nixops: Deploy configuration files to server
218 views
Skip to first unread message
André Bubel
Apr 28, 2018, 1:37:10 AM4/28/18
to nix-devel
Hi,
I want to keep my server up to date automatically, likely with the system.autoUpgrade mechanism. For that the system configuration needs to be available on the server. How can I achieve this for a NixOps deployment, i.e. how do I best "copy" the NixOps config over to the client machines automatically?
My first idea for using system.copySystemConfiguration didn't work out, as it only supports a single configuration file.
I could rsync the config after each deployment, but I think it'd be more ideometic if this is also handled by NixOps itself.
Best,
Andre Bubel
I want to keep my server up to date automatically, likely with the system.autoUpgrade mechanism. For that the system configuration needs to be available on the server. How can I achieve this for a NixOps deployment, i.e. how do I best "copy" the NixOps config over to the client machines automatically?
My first idea for using system.copySystemConfiguration didn't work out, as it only supports a single configuration file.
I could rsync the config after each deployment, but I think it'd be more ideometic if this is also handled by NixOps itself.
Best,
Andre Bubel
David Izquierdo
Apr 28, 2018, 6:37:41 AM4/28/18
to nix-...@googlegroups.com
A while ago someone suggested (on this very mailing list I believe)
using `environment.etc.<name>.source = <path>;` to cover that very flaw
(on a local context, without NixOps). You could possibly use it to copy
your system configuration to the remote /etc/nixos.
> --
> You received this message because you are subscribed to the Google
> Groups "nix-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to nix-devel+...@googlegroups.com
> <mailto:nix-devel+...@googlegroups.com>.
> To post to this group, send email to nix-...@googlegroups.com
> <mailto:nix-...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/nix-devel/db4cf107-46bc-4d2c-b6ca-4c1ea3f1510b%40googlegroups.com
> <https://groups.google.com/d/msgid/nix-devel/db4cf107-46bc-4d2c-b6ca-4c1ea3f1510b%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
using `environment.etc.<name>.source = <path>;` to cover that very flaw
(on a local context, without NixOps). You could possibly use it to copy
your system configuration to the remote /etc/nixos.
> You received this message because you are subscribed to the Google
> Groups "nix-devel" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to nix-devel+...@googlegroups.com
> <mailto:nix-devel+...@googlegroups.com>.
> To post to this group, send email to nix-...@googlegroups.com
> <mailto:nix-...@googlegroups.com>.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/nix-devel/db4cf107-46bc-4d2c-b6ca-4c1ea3f1510b%40googlegroups.com
> <https://groups.google.com/d/msgid/nix-devel/db4cf107-46bc-4d2c-b6ca-4c1ea3f1510b%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit https://groups.google.com/d/optout.
Danylo Hlynskyi
Apr 28, 2018, 7:00:04 AM4/28/18
to m...@andre-bubel.de, nix-devel, David Izquierdo
system.autoUpgrade is likely to be painful with NixOps slaves. Maybe better periodic cron job on NixOps server to perform
# nix-channel update && nixops deploy
+++
Why I think using system.autoUpgrade on slave is painful?
1. You have to deploy channels on slave machines (NixOps doesn't do this by default)
2. You have to split wisely configuration
3. You have to export somehow `nixops show-physical` and include it in slave machine, you can break deployments if that physical configuration
isn't included
4. system.autoUpgrade is a must on NixOps server, it should always match Nixpkgs on slaves (otherwise downgrade during `nixops deploy` is possible)
5. Secrets management may be tricky (if you use nixops keys)
6. The trick described by David is fine, unless you use Nixpkgs config.nix or overlays in unrelated directory or custom nixops args - all these are considered as impurities for deployment.
6. The trick described by David is fine, unless you use Nixpkgs config.nix or overlays in unrelated directory or custom nixops args - all these are considered as impurities for deployment.
2018-04-28 13:37 GMT+03:00 David Izquierdo <thec...@gmail.com>:
A while ago someone suggested (on this very mailing list I believe) using `environment.etc.<name>.source = <path>;` to cover that very flaw (on a local context, without NixOps). You could possibly use it to copy your system configuration to the remote /etc/nixos.
On 28/04/18 07:37, André Bubel wrote:
Hi,
I want to keep my server up to date automatically, likely with the system.autoUpgrade mechanism. For that the system configuration needs to be available on the server. How can I achieve this for a NixOps deployment, i.e. how do I best "copy" the NixOps config over to the client machines automatically?
My first idea for using system.copySystemConfiguration didn't work out, as it only supports a single configuration file.
I could rsync the config after each deployment, but I think it'd be more ideometic if this is also handled by NixOps itself.
Best,
Andre Bubel
--
You received this message because you are subscribed to the Google Groups "nix-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nix-devel+unsubscribe@googlegroups.com <mailto:nix-devel+unsubscribe@googlegroups.com>.
To post to this group, send email to nix-...@googlegroups.com <mailto:nix-devel@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/nix-devel/db4cf107-46bc-4d2c-b6ca-4c1ea3f1510b%40googlegroups.com <https://groups.google.com/d/msgid/nix-devel/db4cf107-46bc-4d2c-b6ca-4c1ea3f1510b%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "nix-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email to nix-devel+unsubscribe@googlegroups.com.
To post to this group, send email to nix-...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/nix-devel/93d3078c-b065-84a9-170b-b210ac3cd34c%40gmail.com.
Reply all
Reply to author
Forward
0 new messages