Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding deployment.keyDirs option to recursively deploy directories of keys #632

Closed
wants to merge 2 commits into from
Closed

Adding deployment.keyDirs option to recursively deploy directories of keys #632

wants to merge 2 commits into from

Conversation

fboussarsar
Copy link

Instead of having to manually specify each key to deploy, recursively copy the contents of a local directory under /run/keys.
This is particularly helpful when deploying servers having multiple user accounts that need nixops. Each user would have his own key folder, owned by him that he can use for his deployments. Otherwise, using deployment.keys , one line per key is needed.

deployment.keyDirs supports having different permissions on directories than files inside them. Key directories will be deployed upon nixops deploy or nixops send-keys only if deployment.storeKeysOnMachine is set to false.

Also changed nixops-keys systemd unit's script to account for when deployment.keys or deployment.keyDirs is empty.

@spinus
Copy link
Member

spinus commented Mar 20, 2017

I think having one way of deploying it it's enough (less to maintain, less to test, less to support).
But maybe this could be a helper function which generates deployment.keys instead of new option?

@grahamc
Copy link
Member

grahamc commented Mar 26, 2020

Hello!

Thank you for this PR.

In the past several months, some major changes have taken place in
NixOps:

  1. Backends have been removed, preferring a plugin-based architecture.
    Here are some of them:

  2. NixOps Core has been updated to be Python 3 only, and at the
    same time, MyPy type hints have been added and are now strictly
    required during CI.

This is all accumulating in to what I hope will be a NixOps 2.0
release. There is a tracking issue for that:
#1242 . It is possible that
more core changes will be made to NixOps for this release, with a
focus on simplifying NixOps core and making it easier to use and work
on.

My hope is that by adding types and more thorough automated testing,
it will be easier for contributors to make improvements, and for
contributions like this one to merge in the future.

However, because of the major changes, it has become likely that this
PR cannot merge right now as it is. The backlog of now-unmergable PRs
makes it hard to see which ones are being kept up to date.

If you would like to see this merge, please bring it up to date with
master and reopen it. If the or mypy type checking fails, please
correct any issues and then reopen it. I will be looking primarily at
open PRs whose tests are all green.

Thank you again for the work you've done here, I am sorry to be
closing it now.

Graham

@grahamc grahamc closed this Mar 26, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fboussarsar @spinus @grahamc