Makefile: sync with infra-template repo
This commit is contained in:
parent
e755ec67ae
commit
100faa4405
1
.envrc
1
.envrc
|
@ -2,5 +2,6 @@ if ! has nix_direnv_version || ! nix_direnv_version 3.0.6; then
|
|||
source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc" "sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM="
|
||||
fi
|
||||
|
||||
source .envrc.fixes
|
||||
source .envrc.secrets
|
||||
use flake
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
# Fixing macOS issue:
|
||||
# objc[33642]: +[__NSPlaceholderDate initialize] may have been in progress in another thread when fork() was called.
|
||||
# See: https://github.com/ansible/ansible/issues/49207
|
||||
export OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES
|
|
@ -3,3 +3,7 @@ export VAULT_CLIENT_CERT=./ansible/files/vault-client-user.crt
|
|||
export VAULT_CLIENT_KEY=./ansible/files/vault-client-user.key
|
||||
export VAULT_ADDR=https://vault-api.infra.status.im:8200
|
||||
export CONSUL_HTTP_TOKEN=$(pass services/consul/tokens/terraform)
|
||||
# Provide a script in your PATH matching this name to load the token.
|
||||
if command -v vault_token_provider >/dev/null; then
|
||||
export VAULT_TOKEN=$(vault_token_provider)
|
||||
fi
|
||||
|
|
63
Makefile
63
Makefile
|
@ -1,32 +1,40 @@
|
|||
OS = $(strip $(shell uname -s))
|
||||
# Colors
|
||||
YLW = \033[1;33m
|
||||
RED = \033[0;31m
|
||||
GRN = \033[0;32m
|
||||
BLU = \033[0;34m
|
||||
BLD = \033[1m
|
||||
RST = \033[0m
|
||||
|
||||
ifeq ($(OS),Darwin)
|
||||
ARCH = darwin_amd64
|
||||
OS = $(shell uname -s | tr A-Z a-z)
|
||||
ARCH = "${OS}-$(shell uname -m)"
|
||||
|
||||
ifeq ($(OS),darwin)
|
||||
PROVISIONER_SHA1 = bd688a503f526beedaf6ef5d2dba1128051573b6
|
||||
else
|
||||
ARCH = linux_amd64
|
||||
PROVISIONER_SHA1 = da9cdf019d8f860a6e417257d81b1b21aceba7b7
|
||||
PROVISIONER_SHA1 = 1cbdf2bafe9e968a039264a6d3e6b58a2d2576eb
|
||||
endif
|
||||
|
||||
TF_PLUGINS_DIR = $(HOME)/.terraform.d/plugins
|
||||
|
||||
PROVISIONER_NAME = terraform-provisioner-ansible
|
||||
PROVISIONER_VERSION = v2.5.0
|
||||
PROVISIONER_ARCHIVE = $(PROVISIONER_NAME)-$(subst _,-,$(ARCH))_$(PROVISIONER_VERSION)
|
||||
PROVISIONER_URL = https://github.com/radekg/terraform-provisioner-ansible/releases/download/$(PROVISIONER_VERSION)/$(PROVISIONER_ARCHIVE)
|
||||
PROVISIONER_PATH = $(TF_PLUGINS_DIR)/$(ARCH)/$(PROVISIONER_NAME)_$(PROVISIONER_VERSION)
|
||||
PROVISIONER_VERSION = v2.5.1
|
||||
PROVISIONER_ARCHIVE = $(PROVISIONER_NAME)-$(ARCH)-$(PROVISIONER_VERSION)
|
||||
PROVISIONER_URL = https://github.com/status-im/terraform-provisioner-ansible/releases/download/$(PROVISIONER_VERSION)/$(PROVISIONER_ARCHIVE)
|
||||
PROVISIONER_PATH = $(TF_PLUGINS_DIR)/$(PROVISIONER_NAME)
|
||||
|
||||
all: roles-install install-provisioner secrets init-terraform
|
||||
all: roles-install install-provisioner secrets init-terraform checks
|
||||
@echo "Success!"
|
||||
|
||||
roles-install:
|
||||
ansible/roles.py --install
|
||||
@ansible/roles.py --install
|
||||
|
||||
roles-check:
|
||||
ansible/roles.py --check
|
||||
@ansible/roles.py --check || \
|
||||
echo -e '\n$(YLW)WARNING: Local role versions appear to be incorrect.$(RST)' >&2
|
||||
|
||||
roles-update:
|
||||
ansible/roles.py --update
|
||||
@ansible/roles.py --update
|
||||
|
||||
roles: roles-install roles-check
|
||||
|
||||
|
@ -47,13 +55,30 @@ secrets:
|
|||
pass services/vault/certs/client-user/cert > ansible/files/vault-client-user.crt
|
||||
pass services/vault/certs/client-user/privkey > ansible/files/vault-client-user.key
|
||||
|
||||
consul-token-check:
|
||||
ifndef CONSUL_HTTP_TOKEN
|
||||
$(error No CONSUL_HTTP_TOKEN env variable set!)
|
||||
endif
|
||||
|
||||
init-terraform: consul-token-check
|
||||
init-terraform: consul-check
|
||||
terraform init -upgrade=true
|
||||
|
||||
cleanup:
|
||||
rm -r $(TF_PLUGINS_DIR)/$(ARCHIVE)
|
||||
|
||||
consul-check:
|
||||
ifndef CONSUL_HTTP_TOKEN
|
||||
@echo -e "$(RED)$(BLD)ERROR: No CONSUL_HTTP_TOKEN env variable set!$(RST)"; exit 1
|
||||
endif
|
||||
|
||||
vault-check:
|
||||
ifndef VAULT_TOKEN
|
||||
@echo -e "$(RED)$(BLD)ERROR: No VAULT_TOKEN env variable set!$(RST)"; exit 1
|
||||
endif
|
||||
|
||||
DIRENV_LOADED ?= $(shell direnv status --json | jq .state.loadedRC.allowed)
|
||||
direnv-check:
|
||||
@if [[ "$(DIRENV_LOADED)" -ne 0 ]] && [[ -z "$${DIRENV_IN_ENVRC}" ]]; then \
|
||||
echo -e "$(YLW)WARNING: This repo assumes use of Direnv:$(RST)" \
|
||||
"$(BLD)"'eval "$$(direnv hook zsh)"; direnv allow'"$(RST)"; \
|
||||
fi
|
||||
|
||||
checks: roles-check direnv-check consul-check vault-check
|
||||
@echo -e "\n$(GRN)$(BLD)WELCOME BACK, COMMANDER$(RST)"
|
||||
|
||||
.PHONY = checks roles-check direnv-check consul-check vault-check
|
||||
|
|
|
@ -2,17 +2,17 @@
|
|||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1720031269,
|
||||
"narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=",
|
||||
"lastModified": 1724224976,
|
||||
"narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9f4128e00b0ae8ec65918efeba59db998750ead6",
|
||||
"rev": "c374d94f1536013ca8e92341b540eba4c22f9c62",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c374d94f1536013ca8e92341b540eba4c22f9c62",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
|
|
13
flake.nix
13
flake.nix
|
@ -1,7 +1,11 @@
|
|||
{
|
||||
description = "infra-shell";
|
||||
|
||||
inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
# bitwarden-cli has a build issue on macOS since 2024.8.0:
|
||||
# this commit fixes nixpkgs right before switching to 2024.8.0
|
||||
# https://github.com/NixOS/nixpkgs/issues/339576
|
||||
inputs.nixpkgs.url = "github:nixos/nixpkgs/c374d94f1536013ca8e92341b540eba4c22f9c62";
|
||||
#inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
|
||||
outputs = { self, nixpkgs }:
|
||||
let
|
||||
|
@ -15,8 +19,8 @@
|
|||
pkgs = pkgsFor.${system};
|
||||
in {
|
||||
default = let
|
||||
pythonPkgs = pkgs.python311.withPackages (
|
||||
_: with (pkgs.python311Packages); [
|
||||
pythonPkgs = pkgs.python3.withPackages (
|
||||
_: with (pkgs.python3Packages); [
|
||||
ipython pyyaml jinja2 PyGithub
|
||||
pyopenssl cryptography
|
||||
hvac
|
||||
|
@ -38,8 +42,7 @@
|
|||
];
|
||||
|
||||
shellHook = ''
|
||||
./ansible/roles.py --check || \
|
||||
echo -e '\nWARNING: Your role versions appear to be incorrect!' >&2
|
||||
make checks
|
||||
'';
|
||||
};
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue