From nix-dev  Sat Nov 19 11:46:11 2016
From: Arnold Krille <arnold () arnoldarts ! de>
Date: Sat, 19 Nov 2016 11:46:11 +0000
To: nix-dev
Subject: Re: [Nix-dev] Distributing files between machines in a nixops deployment
Message-Id: <20161119124611.2f65b654 () xingu ! arnoldarts ! de>
X-MARC-Message: https://marc.info/?l=nix-dev&m=147955599120667
MIME-Version: 1
Content-Type: multipart/mixed; boundary="--===============8768782131405530143=="

--===============8768782131405530143==
Content-Type: multipart/signed; micalg=pgp-sha256;
 boundary="Sig_/Q30QfI/xVNlh8PBzJ+aqZkp"; protocol="application/pgp-signature"

--Sig_/Q30QfI/xVNlh8PBzJ+aqZkp
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Sat, 19 Nov 2016 12:10:59 +0100 Marius Bergmann <marius@yeai.de>
wrote:
> Is it possible to declare the distribution of a file (in my case a ssh
> server/client public key) to different machines in a nixops
> deployment?
>=20
> I want to create a client keypair on one machine and then authorize
> the public part on several other machines in the deployment. Those
> other machines' public server keys should also be added to the
> known_hosts of the machine logging into them.
>=20
> I know I could create all the keypairs on the machine running nixops
> and send both the public as well as the private keys over the
> network, but I would like to find out if there's a way around it.

I think this is one of the things you don't do/want with Nix/NixOps as
this is essentially self-modifying deployment. Which makes the
deployment non-deterministic and unreproducible in the strict sense.
With deployment-/configuration-management systems that have a central
node and database, like chef and puppet can have, you can do such
things. For Nix this is counter-intuitive.

- Arnold

--Sig_/Q30QfI/xVNlh8PBzJ+aqZkp
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iF4EAREIAAYFAlgwO4YACgkQtuvagsE+DE4vPgEAjWv2qGtHB8i+jObZnzC0Fyx+
wSV29DeJXr2a/RwdfjIBAIhGeKTKHa4T8cAljxCdcIDad7mOOZlCOtBha98h86T5
=E/CA
-----END PGP SIGNATURE-----

--Sig_/Q30QfI/xVNlh8PBzJ+aqZkp--

--===============8768782131405530143==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

--===============8768782131405530143==--