switch from nixops to morph

.envrc

@@ -1,2 +1 @@
-export NIX_USER_CONF_FILES=$PWD/nix/nix.conf
 use nix

README.md

@@ -79,7 +79,7 @@ Thanks to Cachix for sponsoring our binary cache!
 
 * ./build\d+ - build machines
 * ./ci.sh - What is executed by CI
-* ./deploy - NixOps deploy script
+* ./deploy - Deploy script
 * ./nix - pinned Nix dependencies and overlays
 * ./roles - shared NixOS configuration modules
 * ./secrets - git-crypt encrypted secrets

deploy

@@ -2,17 +2,4 @@
 #! nix-shell ./shell.nix -i bash
 set -euo pipefail
 
-options=(
-  --option extra-substituters "https://nix-community.cachix.org"
-  --option binary-cache-public-keys "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-)
-
-mkdir -p state
-
-if [ $(nixops list --state "$NIXOPS_STATE" | grep -c "$NIXOPS_DEPLOYMENT") -eq 0 ]; then
-  nixops create ./deployment.nix \
-    "${options[@]}" \
-    --deployment "$NIXOPS_DEPLOYMENT" --state "$NIXOPS_STATE"
-fi
-
-nixops deploy "${options[@]}" "$@"
+morph deploy ./deployment.nix "$@" switch

deployment.nix

@@ -18,6 +18,10 @@ let
 in
 {
   network.description = "nix-community infra";
+  network.nixConfig = {
+    extra-substituters = "https://nix-community.cachix.org";
+    binary-cache-public-keys = "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
+  };
 
   build01 = { ... }: {
     imports = [

nix/overlays.nix

@@ -4,10 +4,8 @@ let
       git-crypt
       niv
       sops
+      morph
       sources;
-    nixopsUnstable =
-      let nixopsPkgs = import sources.nixops-nixpkgs {};
-      in (nixopsPkgs.nixopsUnstable.withPlugins (ps: [ ]));
 
     terraform = pkgs.terraform_1_0.withPlugins (
       p: [

nix/sources.json

@@ -23,18 +23,6 @@
         "url": "https://github.com/timokau/marvin-mk2/archive/b3dd8c02a5c01dcf0e9cc8789846a0ec980f534b.tar.gz",
         "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
     },
-    "nixops-nixpkgs": {
-        "branch": "master",
-        "description": "Nix Packages collection",
-        "homepage": "",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "f2f8e282",
-        "sha256": "1gflpsgagg487xj5p9911b7pvqh2vmw7vfg4hi6pnbrqkilm5kj6",
-        "type": "tarball",
-        "url": "https://github.com/nixos/nixpkgs/archive/f2f8e282.tar.gz",
-        "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
-    },
     "nixpkgs": {
         "branch": "nixos-unstable-small",
         "description": "Nix Packages collection",

shell.nix

@@ -5,9 +5,8 @@ let
 in
 pkgs.mkShell {
   NIX_PATH = "nixpkgs=${toString pkgs.path}";
-
-  NIXOPS_DEPLOYMENT = "nix-community-infra";
-  NIXOPS_STATE = toString ./state/deployment-state.nixops;
+  # required for morph
+  SSH_USER = "root";
 
   sopsPGPKeyDirs = [
     "./keys"
@@ -16,9 +15,9 @@ pkgs.mkShell {
   buildInputs = with pkgs.nix-community-infra; [
     git-crypt
     niv
-    nixopsUnstable
     terraform
     sops
+    morph
 
     (pkgs.callPackage sources.sops-nix {}).sops-import-keys-hook
   ];
@@ -29,5 +28,6 @@ pkgs.mkShell {
 
   shellHooks = ''
     export CLOUDFLARE_API_TOKEN=$(< ./secrets/cloudflare-api-token)
+    export NIX_USER_CONF_FILES="$(pwd)/nix/nix.conf";
   '';
 }