Browse Source

Merge branch 'release/1.0.0'

Ingolf Wanger 1 year ago
parent
commit
bad0f386af
9 changed files with 166 additions and 60 deletions
  1. 1 0
      .gitignore
  2. 49 58
      README.md
  3. 2 2
      default.nix
  4. 13 0
      doc/10_intro.md
  5. 3 0
      doc/20_example.md
  6. 1 0
      doc/21_example.md
  7. 14 0
      doc/50_tmpfs.md
  8. 56 0
      example/shell.nix
  9. 27 0
      shell.nix

+ 1 - 0
.gitignore

@@ -0,0 +1 @@
+.history

+ 49 - 58
README.md

@@ -1,95 +1,86 @@
-# plops (palo OPs)
+plops (palo OPs)
+================
 
-This is pore palo (thats me) friendly 
-[krops](https://cgit.krebsco.org/krops)
-framework.
+This is a palo (thats me) friendly
+[krops](https://cgit.krebsco.org/krops) framework. It creates
+executables which are run to trigger deployments.
 
-This framework creates executables
-which are run to trigger the deployment.
+The easiest way is to use it, is to write a
+[shell.nix](https://link.to.shell.nix) which defines your deployments.
 
-The easiest way is to use a 
-[shell.nix](https://link.to.shell.nix)
-to write your deployment.
+minimal setup
+-------------
 
-## minimal setup
+``` {.nix}
 
-```nix
 let
-  ops = import ./plops.nix;
+  # import plops with pkgs and lib
+  ops = import ((import <nixpkgs> {}).fetchgit {
+    url = "https://github.com/mrVanDalo/plops.git";
+    rev = "ed4308552511a91021bc979d8cfde029995a9543";
+    sha256 = "0vc1wqgxz85il8az07npnppckm8hrnvn9zlb4niw1snmkd2jjzx8";
+  });
   lib = ops.lib;
   pkgs = ops.pkgs;
 
+  # define all sources
   sources = {
 
-    nixPkgs = {
-      nixpkgs.git = {
-        ref = "19.03";
-        url = https://github.com/NixOS/nixpkgs-channels;
-      };
-      nixpkgs-unstable.git = {
-        ref = "19.09";
-        url = https://github.com/NixOS/nixpkgs-channels;
-      };
+    # nixpkgs (no need for channels anymore)
+    nixPkgs.nixpkgs.git = {
+      ref = "19.03";
+      url = https://github.com/NixOS/nixpkgs-channels;
     };
 
+    # system configurations
     system = name: {
-      system.file = toString ./system;
       configs.file = toString ./configs;
       nixos-config.symlink = "configs/${name}/configuration.nix";
     };
 
+    # secrets which are hold and stored by pass
     secrets = name: {
       secrets.pass = {
         dir  = toString ./secrets;
-        name = "${name}/persist";
-      };
-    };
-    keys = name: {
-      keys.pass = {
-        dir  = toString ./secrets;
-        name = "${name}/tmpfs";
+        name = name;
       };
     };
   };
 
-  serverDeployment = name: {
-    host ? "${name}.private",
-    user ? "root"
-  }:
-  with ops;
-  jobs "deploy-${name}" "${user}@${host}" [
-    (populateTmpfs (source.keys name))
-    (populate (source.secrets name))
-    (populate (source.system name))
-    (populate source.nixPkgs)
-    switch
-  ];
-
-  servers = with lib;
-  let
-    serverList = [ "schasch" "kruck" "sputnik" "porani" ];
-    deployments = flip map serverList  ( name:  serverDeployment name {} );
-  in
-  deployments;
-
 in
 pkgs.mkShell {
 
-  buildInputs = servers;
+  # define 2 servers
+  buildInputs = with ops; [
+    (jobs "deploy-server" "root@94.3.23.12" [
+      # deploy secrets to /run/secrets
+      (populateTmps (source.secrets name))
+      # deploy system to /var/src/system
+      (populate (source.system name))
+      # deploy nixpkgs to /var/src/nixpkgs
+      (populate source.nixPkgs)
+      # run nixos-rebuild switch -I /var/src -I /run/secrets
+      # todo : make sure that -I /run/secrets are is called
+      switch
+    ])
+  ];
 
   shellHook = ''
-      export PASSWORD_STORE_DIR=./secrets
+    export PASSWORD_STORE_DIR=./secrets
   '';
 }
 ```
 
-# `/run/keys`
+tmpfs
+-----
 
-the switch command includes also everything
-in `/run/keys` which can be populated using 
-`populatedTmpfs` and can be accessed via `<keys/...>`
+`plops` can populate your files and folders everywhere you want. It
+comes with a function `populateTmpfs` which populates the files and
+folders in `/run/plops-secrets/<name>`. So these keys will be gone after
+a restart of the machine.
 
-These keys will be gone after a restart of the machine.
+You can reference theses folder in your `configuration.nix` like all the
+other sources. For this example it would be `<secrets/my-secret-key>`.
 
-There is a module which makes it easy to handle
-theses tmpfs-keys.
+There is a module which makes it easy to handle systemd services
+depending on theses tmpfs files (which are not present at boot time).

+ 2 - 2
default.nix

@@ -37,7 +37,7 @@ core = {
                   ${target.user}@${target.host} -p ${target.port} \
                   nixos-rebuild switch \
                   -I ${target.path} \
-                  -I "/run/keys"
+                  -I "/run/plops-secrets"
   '';
 };
 
@@ -59,7 +59,7 @@ ops = {
   populateTmpfs = sources: target:
   with lib;
   let
-    tmpfs = "/run/keys/";
+    tmpfs = "/run/plops-secrets/";
   in
   core.populate (target // { path = tmpfs; }) sources;
 

+ 13 - 0
doc/10_intro.md

@@ -0,0 +1,13 @@
+# plops (palo OPs)
+
+This is a palo (thats me) friendly
+[krops](https://cgit.krebsco.org/krops)
+framework.
+It creates executables
+which are run to trigger deployments.
+
+The easiest way is to use it,
+is to write a
+[shell.nix](https://link.to.shell.nix)
+which defines your deployments.
+

+ 3 - 0
doc/20_example.md

@@ -0,0 +1,3 @@
+## minimal setup
+
+```nix

+ 1 - 0
doc/21_example.md

@@ -0,0 +1 @@
+```

+ 14 - 0
doc/50_tmpfs.md

@@ -0,0 +1,14 @@
+## tmpfs
+
+`plops` can populate your files and folders everywhere you want.
+It comes with a function `populateTmpfs`
+which populates the files and folders in `/run/plops-secrets/<name>`.
+So these keys will be gone after a restart of the machine.
+
+You can reference theses folder in your `configuration.nix`
+like all the other sources.
+For this example it would be `<secrets/my-secret-key>`.
+
+There is a module which makes it easy to handle
+systemd services depending on theses tmpfs files
+(which are not present at boot time).

+ 56 - 0
example/shell.nix

@@ -0,0 +1,56 @@
+let
+  # import plops with pkgs and lib
+  ops = import ((import <nixpkgs> {}).fetchgit {
+    url = "https://github.com/mrVanDalo/plops.git";
+    rev = "ed4308552511a91021bc979d8cfde029995a9543";
+    sha256 = "0vc1wqgxz85il8az07npnppckm8hrnvn9zlb4niw1snmkd2jjzx8";
+  });
+  lib = ops.lib;
+  pkgs = ops.pkgs;
+
+  # define all sources
+  sources = {
+
+    # nixpkgs (no need for channels anymore)
+    nixPkgs.nixpkgs.git = {
+      ref = "19.03";
+      url = https://github.com/NixOS/nixpkgs-channels;
+    };
+
+    # system configurations
+    system = name: {
+      configs.file = toString ./configs;
+      nixos-config.symlink = "configs/${name}/configuration.nix";
+    };
+
+    # secrets which are hold and stored by pass
+    secrets = name: {
+      secrets.pass = {
+        dir  = toString ./secrets;
+        name = name;
+      };
+    };
+  };
+
+in
+pkgs.mkShell {
+
+  # define 2 servers
+  buildInputs = with ops; [
+    (jobs "deploy-server" "root@94.3.23.12" [
+      # deploy secrets to /run/secrets
+      (populateTmps (source.secrets name))
+      # deploy system to /var/src/system
+      (populate (source.system name))
+      # deploy nixpkgs to /var/src/nixpkgs
+      (populate source.nixPkgs)
+      # run nixos-rebuild switch -I /var/src -I /run/secrets
+      # todo : make sure that -I /run/secrets are is called
+      switch
+    ])
+  ];
+
+  shellHook = ''
+    export PASSWORD_STORE_DIR=./secrets
+  '';
+}

+ 27 - 0
shell.nix

@@ -0,0 +1,27 @@
+{ pkgs ?  import <nixpkgs> {} }:
+let
+
+  # todo this should be automatic at some point in time
+  createReadme = pkgs.writeShellScriptBin "create-readme" /* sh */ ''
+  ${pkgs.pandoc}/bin/pandoc \
+                 -s \
+                 ${toString ./doc/10_intro.md} \
+                 ${toString ./doc/20_example.md} \
+                 ${toString ./example/shell.nix} \
+                 ${toString ./doc/21_example.md} \
+                 ${toString ./doc/50_tmpfs.md} \
+                 -f markdown -t markdown \
+                 -o ${toString ./README.md}
+  '';
+in
+pkgs.mkShell {
+
+  buildInputs = with pkgs; [
+    pkgs.haskellPackages.pandoc
+    createReadme
+  ];
+
+  shellHook = ''
+    HISTFILE=${toString ./.}/.history
+  '';
+}