nixops fails to build.

[nixinator]

Describe the bug

A clear and concise description of what the bug is.

Steps To Reproduce

Steps to reproduce the behavior:

1. ...nix-shell -p nixops
2. ...
3. ...

Expected behavior

it builds!

Additional context

error: builder for '/nix/store/48sdc9gb26pb3prykylvy644mmsma0km-python2.7-ruamel-yaml-clib-0.2.4.drv' failed with exit code 1;

https://hydra.nixos.org/build/157985763

Notify maintainers

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
 - system: `"x86_64-linux"`
 - host os: `Linux 5.10.70, NixOS, 21.05.20211003.7daf355 (Okapi)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.4pre20210922_bcd73eb`
 - channels(user): `"nixgl"`
 - channels(root): `"nixos-21.11pre332093.7fad01d9d5a"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute:
# a list of nixos modules affected by the problem
module:

[roberth]

Builds on linux thanks to #147049.

[NorfairKing]

nix-shell -p nixops --run `nixops --help`

still fails:

error: Package ‘python2.7-pyjwt-1.7.1’ in /nix/store/9sjqcal2d824lcy2jcriwzl0av1xfn97-nixpkgs-src/pkgs/development/tools/poetry2nix/poetry2nix/mk-poetry-dep.nix:108 is marked as insecure, refusing to evaluate.


       Known issues:
        - CVE-2022-29217

       You can install it anyway by allowing this package, using the
       following methods:

       a) To temporarily allow all insecure packages, you can use an environment
          variable for a single invocation of the nix tools:

            $ export NIXPKGS_ALLOW_INSECURE=1

        Note: For `nix shell`, `nix build`, `nix develop` or any other Nix 2.4+
        (Flake) command, `--impure` must be passed in order to read this
        environment variable.

       b) for `nixos-rebuild` you can add ‘python2.7-pyjwt-1.7.1’ to
          `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
          like so:

            {
              nixpkgs.config.permittedInsecurePackages = [
                "python2.7-pyjwt-1.7.1"
              ];
            }

       c) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
          ‘python2.7-pyjwt-1.7.1’ to `permittedInsecurePackages` in
          ~/.config/nixpkgs/config.nix, like so:

            {
              permittedInsecurePackages = [
                "python2.7-pyjwt-1.7.1"
              ];
            }
(use '--show-trace' to show detailed location information)

[nh2]

I think the pyjwt issue is tracked in NixOS/nixops#1532

I do not understand what the state of nixops is.

NixOS/nixops#1242 is an issue about NixOps 2.0 with all checkboxes ticked. Further down in the thread there is a link to a board called 2.0 Release. So what's going on? Are the things in that board release blockers?

Which version of nixops should normal users use today? The project does not seem to make it clear.

[NorfairKing]

And even with that insecure package enabled, the --help fails with an import error.

[roberth]

NixOps 1 is effectively end-of-life.

about NixOps 2.0 with all checkboxes ticked

That issue does not include critical usability problems present in master.

To quote my response to another issue:

All maintenance to the NixOps core currently happens on NixOps 2 (master / pre-release), because of the project's limited resources.
NixOps 1 relies on python 2.7, so maintaining it is not feasible with the NixOps project's limited resources.
Please consider helping with maintenance and testing, or donate to https://opencollective.com/nix-deployments. This fund currently supports reviews and fixes on master. Donations greatly increase our ability to get things merged and work towards a functional NixOps 2 release.

[nh2]

@roberth Is there a current way to get oneself an overview of what's working in NixOps 2 master, and what isn't?

Is it https://github.com/NixOS/nixops/projects/4?

I would like to contribute testing it, but need to know:

• what the migration path from nixops 1 is (can I continue to use my existing state files?)
• whether there are dangerous unaddressed issues (will it wipe my infrastructure?)
• if there are key unsupported parts that nixops 1 has (Hetzner support, EC2 support, Route53 support)

[roberth]

Is it https://github.com/NixOS/nixops/projects/4?

Yes, this is more up to date than the previously linked issue.

Is there a current way to get oneself an overview of what's working in NixOps 2 master, and what isn't?

I'll have to refer to the issues and PRs.
For the core, that's https://github.com/NixOS/nixops/issues https://github.com/NixOS/nixops/pulls

• what the migration path from nixops 1 is (can I continue to use my existing state files?)

The documentation is still lacking in this regard, and some more work on the legacy state storage backend or other state storage code may need to be done, e.g. NixOS/nixops#1533.

In my experience, NixOps 1 state files can be picked up by NixOps 2, but the opposite may not be true.

• whether there are dangerous unaddressed issues (will it wipe my infrastructure?)

Unlikely, but check the issues and prs of the plugins you're using.

• if there are key unsupported parts that nixops 1 has (Hetzner support, EC2 support, Route53 support)

The plugins that are responsible for these parts should continue to support whatever those parts used to support, and they are available.

IIRC we have two plugins for Hetzner now, one using a newer API. I have not worked on any hetzner related code.

[NorfairKing]

The build passes, if you permit that insecurity, now.

[nixos-discourse]

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/deploy-nixos-configurations-on-other-machines/22940/1