some additions from tv
parent
c1f67e20d1
commit
277126c175
|
@ -20,7 +20,7 @@ If you're looking for a good document on how to use
|
|||
have a look at
|
||||
[this excellent article](https://blog.wearewizards.io/how-to-use-nixops-in-a-team).
|
||||
|
||||
# krops vs NixOps (feature comparison)
|
||||
# krops vs. NixOps (Feature Comparison)
|
||||
|
||||
<table class="comparison">
|
||||
<tr>
|
||||
|
@ -89,19 +89,19 @@ have a look at
|
|||
|
||||
# krops Structure by Example
|
||||
|
||||
krops is not a binary like NixOps it is a library
|
||||
you use to write binaries which does the actual deployment.
|
||||
krops is not an executable like NixOps,
|
||||
it is a library you use to write executables which do the actual deployment.
|
||||
|
||||
Lets say you have a very simple `configuration.nix`
|
||||
Let's say you have a very simple `configuration.nix`
|
||||
|
||||
```
|
||||
{ config, lib, pkgs, ... }:
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
}
|
||||
```
|
||||
|
||||
Than you can use the following script (`krops.nix`) to deploy it
|
||||
Than you can use the following script (let's name it `krops.nix`) to deploy it
|
||||
on the machine `server01.mydomain.org`.
|
||||
|
||||
```
|
||||
|
@ -136,9 +136,9 @@ in {
|
|||
|
||||
}
|
||||
```
|
||||
Now you can deploy the machine by running :
|
||||
Now you can deploy the machine by running:
|
||||
```
|
||||
$> nix-build ./krops.nix && result
|
||||
$> nix-build ./krops.nix -A server01 && result
|
||||
```
|
||||
You need to make sure you have ssh access to the root user on `server01.mydomain.org`
|
||||
and `git` is installed on `server01.mydomain.org`.
|
||||
|
@ -149,14 +149,14 @@ If you run this command the first time you will most likely get a message like
|
|||
error: missing sentinel file: server01.mydomain.org:/var/src/.populate
|
||||
```
|
||||
This is because you need to create `/var/src/.populate` before krops will do anything.
|
||||
Once `/var/src/.populate` is created, you can run the command `./result` again.
|
||||
Once that file is created, you can run the command `./result` again.
|
||||
{{% /note %}}
|
||||
|
||||
krops will copy the file `configuration.nix` into `/var/src` on `server01`
|
||||
and will clone nixpkgs into `/var/src`.
|
||||
After that krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`.
|
||||
krops will copy the file `configuration.nix` to `/var/src/nixos-config` on `server01`
|
||||
and will clone `nixpkgs` into `/var/src/nixpkgs`.
|
||||
After that, krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`.
|
||||
|
||||
## The different parts explained
|
||||
## The Different Parts Explained
|
||||
|
||||
Let's start with the cryptic part at the beginning.
|
||||
|
||||
|
@ -170,8 +170,9 @@ krops = builtins.fetchGit {
|
|||
lib = import "${krops}/lib";
|
||||
pkgs = import "${krops}/pkgs" {};
|
||||
```
|
||||
It downloads krops and put krops in the nix load path.
|
||||
So you can use it in the following script.
|
||||
It downloads krops and makes its library and packages available
|
||||
so they can be used it in the following script.
|
||||
|
||||
|
||||
```
|
||||
server01 = pkgs.krops.writeDeploy "deploy-server01" {
|
||||
|
@ -181,7 +182,7 @@ server01 = pkgs.krops.writeDeploy "deploy-server01" {
|
|||
|
||||
in {
|
||||
|
||||
server01 = server01;
|
||||
server01 = server01;
|
||||
|
||||
}
|
||||
```
|
||||
|
@ -190,8 +191,15 @@ The executable `server01` is which results in the link `./result`.
|
|||
It is the result of `krops.writeDeploy` with parameters
|
||||
|
||||
* `target` passed to the ssh command
|
||||
* `source` the list of folders and files which are copied to `/var/src`
|
||||
* `source` the set of files and folders which should be made available beneath `/var/src` on the target
|
||||
|
||||
{{% note %}}
|
||||
`target` takes more argument parts than just the host, you can for example set it to
|
||||
`
|
||||
root@server01:4444/etc/krops/
|
||||
`
|
||||
to change the ssh port and the target folder it should be copied.
|
||||
{{% /note %}}
|
||||
|
||||
```
|
||||
source = lib.evalSource [
|
||||
|
@ -215,9 +223,10 @@ All other files/folders must be referenced in the resulting `nixos-config` file.
|
|||
|
||||
## Different Sources
|
||||
|
||||
### files and folders
|
||||
### Files and Folders
|
||||
|
||||
You can use the `.file` argument for folders and files.
|
||||
You can use the `file` attribute to transfer
|
||||
files and folders from the build host to the target host.
|
||||
But it always must be an absolute path.
|
||||
|
||||
```
|
||||
|
@ -229,9 +238,9 @@ source = lib.evalSource [
|
|||
```
|
||||
This copies `./modules` to `/var/src/modules`.
|
||||
|
||||
### symlinks
|
||||
### Symlinks
|
||||
|
||||
You can also use the `.symlink` argument
|
||||
You can also use the `symlink` argument
|
||||
to create symlinks on the target system.
|
||||
|
||||
```
|
||||
|
@ -249,11 +258,11 @@ This copies `./config` to `/var/src/config` and creates a symlink
|
|||
krops will not check if the target is valid.
|
||||
{{% /note %}}
|
||||
|
||||
### git repositories
|
||||
### Git Repositories
|
||||
|
||||
You can pull git repositories using the `.git` argument
|
||||
You can pull Git repositories using the `git` attribute
|
||||
from everywhere you want,
|
||||
as long as the target host sees it.
|
||||
as long as the target host is able to pull it.
|
||||
|
||||
```
|
||||
source = lib.evalSource [
|
||||
|
@ -272,7 +281,7 @@ to `/var/src/nix-writers`.
|
|||
the `ref` parameter also accepts branches or tags.
|
||||
|
||||
|
||||
### Passwordstore
|
||||
### Password Store (Native File Encryption)
|
||||
|
||||
lets assume `secrets` is a folder managed by
|
||||
[passwordstore](https://www.passwordstore.org/).
|
||||
|
@ -285,7 +294,7 @@ secrets
|
|||
`-- wpa_supplicant.conf.gpg
|
||||
```
|
||||
|
||||
Use the `.pass` argument to include the sub-folder `server01`
|
||||
Use the `pass` argument to include the sub-folder `server01`
|
||||
into your deployment.
|
||||
|
||||
```
|
||||
|
@ -303,7 +312,11 @@ source = lib.evalSource [
|
|||
This copies `secrets/server01` to `/var/src/secrets` after it is decrypted.
|
||||
You will be prompted to enter the password.
|
||||
|
||||
## How to use sources in configuration.nix
|
||||
{{% note %}}
|
||||
So the files in `/var/src/secrets` will be unencrypted!
|
||||
{{% /note %}}
|
||||
|
||||
## How to use Sources in configuration.nix
|
||||
|
||||
You can use folders copied by krops
|
||||
very pleasantly in the `configuration.nix`.
|
||||
|
@ -319,7 +332,7 @@ very pleasantly in the `configuration.nix`.
|
|||
}
|
||||
```
|
||||
|
||||
## How to manually rebuild the system
|
||||
## How to Manually Rebuild the System
|
||||
|
||||
If you, for some reason, want to rebuild the system on the host itself,
|
||||
you can do that simply by running as root
|
||||
|
@ -388,9 +401,9 @@ $> nix-build ./krops.nix -A server02 && ./result
|
|||
$> nix-build ./krops.nix -A all && ./result
|
||||
```
|
||||
|
||||
## Update and Fixing Git commits
|
||||
## Update and Fixing Git Commits
|
||||
|
||||
Updating Hashes for git repositories is annoying and using branches might break consistency.
|
||||
Updating hashes for Git repositories is annoying and using branches might break consistency.
|
||||
To avoid editing files you can use the `nix-prefetch-git` and `lib.importJson` to make
|
||||
your live easier.
|
||||
|
||||
|
|
Loading…
Reference in New Issue