[Nix-dev] NixOps - merge config files

Thu Jun 9 11:43:57 CEST 2016

{a=1;}// {b=2;} 
Yields
{a=1; b=2;} 

Is this enough to help you? 

On 9 June 2016 10:31:07 BST, 4levels <4levels at gmail.com> wrote:
>Hi,
>
>thank you for your swift reply!
>I'd like to avoid to literally mention all sensitive config params in
>the
>network.nix config.
>
>What would be the "normal" procedure to recursively merge 2 attribute
>sets?
>
>
>So if I have in one file
>servers.nix: {
>  vm01 = {
>    services.symfony.platforms = {
>      database = {
>        username = "www";
>      };
>    };
>  };
>}
>
>and in the other
>keys.nix: {
>  vm01 = {
>    services.symfony.platforms = {
>      database = {
>        password = "12345678";
>      };
>    };
>  };
>}
>
>So they become one when building:
>{
>  vm01 = {
>    services.symfony.platforms = {
>      database = {
>        username = "www";
>        password = "12345678";
>      };
>    };
>  };
>}
>
>Kind regards,
>
>Erik
>
>On Thu, Jun 9, 2016 at 11:23 AM zimbatm <zimbatm at zimbatm.com> wrote:
>
>> Hi,
>>
>> I don’t know where you are getting this error. All I can do is
>suggest a
>> workaround:
>>
>> In keys.nix:
>>
>> {
>>   database_password = "12345678";
>> }
>>
>> In network.nix:
>>
>> let
>>   secrets = import ./keys.nix {};in;
>> {
>>   vm01 = {
>>     { config, pkgs, ... }:
>>     {
>>       services.symfony.platforms.database.password =
>secrets.database_password;
>>
>>       ..
>>     }
>>   }
>> }
>>
>> 
>>
>> On Thu, 9 Jun 2016 at 07:54 4levels <4levels at gmail.com> wrote:
>>
>>> Hi Nix Devs,
>>>
>>> I'm having some difficulties separating sensitive information from a
>nix
>>> expression used by NixOps.
>>>
>>> I keep the server config in a separate file, servers.nix:
>>> {
>>>   vm01 =
>>>     { config, pkgs, nodes, ... }:
>>>     {
>>>       deployment = {
>>>         targetHost = "192.168.121.50";
>>>       };
>>>       ...
>>>     }
>>> }
>>>
>>> Currently I have all relevant software config for each server in a
>nix
>>> expression platforms.nix as follows (where vm01 is the hostname):
>>> {
>>>   vm01 =
>>>     { config, pkgs, ... }:
>>>     {
>>>       services.symfony.platforms = {
>>>         database = {
>>>           username = "www";
>>>           /* password = "1234567" -> moved to keys.nix */
>>>         };
>>>       ...
>>>     }
>>> }
>>>
>>> I want to remove the sensitive info from this file and put it in a
>>> separate nix expression, eg. keys.nix, maintaining the same
>structure so
>>> the files can be merged.
>>>
>>> In keys.nix I currently have
>>> {
>>>   vm01 = {
>>>     { config, pkgs, ... }:
>>>     {
>>>       services.symfony.platforms.database.password = "12345678";
>>>       ..
>>>     }
>>>   }
>>> }
>>>
>>> I've modified my nixops deploy to have keys.nix loaded after the
>>> servers.nix and platforms.nix files, but I keep getting errors like
>"the
>>> attribute password does not exist"
>>>
>>> I must be overlooking something obvious as all the other files I
>define
>>> in my deploy are being merged correctly.
>>>
>>> Can anyone advise me on how to achieve this?
>>>
>>> The underlying reason is that I'm using git-crypt to encrypt the
>>> platforms.nix file, but this makes it impossible to work with
>branches (or
>>> git logs) etc. as the whole file is encrypted and git cannot merge
>binary
>>> files (it simply replaces them).
>>>
>>> Kind regards!
>>>
>>> Erik aka 4levels
>>>
>> _______________________________________________
>>> nix-dev mailing list
>>> nix-dev at lists.science.uu.nl
>>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>>
>>
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>nix-dev mailing list
>nix-dev at lists.science.uu.nl
>http://lists.science.uu.nl/mailman/listinfo/nix-dev

-- 
Sent from mobile. Please excuse my brevity.