Lollypops - simple, parallel, stateless NixOS deployment tool

pinpox · June 29, 2022, 7:52am

Hi folks!

I’ve been working on a deployment tool for NixOS build as a thin, pure-nix layer around go-task. It manages flake-based systems and provides parallel deployment, secret provisioning from any external source and configuration in nix itself among other features.

Some features

Stateless
Parallel deployments (--parallel)
Configured in pure nix
Easily extensible and customizable
Minimal overhead and easy debugging
Secret provisioning from any source (e.g. pass,
bitwarden, gnupg, plaintext files…)
Fully flake compatible

See it in action

It is quite new, but I have been using it successfully on my own systems for a while and wanted to throw it out there hoping it might be useful for others. If you find any bugs or have questions or feature requests let me know. Any tips for improvement or feedback would be greatly appreciated!

https://github.com/pinpox/lollypops

peterhoeg · June 29, 2022, 12:33pm

Any particular reason that you decided to roll your own rather than use colmena, morph, deploy-rs, nixops or something else?

pinpox · June 29, 2022, 1:17pm

Just a few that come to mind in no particular order:

I was looking for a specific features set and like the simplicity of my solution, which will allow me to extend it’s functionality in the future easily. I also wanted a flakes-first approach with the configuration of secrets and deployment being part of the nixosConfiguration of the host that is being deployed. Of course part of it was also interest in exploring nix and nixos and writing the tool. Using go-task gives me great flexibility regarding parallelism with only a bit of nix code wrapping it. For me this approach is very easily understandable, extensible and debuggable while not having compromises on features that I want.

I have tried most of the other solutions and they are all great tools, but I find my solution more transparent and flexible (for me) having exactly the features that I need.

Atemu · June 30, 2022, 7:06am

Took me a while to figure out you meant pure Nix, not https://github.com/purenix-org/purenix

azazel75 · June 30, 2022, 9:56pm

hey @pinpox, thanks for sharing. I wanted to ask you what’s the purpose for the configuration of the directory where to save the configuration:

github.com

pinpox/lollypops/blob/ad2d9b9504fefbcabfe92c734d80f2f3a5e3b69e/module.nix#L88-L92

    
      
          config-dir = mkOption {
            type = types.str;
            default = "/var/src/lollypops";
            description = "Path to place the configuration on the remote host";
          };

what’s its purpose? Why don’t just copy it somewhere temporary an evaluate it from there?

pinpox · July 4, 2022, 8:41am

If you wan’t a temporary location you can of course set that here. I wanted this to be configurable because I like having the full configuration on the hosts itself. This allows to debug or recover if something goes wrong on the host itself, since I can still ssh into it and run nixos-rebuild from the host itself. I’ve had occasions in the past where I messed up some network configuration for example and having the option to rebuild on the host was very helpful. If you would rather not have it, just set it to some temporary filesystem, it should work the same way.