update readme
This commit is contained in:
parent
a0c6d7e333
commit
3fef191d7a
1 changed files with 52 additions and 4 deletions
56
README.md
56
README.md
|
@ -1,15 +1,63 @@
|
||||||
# Nixin krops POC
|
# Nixin krops POC
|
||||||
This is a proof of concept of using krops to deploy nixos configuration generated by nixin
|
This is a proof of concept of using krops to deploy nixos configurations generated by nixin
|
||||||
|
|
||||||
|
The configurations of each server are stored in a sub-directory of the config directory :
|
||||||
|
```
|
||||||
|
├── config
|
||||||
|
│ ├── server-01
|
||||||
|
│ │ ├── configuration.nix
|
||||||
|
│ │ └── hardware-configuration.nix
|
||||||
|
│ └── server-02
|
||||||
|
│ ├── configuration.nix
|
||||||
|
│ └── hardware-configuration.nix
|
||||||
|
```
|
||||||
|
|
||||||
|
These configurations can reference shared modules stored in the modules directory
|
||||||
|
```
|
||||||
|
├── modules
|
||||||
|
│ └── nixin.nix
|
||||||
|
```
|
||||||
|
|
||||||
|
The file `nixpkgs.json` contains the revision of nixpkgs to use. See the tips section for how to update it
|
||||||
|
|
||||||
|
The file `krops.nix` is the main deployment configuration that ties everything up. If new servers are added to the config directory, they must also be added in this file.
|
||||||
|
|
||||||
|
The servers mush be accessible with ssh as `root` or as a user with passwordless sudo capability, as defined in `krops.nix`
|
||||||
|
|
||||||
|
Secrets are stored in a sub directory of a separate git repository, managed with [passwordstore](https://www.passwordstore.org/)
|
||||||
|
This directory must available at ` ~/.password-store/nixin-password-store/krops`. (This is also defined in `krops.nix`)
|
||||||
|
When building the configuration on the server, the secrets files are decrypted and copied to the /var/srv/secret directory
|
||||||
|
|
||||||
|
Sample `/var/src` on a server after configuration deployment :
|
||||||
|
```sh
|
||||||
|
[root@arachnide:~]# ls -l /var/src
|
||||||
|
total 20
|
||||||
|
drwxr-xr-x 2 root root 4096 18 déc. 19:07 config
|
||||||
|
drwxr-xr-x 2 root root 4096 18 déc. 21:39 modules
|
||||||
|
lrwxrwxrwx 1 root root 24 19 déc. 10:28 nixos-config -> config/configuration.nix
|
||||||
|
drwxr-xr-x 10 root root 4096 19 déc. 10:29 nixpkgs
|
||||||
|
drwx------ 2 root root 4096 19 déc. 10:30 secrets
|
||||||
|
```
|
||||||
|
|
||||||
## Tips
|
## Tips
|
||||||
Deploy configuration of only one server :
|
|
||||||
|
The file `/var/src/.populate` needs to be created on target servers to be able to deploy a configuration to them. This is a protection to avoid deploying to a machine that is not meant to be managed with krops
|
||||||
|
|
||||||
|
Deploying configuration of only one server :
|
||||||
nix-build ./krops.nix -A arachnide && ./result
|
nix-build ./krops.nix -A arachnide && ./result
|
||||||
|
|
||||||
Deploy configration of all servers :
|
Deploying configuration of all servers :
|
||||||
nix-build ./krops.nix -A all && ./result
|
nix-build ./krops.nix -A all && ./result
|
||||||
|
|
||||||
Update th revision of nixpkgs that is used :
|
Updating the nixpkgs revision that is used :
|
||||||
|
```sh
|
||||||
nix-prefetch-git --url https://github.com/NixOS/nixpkgs --rev "refs/heads/nixos-24.11" > nixpkgs.json
|
nix-prefetch-git --url https://github.com/NixOS/nixpkgs --rev "refs/heads/nixos-24.11" > nixpkgs.json
|
||||||
|
```
|
||||||
|
|
||||||
|
Rebuilding the system on the host itself :
|
||||||
|
```sh
|
||||||
|
nixos-rebuild switch -I /var/src
|
||||||
|
```
|
||||||
|
|
||||||
## References
|
## References
|
||||||
- krops : https://github.com/krebs/krops
|
- krops : https://github.com/krebs/krops
|
||||||
|
|
Loading…
Reference in a new issue