diff options
Diffstat (limited to 'nixops')
-rw-r--r-- | nixops/.gitignore | 1 | ||||
-rw-r--r-- | nixops/Makefile | 54 | ||||
-rw-r--r-- | nixops/custom_nixops.nix | 2 | ||||
-rw-r--r-- | nixops/eldiron.nix | 9 | ||||
-rw-r--r-- | nixops/migrate_hetzner.md | 20 | ||||
-rwxr-xr-x | nixops/scripts/nixops_wrap | 36 | ||||
-rwxr-xr-x | nixops/scripts/pull_deployment | 34 | ||||
-rwxr-xr-x | nixops/scripts/pull_environment | 13 | ||||
-rwxr-xr-x | nixops/scripts/push_deployment | 14 | ||||
-rwxr-xr-x | nixops/scripts/push_environment | 13 | ||||
-rwxr-xr-x | nixops/scripts/setup | 163 | ||||
-rw-r--r-- | nixops/ssh/config | 5 | ||||
-rw-r--r-- | nixops/state/.gitkeep | 0 |
13 files changed, 364 insertions, 0 deletions
diff --git a/nixops/.gitignore b/nixops/.gitignore new file mode 100644 index 00000000..2ea467b8 --- /dev/null +++ b/nixops/.gitignore | |||
@@ -0,0 +1 @@ | |||
/state | |||
diff --git a/nixops/Makefile b/nixops/Makefile new file mode 100644 index 00000000..cce57ff4 --- /dev/null +++ b/nixops/Makefile | |||
@@ -0,0 +1,54 @@ | |||
1 | setup: | ||
2 | ./scripts/setup | ||
3 | |||
4 | ssh-eldiron: | ||
5 | ./scripts/nixops_wrap ssh eldiron | ||
6 | |||
7 | info: | ||
8 | ./scripts/nixops_wrap list | ||
9 | ./scripts/nixops_wrap info | ||
10 | |||
11 | debug: | ||
12 | ./scripts/nixops_wrap deploy --build-only --show-trace | ||
13 | |||
14 | dry-run: | ||
15 | ./scripts/nixops_wrap deploy --dry-run | ||
16 | |||
17 | build: | ||
18 | ./scripts/nixops_wrap deploy --build-only | ||
19 | |||
20 | upload: | ||
21 | ./scripts/nixops_wrap deploy --copy-only | ||
22 | |||
23 | deploy: | ||
24 | ./scripts/nixops_wrap deploy | ||
25 | |||
26 | reboot: | ||
27 | ./scripts/nixops_wrap reboot --include=eldiron | ||
28 | |||
29 | push: | ||
30 | ./scripts/push_deployment | ||
31 | ./scripts/push_environment | ||
32 | |||
33 | pull: | ||
34 | ./scripts/pull_environment | ||
35 | |||
36 | pull-deployment: | ||
37 | ./scripts/pull_deployment | ||
38 | |||
39 | profile = $(shell ./scripts/nixops_wrap info | grep "^Nix profile: " | sed -e "s/^Nix profile: //") | ||
40 | GEN ?= "+3" | ||
41 | |||
42 | list-generations: | ||
43 | nix-env -p $(profile) --list-generations | ||
44 | ./scripts/nixops_wrap ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --list-generations | ||
45 | |||
46 | delete-generations: | ||
47 | nix-env -p $(profile) --delete-generations $(GEN) | ||
48 | ./scripts/nixops_wrap ssh eldiron -- nix-env -p /nix/var/nix/profiles/system --delete-generations $(GEN) | ||
49 | |||
50 | cleanup: delete-generations | ||
51 | nix-store --gc | ||
52 | ./scripts/nixops_wrap ssh eldiron -- nix-store --gc | ||
53 | |||
54 | .PHONY: setup ssh-eldiron info debug dry-run build upload deploy push pull pull-deployment list-generations delete-generations cleanup | ||
diff --git a/nixops/custom_nixops.nix b/nixops/custom_nixops.nix new file mode 100644 index 00000000..f024a4d8 --- /dev/null +++ b/nixops/custom_nixops.nix | |||
@@ -0,0 +1,2 @@ | |||
1 | with import <nixpkgs> { overlays = builtins.attrValues (import ../overlays); }; | ||
2 | nixops | ||
diff --git a/nixops/eldiron.nix b/nixops/eldiron.nix new file mode 100644 index 00000000..649e431a --- /dev/null +++ b/nixops/eldiron.nix | |||
@@ -0,0 +1,9 @@ | |||
1 | { privateFiles ? ./. }: | ||
2 | { | ||
3 | network = { | ||
4 | description = "Immae's network"; | ||
5 | enableRollback = true; | ||
6 | }; | ||
7 | |||
8 | eldiron = import ../modules/private/system/eldiron.nix { inherit privateFiles; }; | ||
9 | } | ||
diff --git a/nixops/migrate_hetzner.md b/nixops/migrate_hetzner.md new file mode 100644 index 00000000..c7fbe207 --- /dev/null +++ b/nixops/migrate_hetzner.md | |||
@@ -0,0 +1,20 @@ | |||
1 | nixops show a deprecation message at each deployment because hetzner | ||
2 | info is outdated. To fix it: | ||
3 | |||
4 | cp -a ~/.nixops ~/.nixops.bak | ||
5 | |||
6 | nixops export --all > all.json | ||
7 | |||
8 | network=$(cat all.json| jq -r '."cef694f3-081d-11e9-b31f-0242ec186adf".resources.eldiron."hetzner.networkInfo"' | jq -r -c '.networking.interfaces.eth0 = { "ipv4": { "addresses": [ { "address": .networking.interfaces.eth0.ipAddress, "prefixLength": .networking.interfaces.eth0.prefixLength } ] } }') | ||
9 | |||
10 | cat all.json | jq --arg network "$network" '."cef694f3-081d-11e9-b31f-0242ec186adf".resources.eldiron."hetzner.networkInfo" = $network' > all_new.json | ||
11 | |||
12 | nixops delete --force -d eldiron | ||
13 | |||
14 | nixops import < all_new.json | ||
15 | |||
16 | rm all.json all_new.json | ||
17 | |||
18 | *check that everything works*, then: | ||
19 | |||
20 | rm -rf ~/.nixops.bak | ||
diff --git a/nixops/scripts/nixops_wrap b/nixops/scripts/nixops_wrap new file mode 100755 index 00000000..d03784e7 --- /dev/null +++ b/nixops/scripts/nixops_wrap | |||
@@ -0,0 +1,36 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | ||
4 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
5 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | ||
6 | exit 1; | ||
7 | fi | ||
8 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
9 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
10 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | ||
11 | source $(dirname $(dirname $DIR))/nix_path_env | ||
12 | nixops="$(nix-build --no-out-link "$(dirname $DIR)/custom_nixops.nix")/bin/nixops" | ||
13 | |||
14 | TEMP=$(mktemp -d /tmp/XXXXXX-nixops-files) | ||
15 | chmod go-rwx $TEMP | ||
16 | |||
17 | # __noChroot: ssh-config-file requires relaxed | ||
18 | export NIX_PATH="ssh-config-file=$(dirname $DIR)/ssh/config:$NIX_PATH" | ||
19 | |||
20 | |||
21 | finish() { | ||
22 | rm -rf "$TEMP" | ||
23 | $nixops set-args --unset privateFiles | ||
24 | } | ||
25 | |||
26 | trap finish EXIT | ||
27 | |||
28 | # pass cannot "just" list files in a directory without showing a tree :( | ||
29 | files=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files | sed -e '1d' -e 's/^.* //') | ||
30 | |||
31 | for file in $files; do | ||
32 | pass show "$NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/files/$file" > $TEMP/$file | ||
33 | done | ||
34 | $nixops set-args --argstr privateFiles "$TEMP" | ||
35 | |||
36 | $nixops "$@" | ||
diff --git a/nixops/scripts/pull_deployment b/nixops/scripts/pull_deployment new file mode 100755 index 00000000..10f71fec --- /dev/null +++ b/nixops/scripts/pull_deployment | |||
@@ -0,0 +1,34 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | ||
4 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
5 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | ||
6 | exit 1; | ||
7 | fi | ||
8 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
9 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
10 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | ||
11 | source $(dirname $(dirname $DIR))/nix_path_env | ||
12 | nixops="$(nix-build --no-out-link "$(dirname $DIR)/custom_nixops.nix")/bin/nixops" | ||
13 | |||
14 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
15 | |||
16 | if $nixops info -d $DeploymentUuid 2>/dev/null >/dev/null; then | ||
17 | cat <<EOF | ||
18 | This will remove your current deployment file and recreate it! | ||
19 | Continue? [y/N] | ||
20 | EOF | ||
21 | read y | ||
22 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
23 | $nixops delete --force -d $DeploymentUuid | ||
24 | else | ||
25 | echo "Aborting" | ||
26 | exit 1 | ||
27 | fi | ||
28 | fi | ||
29 | |||
30 | deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment) | ||
31 | |||
32 | echo "$deployment" | $nixops import | ||
33 | |||
34 | $nixops modify -d "$DeploymentUuid" "$(dirname $DIR)/eldiron.nix" | ||
diff --git a/nixops/scripts/pull_environment b/nixops/scripts/pull_environment new file mode 100755 index 00000000..e508a2e8 --- /dev/null +++ b/nixops/scripts/pull_environment | |||
@@ -0,0 +1,13 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
4 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | ||
5 | exit 1; | ||
6 | fi | ||
7 | |||
8 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then | ||
9 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name" | ||
10 | exit 1; | ||
11 | fi | ||
12 | |||
13 | pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | ||
diff --git a/nixops/scripts/push_deployment b/nixops/scripts/push_deployment new file mode 100755 index 00000000..6c67fab8 --- /dev/null +++ b/nixops/scripts/push_deployment | |||
@@ -0,0 +1,14 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | ||
4 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
5 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | ||
6 | exit 1; | ||
7 | fi | ||
8 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
9 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
10 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | ||
11 | source $(dirname $(dirname $DIR))/nix_path_env | ||
12 | nixops="$(nix-build --no-out-link "$(dirname $DIR)/custom_nixops.nix")/bin/nixops" | ||
13 | |||
14 | $nixops export | pass insert -m $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment | ||
diff --git a/nixops/scripts/push_environment b/nixops/scripts/push_environment new file mode 100755 index 00000000..8b59240e --- /dev/null +++ b/nixops/scripts/push_environment | |||
@@ -0,0 +1,13 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
4 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_PATH to the password-store subtree path" | ||
5 | exit 1; | ||
6 | fi | ||
7 | |||
8 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" ]; then | ||
9 | echo "Please set NIXOPS_CONFIG_PASS_SUBTREE_REMOTE to the password-store subtree remote name" | ||
10 | exit 1; | ||
11 | fi | ||
12 | |||
13 | pass git subtree push --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | ||
diff --git a/nixops/scripts/setup b/nixops/scripts/setup new file mode 100755 index 00000000..1586265d --- /dev/null +++ b/nixops/scripts/setup | |||
@@ -0,0 +1,163 @@ | |||
1 | #!/bin/bash | ||
2 | |||
3 | set -euo pipefail | ||
4 | |||
5 | RemoteRepo="gitolite@git.immae.eu:perso/Immae/Prive/Password_store/Sites" | ||
6 | DeploymentUuid="cef694f3-081d-11e9-b31f-0242ec186adf" | ||
7 | |||
8 | if ! which nix 2>/dev/null >/dev/null; then | ||
9 | cat <<-EOF | ||
10 | nix is needed, please install it: | ||
11 | > curl https://nixos.org/nix/install | sh | ||
12 | (or any other way handled by your distribution) | ||
13 | EOF | ||
14 | exit 1 | ||
15 | fi | ||
16 | |||
17 | if [ "${NIX_STORE:-/nix/store}" != "/nix/store" ]; then | ||
18 | cat <<-EOF | ||
19 | Nix store outside of /nix/store is not supported | ||
20 | EOF | ||
21 | exit 1 | ||
22 | fi | ||
23 | |||
24 | if [ -z "$NIXOPS_CONFIG_PASS_SUBTREE_REMOTE" \ | ||
25 | -o -z "$NIXOPS_CONFIG_PASS_SUBTREE_PATH" ]; then | ||
26 | cat <<-EOF | ||
27 | Two environment variables are needed to setup the password store: | ||
28 | NIXOPS_CONFIG_PASS_SUBTREE_PATH : path where the subtree will be imported | ||
29 | NIXOPS_CONFIG_PASS_SUBTREE_REMOTE : remote name to give to the repository | ||
30 | EOF | ||
31 | exit 1 | ||
32 | fi | ||
33 | |||
34 | if ! pass $NIXOPS_CONFIG_PASS_SUBTREE_PATH > /dev/null 2>/dev/null; then | ||
35 | cat <<-EOF | ||
36 | /!\ This will modify your password store to add and import a subtree | ||
37 | with the specific passwords files. Choose a path that doesn’t exist | ||
38 | yet in your password store. | ||
39 | > pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo | ||
40 | > pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | ||
41 | Later, you can use pull_environment and push_environment scripts to | ||
42 | update the passwords when needed | ||
43 | Continue? [y/N] | ||
44 | EOF | ||
45 | read y | ||
46 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
47 | pass git remote add $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE $RemoteRepo | ||
48 | pass git subtree add --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | ||
49 | else | ||
50 | echo "Aborting" | ||
51 | exit 1 | ||
52 | fi | ||
53 | fi | ||
54 | |||
55 | # Repull it before using it, just in case | ||
56 | pass git subtree pull --prefix=$NIXOPS_CONFIG_PASS_SUBTREE_PATH $NIXOPS_CONFIG_PASS_SUBTREE_REMOTE master | ||
57 | |||
58 | gpg_keys=$(pass ls $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/GPGKeys | sed -e "1d" | cut -d" " -f2) | ||
59 | for key in $gpg_keys; do | ||
60 | content=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/GPGKeys/$key) | ||
61 | fpr=$(echo "$content" | gpg --import-options show-only --import --with-colons | grep -e "^pub" | cut -d':' -f5) | ||
62 | gpg --list-key "$fpr" >/dev/null 2>/dev/null && imported=yes || imported=no | ||
63 | # /usr/share/doc/gnupg/DETAILS field 2 | ||
64 | (echo "$content" | gpg --import-options show-only --import --with-colons | | ||
65 | grep -E '^pub:' | | ||
66 | cut -d':' -f2 | | ||
67 | grep -q '[fu]') && signed=yes || signed=no | ||
68 | if [ "$signed" = no -o "$imported" = no ] ; then | ||
69 | echo "The key for $key needs to be imported and signed (a local signature is enough)" | ||
70 | echo "$content" | gpg --import-options show-only --import | ||
71 | echo "Continue? [y/N]" | ||
72 | read y | ||
73 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
74 | echo "$content" | gpg --import | ||
75 | gpg --expert --edit-key "$fpr" lsign quit | ||
76 | else | ||
77 | echo "Aborting" | ||
78 | exit 1 | ||
79 | fi | ||
80 | fi | ||
81 | done | ||
82 | |||
83 | nix_group=$(stat -c %G /nix/store) | ||
84 | if [ "$nix_group" = "nixbld" ]; then | ||
85 | nix_user="nixbld1" | ||
86 | else | ||
87 | nix_user="$(stat -c %U /nix/store)" | ||
88 | fi | ||
89 | |||
90 | if [ ! -f /etc/ssh/ssh_rsa_key_nixops ]; then | ||
91 | cat <<-EOF | ||
92 | The key to access private git repositories (websites hosted by the | ||
93 | server) needs to be accessible to nix builders. It will be put in | ||
94 | /etc/ssh/ssh_rsa_key_nixops (sudo right is needed for that) | ||
95 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null | ||
96 | > pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null | ||
97 | > sudo chmod u=r,go-rwx /etc/ssh/ssh_rsa_key_nixops | ||
98 | > sudo chown $nix_user:$nix_group /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub | ||
99 | Continue? [y/N] | ||
100 | EOF | ||
101 | read y | ||
102 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
103 | if ! id -u $nix_user 2>/dev/null >/dev/null; then | ||
104 | echo "User $nix_user seems inexistant, did you install nix?" | ||
105 | exit 1 | ||
106 | fi | ||
107 | mask=$(umask) | ||
108 | umask 0777 | ||
109 | # Don’t forward it directly to tee, it would break ncurse pinentry | ||
110 | key=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey) | ||
111 | echo "$key" | sudo tee /etc/ssh/ssh_rsa_key_nixops > /dev/null | ||
112 | sudo chmod u=r,go=- /etc/ssh/ssh_rsa_key_nixops | ||
113 | pubkey=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/SshKey.pub) | ||
114 | echo "$pubkey" | sudo tee /etc/ssh/ssh_rsa_key_nixops.pub > /dev/null | ||
115 | sudo chmod a=r /etc/ssh/ssh_rsa_key_nixops.pub | ||
116 | sudo chown $nix_user:$nix_group /etc/ssh/ssh_rsa_key_nixops /etc/ssh/ssh_rsa_key_nixops.pub | ||
117 | umask $mask | ||
118 | else | ||
119 | echo "Aborting" | ||
120 | exit 1 | ||
121 | fi | ||
122 | fi | ||
123 | |||
124 | if nix show-config --json | jq -e '.sandbox.value == "true"' >/dev/null; then | ||
125 | cat <<-EOF | ||
126 | There are some impure derivations in the repo currently (grep __noChroot), please put | ||
127 | sandbox = "relaxed" | ||
128 | in /etc/nix/nix.conf | ||
129 | you may also want to add | ||
130 | keep-outputs = true | ||
131 | keep-derivations = true | ||
132 | to prevent garbage collector from deleting build dependencies (they take a lot of time to build) | ||
133 | EOF | ||
134 | exit 1 | ||
135 | fi | ||
136 | |||
137 | DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" | ||
138 | source $(dirname $(dirname $DIR))/nix_path_env | ||
139 | nixops="$(nix-build --no-out-link "$(dirname $DIR)/custom_nixops.nix")/bin/nixops" | ||
140 | export NIXOPS_STATE="$(dirname $DIR)/state/eldiron.nixops" | ||
141 | export NIXOPS_DEPLOYMENT="$DeploymentUuid" | ||
142 | |||
143 | if ! $nixops info 2>/dev/null >/dev/null; then | ||
144 | cat <<-EOF | ||
145 | Importing deployment file into nixops: | ||
146 | Continue? [y/N] | ||
147 | EOF | ||
148 | read y | ||
149 | if [ "$y" = "y" -o "$y" = "Y" ]; then | ||
150 | deployment=$(pass show $NIXOPS_CONFIG_PASS_SUBTREE_PATH/Nixops/Deployment) | ||
151 | echo "$deployment" | $nixops import | ||
152 | |||
153 | $nixops modify "$(dirname $DIR)/eldiron.nix" | ||
154 | else | ||
155 | echo "Aborting" | ||
156 | exit 1 | ||
157 | fi | ||
158 | fi | ||
159 | |||
160 | cat <<-EOF | ||
161 | All set up. | ||
162 | Please make sure you’re using scripts/nixops_wrap when deploying | ||
163 | EOF | ||
diff --git a/nixops/ssh/config b/nixops/ssh/config new file mode 100644 index 00000000..3d4dc3e4 --- /dev/null +++ b/nixops/ssh/config | |||
@@ -0,0 +1,5 @@ | |||
1 | Host git.immae.eu | ||
2 | IdentityFile /etc/ssh/ssh_rsa_key_nixops | ||
3 | StrictHostKeyChecking no | ||
4 | UserKnownHostsFile /dev/null | ||
5 | CheckHostIP no | ||
diff --git a/nixops/state/.gitkeep b/nixops/state/.gitkeep new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/nixops/state/.gitkeep | |||