Hi,
thank you for your swift reply!
I'd like to avoid to literally mention all sensitive config params in the
network.nix config.
What would be the "normal" procedure to recursively merge 2 attribute sets?
So if I have in one file
servers.nix: {
vm01 = {
services.symfony.platforms = {
database = {
username = "www";
};
};
};
}
and in the other
keys.nix: {
vm01 = {
services.symfony.platforms = {
database = {
password = "12345678";
};
};
};
}
So they become one when building:
{
vm01 = {
services.symfony.platforms = {
database = {
username = "www";
password = "12345678";
};
};
};
}
Kind regards,
Erik
On Thu, Jun 9, 2016 at 11:23 AM zimbatm <[email protected]> wrote:
> Hi,
>
> I don’t know where you are getting this error. All I can do is suggest a
> workaround:
>
> In keys.nix:
>
> {
> database_password = "12345678";
> }
>
> In network.nix:
>
> let
> secrets = import ./keys.nix {};in;
> {
> vm01 = {
> { config, pkgs, ... }:
> {
> services.symfony.platforms.database.password =
> secrets.database_password;
>
> ..
> }
> }
> }
>
>
>
> On Thu, 9 Jun 2016 at 07:54 4levels <[email protected]> wrote:
>
>> Hi Nix Devs,
>>
>> I'm having some difficulties separating sensitive information from a nix
>> expression used by NixOps.
>>
>> I keep the server config in a separate file, servers.nix:
>> {
>> vm01 =
>> { config, pkgs, nodes, ... }:
>> {
>> deployment = {
>> targetHost = "192.168.121.50";
>> };
>> ...
>> }
>> }
>>
>> Currently I have all relevant software config for each server in a nix
>> expression platforms.nix as follows (where vm01 is the hostname):
>> {
>> vm01 =
>> { config, pkgs, ... }:
>> {
>> services.symfony.platforms = {
>> database = {
>> username = "www";
>> /* password = "1234567" -> moved to keys.nix */
>> };
>> ...
>> }
>> }
>>
>> I want to remove the sensitive info from this file and put it in a
>> separate nix expression, eg. keys.nix, maintaining the same structure so
>> the files can be merged.
>>
>> In keys.nix I currently have
>> {
>> vm01 = {
>> { config, pkgs, ... }:
>> {
>> services.symfony.platforms.database.password = "12345678";
>> ..
>> }
>> }
>> }
>>
>> I've modified my nixops deploy to have keys.nix loaded after the
>> servers.nix and platforms.nix files, but I keep getting errors like "the
>> attribute password does not exist"
>>
>> I must be overlooking something obvious as all the other files I define
>> in my deploy are being merged correctly.
>>
>> Can anyone advise me on how to achieve this?
>>
>> The underlying reason is that I'm using git-crypt to encrypt the
>> platforms.nix file, but this makes it impossible to work with branches (or
>> git logs) etc. as the whole file is encrypted and git cannot merge binary
>> files (it simply replaces them).
>>
>> Kind regards!
>>
>> Erik aka 4levels
>>
> _______________________________________________
>> nix-dev mailing list
>> [email protected]
>> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>>
>
_______________________________________________
nix-dev mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-dev
