From e3d7af5fc704ddfb812553f2525d9ea8fdbd3d20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sun, 3 Oct 2021 14:18:57 +0200
Subject: [PATCH] switch from nixops to morph
---
.envrc | 1 -
README.md | 2 +-
deploy | 15 +--------------
deployment.nix | 4 ++++
nix/overlays.nix | 4 +---
nix/sources.json | 12 ------------
shell.nix | 8 ++++----
7 files changed, 11 insertions(+), 35 deletions(-)
diff --git a/.envrc b/.envrc
index 90dc0e5..1d953f4 100644
--- a/.envrc
+++ b/.envrc
@@ -1,2 +1 @@
-export NIX_USER_CONF_FILES=$PWD/nix/nix.conf
use nix
diff --git a/README.md b/README.md
index 8c4dba6..605714d 100644
--- a/README.md
+++ b/README.md
@@ -79,7 +79,7 @@ Thanks to Cachix for sponsoring our binary cache!
* ./build\d+ - build machines
* ./ci.sh - What is executed by CI
-* ./deploy - NixOps deploy script
+* ./deploy - Deploy script
* ./nix - pinned Nix dependencies and overlays
* ./roles - shared NixOS configuration modules
* ./secrets - git-crypt encrypted secrets
diff --git a/deploy b/deploy
index 1dc047a..2d9fa97 100755
--- a/deploy
+++ b/deploy
@@ -2,17 +2,4 @@
#! nix-shell ./shell.nix -i bash
set -euo pipefail
-options=(
- --option extra-substituters "https://nix-community.cachix.org"
- --option binary-cache-public-keys "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
-)
-
-mkdir -p state
-
-if [ $(nixops list --state "$NIXOPS_STATE" | grep -c "$NIXOPS_DEPLOYMENT") -eq 0 ]; then
- nixops create ./deployment.nix \
- "${options[@]}" \
- --deployment "$NIXOPS_DEPLOYMENT" --state "$NIXOPS_STATE"
-fi
-
-nixops deploy "${options[@]}" "$@"
+morph deploy ./deployment.nix "$@" switch
diff --git a/deployment.nix b/deployment.nix
index 5f3a2ff..6cfb7ec 100644
--- a/deployment.nix
+++ b/deployment.nix
@@ -18,6 +18,10 @@ let
in
{
network.description = "nix-community infra";
+ network.nixConfig = {
+ extra-substituters = "https://nix-community.cachix.org";
+ binary-cache-public-keys = "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
+ };
build01 = { ... }: {
imports = [
diff --git a/nix/overlays.nix b/nix/overlays.nix
index b7ce2a6..cfe7bf5 100644
--- a/nix/overlays.nix
+++ b/nix/overlays.nix
@@ -4,10 +4,8 @@ let
git-crypt
niv
sops
+ morph
sources;
- nixopsUnstable =
- let nixopsPkgs = import sources.nixops-nixpkgs {};
- in (nixopsPkgs.nixopsUnstable.withPlugins (ps: [ ]));
terraform = pkgs.terraform_1_0.withPlugins (
p: [
diff --git a/nix/sources.json b/nix/sources.json
index 22ff60e..eb44fa5 100644
--- a/nix/sources.json
+++ b/nix/sources.json
@@ -23,18 +23,6 @@
"url": "https://github.com/timokau/marvin-mk2/archive/b3dd8c02a5c01dcf0e9cc8789846a0ec980f534b.tar.gz",
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
},
- "nixops-nixpkgs": {
- "branch": "master",
- "description": "Nix Packages collection",
- "homepage": "",
- "owner": "nixos",
- "repo": "nixpkgs",
- "rev": "f2f8e282",
- "sha256": "1gflpsgagg487xj5p9911b7pvqh2vmw7vfg4hi6pnbrqkilm5kj6",
- "type": "tarball",
- "url": "https://github.com/nixos/nixpkgs/archive/f2f8e282.tar.gz",
- "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
- },
"nixpkgs": {
"branch": "nixos-unstable-small",
"description": "Nix Packages collection",
diff --git a/shell.nix b/shell.nix
index 0e3956d..39bfed3 100644
--- a/shell.nix
+++ b/shell.nix
@@ -5,9 +5,8 @@ let
in
pkgs.mkShell {
NIX_PATH = "nixpkgs=${toString pkgs.path}";
-
- NIXOPS_DEPLOYMENT = "nix-community-infra";
- NIXOPS_STATE = toString ./state/deployment-state.nixops;
+ # required for morph
+ SSH_USER = "root";
sopsPGPKeyDirs = [
"./keys"
@@ -16,9 +15,9 @@ pkgs.mkShell {
buildInputs = with pkgs.nix-community-infra; [
git-crypt
niv
- nixopsUnstable
terraform
sops
+ morph
(pkgs.callPackage sources.sops-nix {}).sops-import-keys-hook
];
@@ -29,5 +28,6 @@ pkgs.mkShell {
shellHooks = ''
export CLOUDFLARE_API_TOKEN=$(< ./secrets/cloudflare-api-token)
+ export NIX_USER_CONF_FILES="$(pwd)/nix/nix.conf";
'';
}