[Nix-dev] NixOps - merge config files

Tomasz Czyż tomasz.czyz at gmail.com
Thu Jun 9 12:23:31 CEST 2016 

Probably some function from
https://github.com/NixOS/nixpkgs/blob/master/lib/attrsets.nix could be
useful to merge them.

2016-06-09 11:19 GMT+01:00 zimbatm <zimbatm at zimbatm.com>:

> @dario: that doesn’t work recursively. { a = { x = 3; } } // { a = { y =
> 4; } produces { a = { y = 4 }; }
>>
> On Thu, 9 Jun 2016 at 10:44 Dario Bertini <berdario at gmail.com> wrote:
>
>> {a=1;}// {b=2;}
>> Yields
>> {a=1; b=2;}
>>
>> Is this enough to help you?
>>
>> On 9 June 2016 10:31:07 BST, 4levels <4levels at gmail.com> wrote:
>> >Hi,
>> >
>> >thank you for your swift reply!
>> >I'd like to avoid to literally mention all sensitive config params in
>> >the
>> >network.nix config.
>> >
>> >What would be the "normal" procedure to recursively merge 2 attribute
>> >sets?
>> >
>> >
>> >So if I have in one file
>> >servers.nix: {
>> >  vm01 = {
>> >    services.symfony.platforms = {
>> >      database = {
>> >        username = "www";
>> >      };
>> >    };
>> >  };
>> >}
>> >
>> >and in the other
>> >keys.nix: {
>> >  vm01 = {
>> >    services.symfony.platforms = {
>> >      database = {
>> >        password = "12345678";
>> >      };
>> >    };
>> >  };
>> >}
>> >
>> >So they become one when building:
>> >{
>> >  vm01 = {
>> >    services.symfony.platforms = {
>> >      database = {
>> >        username = "www";
>> >        password = "12345678";
>> >      };
>> >    };
>> >  };
>> >}
>> >
>> >Kind regards,
>> >
>> >Erik
>> >
>> >On Thu, Jun 9, 2016 at 11:23 AM zimbatm <zimbatm at zimbatm.com> wrote:
>> >
>> >> Hi,
>> >>
>> >> I don’t know where you are getting this error. All I can do is
>> >suggest a
>> >> workaround:
>> >>
>> >> In keys.nix:
>> >>
>> >> {
>> >>   database_password = "12345678";
>> >> }
>> >>
>> >> In network.nix:
>> >>
>> >> let
>> >>   secrets = import ./keys.nix {};in;
>> >> {
>> >>   vm01 = {
>> >>     { config, pkgs, ... }:
>> >>     {
>> >>       services.symfony.platforms.database.password =
>> >secrets.database_password;
>> >>
>> >>       ..
>> >>     }
>> >>   }
>> >> }
>> >>
>> >> ​
>> >>
>> >> On Thu, 9 Jun 2016 at 07:54 4levels <4levels at gmail.com> wrote:
>> >>
>> >>> Hi Nix Devs,
>> >>>
>> >>> I'm having some difficulties separating sensitive information from a
>> >nix
>> >>> expression used by NixOps.
>> >>>
>> >>> I keep the server config in a separate file, servers.nix:
>> >>> {
>> >>>   vm01 =
>> >>>     { config, pkgs, nodes, ... }:
>> >>>     {
>> >>>       deployment = {
>> >>>         targetHost = "192.168.121.50";
>> >>>       };
>> >>>       ...
>> >>>     }
>> >>> }
>> >>>
>> >>> Currently I have all relevant software config for each server in a
>> >nix
>> >>> expression platforms.nix as follows (where vm01 is the hostname):
>> >>> {
>> >>>   vm01 =
>> >>>     { config, pkgs, ... }:
>> >>>     {
>> >>>       services.symfony.platforms = {
>> >>>         database = {
>> >>>           username = "www";
>> >>>           /* password = "1234567" -> moved to keys.nix */
>> >>>         };
>> >>>       ...
>> >>>     }
>> >>> }
>> >>>
>> >>> I want to remove the sensitive info from this file and put it in a
>> >>> separate nix expression, eg. keys.nix, maintaining the same
>> >structure so
>> >>> the files can be merged.
>> >>>
>> >>> In keys.nix I currently have
>> >>> {
>> >>>   vm01 = {
>> >>>     { config, pkgs, ... }:
>> >>>     {
>> >>>       services.symfony.platforms.database.password = "12345678";
>> >>>       ..
>> >>>     }
>> >>>   }
>> >>> }
>> >>>
>> >>> I've modified my nixops deploy to have keys.nix loaded after the
>> >>> servers.nix and platforms.nix files, but I keep getting errors like
>> >"the
>> >>> attribute password does not exist"
>> >>>
>> >>> I must be overlooking something obvious as all the other files I
>> >define
>> >>> in my deploy are being merged correctly.
>> >>>
>> >>> Can anyone advise me on how to achieve this?
>> >>>
>> >>> The underlying reason is that I'm using git-crypt to encrypt the
>> >>> platforms.nix file, but this makes it impossible to work with
>> >branches (or
>> >>> git logs) etc. as the whole file is encrypted and git cannot merge
>> >binary
>> >>> files (it simply replaces them).
>> >>>
>> >>> Kind regards!
>> >>>
>> >>> Erik aka 4levels
>> >>>
>> >> _______________________________________________
>> >>> nix-dev mailing list
>> >>> nix-dev at lists.science.uu.nl
>> >>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>> >>>
>> >>
>> >
>> >
>> >------------------------------------------------------------------------
>> >
>> >_______________________________________________
>> >nix-dev mailing list
>> >nix-dev at lists.science.uu.nl
>> >http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>> --
>> Sent from mobile. Please excuse my brevity.
>> _______________________________________________
>> nix-dev mailing list
>> nix-dev at lists.science.uu.nl
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
>


-- 
Tomasz Czyż
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160609/46015a95/attachment-0001.html>

More information about the nix-dev mailing list