nix code
parent
e03111cda4
commit
64795aed3d
GPG Key ID:
76BF5F1928B9618B
|
|
@ -105,7 +105,7 @@ it is a library you use to write executables which do the actual deployment.
|
|||
|
||||
Let's say you have a very simple `configuration.nix`
|
||||
|
||||
```
|
||||
```nix
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
environment.systemPackages = [ pkgs.git ];
|
||||
|
|
@ -115,7 +115,7 @@ Let's say you have a very simple `configuration.nix`
|
|||
Than you can use the following script (let's name it `krops.nix`) to deploy it
|
||||
on the machine `server01.mydomain.org`.
|
||||
|
||||
```
|
||||
```nix
|
||||
let
|
||||
krops = builtins.fetchGit {
|
||||
url = "https://cgit.krebsco.de/krops/";
|
||||
|
|
@ -143,7 +143,7 @@ in {
|
|||
|
||||
Now you can deploy the machine by running:
|
||||
|
||||
```
|
||||
```shell
|
||||
$> nix-build ./krops.nix -A server01 && ./result
|
||||
```
|
||||
|
||||
|
|
@ -172,7 +172,7 @@ After that, krops will run `nixos-rebuild switch -I /var/src` which will provisi
|
|||
|
||||
Let's start with the cryptic part at the beginning.
|
||||
|
||||
```
|
||||
```nix
|
||||
let
|
||||
krops = builtins.fetchGit {
|
||||
url = "https://cgit.krebsco.de/krops/";
|
||||
|
|
@ -184,7 +184,7 @@ let
|
|||
It downloads krops and makes its library and packages available
|
||||
so they can be used it in the following script.
|
||||
|
||||
```
|
||||
```nix
|
||||
in {
|
||||
server01 = pkgs.krops.writeDeploy "deploy-server01" {
|
||||
source = source;
|
||||
|
|
@ -209,7 +209,7 @@ to change the ssh port and the target folder it should be copied.
|
|||
|
||||
{{% /note %}}
|
||||
|
||||
```
|
||||
```nix
|
||||
source = lib.evalSource [
|
||||
{
|
||||
nixpkgs.git = {
|
||||
|
|
@ -237,7 +237,7 @@ You can use the `file` attribute to transfer
|
|||
files and folders from the build host to the target host.
|
||||
But it always must be an absolute path.
|
||||
|
||||
```
|
||||
```nix
|
||||
source = lib.evalSource [
|
||||
{
|
||||
modules.file = toString ./modules; # toString generates an absoulte path
|
||||
|
|
@ -252,7 +252,7 @@ This copies `./modules` to `/var/src/modules`.
|
|||
You can also use the `symlink` argument
|
||||
to create symlinks on the target system.
|
||||
|
||||
```
|
||||
```nix
|
||||
source = lib.evalSource [
|
||||
{
|
||||
config.file = toString ./config;
|
||||
|
|
@ -274,7 +274,7 @@ You can pull Git repositories using the `git` attribute
|
|||
from everywhere you want,
|
||||
as long as the target host is able to pull it.
|
||||
|
||||
```
|
||||
```nix
|
||||
source = lib.evalSource [
|
||||
{
|
||||
nix-writers.git = {
|
||||
|
|
@ -307,7 +307,7 @@ secrets
|
|||
Use the `pass` argument to include the sub-folder `server01`
|
||||
into your deployment.
|
||||
|
||||
```
|
||||
```nix
|
||||
source = lib.evalSource [
|
||||
{
|
||||
secrets.pass = {
|
||||
|
|
@ -331,7 +331,7 @@ The files in `/var/src/secrets` will be unencrypted!
|
|||
You can use folders copied by krops
|
||||
very pleasantly in the `configuration.nix`.
|
||||
|
||||
```
|
||||
```nix
|
||||
{ config, libs, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
|
|
@ -347,7 +347,7 @@ very pleasantly in the `configuration.nix`.
|
|||
If you, for some reason, want to rebuild the system on the host itself,
|
||||
you can do that simply by running as root
|
||||
|
||||
```
|
||||
```shell
|
||||
#> nixos-rebuild switch -I /var/src
|
||||
```
|
||||
|
||||
|
|
@ -365,7 +365,7 @@ the following adjustments might help you.
|
|||
Take a closer look to the `source` function and the parameter
|
||||
`nixos-config` and `secrets`.
|
||||
|
||||
```
|
||||
```nix
|
||||
let
|
||||
source = name: lib.evalSource [
|
||||
{
|
||||
|
|
@ -405,7 +405,7 @@ in {
|
|||
Now you can create multiple `./result`s or you can use the
|
||||
`-A` parameter of nix-build to choose what `./result` will be.
|
||||
|
||||
```
|
||||
```shell
|
||||
$> nix-build ./krops.nix -A server01 && ./result
|
||||
$> nix-build ./krops.nix -A server02 && ./result
|
||||
$> nix-build ./krops.nix -A all && ./result
|
||||
|
|
@ -418,7 +418,7 @@ might break consistency.
|
|||
To avoid editing files you can use the `nix-prefetch-git`
|
||||
and `lib.importJson` to make your live easier.
|
||||
|
||||
```
|
||||
```shell
|
||||
$> nix-prefetch-git \
|
||||
--url https://github.com/NixOS/nixpkgs-channels \
|
||||
--rev refs/heads/nixos-18.03 \
|
||||
|
|
@ -427,7 +427,7 @@ $> nix-prefetch-git \
|
|||
|
||||
results in a file `nixpkgs.json` which looks like this
|
||||
|
||||
```
|
||||
```json
|
||||
{
|
||||
"url": "https://github.com/NixOS/nixpkgs-channels.git",
|
||||
"rev": "9cbc7363543ebeb5a0182aa171f23bb19332b99f",
|
||||
|
|
@ -439,7 +439,7 @@ results in a file `nixpkgs.json` which looks like this
|
|||
|
||||
And it can be imported in `./krops.nix` like this.
|
||||
|
||||
```
|
||||
```nix
|
||||
let
|
||||
importJson = (import <nixpkgs> {}).lib.importJSON;
|
||||
source = lib.evalSource [
|
||||
|
|
@ -463,7 +463,7 @@ It is very easy to install packages from different channels.
|
|||
|
||||
For example add `nixpkgs-unstable` the same way you add `nixpkgs`.
|
||||
|
||||
```
|
||||
```nix
|
||||
source = lib.evalSource [
|
||||
{
|
||||
nixpkgs.git = {
|
||||
|
|
@ -482,7 +482,7 @@ For example add `nixpkgs-unstable` the same way you add `nixpkgs`.
|
|||
To install a package from the `unstable` channel you just have to import the channel
|
||||
and call the packages from there.
|
||||
|
||||
```
|
||||
```nix
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
unstable = import <nixpkgs-unstable> {};
|
||||
|
|
@ -511,7 +511,7 @@ which you have to maintain on top of using krops.
|
|||
If you don't like to do that (like me) you have to change
|
||||
the `NIX_PATH` variable system-wide.
|
||||
|
||||
```
|
||||
```nix
|
||||
environment.variables.NIX_PATH = lib.mkForce "/var/src";
|
||||
```
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue