guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Status of "GuixOps"?

From: Christopher Allan Webber
Subject: Re: Status of "GuixOps"?
Date: Wed, 20 Sep 2017 23:54:33 -0500
User-agent: mu4e 0.9.18; emacs 25.2.1 
Hartmut Goebel writes:

> Hi,
>
> in Ludo's presentation at GHM he presented "GuixOps" on a slide. What is
> the status of this approach? I'm very interested in trying it out and
> contributing.
>
> I contributed to DebOps when it was "young". So my point of view is
> influenced by how DebOps works. DebOps is a collection of interoperating
> role/recipes for Ansible. Debops has become quite complex and I would
> like to migrate to GuixSD for new systems.
>
> Q1: I did not follow the development closely, but I seem to recall that
> there is some guix sub-command for configuring a remote system. But
> grepping the manual for "remote", I did not find it, neither one of the
> commands did attract me. How is it called?

There's a verrrry out of date branch on git origin called wip-deploy.
It needs a lot more work!

> Q2: DebOps has some tooling to securely store credentials, certificates,
> etc. It uses a gpg-encrypted container which is mounted using FUSE. When
> I unlock this container, the appropriate data is transferred to the
> target system. How can this be handled with GuixSD? AFAIU with GuixSD
> all data in the system-configuration is world-readable in the store. So
> how can I automatically transfer e.g. passwords and private keys the the
> target system?

Not sure the right answer for this one :)
But the right system might be user-hackable since Guix is Just Scheme (TM)?
Probably the right route is to remote-copy the files while pushing the
new state of the system over.  Maybe having a loopback device with that
data mounted in it is indeed a good idea, I don't know.

> Q3: One of DepOps' main features for me is easy use and the automatic
> refresh of Let's Encrypt certificates. Basically I just say: "Create
> certificates for hostnames A, B, C" and everything happens
> automatically: Configuration of nginx, creating the CSR, requesting the
> certificate, renewal, etc. What is the status for something like this
> for GuixSD?

There's a wip-lets-encrypt branch on origin too!  In fact I'm using it
on a server!

I'd really like to work on guix-deploy but I won't be able to until next
year.  It sounds like you have experience hacking similar systems; maybe
look at wip-deploy and read David Thompson's old thread about it?  (I'm
too tired to look it up...)

Happy hacking!  I'm off for happy sleeping. :)
 - Chris
reply via email to
[Prev in Thread] Current Thread [Next in Thread]