Where's our nixops utility?
$ nix-env -qaP nixops
nixpkgs.nixops nixops-1.2
nixpkgs.nixopsUnstable nixops-1.3pre1486_7489764
Cool. Let's use the stable nixops 1.2 version.
$ nix-env -iA nixpkgs.nixops
$ nixops -h
usage: nixops [-h] [--version]
{list,create,modify,clone,delete,info,check,set-args,deploy,send-keys,destroy,stop,start,reboot,show-physical,ssh,ssh-for-each,scp,rename,backup,backup-status,remove-backup,clean-backups,restore,show-option,list-generations,rollback,delete-generation,show-console-output,dump-nix-paths,export,import,edit}
...
NixOS cloud deployment tool
positional arguments:
{list,create,modify,clone,delete,info,check,set-args,deploy,send-keys,destroy,stop,start,reboot,show-physical,ssh,ssh-for-each,scp,rename,backup,backup-status,remove-backup,clean-backups,restore,show-option,list-generations,rollback,delete-generation,show-console-output,dump-nix-paths,export,import,edit}
sub-command help
list list all known deployments
create create a new deployment
modify modify an existing deployment
clone clone an existing deployment
delete delete a deployment
info show the state of the deployment
check check the state of the machines in the network
set-args persistently set arguments to the deployment
specification
deploy deploy the network configuration
send-keys send encryption keys
destroy destroy all resources in the specified deployment
stop stop all virtual machines in the network
start start all virtual machines in the network
reboot reboot all virtual machines in the network
show-physical print the physical network expression
ssh login on the specified machine via SSH
ssh-for-each execute a command on each machine via SSH
scp copy files to or from the specified machine via scp
rename rename machine in network
backup make snapshots of persistent disks in network
(currently EC2-only)
backup-status get status of backups
remove-backup remove a given backup
clean-backups remove old backups
restore restore machines based on snapshots of persistent
disks in network (currently EC2-only)
show-option print the value of a configuration option
list-generations list previous configurations to which you can roll
back
rollback roll back to a previous configuration
delete-generation remove a previous configuration
show-console-output
print the machine's console output on stdout
dump-nix-paths dump Nix paths referenced in deployments
export export the state of a deployment
import import deployments into the state file
edit open the deployment specification in $EDITOR
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
When deploying an instance, NixOps builds the environment before transferring it to target host. This means that we need a native NixOS environment to use NixOps.
The trick is to set up a NixOS virtualbox guest and use this NixOS virtualbox guest as our native NixOS environment for building packages before deploying on the host.
On our Mac OS X host, prepare the following:
$ cd ~
$ sudo mkdir /etc/nix
$ sudo cp ~/.ssh/id_rsa /etc/nix/signing-key.sec
$ openssl rsa -in /etc/nix/signing-key.sec -pubout > signing-key.pub
$ sudo mv signing-key.pub /etc/nix/
$ sudo chmod calvin:staff /etc/nix/signing-key.sec
Note that this openssl-generated public key is not the same as the id_rsa.pub generated by ssh-keygen.
Check:
$ ls -la /etc/nix
total 12
drwxr-xr-x 5 root wheel 170 Jun 11 18:06 .
drwxr-xr-x 99 root wheel 3366 Jun 10 23:42 ..
-rw-r--r-- 1 root wheel 136 Jun 7 19:08 nix.conf
-rw-r--r-- 1 calvin staff 451 Jun 11 18:05 signing-key.pub
-rw------- 1 calvin staff 1679 Jun 11 18:03 signing-key.sec
Copy these signing keys to our NixOS virtualbox guest (our build server, so-to-speak), placing them in the same location and making sure that our nix user (for my case, calvin
user in my NixOS virtualbox guest)
rsync -avz -e "ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p 2223" --progress /etc/nix/signing-key.* calvin@127.0.0.1:~/
ssh into our NixOS guest and move the keys to /etc/nix
as root user since our calvin user does not have the root permissions for the /etc/nix
directory.
$ ssh -p 2223 calvin@127.0.0.1
$ su - root
$ mv /home/calvin/signing-key.* /etc/nix/signing-key.*
Check:
ls -la /etc/nix
total 16
drwxr-xr-x 2 root root 4096 Jun 11 12:20 .
drwxr-xr-x 19 root root 4096 Jun 11 12:09 ..
lrwxrwxrwx 1 root root 24 Jun 11 12:09 nix.conf -> /etc/static/nix/nix.conf
-rw-r--r-- 1 calvin users 451 Jun 11 12:05 signing-key.pub
-rw------- 1 calvin users 1679 Jun 11 12:03 signing-key.sec
In our Mac OS X host, specify that we want to run distributed builds:
export NIX_BUILD_HOOK=$HOME/.nix-profile/libexec/nix/build-remote.pl
export NIX_CURRENT_LOAD=/tmp/current-load
Make sure we create the /tmp/current-load
directory too.
mkdir /tmp/current-load
Setting up NixOS on linode and automating deploying with NixOps