diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 77 |
1 files changed, 69 insertions, 8 deletions
@@ -6,7 +6,8 @@ krops is a lightweight toolkit to deploy NixOS systems, remotely or locally. ## Some Features - store your secrets in [password store](https://www.passwordstore.org/) -- build your system remotely + or [passage](https://github.com/FiloSottile/passage) +- build your systems remotely - minimal overhead (it's basically just `nixos-rebuild switch`!) - run from custom nixpkgs branch/checkout/fork @@ -19,8 +20,8 @@ Create a file named `krops.nix` (name doesn't matter) with following content: let krops = (import <nixpkgs> {}).fetchgit { url = https://cgit.krebsco.de/krops/; - rev = "v1.17.0"; - sha256 = "150jlz0hlb3ngf9a1c9xgcwzz1zz8v2lfgnzw08l3ajlaaai8smd"; + rev = "v1.25.0"; + sha256 = "07mg3iaqjf1w49vmwfchi7b1w55bh7rvsbgicp2m47gnj9alwdb6"; }; lib = import "${krops}/lib"; @@ -96,7 +97,7 @@ pkgs.krops.writeDeploy "deploy" { } ``` For more details about the `target` attribute, please check the `mkTarget` -function in [lib/default.nix](lib/defaults.nix). +function in [lib/default.nix](lib/default.nix). ### `backup` (optional, defaults to false) @@ -125,13 +126,40 @@ architecture. ### `fast` (optional, defaults to false) -Run `nixos-rebuild switch` immediately without building the system -in a dedicated `nix build` step. +Run `nixos-rebuild` immediately without building the system in a dedicated `nix +build` step. ### `force` (optional, defaults to false) Create the sentinel file (`/var/src/.populate`) before syncing the new source. +### `operation` (optional, defaults to "switch") + +Specifies which `nixos-rebuild` operation to perform. + +### `useNixOutputMonitor` (optional, defaults to `"opportunistic"`) + +Specifies when to pipe `nixos-rebuild`'s output to +[nom](https://github.com/maralorn/nix-output-monitor). + +Supported values: + +* `"opportunistic"` (default) - + Use `nom` only if it is present on the target machine. + +* `"optimistic"` - + Use `nom`, assuming it is present on the target machine. + +* `"pessimistic"` - + Use `nom` via `nix-shell` on the target machine. + +* `true` - + Use `nom`. + If it is not present on the target machine, then use it via `nix-shell`. + +* `false` - + Don't use `nom` + ## writeTest Very similiar to writeDeploy, but just builds the system on the target without @@ -152,6 +180,10 @@ below `/var/src`, and executes `NIX_PATH=/var/src nix-build -A system '<nixpkgs/ [see `writeDeploy`](#writeDeploy) +### `trace` (optional, defaults to false) + +run nix-build with `--show-trace` + ## writeCommand This can be used to run other commands than `nixos-rebuild` or pre/post build hooks. @@ -185,6 +217,10 @@ pkgs.krops.writeCommand "deploy-with-swap" { [see `writeDeploy`](#writeDeploy) +### `allocateTTY` (optional, defaults to false) + +whether the ssh session should do a pseudo-terminal allocation. +sets `-t` on the ssh command. ## Source Types @@ -206,13 +242,15 @@ using [`rsync`](https://rsync.samba.org/). Supported attributes: * `path` - - absolute path to files that should by transfered + absolute path to files that should by transferred. * `useChecksum` (optional) - boolean that controls whether file contents should be checked to decide whether a file has changed. This is useful when `path` points at files with mangled timestamps, e.g. the Nix store. + The default value is `true` if `path` is a derivation, and `false` otherwise. + * `filters` (optional) List of filters that should be passed to [`rsync`](https://rsync.samba.org/). Filters are specified as attribute sets with the attributes `type` and @@ -261,6 +299,29 @@ Supported attributes: sub-directory in the password store. +### `passage` + +The passage source type decrypts files from a local +[passage store](https://github.com/FiloSottile/passage) +and transfers them to the target using +[`rsync`](https://rsync.samba.org/). + +Supported attributes: + +* `dir` - + Path to the passage store. + For a partial transfer, this may point to a subdirectory. + Example: `~/.passage/store/hosts/MYHOSTNAME` + +* `identities_file` (optional) - + Path to the identities file. + Defaults to `~/.passage/identities`. + +* `age` (optional) - + Path of the age binary. + Defaults to `age` (absolute path gets resolved using `passage`'s search path.) + + ### `pipe` Executes a local command, capture its stdout, and send that as a file to the @@ -292,6 +353,6 @@ Supported attributes: Comments, questions, pull-requests and patches, etc. are very welcome, and can be directed at: -- IRC: #krebs at freenode +- IRC: #krebs at hackint - Mail: [spam@krebsco.de](mailto:spam@krebsco.de) - Github: https://github.com/krebs/krops/ |