nixos/krops.md: "finished" the article

content/nixos/krops.md

@@ -17,43 +17,75 @@ with some very simple concepts.
 
 If you're looking for a good document on how to use
 [NixOps](https://nixos.org/nixops/) in the fields,
-have a look at 
+have a look at
 [this excelent article](https://blog.wearewizards.io/how-to-use-nixops-in-a-team).
 
 # Krops vs NixOps (feature comparison)
 
-## Krops
+<table class="comparison">
+<tr>
+  <th class="text">Feature</th>
+  <th>NixOps</th>
+  <th>krops</th>
+</tr>
+<tr>
+  <td title="serverA is unstable, serverB is stable, serverC on commit=XY">
+    precies versioning for every machine.
+  </td>
+  <td class="bad"> No </td>
+  <td class="good"> Yes </td>
+</tr>
+<tr>
+  <td class="text">Well documented</td>
+  <td class="good"> Yes </td>
+  <td class="bad"> No</td>
+</tr>
+<tr>
+  <td class="text">Lightweight</td>
+  <td class="ok"> Kinda </td>
+  <td class="good"> Yes </td>
+</tr>
+<tr>
+  <td class="text"
+      title="krops uses passwordstore.org, see more below">
+    native Folder encryption
+  </td>
+  <td class="bad"> No </td>
+  <td class="good"> Yes </td>
+</tr>
+<tr>
+  <td class="text"
+      title="nixops has deployment.keys">
+    TMPFS Key management
+  </td>
+  <td class="good"> Yes </td>
+  <td class="bad"> No </td>
+</tr>
+<tr>
+  <td class="text"
+      title="run nixos-rebuild on the target system">
+    Manual Deployment Possible
+  </td>
+  <td class="bad"> No </td>
+  <td class="good"> Yes </td>
+</tr>
+<tr>
+  <td class="text" >
+    Needs Database
+  </td>
+  <td class="bad"> Yes </td>
+  <td class="good"> No </td>
+</tr>
+<tr>
+  <td class="text"
+      title="where are the .drv files are created">
+    Build and Download happens on
+  </td>
+  <td class="ok"> Client </td>
+  <td class="good"> Target </td>
+</tr>
+</table>
 
-### Pro
-
-* very lightweight, it is just a lib
-* precise versioning of [NixPkgs](https://github.com/NixOS/nixpkgs)
-  you can specify nixpkgs commit/branch/tag you want to roll out on which machine.
-  ( your server runs `18.03` and your desktop `unstable` )
-* native [password-store](https://www.passwordstore.org/) support.
-* You can rerun you deployment on the machine itself using `nixos-rebuild switch`.
-* No Database needed.
-* Build/Download happens on the target system.
-
-### Con
-
-* you need to have git installed (yeah not a real con)
-* not as good documented as NixOps.
-* works only on NixOs *(?)*
-
-## NixOps
-
-### Pro
-
-* well documented
-
-### Con
-
-* quite heavy
-* host channel is roled out on servers ( not possible to have different channels on different servers )
-* can't just run `nixos-rebuild switch` on the target machines.
-* you need a database (for some reason).
-* Build/Download happens on deploying machine, which is bad when you have a bad internet-connection.
 
 # Krops Structure by Example
 
@@ -110,12 +142,13 @@ Now you can deploy the machine by running :
 ```
 $> nix-build ./krops.nix && result
 ```
-You need to make sure you have ssh access to the root user on `server01.mydomain.org`.
+You need to make sure you have ssh access to the root user on `server01.mydomain.org`
+and `git` is installed on `server01.mydomain.org`.
 
 {{% note %}}
-You most likely get a message like
+If you run this command the first time you will most likely get a message like
 ```
-bla bla : /var/src/.populate
+error: missing sentinel file: server01.mydomain.org:/var/src/.populate
 ```
 This is because you need to create `/var/src/.populate` before krops will do anything.
 Once `/var/src/.populate` is created, you can run the command `./result` again.
@@ -123,7 +156,7 @@ Once `/var/src/.populate` is created, you can run the command `./result` again.
 
 Korps will copy the file `configuration.nix` into `/var/src` on `server01`
 as well cloning the nixpkgs into `/var/src`.
-After that if krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`.
+After that krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`.
 
 ## The different parts explained
 
@@ -186,11 +219,62 @@ All other files/folders must be referenced in the resultint `nixos-config` file.
 
 ## Different Sources
 
-### files and folders (TODO)
+### files and folders
 
-### symlinks (TODO)
+You can use the `.file` argument for folders and files.
+But it always must be an absolute path.
+
+```
+source =  lib.evalSource [
+  {
+    modules.file = toString ./modules;
+  }
+];
+```
+This copies `./modules` to `/var/src/modules`.
+
+### symlinks
+
+You can also use the `.symlink` argument
+to create symlinks on the target system.
+
+```
+source =  lib.evalSource [
+  {
+    config.file        = toString ./config;
+    nix-config.symlink = "config/server01/configuration.nix";
+  }
+];
+```
+This copies `./config` to `/var/src/config` and creates a symlink
+`/var/src/nix-config` to `config/server01/configuration.nix`.
+
+{{% note %}}
+krops will not check if the target is valid.
+{{% /note %}}
+
+### git repositories
+
+You can pull git repositories using the `.git` argument
+from everywhere you want,
+as long as the target host sees it.
+
+```
+source =  lib.evalSource [
+  {
+    nix-writers.git = {
+      url = https://cgit.krebsco.de/nix-writers/;
+      ref = "4d0829328e885a6d7163b513998a975e60dd0a72";
+    };
+  }
+];
+```
+This pulles the [nix-writers](https://cgit.krebsco.de/nix-writers/)
+repository
+into `/var/src/nix-writers`.
+
+the `ref` parameter also accepts branches or tags.
 
-### git repositories (TODO)
 
 ### Passwordstore
 
@@ -220,27 +304,33 @@ source = lib.evalSource [
 
 ```
 
-`secrets/server01` will be copied to `/var/src/secrets` after it is decrypted.
+This copies `secrets/server01` into `/var/src/secrets` after it is decrypted.
 You will be prompted to enter the password.
 
-## How to use sources in configuration.nix (WIP)
-
-You can use these folders very pleasantly in the `configuration.nix`
-
+## How to use sources in configuration.nix
 
+You can use folders copied by krops
+very pleasantly in the `configuration.nix`.
 
 ```
 { config, libs, pkgs, ... }:
 {
   imports = [
     <modules>
-    <config/hardware-configuration.nix>
+    <config/service01/hardware-configuration.nix>
   ];
   networking.supplicant."wlan0".configFile.path = toString <secrets/wpa_supplicant.conf>;
 }
 ```
 
+## How to manually rebuild the system
 
+If you, for some reason, want to rebuild the system on the host itself,
+you can do that simply by running as root
+
+```
+#> nixos-rebuild switch -I /var/src
+```
 
 # Some Tips
 
@@ -248,22 +338,28 @@ So far this is everything krops does.
 It is simple and very close to the usual way Nix and NixOS works.
 Let's look on some common pattern to solve some common issues.
 
-## Multiple Server (WIP)
+## Multiple Server
+
+If you want to manage multiple computers,
+the following adjustments might help you.
+
+Take a closer look to the `source` function and the parameter
+`nixos-config` and `secrets`.
 
 ```
 let
   source = name: lib.evalSource [
     {
+      config.file  = toString ./config;
+      modules.file = toString ./modules;
       nixos-config.symlink = "config/${name}/configuration.nix"
       nixpkgs.git = {
         ref = "nixos-18.03";
         url = https://github.com/NixOS/nixpkgs-channels;
       };
-      config.file = toString ./config;
-      modules.file = toString ./modules;
       secrets.pass = {
         dir  = toString ./secrets";
-        name = "server01";
+        name = "${name}";
       };
     }
   ];
@@ -275,7 +371,7 @@ let
 
   server02 = pkgs.krops.writeDeploy "deploy-server02" {
     source = source "server02";
-    target = "root@server01.mydomain.org";
+    target = "root@server02.mydomain.org";
   };
 
 in {
@@ -287,7 +383,56 @@ in {
 
 ```
 
-## Update Hashes (WIP)
+Now you can create multiple `./result`s or you can use the `-A` parameter of nix-build to choose what
+`./result` will be.
 
+```
+$> nix-build ./krops.nix -A server01 && ./result
+$> nix-build ./krops.nix -A server02 && ./result
+$> nix-build ./krops.nix -A all && ./result
+```
 
+## Update and Fixing Git commits
 
+Updating Hashes for git repositories is anoying and using branches might break consistency.
+To avoid editing files you can use use the `nix-prefetch-git` and `lib.importJson` to make
+your live easier.
+
+```
+nix-prefetch-git \
+  --url https://github.com/NixOS/nixpkgs-channels \
+  --rev refs/heads/nixos-18.03 \
+  > nixpkgs.json
+```
+
+results in a file `nixpkgs.json` which looks like this
+
+```
+{
+  "url": "https://github.com/NixOS/nixpkgs-channels.git",
+  "rev": "9cbc7363543ebeb5a0182aa171f23bb19332b99f",
+  "date": "2018-08-14T14:00:50+02:00",
+  "sha256": "1i3iwc23cl085w429zm6qip1058bsi7zavj7pdwqiqm9nymy7plq",
+  "fetchSubmodules": true
+}
+```
+And it can be importet in `./krops.nix` like this.
+
+```
+let
+
+importJson = (import <nixpkgs> {}).lib.importJSON;
+
+source = lib.evalSource [
+{
+  nixpkgs.git = {
+    ref = (importJson ./nixpkgs.json).rev;
+    url = https://github.com/NixOS/nixpkgs-channels;
+  };
+}];
+```
+
+Now you can just have to call the `nix-prefetch-git` command
+and the commit reference will be updated, and is fixed.
+
+This should also make it simpler to maintain different channels on different machines.

default.nix

@@ -15,6 +15,8 @@ pkgs.mkShell {
 
     rake
     feh
+
+    ion
   ];
 
   # run this on start

themes/first/src/css/color.less

@@ -5,3 +5,7 @@
 
 @color-warning-background: rgba(188, 32, 11, 0.55);
 @color-note-background: rgba(94, 188, 11, 0.55);
+
+@color-comparison-good: #ABE953;
+@color-comparison-ok: #E9E653;
+@color-comparison-bad: #E96D53;

themes/first/src/css/main.less

@@ -66,3 +66,29 @@ p > code {
 .warning {
   background: @color-warning-background;
 }
+
+table.comparison {
+  width: 100%;
+  .text{
+    width: 80%;
+  }
+  .good {
+    background: @color-comparison-good;
+    text-align: center;
+  }
+  .bad {
+    background: @color-comparison-bad;
+    text-align: center;
+  }
+  .ok {
+    background: @color-comparison-ok;
+    text-align: center;
+  }
+}
+
+@media @desktop {
+  table.comparison {
+    margin: 0em 2em .8em 2em;
+  }
+}
+