[Nix-dev] NixOps - merge config files

zimbatm zimbatm at zimbatm.com
Thu Jun 9 11:23:10 CEST 2016


Hi,

I don’t know where you are getting this error. All I can do is suggest a
workaround:

In keys.nix:

{
  database_password = "12345678";
}

In network.nix:

let
  secrets = import ./keys.nix {};in;
{
  vm01 = {
    { config, pkgs, ... }:
    {
      services.symfony.platforms.database.password = secrets.database_password;

      ..
    }
  }
}

​

On Thu, 9 Jun 2016 at 07:54 4levels <4levels at gmail.com> wrote:

> Hi Nix Devs,
>
> I'm having some difficulties separating sensitive information from a nix
> expression used by NixOps.
>
> I keep the server config in a separate file, servers.nix:
> {
>   vm01 =
>     { config, pkgs, nodes, ... }:
>     {
>       deployment = {
>         targetHost = "192.168.121.50";
>       };
>       ...
>     }
> }
>
> Currently I have all relevant software config for each server in a nix
> expression platforms.nix as follows (where vm01 is the hostname):
> {
>   vm01 =
>     { config, pkgs, ... }:
>     {
>       services.symfony.platforms = {
>         database = {
>           username = "www";
>           /* password = "1234567" -> moved to keys.nix */
>         };
>       ...
>     }
> }
>
> I want to remove the sensitive info from this file and put it in a
> separate nix expression, eg. keys.nix, maintaining the same structure so
> the files can be merged.
>
> In keys.nix I currently have
> {
>   vm01 = {
>     { config, pkgs, ... }:
>     {
>       services.symfony.platforms.database.password = "12345678";
>       ..
>     }
>   }
> }
>
> I've modified my nixops deploy to have keys.nix loaded after the
> servers.nix and platforms.nix files, but I keep getting errors like "the
> attribute password does not exist"
>
> I must be overlooking something obvious as all the other files I define in
> my deploy are being merged correctly.
>
> Can anyone advise me on how to achieve this?
>
> The underlying reason is that I'm using git-crypt to encrypt the
> platforms.nix file, but this makes it impossible to work with branches (or
> git logs) etc. as the whole file is encrypted and git cannot merge binary
> files (it simply replaces them).
>
> Kind regards!
>
> Erik aka 4levels
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160609/d2883455/attachment.html>


More information about the nix-dev mailing list