<cole-h>
Here's the keys section of the manual. I think it's explained fairly well there.
<typetetris>
cole-h: No I mean there is a machine A I use to run nixops and a machine B I am deploying. And I assume the keys will end up in the store of A. (At least that would happen with every piece of nix code used for building packages normally, so I just assumed its the same with nixops)?
<cole-h>
99% sure the answer is still no. Although, I'm still a newbie to this project as well.
<cole-h>
"Keys from deployment.keys are stored under /run/ on a temporary filesystem and will not persist across a reboot."
<typetetris>
cole-h: That is for machine B
<typetetris>
I will simply test it.
<cole-h>
Well, from the manual it sounds like it won't be present in the store in either machine, if you do it as presented.
<cole-h>
`deployment.keys.my-secret.text = "asdf";` <-- this created a key that will go in /run/keys/my-secret, with the contents "asdf"
<cole-h>
Unless I'm fundamentally misunderstanding Nix, the underlying file doesn't get imported to the store, so this secret won't end up in the store.
<typetetris>
cole-h: puh that's a relief
<typetetris>
at least ripgrep didn't find my secret in the store of machine A
<cole-h>
If you come back later, maybe you'll be able to get a more conclusive answer than me just reading the manual :P
<typetetris>
Now I only need to add decrypting the secret before calling nixops and deleting the unencrypted secret afterwards. Is there some existing tool for that? (Otherwise I would just add gpg -d, rm to a shell script.)
<typetetris>
cole-h: Sorry If I just didn't believe the manual.
<cole-h>
Hehe, all good! One can only ever truly know with experimentation :P
<typetetris>
I read that there a different state backends now? Is there some tutorial about this somewhere? I really don't fell comfortable putting an sqlite database into a git repository.
<typetetris>
I see, one can use nixops export and import for that
<typetetris>
hmm `nixExprs` is stored as an absolute path, that is also not good for sharing.
cole-h has quit [Quit: Goodbye]
cole-h_ has quit [Quit: Goodbye]
<typetetris>
Can one exchange the ssh-key generated by the first `nixops deploy` ? (I didn't had a clear concept for handling secrets and leaked it into my git repository (a local one, not on any public server))
teto has joined #nixops
teto has quit [Ping timeout: 260 seconds]
teto has joined #nixops
teto has quit [Ping timeout: 260 seconds]
teto has joined #nixops
<typetetris>
I used `nixops export` and `nixops import` to keep the state in some git repository, but I now see `prod> generating new SSH keypair... done` every time I do `nixops import ...; nixops deploy ...;` is this to be expected or is something off?
<typetetris>
Ah, got it.
<typetetris>
deploy never runned properly, so no ssh key in state atm.
dongcarl has quit [Quit: Ping timeout (120 seconds)]
dongcarl has joined #nixops
<typetetris>
o my. Just wasted an embarrassing amount of time on `/run/keys` having a group of `keys`.
cole-h has joined #nixops
<cole-h>
Back with another question: Is there an analogue for `nixos-rebuild boot`/`nixos-rebuild test`? Or does nixops only support the `nixos-rebuild switch`-like functionality? I skimmed the manual and didn't see anything of interest, so figured I'd ask here.
<adisbladis>
cole-h: nixops deploy --test
<adisbladis>
I don't think we have boot
<cole-h>
Ah, is that in master only or something? I get "unrecognized arguments"
<gchristensen>
yeah
<cole-h>
Got it. Maybe once I get settled in to NixOS, I could try my hand at implementing a boot analogue, if you guys think that would be a desired feature (or at least not-undesired)?
dongcarl has quit [Quit: Ping timeout (120 seconds)]
<jhillyerd>
let me know if you run into issues. I've run into a few trying to run libvirtd inside of vmware and vbox vms, so may have a fix. If this guide works for anyone, I'll update that PR
<gchristensen>
jhillyerd: btw, may I PM?
<jhillyerd>
sure
jhillyerd has quit [Remote host closed the connection]
jhillyerd has joined #nixops
<hpfr[m]>
Looking forward to libvirt docs since I’m about to start self hosting some services via docker in a nixops vm
<typetetris>
jhillyerd: very cool! What I am missing is, what to write in the nix expression for deployment to use libvirtd?
<jhillyerd>
typetetris: ah. We could have a more detailed example. bare minimum is just deployment.targetEnv = "libvirtd";
<{^_^}>
nix-community/nixops-libvirtd#12 (by mbrgm, 2 years ago, open): Allow running libvirtd deployments on remote hosts
<hpfr[m]>
Yeah idk why that issue never got replied to, I wonder if the maintainer doesn’t subscribe to everything since they don’t own the repo
<hpfr[m]>
I’m assuming it works tho because moving it to a plugin shouldn’t stop it from working (the one I sent got closed so I think it was working then)
jhillyerd has quit [Remote host closed the connection]
jhillyerd has joined #nixops
<jhillyerd>
That would be great if so. Right now I'm manually creating VMs on another host and pointing nixops at them.
<hpfr[m]>
Couldn’t you just run nixops on that host or is it not local to you
<jhillyerd>
I could, and maybe should... but right now that remote host is my prod, and my local box with libvirt is the dev environment.
jhillyerd has quit [Remote host closed the connection]
jhillyerd has joined #nixops
<hpfr[m]>
Oh ok
dongcarl has quit [Quit: Ping timeout (120 seconds)]
dongcarl has joined #nixops
jhillyerd has quit [Remote host closed the connection]