update readme
This commit is contained in:
parent
a0c6d7e333
commit
3fef191d7a
1 changed files with 52 additions and 4 deletions
56
README.md
56
README.md
|
|
@ -1,15 +1,63 @@
|
|||
# Nixin krops POC
|
||||
This is a proof of concept of using krops to deploy nixos configuration generated by nixin
|
||||
This is a proof of concept of using krops to deploy nixos configurations generated by nixin
|
||||
|
||||
The configurations of each server are stored in a sub-directory of the config directory :
|
||||
```
|
||||
├── config
|
||||
│ ├── server-01
|
||||
│ │ ├── configuration.nix
|
||||
│ │ └── hardware-configuration.nix
|
||||
│ └── server-02
|
||||
│ ├── configuration.nix
|
||||
│ └── hardware-configuration.nix
|
||||
```
|
||||
|
||||
These configurations can reference shared modules stored in the modules directory
|
||||
```
|
||||
├── modules
|
||||
│ └── nixin.nix
|
||||
```
|
||||
|
||||
The file `nixpkgs.json` contains the revision of nixpkgs to use. See the tips section for how to update it
|
||||
|
||||
The file `krops.nix` is the main deployment configuration that ties everything up. If new servers are added to the config directory, they must also be added in this file.
|
||||
|
||||
The servers mush be accessible with ssh as `root` or as a user with passwordless sudo capability, as defined in `krops.nix`
|
||||
|
||||
Secrets are stored in a sub directory of a separate git repository, managed with [passwordstore](https://www.passwordstore.org/)
|
||||
This directory must available at ` ~/.password-store/nixin-password-store/krops`. (This is also defined in `krops.nix`)
|
||||
When building the configuration on the server, the secrets files are decrypted and copied to the /var/srv/secret directory
|
||||
|
||||
Sample `/var/src` on a server after configuration deployment :
|
||||
```sh
|
||||
[root@arachnide:~]# ls -l /var/src
|
||||
total 20
|
||||
drwxr-xr-x 2 root root 4096 18 déc. 19:07 config
|
||||
drwxr-xr-x 2 root root 4096 18 déc. 21:39 modules
|
||||
lrwxrwxrwx 1 root root 24 19 déc. 10:28 nixos-config -> config/configuration.nix
|
||||
drwxr-xr-x 10 root root 4096 19 déc. 10:29 nixpkgs
|
||||
drwx------ 2 root root 4096 19 déc. 10:30 secrets
|
||||
```
|
||||
|
||||
## Tips
|
||||
Deploy configuration of only one server :
|
||||
|
||||
The file `/var/src/.populate` needs to be created on target servers to be able to deploy a configuration to them. This is a protection to avoid deploying to a machine that is not meant to be managed with krops
|
||||
|
||||
Deploying configuration of only one server :
|
||||
nix-build ./krops.nix -A arachnide && ./result
|
||||
|
||||
Deploy configration of all servers :
|
||||
Deploying configuration of all servers :
|
||||
nix-build ./krops.nix -A all && ./result
|
||||
|
||||
Update th revision of nixpkgs that is used :
|
||||
Updating the nixpkgs revision that is used :
|
||||
```sh
|
||||
nix-prefetch-git --url https://github.com/NixOS/nixpkgs --rev "refs/heads/nixos-24.11" > nixpkgs.json
|
||||
```
|
||||
|
||||
Rebuilding the system on the host itself :
|
||||
```sh
|
||||
nixos-rebuild switch -I /var/src
|
||||
```
|
||||
|
||||
## References
|
||||
- krops : https://github.com/krebs/krops
|
||||
|
|
|
|||
Loading…
Reference in a new issue