some additions from tv
This commit is contained in:
parent
c1f67e20d1
commit
277126c175
|
@ -20,7 +20,7 @@ If you're looking for a good document on how to use
|
||||||
have a look at
|
have a look at
|
||||||
[this excellent article](https://blog.wearewizards.io/how-to-use-nixops-in-a-team).
|
[this excellent article](https://blog.wearewizards.io/how-to-use-nixops-in-a-team).
|
||||||
|
|
||||||
# krops vs NixOps (feature comparison)
|
# krops vs. NixOps (Feature Comparison)
|
||||||
|
|
||||||
<table class="comparison">
|
<table class="comparison">
|
||||||
<tr>
|
<tr>
|
||||||
|
@ -89,19 +89,19 @@ have a look at
|
||||||
|
|
||||||
# krops Structure by Example
|
# krops Structure by Example
|
||||||
|
|
||||||
krops is not a binary like NixOps it is a library
|
krops is not an executable like NixOps,
|
||||||
you use to write binaries which does the actual deployment.
|
it is a library you use to write executables which do the actual deployment.
|
||||||
|
|
||||||
Lets say you have a very simple `configuration.nix`
|
Let's say you have a very simple `configuration.nix`
|
||||||
|
|
||||||
```
|
```
|
||||||
{ config, lib, pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
{
|
{
|
||||||
environment.systemPackages = [ pkgs.git ];
|
environment.systemPackages = [ pkgs.git ];
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Than you can use the following script (`krops.nix`) to deploy it
|
Than you can use the following script (let's name it `krops.nix`) to deploy it
|
||||||
on the machine `server01.mydomain.org`.
|
on the machine `server01.mydomain.org`.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -136,9 +136,9 @@ in {
|
||||||
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
Now you can deploy the machine by running :
|
Now you can deploy the machine by running:
|
||||||
```
|
```
|
||||||
$> nix-build ./krops.nix && result
|
$> nix-build ./krops.nix -A server01 && result
|
||||||
```
|
```
|
||||||
You need to make sure you have ssh access to the root user on `server01.mydomain.org`
|
You need to make sure you have ssh access to the root user on `server01.mydomain.org`
|
||||||
and `git` is installed on `server01.mydomain.org`.
|
and `git` is installed on `server01.mydomain.org`.
|
||||||
|
@ -149,14 +149,14 @@ If you run this command the first time you will most likely get a message like
|
||||||
error: missing sentinel file: server01.mydomain.org:/var/src/.populate
|
error: missing sentinel file: server01.mydomain.org:/var/src/.populate
|
||||||
```
|
```
|
||||||
This is because you need to create `/var/src/.populate` before krops will do anything.
|
This is because you need to create `/var/src/.populate` before krops will do anything.
|
||||||
Once `/var/src/.populate` is created, you can run the command `./result` again.
|
Once that file is created, you can run the command `./result` again.
|
||||||
{{% /note %}}
|
{{% /note %}}
|
||||||
|
|
||||||
krops will copy the file `configuration.nix` into `/var/src` on `server01`
|
krops will copy the file `configuration.nix` to `/var/src/nixos-config` on `server01`
|
||||||
and will clone nixpkgs into `/var/src`.
|
and will clone `nixpkgs` into `/var/src/nixpkgs`.
|
||||||
After that krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`.
|
After that, krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`.
|
||||||
|
|
||||||
## The different parts explained
|
## The Different Parts Explained
|
||||||
|
|
||||||
Let's start with the cryptic part at the beginning.
|
Let's start with the cryptic part at the beginning.
|
||||||
|
|
||||||
|
@ -170,8 +170,9 @@ krops = builtins.fetchGit {
|
||||||
lib = import "${krops}/lib";
|
lib = import "${krops}/lib";
|
||||||
pkgs = import "${krops}/pkgs" {};
|
pkgs = import "${krops}/pkgs" {};
|
||||||
```
|
```
|
||||||
It downloads krops and put krops in the nix load path.
|
It downloads krops and makes its library and packages available
|
||||||
So you can use it in the following script.
|
so they can be used it in the following script.
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
server01 = pkgs.krops.writeDeploy "deploy-server01" {
|
server01 = pkgs.krops.writeDeploy "deploy-server01" {
|
||||||
|
@ -181,7 +182,7 @@ server01 = pkgs.krops.writeDeploy "deploy-server01" {
|
||||||
|
|
||||||
in {
|
in {
|
||||||
|
|
||||||
server01 = server01;
|
server01 = server01;
|
||||||
|
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
@ -190,8 +191,15 @@ The executable `server01` is which results in the link `./result`.
|
||||||
It is the result of `krops.writeDeploy` with parameters
|
It is the result of `krops.writeDeploy` with parameters
|
||||||
|
|
||||||
* `target` passed to the ssh command
|
* `target` passed to the ssh command
|
||||||
* `source` the list of folders and files which are copied to `/var/src`
|
* `source` the set of files and folders which should be made available beneath `/var/src` on the target
|
||||||
|
|
||||||
|
{{% note %}}
|
||||||
|
`target` takes more argument parts than just the host, you can for example set it to
|
||||||
|
`
|
||||||
|
root@server01:4444/etc/krops/
|
||||||
|
`
|
||||||
|
to change the ssh port and the target folder it should be copied.
|
||||||
|
{{% /note %}}
|
||||||
|
|
||||||
```
|
```
|
||||||
source = lib.evalSource [
|
source = lib.evalSource [
|
||||||
|
@ -215,9 +223,10 @@ All other files/folders must be referenced in the resulting `nixos-config` file.
|
||||||
|
|
||||||
## Different Sources
|
## Different Sources
|
||||||
|
|
||||||
### files and folders
|
### Files and Folders
|
||||||
|
|
||||||
You can use the `.file` argument for folders and files.
|
You can use the `file` attribute to transfer
|
||||||
|
files and folders from the build host to the target host.
|
||||||
But it always must be an absolute path.
|
But it always must be an absolute path.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -229,9 +238,9 @@ source = lib.evalSource [
|
||||||
```
|
```
|
||||||
This copies `./modules` to `/var/src/modules`.
|
This copies `./modules` to `/var/src/modules`.
|
||||||
|
|
||||||
### symlinks
|
### Symlinks
|
||||||
|
|
||||||
You can also use the `.symlink` argument
|
You can also use the `symlink` argument
|
||||||
to create symlinks on the target system.
|
to create symlinks on the target system.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -249,11 +258,11 @@ This copies `./config` to `/var/src/config` and creates a symlink
|
||||||
krops will not check if the target is valid.
|
krops will not check if the target is valid.
|
||||||
{{% /note %}}
|
{{% /note %}}
|
||||||
|
|
||||||
### git repositories
|
### Git Repositories
|
||||||
|
|
||||||
You can pull git repositories using the `.git` argument
|
You can pull Git repositories using the `git` attribute
|
||||||
from everywhere you want,
|
from everywhere you want,
|
||||||
as long as the target host sees it.
|
as long as the target host is able to pull it.
|
||||||
|
|
||||||
```
|
```
|
||||||
source = lib.evalSource [
|
source = lib.evalSource [
|
||||||
|
@ -272,7 +281,7 @@ to `/var/src/nix-writers`.
|
||||||
the `ref` parameter also accepts branches or tags.
|
the `ref` parameter also accepts branches or tags.
|
||||||
|
|
||||||
|
|
||||||
### Passwordstore
|
### Password Store (Native File Encryption)
|
||||||
|
|
||||||
lets assume `secrets` is a folder managed by
|
lets assume `secrets` is a folder managed by
|
||||||
[passwordstore](https://www.passwordstore.org/).
|
[passwordstore](https://www.passwordstore.org/).
|
||||||
|
@ -285,7 +294,7 @@ secrets
|
||||||
`-- wpa_supplicant.conf.gpg
|
`-- wpa_supplicant.conf.gpg
|
||||||
```
|
```
|
||||||
|
|
||||||
Use the `.pass` argument to include the sub-folder `server01`
|
Use the `pass` argument to include the sub-folder `server01`
|
||||||
into your deployment.
|
into your deployment.
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -303,7 +312,11 @@ source = lib.evalSource [
|
||||||
This copies `secrets/server01` to `/var/src/secrets` after it is decrypted.
|
This copies `secrets/server01` to `/var/src/secrets` after it is decrypted.
|
||||||
You will be prompted to enter the password.
|
You will be prompted to enter the password.
|
||||||
|
|
||||||
## How to use sources in configuration.nix
|
{{% note %}}
|
||||||
|
So the files in `/var/src/secrets` will be unencrypted!
|
||||||
|
{{% /note %}}
|
||||||
|
|
||||||
|
## How to use Sources in configuration.nix
|
||||||
|
|
||||||
You can use folders copied by krops
|
You can use folders copied by krops
|
||||||
very pleasantly in the `configuration.nix`.
|
very pleasantly in the `configuration.nix`.
|
||||||
|
@ -319,7 +332,7 @@ very pleasantly in the `configuration.nix`.
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
## How to manually rebuild the system
|
## How to Manually Rebuild the System
|
||||||
|
|
||||||
If you, for some reason, want to rebuild the system on the host itself,
|
If you, for some reason, want to rebuild the system on the host itself,
|
||||||
you can do that simply by running as root
|
you can do that simply by running as root
|
||||||
|
@ -388,9 +401,9 @@ $> nix-build ./krops.nix -A server02 && ./result
|
||||||
$> nix-build ./krops.nix -A all && ./result
|
$> nix-build ./krops.nix -A all && ./result
|
||||||
```
|
```
|
||||||
|
|
||||||
## Update and Fixing Git commits
|
## Update and Fixing Git Commits
|
||||||
|
|
||||||
Updating Hashes for git repositories is annoying and using branches might break consistency.
|
Updating hashes for Git repositories is annoying and using branches might break consistency.
|
||||||
To avoid editing files you can use the `nix-prefetch-git` and `lib.importJson` to make
|
To avoid editing files you can use the `nix-prefetch-git` and `lib.importJson` to make
|
||||||
your live easier.
|
your live easier.
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue