[Nix-dev] Distributing files between machines in a nixops deployment

Marius Bergmann marius at yeai.de
Sat Nov 19 18:23:21 CET 2016 

You did not attach a link to your mail, but I guess you mean
https://blog.wearewizards.io/how-to-use-nixops-in-a-team ?


On 2016-11-19 18:08, Maarten Hoogendoorn wrote:
> I'm not pretending to be a NixOps expert, but I think the approach of
> generating the secret in the "deployment" machine is good enough.
> You could store the private key encrypted in a git repository. Have you
> seen this [1] blog post? It describes how to do this in a team.
> 
> Best regards,
> Maarten
> 
> 
> 2016-11-19 12:50 GMT+01:00 Marius Bergmann <marius at yeai.de
> <mailto:marius at yeai.de>>:
> 
>     On 2016-11-19 12:46, Arnold Krille wrote:
>     > On Sat, 19 Nov 2016 12:10:59 +0100 Marius Bergmann <marius at yeai.de
>     <mailto:marius at yeai.de>>
>     > wrote:
>     >> Is it possible to declare the distribution of a file (in my case
>     a ssh
>     >> server/client public key) to different machines in a nixops
>     >> deployment?
>     >>
>     >> I want to create a client keypair on one machine and then authorize
>     >> the public part on several other machines in the deployment. Those
>     >> other machines' public server keys should also be added to the
>     >> known_hosts of the machine logging into them.
>     >>
>     >> I know I could create all the keypairs on the machine running nixops
>     >> and send both the public as well as the private keys over the
>     >> network, but I would like to find out if there's a way around it.
>     >
>     > I think this is one of the things you don't do/want with Nix/NixOps as
>     > this is essentially self-modifying deployment. Which makes the
>     > deployment non-deterministic and unreproducible in the strict sense.
>     > With deployment-/configuration-management systems that have a central
>     > node and database, like chef and puppet can have, you can do such
>     > things. For Nix this is counter-intuitive.
>     >
>     > - Arnold
> 
>     Do you have a recommendation on how to handle my use case then? In
>     practice, I need this to allow the backup user to log into the machines
>     being backed up. Would you use a central location for all the key pairs?
>     _______________________________________________
>     nix-dev mailing list
>     nix-dev at lists.science.uu.nl <mailto:nix-dev at lists.science.uu.nl>
>     http://lists.science.uu.nl/mailman/listinfo/nix-dev
>     <http://lists.science.uu.nl/mailman/listinfo/nix-dev>
> 
>

More information about the nix-dev mailing list