Last active
June 11, 2018 19:47
-
-
Save srghma/be1f6ce596b406bed3137aa948508a5a to your computer and use it in GitHub Desktop.
nixops files from some of my project
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nixops files from some of my project |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| let | |
| region = "us-east-1"; | |
| zone = "${region}c"; | |
| in | |
| { | |
| network.description = "[Nixops test] network"; | |
| network.enableRollback = true; | |
| # Provision an EC2 key pair. | |
| resources.ec2KeyPairs.backendKeyPair = { | |
| inherit region zone; | |
| }; | |
| resources.ebsVolumes.foo-disk = { | |
| inherit region zone; | |
| size = 5; | |
| tags = { | |
| Name = "[Nixops test] Foo Disk"; | |
| }; | |
| }; | |
| resources.ec2SecurityGroups.backendSecurityGroup = { | |
| inherit region zone; | |
| description = "[Nixops test] ssh security group"; | |
| rules = [ { | |
| fromPort = 22; | |
| toPort = 22; | |
| sourceIp = "0.0.0.0/0"; | |
| } ]; | |
| }; | |
| backend = | |
| { resources, ... }: | |
| { | |
| deployment.targetEnv = "ec2"; | |
| deployment.ec2 = { | |
| inherit region zone; | |
| instanceType = "c4.large"; | |
| keyPair = resources.ec2KeyPairs.backendKeyPair; | |
| associatePublicIpAddress = true; | |
| ebsInitialRootDiskSize = 5; | |
| tags.Name = "[Nixops test] backend"; | |
| securityGroups = [ | |
| resources.ec2SecurityGroups.backendSecurityGroup | |
| ]; | |
| }; | |
| fileSystems."/data" = { | |
| autoFormat = true; | |
| fsType = "ext4"; | |
| device = "/dev/sdf"; | |
| ec2.disk = resources.ebsVolumes.foo-disk; | |
| }; | |
| }; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| make_dhparam: | |
| openssl dhparam -out backend/dhparams.pem 2048 | |
| nixops_create: | |
| nixops create '<base.nix>' | |
| nixops_purge: | |
| nixops destroy --all | |
| nixops delete --all |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { pkgs ? import <nixpkgs> {} }: | |
| with pkgs; | |
| with lib; | |
| let | |
| awsCred = import ./secrets/aws.nix; | |
| nixops = (import ~/projects/nixops/release.nix {}).build."${builtins.currentSystem}"; | |
| in | |
| stdenv.mkDerivation (awsCred // rec { | |
| name = "env"; | |
| buildInputs = [ nixops gnumake git ]; | |
| NIX_PATH = concatStringsSep ":" [ | |
| # pin to specific repo | |
| "nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-18.03.tar.gz" | |
| # unstable channel for some packages | |
| "nixpkgs-unstable=https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz" | |
| # HACK: | |
| # on `nixops create ./base.nix` nixops stores fullpath to base.nix | |
| # to make project runneable on other computers | |
| # make <base.nix> refer to ./base.nix | |
| "." | |
| ]; | |
| NIXOPS_DEPLOYMENT = "foo"; | |
| NIXOPS_STATE="./state.nixops"; | |
| }) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment