From b74b0b958a11598f7dd8c0e32b1bb3d8265eb147 Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Sep 2018 20:14:33 +0200 Subject: writeTest: simplify nix-build call --- pkgs/krops/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pkgs/krops/default.nix b/pkgs/krops/default.nix index d2f9c8a..98d7e17 100644 --- a/pkgs/krops/default.nix +++ b/pkgs/krops/default.nix @@ -23,12 +23,11 @@ in set -efu ${populate { inherit source; target = target'; }} ${nix}/bin/nix-build \ - -A config.system.build.toplevel \ + -A system \ -I ${target'.path} \ - --arg modules '[]' \ --no-out-link \ --show-trace \ - '' + '' ''; } -- cgit v1.2.3 From c46166d407c7d246112f13346621a3fbdb25889e Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 13 Sep 2018 21:41:00 +0200 Subject: populate rsync: use stderr --- pkgs/populate/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/populate/default.nix b/pkgs/populate/default.nix index f0eb7d1..69f4ab3 100644 --- a/pkgs/populate/default.nix +++ b/pkgs/populate/default.nix @@ -112,7 +112,8 @@ let optionalString (!isLocalTarget target) "${target.user}@${target.host}:" + target.path - )} + )} \ + >&2 ''; shell' = target: script: -- cgit v1.2.3 From 5cd8bd046e9f8e5f03453e3c49161a9901787649 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 16 Sep 2018 01:53:53 +0200 Subject: pkgs.krops: add rebuild --- pkgs/krops/default.nix | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/pkgs/krops/default.nix b/pkgs/krops/default.nix index 98d7e17..6bef6e1 100644 --- a/pkgs/krops/default.nix +++ b/pkgs/krops/default.nix @@ -2,7 +2,19 @@ let lib = import ../../lib; in -{ nix, openssh, populate, writeDash, writeJSON }: { +{ exec, nix, openssh, populate, writeDash, writeJSON }: rec { + + rebuild = target: + exec "rebuild.${target.host}" rec { + filename = "${openssh}/bin/ssh"; + argv = [ + filename + "-l" target.user + "-p" target.port + target.host + "nixos-rebuild switch -I ${lib.escapeShellArg target.path}" + ]; + }; writeDeploy = name: { source, target }: let target' = lib.mkTarget target; @@ -10,9 +22,7 @@ in writeDash name '' set -efu ${populate { inherit source; target = target'; }} - ${openssh}/bin/ssh \ - ${target'.user}@${target'.host} -p ${target'.port} \ - nixos-rebuild switch -I ${target'.path} + ${rebuild target'} ''; writeTest = name: { source, target }: let -- cgit v1.2.3 From a690f0aeca7eb53c9757933607f3d3fdb64c7012 Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 16 Sep 2018 02:16:22 +0200 Subject: pkgs.krops: remove unused writeJSON Last use was removed in commit ea08f87819291a21ee6e031fe7748bdb04518bab. --- pkgs/krops/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/krops/default.nix b/pkgs/krops/default.nix index 6bef6e1..2d3395d 100644 --- a/pkgs/krops/default.nix +++ b/pkgs/krops/default.nix @@ -2,7 +2,7 @@ let lib = import ../../lib; in -{ exec, nix, openssh, populate, writeDash, writeJSON }: rec { +{ exec, nix, openssh, populate, writeDash }: rec { rebuild = target: exec "rebuild.${target.host}" rec { -- cgit v1.2.3 From 5ae2b7f3691364ba17cdb01fde98c2722d3a707e Mon Sep 17 00:00:00 2001 From: tv Date: Sun, 16 Sep 2018 10:10:37 +0200 Subject: pkgs: add nix-writers 3.0.0 to overlays --- pkgs/default.nix | 8 ++++++++ pkgs/overlay.nix | 10 ---------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/pkgs/default.nix b/pkgs/default.nix index 639ed13..b8530a8 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,7 +1,15 @@ { overlays ? [], ... }@args: +let + nix-writers = builtins.fetchGit { + url = https://cgit.krebsco.de/nix-writers/; + rev = "c27a9416e8ee04d708b11b48f8cf1a055c0cc079"; + }; +in + import (args // { overlays = overlays ++ [ (import ./overlay.nix) + (import "${nix-writers}/pkgs") ]; }) diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix index 95d4938..24ecf17 100644 --- a/pkgs/overlay.nix +++ b/pkgs/overlay.nix @@ -5,14 +5,4 @@ in self: super: { krops = self.callPackage ./krops {}; populate = self.callPackage ./populate {}; - writeDash = name: text: self.writeScript name '' - #! ${self.dash}/bin/dash - ${text} - ''; - writeJSON = name: value: self.runCommand name { - json = lib.toJSON value; - passAsFile = [ "json" ]; - } /* sh */ '' - ${self.jq}/bin/jq . "$jsonPath" > "$out" - ''; } -- cgit v1.2.3 From 2e93a93ac264a480b427acc2684993476732539d Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Wed, 19 Sep 2018 19:40:36 +0200 Subject: populate: no name clashes anymore --- pkgs/populate/default.nix | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/pkgs/populate/default.nix b/pkgs/populate/default.nix index 69f4ab3..d8c1510 100644 --- a/pkgs/populate/default.nix +++ b/pkgs/populate/default.nix @@ -1,7 +1,7 @@ with import ../../lib; with shell; -{ coreutils, dash, findutils, git, jq, openssh, rsync, writeDash }: +{ coreutils, dash, findutils, git, jq, openssh, pass, rsync, writeDash }: let check = { force, target }: let @@ -20,21 +20,21 @@ let fi ''; - pop.file = target: file: rsync' target (quote file.path); + pop.file = target: source: rsync' target (quote source.path); - pop.git = target: git: shell' target /* sh */ '' + pop.git = target: source: shell' target /* sh */ '' if ! test -e ${quote target.path}; then - git clone --recurse-submodules ${quote git.url} ${quote target.path} + git clone --recurse-submodules ${quote source.url} ${quote target.path} fi cd ${quote target.path} if ! url=$(git config remote.origin.url); then - git remote add origin ${quote git.url} - elif test "$url" != ${quote git.url}; then - git remote set-url origin ${quote git.url} + git remote add origin ${quote source.url} + elif test "$url" != ${quote source.url}; then + git remote set-url origin ${quote source.url} fi # TODO resolve git_ref to commit hash - hash=${quote git.ref} + hash=${quote source.ref} if ! test "$(git log --format=%H -1)" = "$hash"; then if ! git log -1 "$hash" >/dev/null 2>&1; then @@ -48,8 +48,8 @@ let git clean -dfx ''; - pop.pass = target: pass: let - passPrefix = "${pass.dir}/${pass.name}"; + pop.pass = target: source: let + passPrefix = "${source.dir}/${source.name}"; in /* sh */ '' umask 0077 @@ -66,28 +66,28 @@ let rel_name=''${rel_name%.gpg} pass_date=$( - ${git}/bin/git -C ${quote pass.dir} log -1 --format=%aI "$gpg_path" + ${git}/bin/git -C ${quote source.dir} log -1 --format=%aI "$gpg_path" ) - pass_name=${quote pass.name}/$rel_name + pass_name=${quote source.name}/$rel_name tmp_path=$tmp_dir/$rel_name ${coreutils}/bin/mkdir -p "$(${coreutils}/bin/dirname "$tmp_path")" - PASSWORD_STORE_DIR=${quote pass.dir} pass show "$pass_name" > "$tmp_path" + PASSWORD_STORE_DIR=${quote source.dir} ${pass}/bin/pass show "$pass_name" > "$tmp_path" ${coreutils}/bin/touch -d "$pass_date" "$tmp_path" done ${rsync' target /* sh */ "$tmp_dir"} ''; - pop.pipe = target: pipe: /* sh */ '' - ${quote pipe.command} | { + pop.pipe = target: source: /* sh */ '' + ${quote source.command} | { ${shell' target /* sh */ "cat > ${quote target.path}"} } ''; # TODO rm -fR instead of ln -f? - pop.symlink = target: symlink: shell' target /* sh */ '' - ln -fns ${quote symlink.target} ${quote target.path} + pop.symlink = target: source: shell' target /* sh */ '' + ln -fns ${quote source.target} ${quote target.path} ''; populate = target: name: source: let -- cgit v1.2.3 From d9dd5b94eaa5ad8b884c7c5dbf867b111fb100bf Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 28 Sep 2018 16:04:22 +0200 Subject: README: fix list --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 251a923..59c5344 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ krops is a lightweigt toolkit to deploy nixos systems, remotely or locally. fancy features include: + - store your secrets in passwordstore - build your system remotely - minimal overhead -- cgit v1.2.3 From 75e1338628aea086ea0dc8d19103c7263f4e6b8a Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 28 Sep 2018 16:11:52 +0200 Subject: README: add link to palo's blog post --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 59c5344..7f403b7 100644 --- a/README.md +++ b/README.md @@ -48,3 +48,7 @@ in ``` and run `$(nix-build krops.nix)`. This results in a script which deploys the machine via ssh & rsync on the target machine. + +## References + +- [Blog post with in-depth example](http://tech.ingolf-wagner.de/nixos/krops/) by [Ingolf Wagner](https://ingolf-wagner.de/) -- cgit v1.2.3 From b922b41fe371896cbc38bb1dc9d0074d11686ec3 Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 28 Sep 2018 17:01:38 +0200 Subject: README: add more words to the example =) --- README.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 7f403b7..eb564a7 100644 --- a/README.md +++ b/README.md @@ -1,20 +1,20 @@ # krops (krebs ops) -krops is a lightweigt toolkit to deploy nixos systems, remotely or locally. +krops is a lightweigt toolkit to deploy NixOS systems, remotely or locally. -fancy features include: +## Some Features - store your secrets in passwordstore - build your system remotely -- minimal overhead +- minimal overhead (it's basically just `nixos-rebuild switch`!) - run from custom nixpkgs branch/checkout/fork -minimal example: +## Minimal Example + +Create a file named `krops.nix` (name doesn't matter) with following content: -create a krops.nix somewhere ``` let - #krops = ./.; krops = (import {}).fetchgit { url = https://cgit.krebsco.de/krops/; rev = "3022582ade8049e6ccf18f358cedb996d6716945"; @@ -28,11 +28,9 @@ let nixpkgs.git = { ref = "4b4bbce199d3b3a8001ee93495604289b01aaad3"; url = https://github.com/NixOS/nixpkgs; - }; nixos-config.file = toString (pkgs.writeText "nixos-config" '' { pkgs, ... }: { - fileSystems."/" = { device = "/dev/sda1"; }; boot.loader.systemd-boot.enable = true; services.openssh.enable = true; @@ -47,8 +45,11 @@ in } ``` -and run `$(nix-build krops.nix)`. This results in a script which deploys the machine via ssh & rsync on the target machine. +and run `$(nix-build --no-out-link krops.nix)` to deploy the target machine. + +Under the hood, this will make the sources available on the target machine +below `/var/src`, and execute `nixos-rebuild switch -I /var/src`. ## References -- [Blog post with in-depth example](http://tech.ingolf-wagner.de/nixos/krops/) by [Ingolf Wagner](https://ingolf-wagner.de/) +- [In-depth example](http://tech.ingolf-wagner.de/nixos/krops/) by [Ingolf Wagner](https://ingolf-wagner.de/) -- cgit v1.2.3 From 5b27dc84c8dc2fd104393ef5b3574469e1617fea Mon Sep 17 00:00:00 2001 From: tv Date: Fri, 28 Sep 2018 17:03:24 +0200 Subject: README: add link to password store --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index eb564a7..b86c469 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ krops is a lightweigt toolkit to deploy NixOS systems, remotely or locally. ## Some Features -- store your secrets in passwordstore +- store your secrets in [password store](https://www.passwordstore.org/) - build your system remotely - minimal overhead (it's basically just `nixos-rebuild switch`!) - run from custom nixpkgs branch/checkout/fork -- cgit v1.2.3