Use the nixos-rebuild script #27
Comments
|
Assuming that nix is installed on the system, the deploy script could also build and invoke nixos-rebuild.sh on the fly. I don't think it's going to add too much to the invocation time. Static nix is interesting but seems a bit orthogonal. |
|
Static nix is what allows us to use nix without a The |
|
While it would be nice if the terraform module also worked on machines that didn't have nix installed on them, isn't that an existing requirement because the |
|
Not quite. Building any derivations is not feasible in such a restricted environment, but instantiation works. |
|
Nice. Does that also work on Darwin or does it depend on having user namespaces available? |
|
No namespaces used. I see no reason why it shouldn't work on Darwin. |
As noted by zimbatm in #25, the deploy script is starting to look like
nixos-rebuild.It seems like my use case from #25 is actually subsumed by
nixos-rebuild, unlike my earlier quick interpretation of the docs. Clearly I didn't find the parenthesized bit from--target-host:challenges
nixos-rebuilddoes need some bootstrapping. nixos-rebuild.sh has a build process that substitutes some dependencies into the script. Replicating this is a step back from the current script, which takes dependencies from the environment, allowing it to run without a proper/nix/storestore. This is useful when deploying from restrictive environments without root access or mount namespace capability. So instead of substituting dependencies from the nix store into the script, we should allow values from the environment.Note: static nix is not officially supported yet, but here's a branch that makes it work on x86_64-linux deployer machines. https://github.com/tweag/terraform-nixos/compare/master...hercules-ci:install-static-user-nix?expand=1
The text was updated successfully, but these errors were encountered: