nixops
nixops copied to clipboard
NixOS
Use custom images for DigitalOcean instead of nixos-infect
DO finally supports custom images: https://blog.digitalocean.com/custom-images/
This should let us stop infecting Ubuntu and use DO normally.
@mhsjlw any results you can share using a variant of the azure scripts?
I'm working on the above but I've given up on the cloud-init route. My current approach is to try to generate a NixOS module from the digital ocean metadata (sort of like hardware-configuration.nix on a PC install) and then rebuild.
The biggest reason to need configuration from the Digital Ocean side is to get an initial SSH key into the image that NixOps could then use to push the closure for the system. But it would also be nice to make sure all of the Digital Ocean networking features (floating IPs, IPv6, &c) worked properly.
One other thing to note is that the Digital Ocean API (as opposed to the web GUI) only supports getting a custom image from an HTTP server. It does not support directly uploading a custom image.
To create a new custom image, send a POST request to /v2/images. The body must contain a url attribute pointing to a Linux virtual machine image to be imported into DigitalOcean.
https://developers.digitalocean.com/documentation/v2/#create-a-custom-image
Hopefully we can have builds of the DO image (which I'm hoping to have complete soon) hosted at nixos.org, so that this won't be an issue. We should probably also tag the uploaded image somehow so we don't have to upload another image for each new machine or deployment.
Also, NixOps closures for Digital Ocean should implicitly import the DO configuration, as that configuration sets up kernel settings for the console as well as RNG initialization using DO-provided seeds*.
:* Not yet, but it will before I take the draft tag off.
NixOS has digital ocean image builds in master, so I think it is a matter of a PR to get NixOps using them for DO.
Unfortunately that's not a PR I have time to make :\