Saving evaluated configuration

m5x · August 11, 2022, 10:40am

Hi all,

I am a newcomer to Nix and NixOS and like it so much I would like to use it on as many devices, containers and VMs as possible. From what I’ve seen so far it seems that people approach this by creating a Git repository with shared configuration files for every host and then clone this repository to every host and link its particular configuration.nix to /etc/nixos/configuration.nix.

However this approach means that every host has access to configuration for every other host in the repository which is an information leak I would like to avoid. Would it be possible to have the repository on just one dedicated and secured device and generate configuration files for other hosts there? Or in other words is it possible to save evaluated configuration to a file so that it can be transferred to the host its meant for without all the other files imported from the repo?

Thank you,
Martin

domenkozar · August 11, 2022, 10:42am

Ideally you don’t evaluate and build on your final machines, so you can just perform a binary deployment.

m5x · August 11, 2022, 11:08am

By “binary deployment” you mean generating image for the final machines and deploy that? That is ok for the initial deployment but how would one binary deploy updates or changes to the configuration?

domenkozar · August 11, 2022, 11:14am

There are different ways to achieve that, I can help with Cachix Deploy that supports this kind of workflow.

peterhoeg · August 11, 2022, 1:03pm

nixops, colmena, deploy-rs, pick your poison.

juaningan · August 11, 2022, 1:08pm

You may check also other deployment tools. I use personally
colmena, a wrapper over nix
commands like nix-instantiate or nix-copy-closure.