Is there interest in adding a resource to NixOps for arbitrary outputs (or JSON pointing to store paths)? I’ve been hijacking the network.datadogTags and putting non-datatag related json in there. This would be used for build outputs similar to sshkeypair, but could be anything. I’ve been putting paths to generated build reports and paths to generated crypto that I don’t want sent to machines, but want created for each deployment. I’ve got a sketch of it working almost in PR state, but I wanted to check here if this is duplicative, exists already, bad design, etc.
Created this prototype and have been testing it. It copies the design of the charon SSH keys. It roughly replaces the approach of a two-phased deployment; generating various files on a local filesytem and then pulling it into the nixops deployment. Instead, it will locally generate (i’m thinking of ways to do remote generation) the requested resources, bundle them into the statefile, and expose it as a resource for inclusion into “send-keys” or “etc” or wherever. I’ve found this useful for creating various keypairs such that the public side is available to send to other machines.
Looking for any thoughts, reviews, suggestions.
1 Like