From 277126c1752f8b47ae0ea28a7db6f8fb4ca9b888 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Sat, 25 Aug 2018 17:13:01 +0200 Subject: [PATCH] some additions from tv --- content/nixos/krops.md | 73 +++++++++++++++++++++++++----------------- 1 file changed, 43 insertions(+), 30 deletions(-) diff --git a/content/nixos/krops.md b/content/nixos/krops.md index 9d7d668..9c186e5 100644 --- a/content/nixos/krops.md +++ b/content/nixos/krops.md @@ -20,7 +20,7 @@ If you're looking for a good document on how to use have a look at [this excellent article](https://blog.wearewizards.io/how-to-use-nixops-in-a-team). -# krops vs NixOps (feature comparison) +# krops vs. NixOps (Feature Comparison) @@ -89,19 +89,19 @@ have a look at # krops Structure by Example -krops is not a binary like NixOps it is a library -you use to write binaries which does the actual deployment. +krops is not an executable like NixOps, +it is a library you use to write executables which do the actual deployment. -Lets say you have a very simple `configuration.nix` +Let's say you have a very simple `configuration.nix` ``` -{ config, lib, pkgs, ... }: +{ pkgs, ... }: { environment.systemPackages = [ pkgs.git ]; } ``` -Than you can use the following script (`krops.nix`) to deploy it +Than you can use the following script (let's name it `krops.nix`) to deploy it on the machine `server01.mydomain.org`. ``` @@ -136,9 +136,9 @@ in { } ``` -Now you can deploy the machine by running : +Now you can deploy the machine by running: ``` -$> nix-build ./krops.nix && result +$> nix-build ./krops.nix -A server01 && result ``` You need to make sure you have ssh access to the root user on `server01.mydomain.org` and `git` is installed on `server01.mydomain.org`. @@ -149,14 +149,14 @@ If you run this command the first time you will most likely get a message like error: missing sentinel file: server01.mydomain.org:/var/src/.populate ``` This is because you need to create `/var/src/.populate` before krops will do anything. -Once `/var/src/.populate` is created, you can run the command `./result` again. +Once that file is created, you can run the command `./result` again. {{% /note %}} -krops will copy the file `configuration.nix` into `/var/src` on `server01` -and will clone nixpkgs into `/var/src`. -After that krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`. +krops will copy the file `configuration.nix` to `/var/src/nixos-config` on `server01` +and will clone `nixpkgs` into `/var/src/nixpkgs`. +After that, krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`. -## The different parts explained +## The Different Parts Explained Let's start with the cryptic part at the beginning. @@ -170,8 +170,9 @@ krops = builtins.fetchGit { lib = import "${krops}/lib"; pkgs = import "${krops}/pkgs" {}; ``` -It downloads krops and put krops in the nix load path. -So you can use it in the following script. +It downloads krops and makes its library and packages available +so they can be used it in the following script. + ``` server01 = pkgs.krops.writeDeploy "deploy-server01" { @@ -181,7 +182,7 @@ server01 = pkgs.krops.writeDeploy "deploy-server01" { in { -server01 = server01; + server01 = server01; } ``` @@ -190,8 +191,15 @@ The executable `server01` is which results in the link `./result`. It is the result of `krops.writeDeploy` with parameters * `target` passed to the ssh command -* `source` the list of folders and files which are copied to `/var/src` +* `source` the set of files and folders which should be made available beneath `/var/src` on the target +{{% note %}} +`target` takes more argument parts than just the host, you can for example set it to +` +root@server01:4444/etc/krops/ +` +to change the ssh port and the target folder it should be copied. +{{% /note %}} ``` source = lib.evalSource [ @@ -215,9 +223,10 @@ All other files/folders must be referenced in the resulting `nixos-config` file. ## Different Sources -### files and folders +### Files and Folders -You can use the `.file` argument for folders and files. +You can use the `file` attribute to transfer +files and folders from the build host to the target host. But it always must be an absolute path. ``` @@ -229,9 +238,9 @@ source = lib.evalSource [ ``` This copies `./modules` to `/var/src/modules`. -### symlinks +### Symlinks -You can also use the `.symlink` argument +You can also use the `symlink` argument to create symlinks on the target system. ``` @@ -249,11 +258,11 @@ This copies `./config` to `/var/src/config` and creates a symlink krops will not check if the target is valid. {{% /note %}} -### git repositories +### Git Repositories -You can pull git repositories using the `.git` argument +You can pull Git repositories using the `git` attribute from everywhere you want, -as long as the target host sees it. +as long as the target host is able to pull it. ``` source = lib.evalSource [ @@ -272,7 +281,7 @@ to `/var/src/nix-writers`. the `ref` parameter also accepts branches or tags. -### Passwordstore +### Password Store (Native File Encryption) lets assume `secrets` is a folder managed by [passwordstore](https://www.passwordstore.org/). @@ -285,7 +294,7 @@ secrets `-- wpa_supplicant.conf.gpg ``` -Use the `.pass` argument to include the sub-folder `server01` +Use the `pass` argument to include the sub-folder `server01` into your deployment. ``` @@ -303,7 +312,11 @@ source = lib.evalSource [ This copies `secrets/server01` to `/var/src/secrets` after it is decrypted. You will be prompted to enter the password. -## How to use sources in configuration.nix +{{% note %}} +So the files in `/var/src/secrets` will be unencrypted! +{{% /note %}} + +## How to use Sources in configuration.nix You can use folders copied by krops very pleasantly in the `configuration.nix`. @@ -319,7 +332,7 @@ very pleasantly in the `configuration.nix`. } ``` -## How to manually rebuild the system +## How to Manually Rebuild the System If you, for some reason, want to rebuild the system on the host itself, you can do that simply by running as root @@ -388,9 +401,9 @@ $> nix-build ./krops.nix -A server02 && ./result $> nix-build ./krops.nix -A all && ./result ``` -## Update and Fixing Git commits +## Update and Fixing Git Commits -Updating Hashes for git repositories is annoying and using branches might break consistency. +Updating hashes for Git repositories is annoying and using branches might break consistency. To avoid editing files you can use the `nix-prefetch-git` and `lib.importJson` to make your live easier.