NixOps is a tool for deploying to NixOS machines in a network or cloud.

Related tags

DevOps Tools python aws devops cloud nix virtualbox nixops nixos libvirt gce hetzner digialocean
Overview

NixOps

Test

NixOps is a tool for deploying to NixOS machines in a network or the cloud. Key features include:

  • Declarative: NixOps determines and carries out actions necessary to realise a deployment configuration.
  • Testable: Try your deployments on VirtualBox or libvirtd.
  • Multi Cloud Support: Currently supports deployments to AWS, Hetzner, and GCE
  • Separation of Concerns: Deployment descriptions are divided into logical and physical aspects. This makes it easy to separate parts that say what a machine should do from where they should do it.
  • Extensible: NixOps is extensible through a plugin infrastructure which can be used to provide additional backends.

For more information, please refer to the NixOps manual.

Running

NixOps is included in nixpkgs and can be executed in a shell as follows:

$ nix-shell -p nixops

or for a bleeding edge version, including many fixes relative to the 1.7 series,

$ nix-shell -p nixopsUnstable

You may need access to a Nix remote builder if your system does not support the deployment's system builds directly. MacOS users may use a virtual machine with NixOS for this purpose.

It is also possible to use cross-compilation with NixOps, by setting nixpkgs.localSystem and nixpkgs.crossSystem. A mix of remote, emulated and cross builds is also possible; see this writeup on eno.space.

Building And Developing

Building The Nix Package

You can build the Nix package by simply invoking nix-build on the project root:

$ nix-build

Development Shell

shell.nix provides an environment with all dependencies required for working on NixOps. You can use nix-shell to enter a shell suitable for working on NixOps which will contain all Python dependencies specified in pyproject.toml

$ nix-shell

Executing Tests

Inside the development shell the tests can be executed as follows:

$ ./coverage-tests.py -a '!libvirtd,!gce,!ec2,!azure' -v

Documentation

NixOps' documentation uses reStructuredText. When editing the docs, get a live-reloading, rendered version of the docs:

nixops$ ./live-docs.py
Serving on http://127.0.0.1:5500

and verify its lints before committing:

nixops$ lint-docs

Contributing

Contributions to the project are welcome in the form of GitHub PRs. Please consider the following guidelines before creating PRs:

  • Please make sure to format your code using black.
  • Please add type signatures using mypy.
  • If you are planning to make any considerable changes, you should first present your plans in a GitHub issue so it can be discussed.
  • If you are adding features, please also add reasonable tests.

License

Licensed under LGPL-3.0.

Comments
  • Azure Backend

    Azure Backend

    WIP.

    Currently you have to build and register a nixos bootstrap image by hand.

    A sample deployment:

    let
  # change this as necessary or wipe and use ENV vars
  credentials = {
    subscriptionId = "f1ce4500-ab06-495a-8d59-a7cfe9e46dae";
    certificatePath = "path/mycert.pem";
  };
in
{

  resources.azureAffinityGroups.testAG = credentials // {
    location = "West US";
    label = "who needs this?";
    description = "random";
  };

  resources.azureReservedIPAddresses.testIP = credentials // {
    location = "West US";
  };

  resources.azureReservedIPAddresses.debugIP = credentials // {
    location = "West US";
  };

  resources.azureHostedServices.testHS = {resources,...}: credentials // {
    #location = "West US";
    affinityGroup = resources.azureAffinityGroups.testAG;
    label = "who needs this?";
  };

  resources.azureStorages.testS = {resources,...}: credentials // {
    name = "mystorage";
    location = "West US";
    label = "who cares";
    description = "asdfafa";
  };

  resources.azureBlobContainers.testBC =  {resources,...}: credentials // {
    name = "mycontainer";
    storage = resources.azureStorages.testS;
    acl = "blob";
  };

  resources.azureBlobs.testblob =  {resources,...}: credentials // {
    container = resources.azureBlobContainers.testBC;
    contentType = "text/plain";
    filePath = "path/blob.html";
  };

  machine = { resources, ...}: {
    networking.firewall.allowPing = true;
    deployment.targetEnv = "azure";
    deployment.azure = credentials // {
      ipAddress = resources.azureReservedIPAddresses.testIP;
      storage = resources.azureStorages.testS;
      hostedService = resources.azureHostedServices.testHS;
      rootDiskImage = "nixos";
      rootDiskUrl = "http://mystorage.blob.core.windows.net/mycontainer/machine-root";
    };

  };

}
    opened by Phreedom 75
  • libvirtd: Add support for remote libvirt URIs

    libvirtd: Add support for remote libvirt URIs

    This PR adds support for deploying to remote libvirtd hosts via qemu+ssh://... or qemu+tcp://... URIs.

    • [x] Make the URI configurable instead of hardcoging it to qemu:///system.
    • [x] Use libvirt API to upload the disk image instead of using the local image directory.
    • [x] Use libvirt API to determing the QEMU executable instead of using /run/current-system/sw/bin/qemu-system-x86_64.
    • [x] Error handling.
    • [x] Backward compatibility.
    • [x] Update documentation and examples.
    backends/libvirtd 
    opened by erosennin 61
  • Infinite recursion encountered after updating nixpkgs

    Infinite recursion encountered after updating nixpkgs

    I just updated my nixpkgs to https://github.com/NixOS/nixpkgs/commit/1035b7b6c9970a124087f6fe0a5962864c0f67e1 and now most nixops commands detect an infinite recursion which seems to start at the nixops ec2.nix file at line 405. For example:

    ./nixops-HEAD show-physical -d stalling-net --show-trace
error: while evaluating the attribute ‘config.deployment’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/attrsets.nix":135:44:
while evaluating anonymous function at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/options.nix":122:41, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/attrsets.nix":135:52:
while evaluating ‘scrubOptionValue’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/options.nix":118:22, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/options.nix":122:44:
while evaluating ‘isDerivation’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/attrsets.nix":222:18, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/options.nix":119:8:
while evaluating the attribute ‘"${attr}"’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/nixos/lib/eval-config.nix":50:5:
while evaluating the attribute ‘config’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":82:25:
while evaluating ‘yieldConfig’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":69:29, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":68:16:
while evaluating the attribute ‘_module.check.value’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":266:9:
while evaluating the option `_module.check':
while evaluating ‘id’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/trivial.nix":4:8, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":264:15:
while evaluating the attribute ‘isDefined’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":298:9:
while evaluating ‘processOrder’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":284:26, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":290:11:
while evaluating ‘fold’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/lists.nix":20:19, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":286:16:
while evaluating ‘fold'’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/lists.nix":23:15, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/lists.nix":27:8:
while evaluating ‘processOverride’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":281:29, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":290:25:
while evaluating ‘filterOverrides’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":369:21, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":281:35:
while evaluating ‘concatMap’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/lists.nix":54:18, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":376:8:
while evaluating ‘processIfAndMerge’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":276:31, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":290:42:
while evaluating ‘concatMap’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/lists.nix":54:18, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":276:37:
while evaluating ‘concatMap’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/lists.nix":54:18, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":162:8:
while evaluating anonymous function at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":162:19, called from undefined position:
while evaluating ‘pushDownProperties’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":319:24, called from "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":162:75:
while evaluating the attribute ‘config’ at "/home/bas.van.dijk/engineering/lumi/nixpkgs/lib/modules.nix":111:11:
while evaluating the attribute ‘config’ at "/nix/store/n7rbrmd88qk0y5z7djg431cp9abz09zk-nixops-HEAD/share/nix/nixops/ec2.nix":405:3:
infinite recursion encountered
error: evaluation of the deployment specification failed

    Note I'm also using the latest nixops (https://github.com/NixOS/nixops/commit/372333a9e243c1dc58280ba08c5c1ade3ae86a59).

    @rbvermaa Could it have something todo with: https://github.com/NixOS/nixpkgs/commit/824fccd3e90cf75d5e2968fef2392f70e04d9f9c ?

    opened by basvandijk 42
  • Key/Value backend

    Key/Value backend

    This is just the same as https://github.com/NixOS/nixops/pull/624 I will make the other hundred refrence changes needed but i just wanted to get this started.

    There are quite some ideas in the issue tracker about how we could improve nixops radically.

    I would like to start out with a feasible iterative plan. As far as I can see, only very trivial SQL operations are every executed against the sqlite3 database; the main use case is to use transactions to support rollback in the case of exceptions. This should not be to hard to implement ourselves in memory, in combination with a key/value server that supports locking certain keys.

    • [x] Refactor the statefile and deployment lock into a specific local implementation
    • [x] Introduce different URI schema's for future backends
    • [x] Refactor all the sqlite3 queries into concrete operations implemented in file.Statefile
    • [x] Deployment
    • [x] Resource
    • [x] VirtualBox
    • [x] None backend done, needs to be verified
    • [ ] GCE done, needs to be verified
    • [ ] AWS done, needs to be verified
    • [ ] Hetzner done, needs to be verified
    • [x] Implement a local json file backend
    • [x] Fix unit tests
    opened by mogorman 37
  • Doc section: 'Deploying a VirtualBox VM' causes 'Failed to start Apache HTTPD.'

    Doc section: 'Deploying a VirtualBox VM' causes 'Failed to start Apache HTTPD.'

    Following Section 3.1: Deploying a VirtualBox VM of the NixOps doc, there is an issue with Example 3.1 as evidenced by:

    Tail end of running 'nixops deploy -d trivial':

    webserver> starting the following units: alsa-store.service, get-vbox-nixops-client-key.service, kmod-static-nodes.service, network-local-commands.service, network-setup.service, nix-daemon.service, nscd.service, ntpd.service, systemd-journald.service, systemd-logind.service, systemd-modules-load.service, systemd-sysctl.service, systemd-tmpfiles-clean.timer, systemd-tmpfiles-setup-dev.service, systemd-udev-settle.service, systemd-udev-trigger.service, systemd-udevd.service, systemd-vconsole-setup.service, virtualbox.service
webserver> A dependency job for get-vbox-nixops-client-key.service failed. See 'journalctl -xe' for details.
webserver> A dependency job for virtualbox.service failed. See 'journalctl -xe' for details.
webserver> the following new units were started: audit.service, dev-disk-by\x2dlabel-nixos.device, httpd.service, init.scope, keys.target
webserver> error: unable to activate new configuration
error: activation of 1 of 1 machines failed (namely on ‘webserver’)

    After sshing into the 'webserver' host:

    [root@webserver:~]# journalctl -xe
Jan 26 22:31:05 webserver httpd-pre-start[12348]: mkdir: cannot create directory ‘/nix/store/4c8dcjp0c3znivgiij4hj4za2j0bbfmp-valgrind-3.11.0/share/doc’: Read
Jan 26 22:31:05 webserver systemd[1]: httpd.service: Control process exited, code=exited status=1
Jan 26 22:31:05 webserver systemd[1]: Failed to start Apache HTTPD.
Jan 26 22:31:05 webserver systemd[1]: httpd.service: Unit entered failed state.
Jan 26 22:31:05 webserver systemd[1]: httpd.service: Failed with result 'exit-code'.
Jan 26 22:31:10 webserver systemd[1]: httpd.service: Service hold-off time over, scheduling restart.
Jan 26 22:31:10 webserver systemd[1]: nixops-keys.service: Cannot add dependency job, ignoring: Unit nixops-keys.service is masked.
Jan 26 22:31:10 webserver systemd[1]: Stopped Apache HTTPD.
Jan 26 22:31:10 webserver systemd[1]: Starting Apache HTTPD...
Jan 26 22:31:10 webserver httpd-pre-start[12359]: mkdir: cannot create directory ‘/nix/store/4c8dcjp0c3znivgiij4hj4za2j0bbfmp-valgrind-3.11.0/share/doc’: Read
Jan 26 22:31:10 webserver systemd[1]: httpd.service: Control process exited, code=exited status=1
Jan 26 22:31:10 webserver systemd[1]: Failed to start Apache HTTPD.
Jan 26 22:31:10 webserver systemd[1]: httpd.service: Unit entered failed state.
Jan 26 22:31:10 webserver systemd[1]: httpd.service: Failed with result 'exit-code'.
Jan 26 22:31:15 webserver systemd[1]: httpd.service: Service hold-off time over, scheduling restart.
Jan 26 22:31:15 webserver systemd[1]: nixops-keys.service: Cannot add dependency job, ignoring: Unit nixops-keys.service is masked.
Jan 26 22:31:15 webserver systemd[1]: Stopped Apache HTTPD.
Jan 26 22:31:15 webserver systemd[1]: Starting Apache HTTPD...
Jan 26 22:31:15 webserver httpd-pre-start[12370]: mkdir: cannot create directory ‘/nix/store/4c8dcjp0c3znivgiij4hj4za2j0bbfmp-valgrind-3.11.0/share/doc’: Read
Jan 26 22:31:15 webserver systemd[1]: httpd.service: Control process exited, code=exited status=1
Jan 26 22:31:15 webserver systemd[1]: Failed to start Apache HTTPD.
Jan 26 22:31:15 webserver systemd[1]: httpd.service: Unit entered failed state.
Jan 26 22:31:15 webserver systemd[1]: httpd.service: Failed with result 'exit-code'.
Jan 26 22:31:20 webserver systemd[1]: httpd.service: Service hold-off time over, scheduling restart.
Jan 26 22:31:20 webserver systemd[1]: nixops-keys.service: Cannot add dependency job, ignoring: Unit nixops-keys.service is masked.
Jan 26 22:31:20 webserver systemd[1]: Stopped Apache HTTPD.
Jan 26 22:31:20 webserver systemd[1]: Starting Apache HTTPD...
Jan 26 22:31:20 webserver httpd-pre-start[12381]: mkdir: cannot create directory ‘/nix/store/4c8dcjp0c3znivgiij4hj4za2j0bbfmp-valgrind-3.11.0/share/doc’: Read
Jan 26 22:31:20 webserver systemd[1]: httpd.service: Control process exited, code=exited status=1
Jan 26 22:31:20 webserver systemd[1]: Failed to start Apache HTTPD.
Jan 26 22:31:20 webserver systemd[1]: httpd.service: Unit entered failed state.
Jan 26 22:31:20 webserver systemd[1]: httpd.service: Failed with result 'exit-code'.
Jan 26 22:31:26 webserver systemd[1]: httpd.service: Service hold-off time over, scheduling restart.
Jan 26 22:31:26 webserver systemd[1]: nixops-keys.service: Cannot add dependency job, ignoring: Unit nixops-keys.service is masked.
Jan 26 22:31:26 webserver systemd[1]: Stopped Apache HTTPD.
Jan 26 22:31:26 webserver systemd[1]: Starting Apache HTTPD...
Jan 26 22:31:26 webserver httpd-pre-start[12392]: mkdir: cannot create directory ‘/nix/store/4c8dcjp0c3znivgiij4hj4za2j0bbfmp-valgrind-3.11.0/share/doc’: Read
Jan 26 22:31:26 webserver systemd[1]: httpd.service: Control process exited, code=exited status=1
Jan 26 22:31:26 webserver systemd[1]: Failed to start Apache HTTPD.
Jan 26 22:31:26 webserver systemd[1]: httpd.service: Unit entered failed state.
Jan 26 22:31:26 webserver systemd[1]: httpd.service: Failed with result 'exit-code'.

    Example 3.1 results in httpd-pre-start attempting to create a directory at a read-only location. Trying this expression with a destination of '/mnt/foobar' works -- but may degrade later steps in the NixOps doc.

    Historical reference: https://groups.google.com/forum/#!topic/nixops-users/vDE67k480uM

    Thanks! -Joshua

    backends/virtualbox 
    opened by josdotso 34
  • Key/value backend

    Key/value backend

    There are quite some ideas in the issue tracker about how we could improve nixops radically.

    I would like to start out with a feasible iterative plan. As far as I can see, only very trivial SQL operations are every executed against the sqlite3 database; the main use case is to use transactions to support rollback in the case of exceptions. This should not be to hard to implement ourselves in memory, in combination with a key/value server that supports locking certain keys.

    • [x] Refactor the statefile and deployment lock into a specific local implementation
    • [x] Introduce different URI schema's for future backends
    • [ ] Refactor all the sqlite3 queries into concrete operations implemented in file.Statefile
      • [x] Deployment
      • [x] Resource
      • [x] VirtualBox
      • [ ] GCE done, needs to be verified
      • [ ] AWS done, needs to be verified
      • [ ] Hetzner done, needs to be verified
    • [x] Implement a local json file backend
    opened by moretea 27
  • Cannot deploy virtuablox headless nodes

    Cannot deploy virtuablox headless nodes

    Hi, there seems to be again a problem with nixops with virtualbox headless nodes.

    $ nixops deploy -d minicloud webserver> creating VirtualBox VM... webserver> Virtual machine 'nixops-24856f59-ba5b-11e3-a2e6-2d15dd5fa0ff-webserver' is created and registered. webserver> UUID: d6ea884c-3173-4e12-bada-aeff1112c39c webserver> Settings file: '/home/maggesi/VirtualBox VMs/nixops-24856f59-ba5b-11e3-a2e6-2d15dd5fa0ff-webserver/nixops-24856f59-ba5b-11e3-a2e6-2d15dd5fa0ff-webserver.vbox'

    webserver> creating disk ‘disk1’... webserver> 0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100% webserver> Clone hard disk created in format 'VDI'. UUID: ad027933-92f8-4655-8f63-a3bf582122b8

    webserver> attaching disk ‘disk1’... webserver> VBoxManage: error: The virtual machine 'nixops-24856f59-ba5b-11e3-a2e6-2d15dd5fa0ff-webserver' has terminated unexpectedly during startup with exit code 1

    webserver> VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component Machine, interface IMachine webserver> Waiting for VM "nixops-24856f59-ba5b-11e3-a2e6-2d15dd5fa0ff-webserver" to power on...

    webserver> waiting for IP address...........

    Can you test and confirm the problem.

    My setup:

    nix-channel --list

    nixops http://hydra.nixos.org/project/nixops/channel/latest nixos http://nixos.org/channels/nixos-unstable

    opened by maggesi 27
  • Error deploying trivial-gce.nix

    Error deploying trivial-gce.nix

    I'm trying to create a basic instance using the trivial-gce.nix example. I get the following error:

    [nix-shell:~/xxx]$ nixops create ./trivial-gce.nix -d nixops-test
created deployment ‘9fc9542b-5580-11e4-a4a9-56847afe9799’
9fc9542b-5580-11e4-a4a9-56847afe9799

[nix-shell:~/xxx]$ nixops deploy -d nixops-test
error: unknown backend type ‘gce’

    Here is the trivial-gce.nix file:

    {
  machine =
    { deployment.targetEnv = "gce";
      deployment.gce = {
        # credentials
        project = "galene-development";
        serviceAccount = "[email protected]";
        accessKey = "pkey.pem";

        # instance properties
        region = "europe-west1-b";
        instanceType = "n1-standard-2";
        tags = ["crazy"];
        scheduling.automaticRestart = true;
        scheduling.onHostMaintenance = "MIGRATE";
      } ;

      fileSystems."/data"=
        { autoFormat = true;
          fsType = "ext4";
          gce.size = 10;
          gce.encrypt = true;
          gce.disk_name = "data";
        };
    };
}

    The environment from which I'm running nixops is created by running nix-shell with the following nix-expression:

    # default.nix
{ pkgs ? (import <nixpkgs> {}) }:

let
  inherit (pkgs) stdenv;
in stdenv.mkDerivation rec {
  name = "xxx-build-env";
  version = "0.0.1";
  src = ./.;
  buildInputs = [
    pkgs.nixops
    pkgs.openssl
  ];
}

    I'm not really sure what's going on. I also tried running the examples (load-balancer.nix and load-balancer-gce.nix) and received a similar error.

    opened by aaronlevin 26
  • init: arbitrary output resources

    init: arbitrary output resources

    Using the ssh_keypair as a model, this allows one to create whatever JSON via a shell script in order to allow customized resources.

    Example use:

    resources.output.myKeys.func = ''
    tinc --batch -c $NIXOPS_OUTPUT_DIR generate-ed25519-keys > /dev/null
    jq '{pub:$pub,priv:$priv}' --null-input --rawfile pub $NIXOPS_OUTPUT_DIR/ed25519_key.pub --rawfile priv $NIXOPS_OUTPUT_DIR/ed25519_key.priv
'';
    opened by tomberek 25
  • Recommended way to protect/store/share deployment state files

    Recommended way to protect/store/share deployment state files

    I'm pretty terrified of losing one of my state files and losing all ability to interact with my deployments via nixops. What is the recommended strategy for keeping the state files safe and sharing them so that I and others on the team can deploy now and forever into the future?

    I've seen some people use git + git-crypt to store the state in the repository. However, I can't imagine that doing merges on a state file is a good idea. Some have mentioned the export feature. However, keeping your export data in sync with the actual state file is pretty complex and error-prone (it would be much better if nixops could write directly to an export file while it makes changes to a deployment).

    question 
    opened by 3noch 25
  • Python 3 Support

    Python 3 Support

    Does NixOps support Python 3? I couldn't tell from setup.py or the issues, but it looks like it's Python 2 only right now. (I'm waiting for #502 so I can try nixops out.)

    I think this would be nice to go along with https://github.com/NixOS/nixpkgs/issues/18185.

    improvement must-have 
    opened by aneeshusa 24
  • Bump flake versions

    Bump flake versions

    Fixes #1548

    Flake lock file updates:

    • Updated input 'nixpkgs': 'github:NixOS/nixpkgs/0ea7a8f1b939d74e5df8af9a8f7342097cdf69eb' (2022-07-02) → 'github:NixOS/nixpkgs/677ed08a50931e38382dbef01cba08a8f7eac8f6' (2022-12-29) • Updated input 'utils': 'github:numtide/flake-utils/c91f3de5adaf1de973b797ef7485e441a65b8935' (2021-10-21) → 'github:numtide/flake-utils/5aed5285a952e0b949eb3ba02c12fa4fcfef535f' (2022-11-02)

    opened by scottbot95 1
  • nixops check: `run-initramfs.mount [failed]`

    nixops check: `run-initramfs.mount [failed]`

    run-initramfs.mount [failed] does not seem to be a true error condition. Judging from the NixOS sources, this mount seems to be involved in system shutdown, being activated only by the shutdown target. So for this unit to be active does not seem like a problem.

    opened by roberth 0
  • Nixpkgs marked poetry to be insecure (indirectly).

    Nixpkgs marked poetry to be insecure (indirectly).

    See https://github.com/NixOS/nixpkgs/pull/203396#issuecomment-1329362168

    Not sure how I'd contribute to fix this issue though. My guess is a simple nix flake update might work?

    opened by Pegasust 1
  • `nixops deploy` fails with `error: attribute 'type' missing`

    `nixops deploy` fails with `error: attribute 'type' missing`

    Since I updated my project's flake.nix to use inputs.nixpkgs.url = github:NixOs/nixpkgs/nixos-22.11;, nixops deploy fails with

    error: attribute 'type' missing
    stack trace 
    error: attribute 'type' missing

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/modules.nix:597:26:

          596|           else if optionDecls != [] then
          597|               if all (x: x.options.type.name == "submodule") optionDecls
             |                          ^
          598|               # Raw options can only be merged into submodules. Merging into
       Did you mean _type?

       … while evaluating the attribute 'options.type.name'

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/modules.nix:555:38:

          554|       declsByName = byName "options" (module: option:
          555|           [{ inherit (module) _file; options = option; }]
             |                                      ^
          556|         ) options;

       … while evaluating anonymous lambda

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/modules.nix:597:23:

          596|           else if optionDecls != [] then
          597|               if all (x: x.options.type.name == "submodule") optionDecls
             |                       ^
          598|               # Raw options can only be merged into submodules. Merging into

       … from call site

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/modules.nix:597:18:

          596|           else if optionDecls != [] then
          597|               if all (x: x.options.type.name == "submodule") optionDecls
             |                  ^
          598|               # Raw options can only be merged into submodules. Merging into

       … while evaluating anonymous lambda

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/modules.nix:582:39:

          581|
          582|       resultsByName = mapAttrs (name: decls:
             |                                       ^
          583|         # We're descending into attribute ‘name’.

       … from call site

       … while evaluating anonymous lambda

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/modules.nix:628:22:

          627|         # Propagate all unmatched definitions from nested option sets
          628|         mapAttrs (n: v: v.unmatchedDefns) resultsByName
             |                      ^
          629|         # Plus the definitions for the current prefix that don't have a matching option

       … from call site

       … while evaluating anonymous lambda

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/modules.nix:642:46:

          641|         else
          642|           concatLists (mapAttrsToList (name: defs:
             |                                              ^
          643|             map (def: def // {

       … from call site

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/attrsets.nix:375:16:

          374|   mapAttrsToList = f: attrs:
          375|     map (name: f name attrs.${name}) (attrNames attrs);
             |                ^
          376|

       … while evaluating anonymous lambda

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/attrsets.nix:375:10:

          374|   mapAttrsToList = f: attrs:
          375|     map (name: f name attrs.${name}) (attrNames attrs);
             |          ^
          376|

       … from call site

       … while evaluating the attribute 'unmatchedDefns'

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/modules.nix:635:7:

          634|       # Transforms unmatchedDefnsByName into a list of definitions
          635|       unmatchedDefns =
             |       ^
          636|         if configs == []

       … while evaluating anonymous lambda

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/modules.nix:628:22:

          627|         # Propagate all unmatched definitions from nested option sets
          628|         mapAttrs (n: v: v.unmatchedDefns) resultsByName
             |                      ^
          629|         # Plus the definitions for the current prefix that don't have a matching option

       … from call site

       … while evaluating anonymous lambda

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/modules.nix:642:46:

          641|         else
          642|           concatLists (mapAttrsToList (name: defs:
             |                                              ^
          643|             map (def: def // {

       … from call site

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/attrsets.nix:375:16:

          374|   mapAttrsToList = f: attrs:
          375|     map (name: f name attrs.${name}) (attrNames attrs);
             |                ^
          376|

       … while evaluating anonymous lambda

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/attrsets.nix:375:10:

          374|   mapAttrsToList = f: attrs:
          375|     map (name: f name attrs.${name}) (attrNames attrs);
             |          ^
          376|

       … from call site

       … while evaluating the attribute 'unmatchedDefns'

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/modules.nix:635:7:

          634|       # Transforms unmatchedDefnsByName into a list of definitions
          635|       unmatchedDefns =
             |       ^
          636|         if configs == []

       … while evaluating 'isDerivation'

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/attrsets.nix:446:18:

          445|   */
          446|   isDerivation = x: x.type or null == "derivation";
             |                  ^
          447|

       … from call site

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/options.nix:261:8:

          260|   scrubOptionValue = x:
          261|     if isDerivation x then
             |        ^
          262|       { type = "derivation"; drvPath = x.name; outPath = x.name; name = x.name; }

       … while evaluating 'scrubOptionValue'

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/options.nix:260:22:

          259|   */
          260|   scrubOptionValue = x:
             |                      ^
          261|     if isDerivation x then

       … from call site

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/options.nix:264:44:

          263|     else if isList x then map scrubOptionValue x
          264|     else if isAttrs x then mapAttrs (n: v: scrubOptionValue v) (removeAttrs x ["_args"])
             |                                            ^
          265|     else x;

       … while evaluating anonymous lambda

       at /nix/store/jwk9dm1kwaplwac6smjl9dx145yrm744-source/lib/options.nix:264:41:

          263|     else if isList x then map scrubOptionValue x
          264|     else if isAttrs x then mapAttrs (n: v: scrubOptionValue v) (removeAttrs x ["_args"])
             |                                         ^
          265|     else x;

       … from call site
error: evaluation of the deployment specification failed

    From the same flake, I am still able to build and use nixosConfigurations, so I am suspecting nixops to be misbehaving.

    I am using nixops_unstable:

    $ nixops --version
NixOps 2.0.0-pre-683baa6

    Am I missing something? Should have I updated certain things when transitioning to 22.11?

    opened by Pamplemousse 0
  • build(deps): bump certifi from 2022.6.15 to 2022.12.7

    build(deps): bump certifi from 2022.6.15 to 2022.12.7

    Bumps certifi from 2022.6.15 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
  • Document the status of the project

    Document the status of the project

    Here are a few facts about nixops:

    • For quite a while, nixops does not have a stable release working without disabling security warnings (https://github.com/NixOS/nixops/issues/1532)
    • Many opened issues seem simply ignored
    • There is a lack of documentation, in particular with flakes (https://github.com/NixOS/nixops/issues/1544)
    • To the best of my knowledge, there is no documentation regarding the status and roadmap

    Yet, nixops is very useful to me. However, I have come to a point where I am not sure I should invest more time trying to open issues or even use nixops since it feels like wasted efforts. The project may be abandoned, I do not know and it is not documented anywhere.

    I understand that there is limited resource but I think a clear and updated project status would incentive participation (or stop it right away). A small paragraph in the README.md would be a good start.

    opened by datafoo 2
Owner
Nix/Nixpkgs/NixOS
Nix/Nixpkgs/NixOS
GitHub https://nixos.org/nixops
HXVM - Check Host compatibility with the Virtual Machines

HXVM - Check Host compatibility with the Virtual Machines. Features | Installation | Usage Features Takes input from user to compare how many VMs they

Aman Srivastava 4 Oct 15, 2022
Ansible is a radically simple IT automation platform that makes your applications and systems easier to deploy and maintain. Automate everything from code deployment to network configuration to cloud management, in a language that approaches plain English, using SSH, with no agents to install on remote systems. https://docs.ansible.com.

Ansible Ansible is a radically simple IT automation system. It handles configuration management, application deployment, cloud provisioning, ad-hoc ta

Ansible 55.9k Jan 4, 2023
Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence.

Welcome to the Spinnaker Project Spinnaker is an open-source continuous delivery platform for releasing software changes with high velocity and confid

null 8.8k Jan 7, 2023
Project 4 Cloud DevOps Nanodegree

Project Overview In this project, you will apply the skills you have acquired in this course to operationalize a Machine Learning Microservice API. Yo

null 1 Nov 21, 2021
Oracle Cloud Infrastructure Object Storage fsspec implementation

Oracle Cloud Infrastructure Object Storage fsspec implementation The Oracle Cloud Infrastructure Object Storage service is an internet-scale, high-per

Oracle 9 Dec 18, 2022
Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions

Linux, Jenkins, AWS, SRE, Prometheus, Docker, Python, Ansible, Git, Kubernetes, Terraform, OpenStack, SQL, NoSQL, Azure, GCP, DNS, Elastic, Network, Virtualization. DevOps Interview Questions

Arie Bregman 35.1k Jan 2, 2023
Hubble - Network, Service & Security Observability for Kubernetes using eBPF

Network, Service & Security Observability for Kubernetes What is Hubble? Getting Started Features Service Dependency Graph Metrics & Monitoring Flow V

Cilium 2.4k Jan 4, 2023
A Blazing fast Security Auditing tool for Kubernetes

A Blazing fast Security Auditing tool for kubernetes!! Basic Overview Kubestriker performs numerous in depth checks on kubernetes infra to identify th

Vasant Chinnipilli 934 Jan 4, 2023
A tool to convert AWS EC2 instances back and forth between On-Demand and Spot billing models.

ec2-spot-converter This tool converts existing AWS EC2 instances back and forth between On-Demand and 'persistent' Spot billing models while preservin

jcjorel 152 Dec 29, 2022
Ganeti is a virtual machine cluster management tool built on top of existing virtualization technologies such as Xen or KVM and other open source software.

Ganeti 3.0 =========== For installation instructions, read the INSTALL and the doc/install.rst files. For a brief introduction, read the ganeti(7) m

null 395 Jan 4, 2023
A cron monitoring tool written in Python & Django

Healthchecks Healthchecks is a cron job monitoring service. It listens for HTTP requests and email messages ("pings") from your cron jobs and schedule

Healthchecks 5.8k Jan 2, 2023
IP address management (IPAM) and data center infrastructure management (DCIM) tool.

NetBox is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. Initially conceived by the network engineering team a

NetBox Community 11.8k Jan 7, 2023
Oncall is a calendar tool designed for scheduling and managing on-call shifts. It can be used as source of dynamic ownership info for paging systems like http://iris.claims.

Oncall See admin docs for information on how to run and manage Oncall. Development setup Prerequisites Debian/Ubuntu - sudo apt-get install libsasl2-d

LinkedIn 928 Dec 22, 2022
A declarative Kubeflow Management Tool inspired by Terraform

?? KRSH is Alpha version, so many bugs can be reported. If you find a bug, please write an Issue and grow the project together! A declarative Kubeflow

Riiid! 128 Oct 18, 2022
Convenient tool to manage multiple VMs at once using libvirt

Convenient tool to manage multiple VMs at once using libvirt Installing To install the tool and its dependencies: pip install -e . Getting completion

Cedric Bosdonnat 13 Nov 11, 2022
CTF infrastructure deployment automation tool.

CTF infrastructure deployment automation tool. Focus on the challenges. Mirrored from

Fake News 1 Apr 12, 2022
A tool to clone efficiently all the repos in an organization

cloner A tool to clone efficiently all the repos in an organization Installation MacOS (not yet tested) python3 -m venv .venv pip3 install virtualenv

Ramon 6 Apr 15, 2022
Caboto, the Kubernetes semantic analysis tool

Caboto Caboto, the Kubernetes semantic analysis toolkit. It contains a lightweight Python library for semantic analysis of plain Kubernetes manifests

Michael Schilonka 8 Nov 26, 2022
MagTape is a Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations.

MagTape is a Policy-as-Code tool for Kubernetes that allows for evaluating Kubernetes resources against a set of defined policies to inform and enforce best practice configurations. MagTape includes variable policy enforcement, notifications, and targeted metrics.

T-Mobile 143 Dec 27, 2022