diff --git a/content/nixos/krops.md b/content/nixos/krops.md
index 9d7d668..9c186e5 100644
--- a/content/nixos/krops.md
+++ b/content/nixos/krops.md
@@ -20,7 +20,7 @@ If you're looking for a good document on how to use
have a look at
[this excellent article](https://blog.wearewizards.io/how-to-use-nixops-in-a-team).
-# krops vs NixOps (feature comparison)
+# krops vs. NixOps (Feature Comparison)
@@ -89,19 +89,19 @@ have a look at
# krops Structure by Example
-krops is not a binary like NixOps it is a library
-you use to write binaries which does the actual deployment.
+krops is not an executable like NixOps,
+it is a library you use to write executables which do the actual deployment.
-Lets say you have a very simple `configuration.nix`
+Let's say you have a very simple `configuration.nix`
```
-{ config, lib, pkgs, ... }:
+{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.git ];
}
```
-Than you can use the following script (`krops.nix`) to deploy it
+Than you can use the following script (let's name it `krops.nix`) to deploy it
on the machine `server01.mydomain.org`.
```
@@ -136,9 +136,9 @@ in {
}
```
-Now you can deploy the machine by running :
+Now you can deploy the machine by running:
```
-$> nix-build ./krops.nix && result
+$> nix-build ./krops.nix -A server01 && result
```
You need to make sure you have ssh access to the root user on `server01.mydomain.org`
and `git` is installed on `server01.mydomain.org`.
@@ -149,14 +149,14 @@ If you run this command the first time you will most likely get a message like
error: missing sentinel file: server01.mydomain.org:/var/src/.populate
```
This is because you need to create `/var/src/.populate` before krops will do anything.
-Once `/var/src/.populate` is created, you can run the command `./result` again.
+Once that file is created, you can run the command `./result` again.
{{% /note %}}
-krops will copy the file `configuration.nix` into `/var/src` on `server01`
-and will clone nixpkgs into `/var/src`.
-After that krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`.
+krops will copy the file `configuration.nix` to `/var/src/nixos-config` on `server01`
+and will clone `nixpkgs` into `/var/src/nixpkgs`.
+After that, krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`.
-## The different parts explained
+## The Different Parts Explained
Let's start with the cryptic part at the beginning.
@@ -170,8 +170,9 @@ krops = builtins.fetchGit {
lib = import "${krops}/lib";
pkgs = import "${krops}/pkgs" {};
```
-It downloads krops and put krops in the nix load path.
-So you can use it in the following script.
+It downloads krops and makes its library and packages available
+so they can be used it in the following script.
+
```
server01 = pkgs.krops.writeDeploy "deploy-server01" {
@@ -181,7 +182,7 @@ server01 = pkgs.krops.writeDeploy "deploy-server01" {
in {
-server01 = server01;
+ server01 = server01;
}
```
@@ -190,8 +191,15 @@ The executable `server01` is which results in the link `./result`.
It is the result of `krops.writeDeploy` with parameters
* `target` passed to the ssh command
-* `source` the list of folders and files which are copied to `/var/src`
+* `source` the set of files and folders which should be made available beneath `/var/src` on the target
+{{% note %}}
+`target` takes more argument parts than just the host, you can for example set it to
+`
+root@server01:4444/etc/krops/
+`
+to change the ssh port and the target folder it should be copied.
+{{% /note %}}
```
source = lib.evalSource [
@@ -215,9 +223,10 @@ All other files/folders must be referenced in the resulting `nixos-config` file.
## Different Sources
-### files and folders
+### Files and Folders
-You can use the `.file` argument for folders and files.
+You can use the `file` attribute to transfer
+files and folders from the build host to the target host.
But it always must be an absolute path.
```
@@ -229,9 +238,9 @@ source = lib.evalSource [
```
This copies `./modules` to `/var/src/modules`.
-### symlinks
+### Symlinks
-You can also use the `.symlink` argument
+You can also use the `symlink` argument
to create symlinks on the target system.
```
@@ -249,11 +258,11 @@ This copies `./config` to `/var/src/config` and creates a symlink
krops will not check if the target is valid.
{{% /note %}}
-### git repositories
+### Git Repositories
-You can pull git repositories using the `.git` argument
+You can pull Git repositories using the `git` attribute
from everywhere you want,
-as long as the target host sees it.
+as long as the target host is able to pull it.
```
source = lib.evalSource [
@@ -272,7 +281,7 @@ to `/var/src/nix-writers`.
the `ref` parameter also accepts branches or tags.
-### Passwordstore
+### Password Store (Native File Encryption)
lets assume `secrets` is a folder managed by
[passwordstore](https://www.passwordstore.org/).
@@ -285,7 +294,7 @@ secrets
`-- wpa_supplicant.conf.gpg
```
-Use the `.pass` argument to include the sub-folder `server01`
+Use the `pass` argument to include the sub-folder `server01`
into your deployment.
```
@@ -303,7 +312,11 @@ source = lib.evalSource [
This copies `secrets/server01` to `/var/src/secrets` after it is decrypted.
You will be prompted to enter the password.
-## How to use sources in configuration.nix
+{{% note %}}
+So the files in `/var/src/secrets` will be unencrypted!
+{{% /note %}}
+
+## How to use Sources in configuration.nix
You can use folders copied by krops
very pleasantly in the `configuration.nix`.
@@ -319,7 +332,7 @@ very pleasantly in the `configuration.nix`.
}
```
-## How to manually rebuild the system
+## How to Manually Rebuild the System
If you, for some reason, want to rebuild the system on the host itself,
you can do that simply by running as root
@@ -388,9 +401,9 @@ $> nix-build ./krops.nix -A server02 && ./result
$> nix-build ./krops.nix -A all && ./result
```
-## Update and Fixing Git commits
+## Update and Fixing Git Commits
-Updating Hashes for git repositories is annoying and using branches might break consistency.
+Updating hashes for Git repositories is annoying and using branches might break consistency.
To avoid editing files you can use the `nix-prefetch-git` and `lib.importJson` to make
your live easier.