Simplify

grafted-in · Feb 18, 2019 · 93725f7 · 93725f7
1 parent 37ad887
commit 93725f7
Show file tree

Hide file tree

Showing 6 changed files with 86 additions and 74 deletions.
diff --git a/README.md b/README.md
@@ -35,7 +35,7 @@ You'd run:
 ./manage stage deploy --check   # Manage script usage.
 ```
 
-This assume there is a file `./stage.nixops` where this state is being stored.
+This assume there is a file `./stage/stage.nixops` where this state is being stored.
 
 Use `./manage --help` to see normal NixOps help.
 Use `./manage {deployment} .shell` to open a Nix shell where the environment is set up to use

diff --git a/manage b/manage
@@ -1,25 +1,23 @@
-#!/usr/bin/env bash
+#! /usr/bin/env nix-shell
+#! nix-shell -i bash -p nixopsUnstable which jq nix openssl openssh
+#! nix-shell -p "(import ./nixpkgs.nix)"
 
 # A NixOps Wrapper for Git Projects
 # ---------------------------------
 #
-# Repo: https://github.com/grafted-in/nixops-manager
+# Modified from repo: https://github.com/grafted-in/nixops-manager
 #
 # This tool is a simple wrapper around NixOps. The goal is to make it easier to use NixOps when you
 # want to share your deployment state between members of a team.
 #
 # To achieve this, this wrapper gives every deployment as a separate state file which is placed
-# in the same directory as this script. The files have the `.nixops` extension.
+# in a sub-directory of this script. The files have the `.nixops` extension.
 #
 # You are expected to keep these files in version control. It's also *highly* recommended that you
 # use a tool like git-crypt to keep them encrypted with this entry in .gitattributes:
 #
 #    *.nixops   binary filter=git-crypt diff=git-crypt
 #
-# This tool also enforces a per-repository version of Nixpkgs via a `nixpkgs-version.sh` file in the
-# same directory as the script. This ensures that all users have a consistent version of NixOps and
-# deploy a consistent set of packages to servers.
-#
 # Most commands work identically to NixOps. However, instead of specifying deployments with
 # the `--deployment/-d` flag, you select a deployment in the first argument. In other words, instead
 # of the normal NixOps usage of
@@ -30,60 +28,41 @@
 #
 #   ./manage stage deploy --check   # Manage script usage.
 #
-# This assume there is a file ./stage.nixops where this state is being stored.
+# This assume there is a file ./stage/stage.nixops where this state is being stored.
 #
 # Use `./manage --help` to see normal NixOps help.
 # Use `./manage {deployment} .shell` to open a Nix shell where the environment is set up to use
 # `nixops` directly with the same behavior as running `./manage` commands.
 
 set -e
 
-# Check for Nix tools.
-command -v nix-shell >/dev/null 2>&1 || {
-  nix_profile="$HOME/.nix-profile/etc/profile.d/nix.sh"
-  if [ -e "$nix_profile" ]; then
-    source "$nix_profile"
-  else
-    >&2 echo "Failed to find 'nix-shell' on PATH or a Nix profile to load. Have you installed Nix?"
-    exit 1
-  fi
-}
-
 here=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
-repo_root=$(cd "$here" && git rev-parse --show-toplevel)  # Use Git to find repo root.
 
 deployment="$1"
 command="$2"
-state_file="$here/${deployment}.nixops"
-
-source "$here/nixpkgs-version.sh"
+state_file="$here/${deployment}/${deployment}.nixops"
 
 function colon(){
     echo ${1:+${1}:}
 }
-export NIX_PATH=nixpkgs="$(colon $nixpkgs_cache)$(colon $nixpkgs_snapshot)$repo_root":.
-export NIXOPS_STATE="$state_file"
-export NIXOPS_DEPLOYMENT="$deployment"
+export NIX_PATH=nixpkgs=$(nix-instantiate --eval ./nixpkgs.nix | tr -d '"' ):./${deployment}
 
-withNixops="nix-shell -p $nixops_version --run"
 
-# Arg list trick:
-# https://stackoverflow.com/questions/3104209
-# ARGS=$(printf "%q"" " "$@")
+export NIXOPS_STATE="$state_file"
+export NIXOPS_DEPLOYMENT="$deployment"
+export nixops_version="nixopsUnstable"
 
 if [[ $deployment == --* ]]; then
-  ARGS=$(printf "%q"" " "$@")
-  $withNixops "nixops $ARGS"
+  nixops "$@"
   exit $?
 elif [ "$command" == ".shell" ]; then
-  nix-shell -p "$nixops_version"
+    nix-shell -p "$nixops_version" --command "echo You may now run commands for deployment:$deploymnet with \\'nixops\\' ; return "
 elif [ ! -e "$state_file" ] && [ "$command" != "create" ]; then
   >&2 echo "You're trying to use a deployment that doesn't exist yet. Try running $0 $deployment create"
   exit 1
 elif [ -e "$state_file" ] && [ "$command" == "create" ]; then
   >&2 echo "You're trying to create a deployment that already exists."
   exit 1
 else
-  ARGS=$(printf "%q"" " "${@:2}")
-  $withNixops "nixops $ARGS"
-fi
+  nixops "${@:2}"
+fi
diff --git a/nixpkgs-version.nix b/nixpkgs-version.nix
diff --git a/nixpkgs-version.sh b/nixpkgs-version.sh
diff --git a/nixpkgs.nix b/nixpkgs.nix
@@ -1,3 +1,8 @@
-# Import this instead of <nixpkgs> to get the repo-specific version of nixpkgs.
+builtins.fetchTarball {
+  name = "nixos-unstable-2018-09-12";
+  url = https://github.com/johanot/nixpkgs/archive/b3905f0d224bc5c2da3572f7017f05a27df742cd.tar.gz;
+  sha256 = "05jxiyagfgl7s061vz2xmalrrbaz95ymcxdv89j3s700hicyd8pf";
+}
 
-import ((import <nixpkgs> {}).fetchzip (import ./nixpkgs-version.nix))
+# How to push a cache to arm.nixos.org
+# ./manage c export | jq '.[].configsPath' -r | ( read conf ; nix-store -qR $conf | while read line; do echo `nix-store -q --size $line` $line ; done | sort -nr | head -n10 | cut -d' ' -f2 | grep -E 'linux|icu4c|glibc|systemd|glib|coreutils|initrd|util-linux' | cachix push arm )
diff --git a/top-level.nix b/top-level.nix
@@ -0,0 +1,63 @@
+
+{ targetEnv ? "virtualbox" } :
+  let
+        region = "us-gov-west-1";
+        zone = "us-gov-west-1a";
+        accessKeyId = "default";
+  machine = 
+    { config, pkgs, resources, ... }:{
+      imports = 
+    (if targetEnv == "ec2" then 
+    [<nixpkgs/nixos/modules/virtualisation/amazon-image.nix>] else []) ++ 
+      [ <nixpkgs/nixos/modules/profiles/minimal.nix> ];
+    deployment.targetEnv = targetEnv;
+    deployment.ec2 = {
+        keyPair = resources.ec2KeyPairs.my-key-pair;
+        ebsInitialRootDiskSize = 30;
+        ebsOptimized = true;
+        associatePublicIpAddress = true;
+        ami = "ami-bb7618da";
+        inherit region zone accessKeyId; 
+        instanceType = "t3.large";
+    };
+    ec2.hvm = true;
+    boot.initrd.postDeviceCommands= ''
+    ${pkgs.e2fsprogs}/sbin/e2fsck -fp /dev/disk/by-label/nixos
+    ${pkgs.e2fsprogs}/sbin/resize2fs /dev/disk/by-label/nixos
+  '';
+
+    deployment.virtualbox.memorySize = 4096; # megabytes
+    deployment.virtualbox.vcpu = 2; # number of cpus
+    deployment.virtualbox.headless = true;
+
+    networking.extraHosts = "${config.networking.privateIPv4} api.kube";
+    services.kubernetes = {
+      easyCerts = true;
+      addons.dashboard.enable = true;
+      roles = ["master" "node"];
+      apiserver = {
+        securePort = 443;
+        advertiseAddress = config.networking.privateIPv4;
+      };
+      masterAddress = "api.kube";
+    };
+    services.dockerRegistry.enable = true;
+    environment.systemPackages = with pkgs; [
+      kompose kubectl
+      vim e2fsprogs
+    ];
+    networking.firewall.allowedTCPPorts = [22 443 ];
+    users.users.root.openssh.authorizedKeys = {
+      keyFiles = [  ];
+    };
+  };
+  in {
+  kubemaster = machine;
+
+  network.description = "kubenixops";
+  network.enableRollback = true;
+  resources = if targetEnv == "ec2" then {
+    ec2KeyPairs.my-key-pair = { inherit region accessKeyId; };
+  }else {};
+
+}