nix-simple-deploy

Crates.ionix-simple-deploy
lib.rsnix-simple-deploy
version0.1.1
sourcesrc
created_at2020-01-12 22:14:02.480451
updated_at2020-02-01 23:43:38.419124
descriptionDeploy software or an entire NixOS system configuration to another NixOS system
homepagehttps://github.com/misuzu/nix-simple-deploy
repositoryhttps://github.com/misuzu/nix-simple-deploy
max_upload_size
id197922
size32,491
(misuzu)

documentation

README

nix-simple-deploy

Crates.io Crates.io

Deploy a NixOS system configuration with nix-simple-deploy system ... to a remote machine and switch the machine to that system configuration. You can also deploy a nix store path with nix-simple-deploy path ... to a remote machine.

This is a Rust rewrite of unmaintained nix-deploy.

To get started generate signing key first:

$ nix-store --generate-binary-cache-key cache.example.com-1 signing-key.sec signing-key.pub

Then add contents of signing-key.pub to remote's configuration.nix and run nixos-rebuild switch:

{
  nix.binaryCachePublicKeys = [ "cache.example.com-1:<STRING FROM signing-key.pub>" ];
}

Now you are ready to deploy stuff:

$ nix-simple-deploy path \
  --use-local-sudo \
  --use-substitutes \
  --signing-key signing-key.sec \
  --target-host user@remote-server \
  $(type -p firefox)
$ nix-simple-deploy system \
  --use-local-sudo \
  --use-remote-sudo \
  --use-substitutes \
  --signing-key signing-key.sec \
  --target-host user@remote-server \
  /run/current-system \
  switch

The above example will not actually work, you must provide nix path for proper system closure. Check APPENDIX B in Deploy software easily and securely using nix-deploy.

To run nix-simple-deploy from git tree run:

$ nix-shell -p cargo
$ cargo run -- --help

Help output:

$ nix-simple-deploy --help
Deploy software or an entire NixOS system configuration to another NixOS system

USAGE:
    nix-simple-deploy <SUBCOMMAND>

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

SUBCOMMANDS:
    help      Prints this message or the help of the given subcommand(s)
    path      Deploy a path to the NixOS target host
    system    Deploy a system to the NixOS target host
$ nix-simple-deploy path --help
Deploy a path to the NixOS target host

USAGE:
    nix-simple-deploy path [FLAGS] <PATH> --signing-key </path/to/signing-key> --target-host <USER@HOST>

FLAGS:
    -h, --help               Prints help information
        --use-local-sudo     When set, nix-simple-deploy prefixes local commands that requires privileges with sudo.
                             Setting this option allows deploying using local non-root user
    -s, --use-substitutes    Attempt to download missing paths on the target machine using Nix’s substitute mechanism.
                             Any paths that cannot be substituted on the target are still copied normally from the
                             source

OPTIONS:
    -k, --signing-key </path/to/signing-key>    File containing the secret signing key
    -t, --target-host <USER@HOST>               Specifies the NixOS target host

ARGS:
    <PATH>    Nix store path
$ nix-simple-deploy system --help
Deploy a system to the NixOS target host

USAGE:
    nix-simple-deploy system [FLAGS] <PATH> <ACTION> --profile <profile> --signing-key </path/to/signing-key> --target-host <USER@HOST>

FLAGS:
    -h, --help               Prints help information
        --use-local-sudo     When set, nix-simple-deploy prefixes local commands that requires privileges with sudo.
                             Setting this option allows deploying as a non-root user
        --use-remote-sudo    When set, nix-simple-deploy prefixes remote commands that run on the --target-host systems
                             with sudo. Setting this option allows deploying using remote non-root user
    -s, --use-substitutes    Attempt to download missing paths on the target machine using Nix’s substitute mechanism.
                             Any paths that cannot be substituted on the target are still copied normally from the
                             source

OPTIONS:
    -p, --profile <profile>                     Profile name [default: system]
    -k, --signing-key </path/to/signing-key>    File containing the secret signing key
    -t, --target-host <USER@HOST>               Specifies the NixOS target host

ARGS:
    <PATH>      Nix store path
    <ACTION>    Desired operation [possible values: switch, boot, test, dry-activate, reboot]
Commit count: 24

cargo fmt