[Nix-dev] Distributing files between machines in a nixops deployment
Marius Bergmann
marius at yeai.de
Sat Nov 19 12:50:02 CET 2016
On 2016-11-19 12:46, Arnold Krille wrote:
> On Sat, 19 Nov 2016 12:10:59 +0100 Marius Bergmann <marius at yeai.de>
> wrote:
>> Is it possible to declare the distribution of a file (in my case a ssh
>> server/client public key) to different machines in a nixops
>> deployment?
>>
>> I want to create a client keypair on one machine and then authorize
>> the public part on several other machines in the deployment. Those
>> other machines' public server keys should also be added to the
>> known_hosts of the machine logging into them.
>>
>> I know I could create all the keypairs on the machine running nixops
>> and send both the public as well as the private keys over the
>> network, but I would like to find out if there's a way around it.
>
> I think this is one of the things you don't do/want with Nix/NixOps as
> this is essentially self-modifying deployment. Which makes the
> deployment non-deterministic and unreproducible in the strict sense.
> With deployment-/configuration-management systems that have a central
> node and database, like chef and puppet can have, you can do such
> things. For Nix this is counter-intuitive.
>
> - Arnold
Do you have a recommendation on how to handle my use case then? In
practice, I need this to allow the backup user to log into the machines
being backed up. Would you use a central location for all the key pairs?
More information about the nix-dev
mailing list