Nixops and DigitalOcean

smalltalker55 · March 8, 2019, 9:02pm

The nixops manual mentions DigitalOcean as a possibility, but I wonder whether it is really supported. Is there anyone using nixops on DigitalOcean?

I installed it (in DigitalOcean) and tried the “trivial” example in the manual. The manual says “Note that we rely on a ssh key resource with the hard-coded name ssh-key .” The line of code in the example is

resources.sshKeyPairs.ssh-key = {};

I found a section that discussed the use of sshKeyPairs for AWS; it said to leave it like this and it would generate a keypair called “ssh-key”. But maybe on DigitalOcean I need to generate the keys myself and put them somewhere. I tried calling them ssh-key and ssh-key.pub and putting them in .ssh, but that didn’t work. The error I get is

Exception: Please specify a ssh-key resource (resources.sshKeyPairs.ssh-key = {}).

Anybody have an idea what I should do?

teh · March 10, 2019, 8:13pm

Would you mind sharing the config you tried + the nixops version?

$ nixops --version
NixOps 1.6

I extracted the following from my service running on DO:

let do = {
    network = {
      enableRollback = true;
      network.description = "...";
    };
    resources.sshKeyPairs.ssh-key = {};

    boop = { resources, pkgs, lib, config, ... }: {
      deployment = {
        targetEnv = "digitalOcean";
        digitalOcean.size = "512mb";
        digitalOcean.region = "ams2";
        keys = {
	  ...
        };
        storeKeysOnMachine = false;
      };
      services.openssh.enable = true;

      boot = {
	kernelPackages = pkgs.linuxPackages_hardened;
      };

      require = [ ./admin-users.nix ];
    };
  };
in do

tom · March 11, 2019, 6:43pm

Hopefully this helps, I’ve used the setup here to run NixOps on DO: