roberth/nixops4-quick-intro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update

Browse source
This commit is contained in:
Robert Hensing 2024-11-14 10:45:18 +01:00
parent 910ede276f
commit 3772edb596
1 changed files with 107 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

184
slides.md
View file

@ -20,26 +20,40 @@ _class: invert lead
- How - How
- Demo - Demo
Robert Hensing
@roberth
fediversity.eu
# Why # Why
2013 - 2020
- NixOps 1 is a tool to deploy NixOS systems - NixOps 1 is a tool to deploy NixOS systems
- Provisioning - Provisioning, secrets
- Secrets - Also resources, e.g. AWS Route53
- Other resources, such as AWS Route53, etc - Call Nix evaluator twice (bad(TM))
- Python program
- Call Nix evaluator twice
<!-- <!--
calling the evaluator twice is not good enough calling the evaluator twice is not good enough
--> -->
# Architecture # Why
NixOps 2 NixOps 2
2013 - 2020 - ... 2020 - ...
- Plugins
- Polyrepo
# Why
NixOps 2
2020 - ...
![bg right:66% height:80%](nixops2.png) ![bg right:66% height:80%](nixops2.png)
@ -52,8 +66,16 @@ They did a good job with the architecture they had.
- Ossified the architecture - Ossified the architecture
--> -->
# Why
# Architecture 2022
@roberth
- Still the only tool that integrates provisioning
# Step back
Nix Nix
@ -72,7 +94,7 @@ Nix
``` ```
<!-- <!--
Explain thoroughly TODO: Explain firmly
--> -->
# Architecture # Architecture
@ -94,6 +116,9 @@ NixOps4
``` ```
<!-- <!--
How done is it?
Adds new layer on top Adds new layer on top
Focus on `nix value` => precisely that; no tight coupling between NixOps and its resources Focus on `nix value` => precisely that; no tight coupling between NixOps and its resources
@ -117,10 +142,11 @@ Not comparable to NixOps 2 architecture image. NixOps 2 is "just a script" that
- Update - Update
- Delete - Delete
# Resource Provider # Deployment
- Separate process Collection of resources
- executable obtained with Nix. - wired together with Nix expressions
- reflecting some area of the real world
# Operations # Operations
@ -135,14 +161,12 @@ Not comparable to NixOps 2 architecture image. NixOps 2 is "just a script" that
b. Scripts depending on resource outputs b. Scripts depending on resource outputs
--> -->
# Process Architecture # Resource Provider
- Program built with Nix
- Called by NixOps
- Talks an IPC protocol
- NixOps4
- `nixops4-eval` -> `libnixexpr` etc (internal)
- resource providers
- `nixops4-resources-local`
- `nixops4-resources-opentofu` (planned)
- ...
# Expressions # Expressions
@ -153,7 +177,7 @@ Simplified
outputs = inputs: { outputs = inputs: {
nixops4Deployments.default = { resources, ... }: { nixops4Deployments.default = { resources, ... }: {
resources = { resources = {
"state" = { <resource name> = {
... ...
}; };
}; };
@ -162,11 +186,49 @@ Simplified
} }
``` ```
<!-- These are very abstract. Clarify why. -->
# Expressions
```nix
{ resources, ... }: {
resources = {
"nixos" = {
imports = [ inputs.nixos.modules.nixops4Resource.nixos ];
inputs = {
ssh.privateKey = resources.sshkeypair.privateKey;
ssh.host = resources.host;
module = ./configuration.nix;
};
};
};
}
```
# Expressions # Expressions
```nix ```nix
{ resources, ... }: { { resources, ... }: {
resources = { resources = {
"nixos" = ...;
"sshkeypair" = {
type = "ssh.keypair";
inputs = {
state = resources.state;
};
};
};
}
```
# Expressions
```nix
{ resources, ... }: {
resources = {
"nixos" = ...;
"sshkeypair" = ...;
"state" = { "state" = {
type = "s3.object"; type = "s3.object";
inputs = { inputs = {
@ -181,65 +243,14 @@ Simplified
# Expressions # Expressions
```nix ```nix
{ resources, ... }: { { config, resources, ... }: {
resources = {
"state" = ...;
};
}
```
# Expressions
```nix
{ resources, ... }: {
resources = {
"state" = ...;
"sshkey" = {
type = "ssh.key";
inputs = {
state = resources.state.handle;
};
};
};
}
```
# Expressions
```nix
{ resources, ... }: {
resources = {
"state" = ...;
"sshkey" = ...;
"nixos" = {
imports = [ inputs.nixos.modules.nixops4Resource.nixos ];
inputs = {
ssh.privateKey = resources.sshkey.privateKey;
ssh.host = resources.host;
module = ./configuration.nix;
};
};
};
}
```
# Expressions
```nix
{ resources, ... }: {
options.customers = mkOption { options.customers = mkOption {
type = attrsOf (submodule ./customer.nix); type = attrsOf (submodule ./customer.nix);
}; };
config.resources = { config.resources = {
"state" = ...; "state" = ...;
"sshkey" = ...; "sshkeypair" = ...;
"nixos" = ...; "nixos" = ... (foo config.customers) ...;
}; };
} }
``` ```
@ -268,8 +279,8 @@ top@{ resources, ... }: {
resources = { resources = {
"state" = ...; "state" = ...;
"my-host" = mkSequence ({ resources, ... }: { "my-host" = mkSequence ({ resources, ... }: {
"sshkey" = ... top.resources.state.handle ...; "sshkeypair" = ... top.resources.state.handle ...;
"nixos" = ... resources.sshkey.privateKey ...; "nixos" = ... resources.sshkeypair.privateKey ...;
}); });
}; };
} }
@ -291,10 +302,20 @@ top@{ resources, ... }: {
# Operator benefits # Operator benefits
CLI interface for the backend CLI for the backend
Integrate arbitrary scripts, no glue code Integrate arbitrary scripts, no glue code
# Operator benefits
# Caveats
TBD
- `mkSequence` nesting / data dependencies
- Read, Update, Delete
- More resources
- OpenTofu
# Demo? # Demo?
# Not discussed # Not discussed
@ -303,3 +324,12 @@ Integrate arbitrary scripts, no glue code
- read multiple => migrations - read multiple => migrations
- `resourceProviderSystem` - `resourceProviderSystem`
# Process Architecture
- `nixops4`
- `nixops4-eval` -> `libnixexpr` etc (internal)
- resource providers
- `nixops4-resources-local`
- `nixops4-resources-opentofu` (planned)
- ...