<zimbatm>
nixops is then only used to provision the machines, terraform takes care of all the cloud resources
<zimbatm>
the nixops state doesn't have to be kept around if the nixos config includes your ssh keys
<zimbatm>
and the terraform state can be synched in a remote store automatically
<zimbatm>
the main downside is that you have to remember to run nixops after terraform
<manveru>
that sounds nice :)
<manveru>
i found so many bugs trying to deploy to s3 with nixops...
<srhb>
I've been planning to try this out for a long time too.
<srhb>
The state problem with NixOps is real....
<srhb>
I really want to get rid of the mandatory "deployer" machine.
<manveru>
jup
<srhb>
My main hacks have mainly been copy-closure and dealing with activation manually
<srhb>
But then there's zero provisioning...
<manveru>
i wrote my minimal nixops clone for that too :)
<srhb>
Which I mind less because I think the black-box approach to provisioning that NixOps uses is terrying...
<srhb>
manveru: Yeah, I know of like seven official of those, and a ton of internal ones as well
<srhb>
Everyone does it. :P
<manveru>
:D
<srhb>
I wonder how many forks of "eval-machines.nix" is out there...
<srhb>
er, eval-machine.nix I think
<manveru>
i don't even do that much
<manveru>
just nixos-rebuild with --build-host/--target-host
<manveru>
although i find --build-host doesn't work usually, still builds locally
<manveru>
so it's not exactly scalable
<manveru>
on my DSL connection anyway
<zimbatm>
I think eval-machine.nix should be moved to nixpkgs, pkgs.mkNixOS { configuration = [...
<zimbatm>
there a PR on nixops to support remote states
<manveru>
does anyone ever merge nixops PRs?
<sphalerite>
clever, ldlework, any other reverse engineers: I'm getting the sneaking suspicion that dynamically linked software is easier to reverse, generally speaking. Would you agree?
<zimbatm>
it depends if the stars are aligned properly
<manveru>
it seems terribly unmaintained for such a popular project :|
<sphalerite>
zimbatm: wouldn't that require keeping the nixpkgs fixpoint around so that config.nixpkgs.overlays can be applied correctly?
<manveru>
probably because it tries to do too much and is impossible to test properly
<sphalerite>
zimbatm: or reimporting nixpkgs I suppose
<sphalerite>
but yeah in principle I'm all for that!
<zimbatm>
sphalerite: yes that's the main issue, configuring nixpkgs overrides in nixos would be problematic
<srhb>
manveru: I think the greatest suggestion in there for a while has been splitting out all provisioning to something like (or exactly) the terraform provider.
<srhb>
manveru: And I think that would help on the PR situation a lot...
<manveru>
well, i can give it a shot :)
<manveru>
wanted to learn terraform anyway
<zimbatm>
once pkgs.mkNixOS is introduced then the nixpkgs fix point could be resolved first
<srhb>
zimbatm: mkNixOS?
<zimbatm>
srhb: we were talking of moving "eval-machines.nix" to pkgs/top-level/all-packages.nix
<zimbatm>
anyways it's just an idea at this point
<srhb>
Ah, I see.
<srhb>
That would be nice.
<zimbatm>
nixos-rebuild could be extended with another heuristic: if /etc/nixos/default.nix exists then it would just nix-build that
<zimbatm>
it would be cool if building the nixos system was just a normal nix-build + invoking switch-to-configuration
<manveru>
been looking for eval-machines.nix all over, do you mean eval-machine-info.nix?
<manveru>
but that doesn't seem very useful...
<manveru>
i mean... looking at nixos-rebuild, it's literally doing a nix-build and switch-to-configuration...
<srhb>
manveru: Yes, that one
<srhb>
manveru: It's basically the entire heart of NixOps
<srhb>
Particularly the phasing.
<srhb>
Most NixOps clones I've seen essentially rip out most of that and reuse it.
<manveru>
ok
<manveru>
then i guess mine isn't a clone
<srhb>
Well I'm sure there's other ways to do it :)
<sphalerite>
\o/ my experimentation with the BIOS interface has claimed its first victim
<samueldr>
your sanity?
<sphalerite>
samueldr: no, one of the machines has gone dead
<samueldr>
that's where the fun starts :)
<sphalerite>
I hope it's temporary
<sphalerite>
But I've lost network connectivity and it doesn't respond to wake-on-lan
<sphalerite>
so I'll need to check on it physically
<sphalerite>
but hey, 7 of them are still alive!
<samueldr>
*oblivious boss mode* but why didn't you virtualise it in the cloud instead?
<sphalerite>
because desktop machines can't be virtualised :D
<sphalerite>
thin clients are machines too!
<sphalerite>
samueldr: these experiments are key to our manageability strategy. Configuring the machines' BIOS settings remotely allows us to reduce resource expenditures on on-premises service engineer calls
<sphalerite>
how does that sound?
<samueldr>
I didn't know for sure, but I was sure it was something along the lines
<samueldr>
(I was joking with the cloud thing)
<samueldr>
if only everything was coreboot able
<sphalerite>
just playing along :D
<sphalerite>
these machines *are* corebootable apparently
<sphalerite>
I don't have the kit for flashing them though
<samueldr>
weren't they off by a couple numbers?
<samueldr>
aww, too bad
jtojnar has quit [Quit: jtojnar]
jtojnar has joined #nixos-chat
<MichaelRaskin>
> how does that sound?
<{^_^}>
error: syntax error, unexpected ')', expecting ID or OR_KW or DOLLAR_CURLY or '"', at (string):194:1
<MichaelRaskin>
Sounds like automation removing medium-skill jobs, obviously.
__Sander__ has quit [Quit: Konversation terminated!]
<manveru>
zimbatm: any reason why the terraform-provider-nixos isn't in terraform-full?
<manveru>
trying to figure out what overrides this thing needs to add that plugin... seems like there's no documentation or example anywhere :|
<manveru>
`terraform_0_11-full = terraform_0_11.withPlugins lib.attrValues` makes no sense to me :P
<sphalerite>
manveru: it's a function that takes the attrset of available plugins and returns a list of plugins
<sphalerite>
manveru: lib.attrValues returns a list containing *all* of them
<manveru>
ah
<sphalerite>
it is a bit confusing!
<manveru>
so like `terraform.withPlugins (plugins: [ plugins.aws terraform-provider-nixos ])`
<manveru>
thanks :)
<manveru>
now i just need to figure out how to get this nixos and aws provider to work together
<manveru>
can't really set an ip if i have none yet...
<manveru>
ah, found it
<manveru>
don't think nixops can handle elastic ips that way...
<elvishjerricco>
Nix's source is surprisingly pleasant. I was expecting it to be horrible to get through just because C++ has always led to nonsense for me, but this was really nicely architected and easy to follow. There's a couple uses of, like, global variables and stuff that I don't care for, but it wasn't too bad to figure out.
<sphalerite>
elvishjerricco: agreed! nix is the most digestible C++ code I've worked with
<joepie91>
there's a few layers of indirection that are difficult to follow given C++' lack of follow-the-references ability (yay lack of modules...), but other than that I've found it pretty easy to understand too
<manveru>
god... AWS IAM doesn't support ed25519 keys yet...
<joepie91>
elvishjerricco: another surprisingly good codebase is that of OpenTTD
<joepie91>
it has some, uh, warts (like string-concat'ing HTTP requests...) but architecturally it's surprisingly easy to follow
<sphalerite>
I replaced the battery in my 3-year-old phone today
<sphalerite>
the original one was still pretty good, lasting 2 days on a good run
<sphalerite>
I wonder how well it will do with a new battery :D
<zimbatm>
manveru: no reason in particular. usually things aren't added unless they have a release
jtojnar has quit [Ping timeout: 252 seconds]
jtojnar has joined #nixos-chat
<manveru>
zimbatm: you know how to get terraform to add my public ssh key?
<manveru>
ah, got it :)
<manveru>
damn rubber duck
<zimbatm>
you're welcome :)
<manveru>
i think i finally got everything right... let's hope :D
<manveru>
it's just a shame about ed25519, but i only need RSA for the initial deploy?
<manveru>
also wonder who's making the AMIs
jtojnar has quit [Ping timeout: 252 seconds]
jtojnar has joined #nixos-chat
pie_ has quit [Remote host closed the connection]
pie_ has joined #nixos-chat
jtojnar has quit [Ping timeout: 240 seconds]
kisik21 has quit [Ping timeout: 240 seconds]
tertl3 has joined #nixos-chat
sir_guy_carleton has joined #nixos-chat
<joepie91>
is there such a thing as NixOS workshops/trainings?
<joepie91>
the kind you might be sent to on your employer's dime
<ldlework>
joepie91: you can come visit me in Iowa, i charge $2400 dollars a day but that includes continental breakfast and an air matress so
<joepie91>
lol
<joepie91>
asking for a friend
<andi->
2399! And I might make a proper "bed" (wooden sticks) available!
<ldlework>
hmm 2398 and I'll throw in my autograph
<andi->
2400 and I will print a certificate with whatever you want on it.
<ldlework>
2401 and I'll let you design and print your own certificate on your own computer when you return home!
<andi->
this certification market is really competitive...
<simpson>
$2400, but if you get a few more people to buy in then I'll throw a convention.
<ldlework>
heh
<andi->
NixOS Certified rebuilder Level1 - has executed `nixos-rebuild switch` at least a few times including with `--help`