scale-network icon indicating copy to clipboard operation
scale-network copied to clipboard

Published 20 hours ago verified publisher icon socallinuxexpo

Update signs nix config to not use container

Open kylerisse opened this issue 1 year ago • 8 comments

Description

Signs is built as a container, but really it could just be run directly on the server. This would simplify a lot, including removing any requirements about building or hosting additional application containers.

  • simplifies #418 by removing need to deal with signs

https://github.com/socallinuxexpo/scale-network/blob/master/nix/machines/signs.nix#L18-L27

Acceptance Criteria

  • scale-signs is running on the signs server without containers

Considerations

  • What to replace: https://github.com/socallinuxexpo/scale-network/blob/master/nix/machines/signs.nix#L18-L27
  • The Dockerfile to replace https://github.com/socallinuxexpo/scale-signs/blob/master/Dockerfile
  • There is an ability to bring in an older version of nixpkgs as part of the config. PHP5.4 is usable from this nixpkgs git hash: https://lazamar.co.uk/nix-versions/?package=php&version=5.4.45&fullName=php-5.4.45&keyName=php54&revision=2f6ef9aa6a7eecea9ff7e185ca40855f36597327&channel=nixos-22.11#instructions

kylerisse avatar Mar 13 '23 19:03 kylerisse

@kylerisse

if this needs an older version of PHP in nix, then this

https://github.com/fossar/nix-phps

and

https://discourse.nixos.org/t/local-dev-stack-for-php/26644

maybe helpful to you.

nixpkgs repo tends to race ahead with versions of things, and be super new, if this is a good or a bad thing remains to be seen.

is the latest software the best software?

nixinator avatar Mar 23 '23 21:03 nixinator

hey that's a cool repo for pinning PHP, thanks @nixinator !

it looks like it only goes back to 5.6 thought. That might work. It currently runs on 5.4 in docker.

I'll try 5.6 first and if that doesn't work I was thinking of just doing something like the below in the pkg to pin to an older revision of nixpkgs that still had 5.4. Then use it in the derivation with a modern version of apache. What do you think?

let
     oldpkgs = import (builtins.fetchGit {            
         name = "nixpkgs-from-20160120";                                                 
         url = "https://github.com/NixOS/nixpkgs/";                       
         ref = "refs/heads/nixpkgs-unstable";                     
         rev = "2f6ef9aa6a7eecea9ff7e185ca40855f36597327";                                           
     }) {};                                                                           

     php = oldpkgs.php54;
in

kylerisse avatar Mar 24 '23 03:03 kylerisse

wow! it's so old that it not even supported in the old repo.

yeah, that could work. Nix is very good at reproducing old pieces of software.

So it might just work.

However, i think we all know the long term solution, is to upgrade these scripts to a modern version of PHP.

That's probably quite a lot of work, but it's going to need to be done at some point.

if the upgrade is going to be tough and lots of things needs to be upgraded... , maybe it's time to think about a new signs server, but that may be more of a socio-economic one that a technical issues.

nixinator avatar Mar 24 '23 05:03 nixinator

The entire signs server needs to be re-written. It has not been maintained for a long time, and now that we have 4k screens everywhere we should take advantage of them (as just one minor thing)

On Thu, 23 Mar 2023, Lee Hughes wrote:

wow! it's so old that it not even support in the old repo.

yeah, that could work. Nix is very good at reproducing old pieces of software.

So it might just work.

However, i think we all know the long term solution, is to upgrade these scripts to a modern version of PHP.

That's probably quite a lot of work, but it's going to need to be done at some point.

if the upgrade is going to be tough and lots of things needs to be upgraded... , maybe it's time to think about a new signs server, but that may be more of a socio-economic one that a technical issues.

davidelang avatar Mar 24 '23 08:03 davidelang

Agreed @davidelang but until that happens let’s assume we need to keep running the existing one.

kylerisse avatar Mar 24 '23 14:03 kylerisse

Another note before I forget: Lets make sure we move the credentials we lay down to somewhere that's persistent instead of /var where I currently have them: https://github.com/socallinuxexpo/scale-network/blob/d890d073a2d3c8110ba47844cca85f5106e39bea/nix/machines/signs.nix#L20

sarcasticadmin avatar Apr 15 '23 04:04 sarcasticadmin

Another note before I forget: Lets make sure we move the credentials we lay down to somewhere that's persistent instead of /var where I currently have them:

https://github.com/socallinuxexpo/scale-network/blob/d890d073a2d3c8110ba47844cca85f5106e39bea/nix/machines/signs.nix#L20

You captured this in #588

kylerisse avatar Apr 15 '23 05:04 kylerisse

You captured this in https://github.com/socallinuxexpo/scale-network/issues/588

I guess i did :laughing: Ill leave #588 open for now, but if/when we pick this one up the reference will be good

sarcasticadmin avatar Apr 15 '23 05:04 sarcasticadmin