[Nix-dev] NixOps usage survey.

Bas van Dijk v.dijk.bas at gmail.com
Mon Sep 12 13:49:21 CEST 2016


If you work in a team, definitely pin your nixpkgs revision.

At LumiGuide we use a variation of the technique outlined in
https://garbas.si/2015/reproducible-development-environments.html.

Bas


On 12 September 2016 at 11:05, Tobias Pflug <tobias.pflug at gmx.net> wrote:

> If I may just jump in with a question: What I feel uneasy about is to just
> use some channel. Is that what everyone does? I usually pinpoint a specific
> commit so that i know that my deployments are actually deterministic about
> what nixpkgs set is being used.
>
> Am I just being paranoid/impractical? Maybe it is even an anti-pattern
> since I obviously have to manually update then.
>
> Thanks in advance for any input :)
>
> -Tobi
>
> Sent from my iPhone
>
> > On 06 Sep 2016, at 15:06, Игорь Пашев <pashev.igor at gmail.com> wrote:
> >
> > I'm using NixOps in production, EC2, Hetzner, VBox with no issues.
> >
> > Of course, commit NixOps state (JSON) in git with git-crypt. And this
> > wrapper for NixOps:
> >
> > #!/usr/bin/env bash
> >
> > set -euo pipefail
> >
> > NIXPKGS=https://github.com/NixOS/nixpkgs-channels/
> archive/nixos-15.09.tar.gz
> > NIXOPS=${NIXOPS:-nixops}
> > export NIX_PATH=nixpkgs="$NIXPKGS":.
> >
> > usage () {
> > cat <<USAGE
> > Usage: $0 <nixops command> <realm/spec.nix> [nixops options]
> > Examples:
> >  $0 deploy realms/vbox.nix
> >  $0 info realms/vbox.nix
> >  $0 deploy realms/dumpoo.nix --build-only
> >  $0 destroy realms/cats.nix --include slothcat
> > USAGE
> > }
> >
> > fatal () {
> >  echo '** ERROR:' "$@" >&2
> >  usage >&2
> >  exit 1
> > }
> >
> > if [ $# -lt 2 ]; then
> >  fatal "missing agruments."
> > fi
> >
> > CMD="$1"; shift
> > REALM_NIX="$1"; shift
> >
> > case "$REALM_NIX" in
> >  *realms/*.nix) REALM=$(basename "$REALM_NIX" .nix);;
> >  *) fatal "invalid realm spec: $REALM_NIX";;
> > esac
> >
> > cd "$(dirname "$0")"
> >
> > state="secrets/nixops-${REALM}.json"
> > db=$(mktemp -u "secrets/tmp.${REALM}.XXXXXX.nixops")
> >
> > trap 'save' EXIT
> >
> > save() {
> >  if [ -f "$db" ]; then
> >    "$NIXOPS" export -s "${db}" > "${state}.tmp"
> >    mv "${state}.tmp" "${state}"
> >    rm -f "$db"*
> >  fi
> > }
> >
> > create() {
> >  "$NIXOPS" create -s "$db" -d "$REALM" "<realms/${REALM}.nix>"
> > }
> >
> > case "$CMD" in
> >  create)
> >    [ ! -f "$state" ] || fatal "\`$state' already exists."
> >    create
> >    ;;
> >  *)
> >    [ -f "$state" ] || fatal "\`$state' does not exists."
> >    "$NIXOPS" import -s "${db}" < "$state"
> >    "$NIXOPS" "$CMD" -s "$db" -d "$REALM" "$@"
> >    ;;
> > esac
> >
> >
> >
> > And makefile for development with vbox;
> >
> > REALM = cats
> > override STATE = secrets/nixops-vbox-$(REALM).json
> >
> > build: $(STATE)
> >    ./let deploy realms/vbox-$(REALM).nix --build-only
> >
> > destroy:
> >    ./let $@ realms/vbox-$(REALM).nix --confirm
> >
> > info deploy check send-keys start stop reboot: $(STATE)
> >    ./let $@ realms/vbox-$(REALM).nix
> >
> > $(STATE):
> >    ./let create realms/vbox-$(REALM).nix
> >
> > 2016-09-05 19:01 GMT+03:00 Aloïs Cochard <alois.cochard at gmail.com>:
> >> Hi all,
> >>
> >> We are experimenting with NixOps and we are having great success. We do
> plan
> >> to use it for our development infrastructure, and it seems to be very
> >> promising.
> >>
> >> In the light of applying the same technology on our production stack,
> I'm
> >> curious to know how NixOps is used "for real"? Do you use it in
> production?
> >>
> >> Do you have some success story to share?
> >>
> >> Would love to know more about how it is used, the size of clusters, ...
> >>
> >> Thanks in advance!
> >>
> >> --
> >> Λ\oïs
> >> http://twitter.com/aloiscochard
> >> http://github.com/aloiscochard
> >>
> >> _______________________________________________
> >> nix-dev mailing list
> >> nix-dev at lists.science.uu.nl
> >> http://lists.science.uu.nl/mailman/listinfo/nix-dev
> > _______________________________________________
> > nix-dev mailing list
> > nix-dev at lists.science.uu.nl
> > http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160912/bf6391f0/attachment.html>


More information about the nix-dev mailing list