[Nix-dev] NixOps - merge config files

4levels 4levels at gmail.com
Thu Jun 9 08:54:19 CEST 2016


Hi Nix Devs,

I'm having some difficulties separating sensitive information from a nix
expression used by NixOps.

I keep the server config in a separate file, servers.nix:
{
  vm01 =
    { config, pkgs, nodes, ... }:
    {
      deployment = {
        targetHost = "192.168.121.50";
      };
      ...
    }
}

Currently I have all relevant software config for each server in a nix
expression platforms.nix as follows (where vm01 is the hostname):
{
  vm01 =
    { config, pkgs, ... }:
    {
      services.symfony.platforms = {
        database = {
          username = "www";
          /* password = "1234567" -> moved to keys.nix */
        };
      ...
    }
}

I want to remove the sensitive info from this file and put it in a separate
nix expression, eg. keys.nix, maintaining the same structure so the files
can be merged.

In keys.nix I currently have
{
  vm01 = {
    { config, pkgs, ... }:
    {
      services.symfony.platforms.database.password = "12345678";
      ..
    }
  }
}

I've modified my nixops deploy to have keys.nix loaded after the
servers.nix and platforms.nix files, but I keep getting errors like "the
attribute password does not exist"

I must be overlooking something obvious as all the other files I define in
my deploy are being merged correctly.

Can anyone advise me on how to achieve this?

The underlying reason is that I'm using git-crypt to encrypt the
platforms.nix file, but this makes it impossible to work with branches (or
git logs) etc. as the whole file is encrypted and git cannot merge binary
files (it simply replaces them).

Kind regards!

Erik aka 4levels
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160609/b33f1976/attachment.html>


More information about the nix-dev mailing list