Home manager Without Installing
2020-06-27
home-manager is a great way to manage your user environment in a declarative reproducible way. Let's go the extra mile and reproducibly deploy our home configuration. In this post, I'll show you how to reproducibly deploy a home-manger configuration without installing home manager.
Here's how you do it: make a shell.nix file:
with import <nixpkgs> {};
stdenv.mkDerivation rec {
name = "nixops-shell";
buildInputs = [
nixops
];
revision = "06c576b0525da85f2de86b3c13bb796d6a0c20f6"; # 18.03 on 2018-04-23
shellHook = ''
export NIX_PATH="nixpkgs=https://github.com/NixOs/nixpkgs-channels/archive/${revision}.tar.gz:."
export NIXOPS_STATE="./state.nixops"
function our_create () {
if [ `nixops list | grep -c $1` -eq 0 ]
then
(set -x; nixops create --deployment $1 "<$1.nix>")
fi
}
our_create host1 # change this
our_create host2 # change this
'';
}
This nix expression for nix-shell installs nixops, pins
the version of nixpkgs used by nixops and creates two deployments:
"host1", and "host2". It expects that the host1.nix and
host2.nix deployment configuration files already exist.
If the our_create function checks if the deployments
exist in the state file, and adds them. If you want to add a new
deployment, you add another our_create line in the
shell.nix shellHook, exit the nix shell, and restart
it.
The shell.nix file should be commited to version control, and the
state.nixops file should be added to the version
control ignore file (for example, .gitignore).
There's one more thing you need to do to make this work. By default, nixops stores an SSH key in the state file for logging in as root. We need to add either a shared SSH key, or an SSH key for each collaborator that gives them root access in each host deployment configuration:
{
host1 =
{ config, pkgs, ... }:
{
deployment.targetHost = "1.2.3.4";
users.users.root.openssh.authorizedKeys.keyFiles = [ ./collaborator1.pub ./collaborator2.pub ];
};
}
After the initial configuration, this will allow any of the collaborators to use nixops commands to manage the machine using their ssh key instead of the one provided in the state file.
With this configuration, we do not rely on any of the information stored in the state file for basic deployment of nixos configurations to nixos machines.