh-decrypt $(addsuffix -decrypt,$(addprefix ssh-,$(nodes)))
ssh-zoldene-decrypt:
$(MAKE) ssh-decrypt TARGET=$(@:ssh-%-decrypt=%)
ssh-decrypt:
./scripts/with_env bash -c 'ssh -p 2222 -i $$SSH_IDENTITY_FILE root@$(TARGET) $(SSH_ARGS)'
.PHONY: debug $(addprefix debug-,$(nodes))
debug-dilion debug-eldiron debug-backup-2 debug-monitoring-1 debug-quatresaisons debug-zoldene:
$(MAKE) debug TARGET=$(@:debug-%=%)
debug: refresh_flakes
colmena build $(COMMON_COLEMNA_ARGS) --show-trace $(MORPH_ARGS)
.PHONY: upload $(addprefix upload-,$(nodes))
upload-dilion upload-eldiron upload-backup-2 upload-monitoring-1 upload-quatresaisons upload-zoldene:
$(MAKE) upload TARGET=$(@:upload-%=%)
upload: refresh_flakes
./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) push $(MORPH_ARGS)
.PHONY: test-deploy $(addprefix test-deploy-,$(nodes))
test-deploy-dilion test-deploy-eldiron test-deploy-backup-2 test-deploy-monitoring-1 test-deploy-quatresaisons test-deploy-zoldene:
$(MAKE) test-deploy TARGET=$(@:test-deploy-%=%)
test-deploy: refresh_flakes
./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) test $(MORPH_ARGS)
.PHONY: next-boot $(addprefix next-boot-,$(nodes))
next-boot-dilion next-boot-eldiron next-boot-backup-2 next-boot-monitoring-1 next-boot-quatresaisons next-boot-zoldene:
$(MAKE) next-boot TARGET=$(@:next-boot-%=%)
next-boot: refresh_flakes
./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) boot $(MORPH_ARGS)
.PHONY: deploy-reboot $(addprefix deploy-reboot-,$(nodes))
deploy-reboot-dilion deploy-reboot-eldiron deploy-reboot-backup-2 deploy-reboot-monitoring-1 deploy-reboot-quatresaisons deploy-reboot-zoldene:
$(MAKE) deploy-reboot TARGET=$(@:deploy-reboot-%=%)
deploy-reboot: refresh_flakes
./scripts/with_env colmena apply $(COMMON_COLEMNA_ARGS) boot --reboot $(MORPH_ARGS)
# Run it a second time because first time uploads the secrets
# before rebooting
$(MAKE) deploy
keep-roots:
mkdir -p $(PROFILE)
for i in deploy/.gcroots/node-*; do nix-env -p $(PROFILE)/$$(basename $$i | sed -e "s/node-//") --set "$$i"; done
systems := $(shell find $(PROFILE) -type l -not -name "*link" -printf "%f ")
###### Cleanup generations and garbage collection
GEN ?= "+3"
list-generations:
@$(foreach system, $(systems), echo $(system);\
nix-env -p $(PROFILE)/$(system) --list-generations;\
$(MAKE) ssh-$(system) SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --list-generations";\
)
.PHONY: list-generations
delete-generations:
$(MAKE) keep-roots
@$(foreach system, $(systems), echo $(system); \
nix-env -p $(PROFILE)/$(system) --delete-generations $(GEN);\
$(MAKE) ssh-$(system) SSH_ARGS="nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN)";\
)
.PHONY: delete-generations
cleanup: delete-generations
nix-store --gc
@$(foreach system, $(systems), echo $(system); \
$(MAKE) ssh-$(system) SSH_ARGS="nix-store --gc";\
)
.PHONY: cleanup
|
