gchristensen changed the topic of #nixops to: NixOps related talk | logs: https://logs.nix.samueldr.com/nixops/ https://meet.jit.si/NixOpsReview
cole-h has quit [Quit: Goodbye]
yimmy149 has quit [Remote host closed the connection]
cole-h has joined #nixops
cole-h__ has joined #nixops
cole-h has quit [Ping timeout: 256 seconds]
cole-h__ has quit [Quit: Goodbye]
cole-h has joined #nixops
cole-h__ has joined #nixops
cole-h has quit [Ping timeout: 256 seconds]
cole-h__ has quit [Quit: Goodbye]
cole-h has joined #nixops
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixops
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixops
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixops
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixops
<typetetris> yimmy149: Would love to read a guide on nixops + libvirtd
<typetetris> If I use the keys management feature, the keys will end up in the store of the machine I do `nixops deploy` on?
<cole-h> I don't think so -- pretty sure they get sent to /run/keys or something.
<cole-h> Here's the keys section of the manual. I think it's explained fairly well there.
<typetetris> cole-h: No I mean there is a machine A I use to run nixops and a machine B I am deploying. And I assume the keys will end up in the store of A. (At least that would happen with every piece of nix code used for building packages normally, so I just assumed its the same with nixops)?
<cole-h> 99% sure the answer is still no. Although, I'm still a newbie to this project as well.
<cole-h> "Keys from deployment.keys are stored under /run/ on a temporary filesystem and will not persist across a reboot."
<typetetris> cole-h: That is for machine B
<typetetris> I will simply test it.
<cole-h> Well, from the manual it sounds like it won't be present in the store in either machine, if you do it as presented.
<cole-h> `deployment.keys.my-secret.text = "asdf";` <-- this created a key that will go in /run/keys/my-secret, with the contents "asdf"
<cole-h> Unless I'm fundamentally misunderstanding Nix, the underlying file doesn't get imported to the store, so this secret won't end up in the store.
<typetetris> cole-h: puh that's a relief
<typetetris> at least ripgrep didn't find my secret in the store of machine A
<cole-h> If you come back later, maybe you'll be able to get a more conclusive answer than me just reading the manual :P
<typetetris> Now I only need to add decrypting the secret before calling nixops and deleting the unencrypted secret afterwards. Is there some existing tool for that? (Otherwise I would just add gpg -d, rm to a shell script.)
<typetetris> cole-h: Sorry If I just didn't believe the manual.
<cole-h> Hehe, all good! One can only ever truly know with experimentation :P
<typetetris> I read that there a different state backends now? Is there some tutorial about this somewhere? I really don't fell comfortable putting an sqlite database into a git repository.
<typetetris> I see, one can use nixops export and import for that
<typetetris> hmm `nixExprs` is stored as an absolute path, that is also not good for sharing.
cole-h has quit [Quit: Goodbye]
cole-h_ has quit [Quit: Goodbye]
<typetetris> Can one exchange the ssh-key generated by the first `nixops deploy` ? (I didn't had a clear concept for handling secrets and leaked it into my git repository (a local one, not on any public server))
teto has joined #nixops
teto has quit [Ping timeout: 260 seconds]
teto has joined #nixops
teto has quit [Ping timeout: 260 seconds]
teto has joined #nixops
<typetetris> I used `nixops export` and `nixops import` to keep the state in some git repository, but I now see `prod> generating new SSH keypair... done` every time I do `nixops import ...; nixops deploy ...;` is this to be expected or is something off?
<typetetris> Ah, got it.
<typetetris> deploy never runned properly, so no ssh key in state atm.
dongcarl has quit [Quit: Ping timeout (120 seconds)]
dongcarl has joined #nixops
<typetetris> o my. Just wasted an embarrassing amount of time on `/run/keys` having a group of `keys`.
cole-h has joined #nixops
<cole-h> Back with another question: Is there an analogue for `nixos-rebuild boot`/`nixos-rebuild test`? Or does nixops only support the `nixos-rebuild switch`-like functionality? I skimmed the manual and didn't see anything of interest, so figured I'd ask here.
<adisbladis> cole-h: nixops deploy --test
<adisbladis> I don't think we have boot
<cole-h> Ah, is that in master only or something? I get "unrecognized arguments"
<gchristensen> yeah
<cole-h> Got it. Maybe once I get settled in to NixOS, I could try my hand at implementing a boot analogue, if you guys think that would be a desired feature (or at least not-undesired)?
dongcarl has quit [Quit: Ping timeout (120 seconds)]
dongcarl has joined #nixops
teto has quit [Ping timeout: 260 seconds]
jhillyerd has joined #nixops
<jhillyerd> typetetris: https://gist.github.com/jhillyerd/38dd7fe1492b713c64686055c910dfa7 second attempt at a first draft of nixops / libvirtd
<jhillyerd> I also forgot that I made a quickstart PR: https://github.com/nix-community/nixops-libvirtd/pull/15 - but I think the gist is more reliable, as I've tested it more.
<{^_^}> nix-community/nixops-libvirtd#15 (by jhillyerd, 3 weeks ago, open): Add Quickstart to README
<gchristensen> nice!!
<gchristensen> thank you a lot, jhillyerd!
<jhillyerd> let me know if you run into issues. I've run into a few trying to run libvirtd inside of vmware and vbox vms, so may have a fix. If this guide works for anyone, I'll update that PR
<gchristensen> jhillyerd: btw, may I PM?
<jhillyerd> sure
jhillyerd has quit [Remote host closed the connection]
jhillyerd has joined #nixops
<hpfr[m]> Looking forward to libvirt docs since I’m about to start self hosting some services via docker in a nixops vm
<typetetris> jhillyerd: very cool! What I am missing is, what to write in the nix expression for deployment to use libvirtd?
<jhillyerd> typetetris: ah. We could have a more detailed example. bare minimum is just deployment.targetEnv = "libvirtd";
<jhillyerd> I'm using https://github.com/jhillyerd/homeops/blob/master/env-virt.nix for testing at home.
<typetetris> jhillyerd: okay, I assume thats the local libvirtd, is there a possible to access a remote libvirtd
<jhillyerd> No, I don't think there is a way to do that. I hope it's something that could be added, would love a more "own cloud" option for folks.
<hpfr[m]> I believe there is: https://github.com/NixOS/nixops/pull/824 although it's now in the plugin
<{^_^}> nixops#824 (by erosennin, 2 years ago, merged): libvirtd: Add support for remote libvirt URIs
<jhillyerd> Looks like it's still there, worth testing!
dongcarl has quit [Quit: Ping timeout (120 seconds)]
dongcarl has joined #nixops
teto has joined #nixops
<jhillyerd> Looks like there is already a bug/fr open for it: https://github.com/nix-community/nixops-libvirtd/issues/12 I will see if I can get it working
<{^_^}> nix-community/nixops-libvirtd#12 (by mbrgm, 2 years ago, open): Allow running libvirtd deployments on remote hosts
<hpfr[m]> Yeah idk why that issue never got replied to, I wonder if the maintainer doesn’t subscribe to everything since they don’t own the repo
<hpfr[m]> I’m assuming it works tho because moving it to a plugin shouldn’t stop it from working (the one I sent got closed so I think it was working then)
jhillyerd has quit [Remote host closed the connection]
jhillyerd has joined #nixops
<jhillyerd> That would be great if so. Right now I'm manually creating VMs on another host and pointing nixops at them.
<hpfr[m]> Couldn’t you just run nixops on that host or is it not local to you
<jhillyerd> I could, and maybe should... but right now that remote host is my prod, and my local box with libvirt is the dev environment.
jhillyerd has quit [Remote host closed the connection]
jhillyerd has joined #nixops
<hpfr[m]> Oh ok
dongcarl has quit [Quit: Ping timeout (120 seconds)]
dongcarl has joined #nixops
jhillyerd has quit [Remote host closed the connection]
cole-h has quit [Quit: Goodbye]
cole-h has joined #nixops