[Nix-dev] NixOps - merge config files
zimbatm
zimbatm at zimbatm.com
Thu Jun 9 12:19:07 CEST 2016
@dario: that doesn’t work recursively. { a = { x = 3; } } // { a = { y = 4;
} produces { a = { y = 4 }; }
On Thu, 9 Jun 2016 at 10:44 Dario Bertini <berdario at gmail.com> wrote:
> {a=1;}// {b=2;}
> Yields
> {a=1; b=2;}
>
> Is this enough to help you?
>
> On 9 June 2016 10:31:07 BST, 4levels <4levels at gmail.com> wrote:
> >Hi,
> >
> >thank you for your swift reply!
> >I'd like to avoid to literally mention all sensitive config params in
> >the
> >network.nix config.
> >
> >What would be the "normal" procedure to recursively merge 2 attribute
> >sets?
> >
> >
> >So if I have in one file
> >servers.nix: {
> > vm01 = {
> > services.symfony.platforms = {
> > database = {
> > username = "www";
> > };
> > };
> > };
> >}
> >
> >and in the other
> >keys.nix: {
> > vm01 = {
> > services.symfony.platforms = {
> > database = {
> > password = "12345678";
> > };
> > };
> > };
> >}
> >
> >So they become one when building:
> >{
> > vm01 = {
> > services.symfony.platforms = {
> > database = {
> > username = "www";
> > password = "12345678";
> > };
> > };
> > };
> >}
> >
> >Kind regards,
> >
> >Erik
> >
> >On Thu, Jun 9, 2016 at 11:23 AM zimbatm <zimbatm at zimbatm.com> wrote:
> >
> >> Hi,
> >>
> >> I don’t know where you are getting this error. All I can do is
> >suggest a
> >> workaround:
> >>
> >> In keys.nix:
> >>
> >> {
> >> database_password = "12345678";
> >> }
> >>
> >> In network.nix:
> >>
> >> let
> >> secrets = import ./keys.nix {};in;
> >> {
> >> vm01 = {
> >> { config, pkgs, ... }:
> >> {
> >> services.symfony.platforms.database.password =
> >secrets.database_password;
> >>
> >> ..
> >> }
> >> }
> >> }
> >>
> >>
> >>
> >> On Thu, 9 Jun 2016 at 07:54 4levels <4levels at gmail.com> wrote:
> >>
> >>> Hi Nix Devs,
> >>>
> >>> I'm having some difficulties separating sensitive information from a
> >nix
> >>> expression used by NixOps.
> >>>
> >>> I keep the server config in a separate file, servers.nix:
> >>> {
> >>> vm01 =
> >>> { config, pkgs, nodes, ... }:
> >>> {
> >>> deployment = {
> >>> targetHost = "192.168.121.50";
> >>> };
> >>> ...
> >>> }
> >>> }
> >>>
> >>> Currently I have all relevant software config for each server in a
> >nix
> >>> expression platforms.nix as follows (where vm01 is the hostname):
> >>> {
> >>> vm01 =
> >>> { config, pkgs, ... }:
> >>> {
> >>> services.symfony.platforms = {
> >>> database = {
> >>> username = "www";
> >>> /* password = "1234567" -> moved to keys.nix */
> >>> };
> >>> ...
> >>> }
> >>> }
> >>>
> >>> I want to remove the sensitive info from this file and put it in a
> >>> separate nix expression, eg. keys.nix, maintaining the same
> >structure so
> >>> the files can be merged.
> >>>
> >>> In keys.nix I currently have
> >>> {
> >>> vm01 = {
> >>> { config, pkgs, ... }:
> >>> {
> >>> services.symfony.platforms.database.password = "12345678";
> >>> ..
> >>> }
> >>> }
> >>> }
> >>>
> >>> I've modified my nixops deploy to have keys.nix loaded after the
> >>> servers.nix and platforms.nix files, but I keep getting errors like
> >"the
> >>> attribute password does not exist"
> >>>
> >>> I must be overlooking something obvious as all the other files I
> >define
> >>> in my deploy are being merged correctly.
> >>>
> >>> Can anyone advise me on how to achieve this?
> >>>
> >>> The underlying reason is that I'm using git-crypt to encrypt the
> >>> platforms.nix file, but this makes it impossible to work with
> >branches (or
> >>> git logs) etc. as the whole file is encrypted and git cannot merge
> >binary
> >>> files (it simply replaces them).
> >>>
> >>> Kind regards!
> >>>
> >>> Erik aka 4levels
> >>>
> >> _______________________________________________
> >>> nix-dev mailing list
> >>> nix-dev at lists.science.uu.nl
> >>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> >>>
> >>
> >
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >nix-dev mailing list
> >nix-dev at lists.science.uu.nl
> >http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
> --
> Sent from mobile. Please excuse my brevity.
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160609/de7c5d51/attachment.html>
More information about the nix-dev
mailing list