palo
/
tech-ingolf-wagner-de
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

some additions from tv

master
Ingolf Wagner 2018-08-25 17:13:01 +02:00
parent c1f67e20d1
commit 277126c175
1 changed files with 43 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
content/nixos/krops.md
View File

@ -20,7 +20,7 @@ If you're looking for a good document on how to use
have a look at
[this excellent article](https://blog.wearewizards.io/how-to-use-nixops-in-a-team).
# krops vs NixOps (feature comparison)
# krops vs. NixOps (Feature Comparison)
<table class="comparison">
<tr>
@ -89,19 +89,19 @@ have a look at
# krops Structure by Example
krops is not a binary like NixOps it is a library
you use to write binaries which does the actual deployment.
krops is not an executable like NixOps,
it is a library you use to write executables which do the actual deployment.
Lets say you have a very simple `configuration.nix`
Let's say you have a very simple `configuration.nix`
```
{ config, lib, pkgs, ... }:
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.git ];
}
```
Than you can use the following script (`krops.nix`) to deploy it
Than you can use the following script (let's name it `krops.nix`) to deploy it
on the machine `server01.mydomain.org`.
```
@ -136,9 +136,9 @@ in {
}
```
Now you can deploy the machine by running :
Now you can deploy the machine by running:
```
$> nix-build ./krops.nix && result
$> nix-build ./krops.nix -A server01 && result
```
You need to make sure you have ssh access to the root user on `server01.mydomain.org`
and `git` is installed on `server01.mydomain.org`.
@ -149,14 +149,14 @@ If you run this command the first time you will most likely get a message like
error: missing sentinel file: server01.mydomain.org:/var/src/.populate
```
This is because you need to create `/var/src/.populate` before krops will do anything.
Once `/var/src/.populate` is created, you can run the command `./result` again.
Once that file is created, you can run the command `./result` again.
{{% /note %}}
krops will copy the file `configuration.nix` into `/var/src` on `server01`
and will clone nixpkgs into `/var/src`.
After that krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`.
krops will copy the file `configuration.nix` to `/var/src/nixos-config` on `server01`
and will clone `nixpkgs` into `/var/src/nixpkgs`.
After that, krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`.
## The different parts explained
## The Different Parts Explained
Let's start with the cryptic part at the beginning.
@ -170,8 +170,9 @@ krops = builtins.fetchGit {
lib = import "${krops}/lib";
pkgs = import "${krops}/pkgs" {};
```
It downloads krops and put krops in the nix load path.
So you can use it in the following script.
It downloads krops and makes its library and packages available
so they can be used it in the following script.
```
server01 = pkgs.krops.writeDeploy "deploy-server01" {
@ -181,7 +182,7 @@ server01 = pkgs.krops.writeDeploy "deploy-server01" {
in {
server01 = server01;
server01 = server01;
}
```
@ -190,8 +191,15 @@ The executable `server01` is which results in the link `./result`.
It is the result of `krops.writeDeploy` with parameters
* `target` passed to the ssh command
* `source` the list of folders and files which are copied to `/var/src`
* `source` the set of files and folders which should be made available beneath `/var/src` on the target
{{% note %}}
`target` takes more argument parts than just the host, you can for example set it to
`
root@server01:4444/etc/krops/
`
to change the ssh port and the target folder it should be copied.
{{% /note %}}
```
source = lib.evalSource [
@ -215,9 +223,10 @@ All other files/folders must be referenced in the resulting `nixos-config` file.
## Different Sources
### files and folders
### Files and Folders
You can use the `.file` argument for folders and files.
You can use the `file` attribute to transfer
files and folders from the build host to the target host.
But it always must be an absolute path.
```
@ -229,9 +238,9 @@ source = lib.evalSource [
```
This copies `./modules` to `/var/src/modules`.
### symlinks
### Symlinks
You can also use the `.symlink` argument
You can also use the `symlink` argument
to create symlinks on the target system.
```
@ -249,11 +258,11 @@ This copies `./config` to `/var/src/config` and creates a symlink
krops will not check if the target is valid.
{{% /note %}}
### git repositories
### Git Repositories
You can pull git repositories using the `.git` argument
You can pull Git repositories using the `git` attribute
from everywhere you want,
as long as the target host sees it.
as long as the target host is able to pull it.
```
source = lib.evalSource [
@ -272,7 +281,7 @@ to `/var/src/nix-writers`.
the `ref` parameter also accepts branches or tags.
### Passwordstore
### Password Store (Native File Encryption)
lets assume `secrets` is a folder managed by
[passwordstore](https://www.passwordstore.org/).
@ -285,7 +294,7 @@ secrets
`-- wpa_supplicant.conf.gpg
```
Use the `.pass` argument to include the sub-folder `server01`
Use the `pass` argument to include the sub-folder `server01`
into your deployment.
```
@ -303,7 +312,11 @@ source = lib.evalSource [
This copies `secrets/server01` to `/var/src/secrets` after it is decrypted.
You will be prompted to enter the password.
## How to use sources in configuration.nix
{{% note %}}
So the files in `/var/src/secrets` will be unencrypted!
{{% /note %}}
## How to use Sources in configuration.nix
You can use folders copied by krops
very pleasantly in the `configuration.nix`.
@ -319,7 +332,7 @@ very pleasantly in the `configuration.nix`.
}
```
## How to manually rebuild the system
## How to Manually Rebuild the System
If you, for some reason, want to rebuild the system on the host itself,
you can do that simply by running as root
@ -388,9 +401,9 @@ $> nix-build ./krops.nix -A server02 && ./result
$> nix-build ./krops.nix -A all && ./result
```
## Update and Fixing Git commits
## Update and Fixing Git Commits
Updating Hashes for git repositories is annoying and using branches might break consistency.
Updating hashes for Git repositories is annoying and using branches might break consistency.
To avoid editing files you can use the `nix-prefetch-git` and `lib.importJson` to make
your live easier.