NixOS Deployments - Public Room Timeline

	NixOS Deployments	1246 Members
	NixOS Deployment tooling	307 Servers

Load older messages

Sender	Message	Time
25 Jul 2021
	dearrude joined the room.	20:56:44
26 Jul 2021
Aldwin	Hi. Is it normal to want to run `nixops deploy` in a GitHub action? I'm asking because if it's normal, I feel like it should be easier. But it's not easy, so maybe I'm taking a wrong approach. It seems like an obvious next step to me to want to automate the deployment once you've got a network configured with NixOps. But I've been surfing the web for any examples or tutorials, but can't really find anything. I did find some stuff on https://nix.dev (thank you Domen Kožar) that shows how to do nix-build on a GitHub action and possibly use Cachix, but nothing about nixops or deployment. I'm also a bit confused/concerned about the the NixOps stateful stuff. It seems to generate a keypair on first deployment which it expects to reuse. Not sure if that can work when deploying from a clean environment every time.	15:02:53
Aldwin	* Hi. Is it normal to want to run `nixops deploy` in a GitHub action? I'm asking because if it's normal, I feel like it should be easier. But it's not easy, so maybe I'm taking a wrong approach. It seems like an obvious next step to me to want to automate the deployment once you've got a network configured with NixOps. But I've been surfing the web for any examples or tutorials, and can't really find anything. I did find some stuff on https://nix.dev (thank you Domen Kožar) that shows how to do nix-build on a GitHub action and possibly use Cachix, but nothing about nixops or deployment. I'm also a bit confused/concerned about the the NixOps stateful stuff. It seems to generate a keypair on first deployment which it expects to reuse. Not sure if that can work when deploying from a clean environment every time.	15:03:32
Aldwin	* Hi. Is it normal to want to run `nixops deploy` in a GitHub action? I'm asking because if it's normal, I feel like it should be easier. But it's not easy, so maybe I'm taking a wrong approach. It seems like an obvious next step to automate deployment once you've got a network configured with NixOps. But I've been surfing the web for any examples or tutorials, and can't really find anything. I did find some stuff on https://nix.dev (thank you Domen Kožar) that shows how to do nix-build on a GitHub action and possibly use Cachix, but nothing about nixops or deployment. I'm also a bit confused/concerned about the the NixOps stateful stuff. It seems to generate a keypair on first deployment which it expects to reuse. Not sure if that can work when deploying from a clean environment every time.	15:04:36
Domen Kožar	Aldwin: my recommendation would be to use terraform + plain deploy	15:04:42
Domen Kožar	it depends a bit on the usage case, but you can get very far with that	15:04:54
Aldwin	What do you mean by a "plain deploy"?	15:05:31
Domen Kožar	I need to write a tutorial for this :)	15:05:55
Domen Kožar	I mean: nixos-rebuild switch --target-host ip	15:06:12
Aldwin	`--target-host` :o	15:06:44
Domen Kožar	another option is https://nix.dev/tutorials/deploying-nixos-using-terraform that has this built in	15:07:15
Aldwin	I think terraform might be overkill for my case. I started small with a single nginx server that only redirects requests.	15:08:01
Domen Kožar	ah yeah, then nixos-rebuild switch --target-host is what you want	15:08:21
Aldwin	So you propose ditching nixops altogether, and doing a "normal" nixos-rebuild, relying on this `--target-host` option to "deploy".	15:10:50
Aldwin	I never knew about --target-host	15:10:56
Domen Kožar	that's why I need to write a tutorial for it :D	15:11:07
Aldwin	I've been using nixops for a while, and most of my "networks" only have a single machine. Would you say that those might all be good candidates for just using a deploy script that sets the appropriate target-host?	15:13:07
Aldwin	And I guess I need to manage my own ssh access when using --target-host	15:15:35
Aldwin	As opposed to with nixops, which sort of manages it for me	15:15:56
Domen Kožar	exactly, nixops puts all of that into an sqlite	15:22:23
Domen Kožar	having those keys specified as secrets makes it a tiny bit more transparent I think	15:37:22
Aldwin	Domen Kožar: Are you using the --target-host method already to deploy something from a GitHub action? I have a few questions: Do you simply use the `NIXOS_CONFIG` env var to point `nixos-rebuild` to your config file? To provision, do you: Generate an ssh key locally or whatever; put the public part in your `configuration.nix#users.users.root.openssh.authorizedKeys.keys`; upload the private part to a GitHub secret; and use the `NIX_SSHOPTS` env var to expose the private key to `nixos-rebuild`?	15:37:28
Domen Kožar	See https://github.com/shimataro/ssh-key-action	15:39:25
Gytis Ivaskevicius	Redacted or Malformed Event	15:40:13
Aldwin	Ah, handy. :)	15:40:34
Aldwin	But that still only goes instead of the `NIX_SSHOPTS`, right? The rest seems like I had it right.	15:41:26
Domen Kožar	yeah you got everything else right :)	15:43:11
Aldwin	Domen Kožar: `NIXOS_CONFIG` needs an absolute path. Did you find a handy way to give it one in a GitHub workflow `env` spec?	16:04:10
Domen Kožar	NIXOS_CONFIG=$(pwd)/mymachine.nix	16:05:00
Domen Kožar	when invoking nixos-rebuild	16:05:07

There are no newer messages yet.

Back to Room ListRoom Version: 6