nixos/krops : fehler korrektur von lassuls
parent
261b356d4c
commit
c1f67e20d1
|
@ -30,7 +30,7 @@ have a look at
|
|||
</tr>
|
||||
<tr>
|
||||
<td title="serverA is unstable, serverB is stable, serverC on commit=XY">
|
||||
precise versioning for every machine.
|
||||
Precise versioning for every machine.
|
||||
</td>
|
||||
<td class="bad"> No </td>
|
||||
<td class="good"> Yes </td>
|
||||
|
@ -48,7 +48,7 @@ have a look at
|
|||
<tr>
|
||||
<td class="text"
|
||||
title="krops uses passwordstore.org, see more below">
|
||||
native Folder encryption
|
||||
Native Folder Encryption
|
||||
</td>
|
||||
<td class="bad"> No </td>
|
||||
<td class="good"> Yes </td>
|
||||
|
@ -56,7 +56,7 @@ have a look at
|
|||
<tr>
|
||||
<td class="text"
|
||||
title="nixops has deployment.keys">
|
||||
TMPFS Key management
|
||||
TMPFS Key Management
|
||||
</td>
|
||||
<td class="good"> Yes </td>
|
||||
<td class="bad"> No </td>
|
||||
|
@ -89,8 +89,8 @@ have a look at
|
|||
|
||||
# krops Structure by Example
|
||||
|
||||
krops is not a binary like NixOps, is a library you use to write binaries,
|
||||
which do the actual deployment.
|
||||
krops is not a binary like NixOps it is a library
|
||||
you use to write binaries which does the actual deployment.
|
||||
|
||||
Lets say you have a very simple `configuration.nix`
|
||||
|
||||
|
@ -107,10 +107,8 @@ on the machine `server01.mydomain.org`.
|
|||
```
|
||||
let
|
||||
|
||||
krops = (import <nixpkgs> {}).fetchgit {
|
||||
krops = builtins.fetchGit {
|
||||
url = "https://cgit.krebsco.de/krops/";
|
||||
rev = "806b500e1e48fa096c2e26b44407e9f368f8d204";
|
||||
sha256 = "1vfmm7aqi6y6cjz7vivamc70dkaxxxlihj48qvqc0dlj1bi331c2";
|
||||
};
|
||||
|
||||
lib = import "${krops}/lib";
|
||||
|
@ -134,7 +132,7 @@ server01 = pkgs.krops.writeDeploy "deploy-server01" {
|
|||
|
||||
in {
|
||||
|
||||
server01 = server01;
|
||||
server01 = server01;
|
||||
|
||||
}
|
||||
```
|
||||
|
@ -154,8 +152,8 @@ This is because you need to create `/var/src/.populate` before krops will do any
|
|||
Once `/var/src/.populate` is created, you can run the command `./result` again.
|
||||
{{% /note %}}
|
||||
|
||||
korps will copy the file `configuration.nix` into `/var/src` on `server01`
|
||||
as well cloning the nixpkgs into `/var/src`.
|
||||
krops will copy the file `configuration.nix` into `/var/src` on `server01`
|
||||
and will clone nixpkgs into `/var/src`.
|
||||
After that krops will run `nixos-rebuild switch -I /var/src` which will provision `server01`.
|
||||
|
||||
## The different parts explained
|
||||
|
@ -165,17 +163,15 @@ Let's start with the cryptic part at the beginning.
|
|||
```
|
||||
let
|
||||
|
||||
krops = (import <nixpkgs> {}).fetchgit {
|
||||
krops = builtins.fetchGit {
|
||||
url = "https://cgit.krebsco.de/krops/";
|
||||
rev = "806b500e1e48fa096c2e26b44407e9f368f8d204";
|
||||
sha256 = "1vfmm7aqi6y6cjz7vivamc70dkaxxxlihj48qvqc0dlj1bi331c2";
|
||||
};
|
||||
|
||||
lib = import "${krops}/lib";
|
||||
pkgs = import "${krops}/pkgs" {};
|
||||
```
|
||||
It downloads korps and put krops in the nix load path.
|
||||
So you can used it in the following script.
|
||||
It downloads krops and put krops in the nix load path.
|
||||
So you can use it in the following script.
|
||||
|
||||
```
|
||||
server01 = pkgs.krops.writeDeploy "deploy-server01" {
|
||||
|
@ -190,10 +186,10 @@ server01 = server01;
|
|||
}
|
||||
```
|
||||
|
||||
The binary `server01` is which results in the link `./result`.
|
||||
It is a `krops.writeDeploy` function with parameters
|
||||
The executable `server01` is which results in the link `./result`.
|
||||
It is the result of `krops.writeDeploy` with parameters
|
||||
|
||||
* `target` the host passed to the ssh command
|
||||
* `target` passed to the ssh command
|
||||
* `source` the list of folders and files which are copied to `/var/src`
|
||||
|
||||
|
||||
|
@ -227,7 +223,7 @@ But it always must be an absolute path.
|
|||
```
|
||||
source = lib.evalSource [
|
||||
{
|
||||
modules.file = toString ./modules;
|
||||
modules.file = toString ./modules; # toString generates an absoulte path
|
||||
}
|
||||
];
|
||||
```
|
||||
|
@ -271,7 +267,7 @@ source = lib.evalSource [
|
|||
```
|
||||
This pulls the [nix-writers](https://cgit.krebsco.de/nix-writers/)
|
||||
repository
|
||||
into `/var/src/nix-writers`.
|
||||
to `/var/src/nix-writers`.
|
||||
|
||||
the `ref` parameter also accepts branches or tags.
|
||||
|
||||
|
@ -304,7 +300,7 @@ source = lib.evalSource [
|
|||
|
||||
```
|
||||
|
||||
This copies `secrets/server01` into `/var/src/secrets` after it is decrypted.
|
||||
This copies `secrets/server01` to `/var/src/secrets` after it is decrypted.
|
||||
You will be prompted to enter the password.
|
||||
|
||||
## How to use sources in configuration.nix
|
||||
|
|
Loading…
Reference in New Issue