Saving evaluated configuration

Hi all,

I am a newcomer to Nix and NixOS and like it so much I would like to use it on as many devices, containers and VMs as possible. From what I’ve seen so far it seems that people approach this by creating a Git repository with shared configuration files for every host and then clone this repository to every host and link its particular configuration.nix to /etc/nixos/configuration.nix.

However this approach means that every host has access to configuration for every other host in the repository which is an information leak I would like to avoid. Would it be possible to have the repository on just one dedicated and secured device and generate configuration files for other hosts there? Or in other words is it possible to save evaluated configuration to a file so that it can be transferred to the host its meant for without all the other files imported from the repo?

Thank you,

1 Like

Ideally you don’t evaluate and build on your final machines, so you can just perform a binary deployment.

By “binary deployment” you mean generating image for the final machines and deploy that? That is ok for the initial deployment but how would one binary deploy updates or changes to the configuration?

There are different ways to achieve that, I can help with Cachix Deploy that supports this kind of workflow.

nixops, colmena, deploy-rs, pick your poison.

1 Like

You may check also other deployment tools. I use personally
colmena, a wrapper over nix
commands like nix-instantiate or nix-copy-closure.