Hartmut Goebel writes: > Hi, > > in Ludo's presentation at GHM he presented "GuixOps" on a slide. What is > the status of this approach? I'm very interested in trying it out and > contributing. > > I contributed to DebOps when it was "young". So my point of view is > influenced by how DebOps works. DebOps is a collection of interoperating > role/recipes for Ansible. Debops has become quite complex and I would > like to migrate to GuixSD for new systems. > > Q1: I did not follow the development closely, but I seem to recall that > there is some guix sub-command for configuring a remote system. But > grepping the manual for "remote", I did not find it, neither one of the > commands did attract me. How is it called?
There's a verrrry out of date branch on git origin called wip-deploy. It needs a lot more work! > Q2: DebOps has some tooling to securely store credentials, certificates, > etc. It uses a gpg-encrypted container which is mounted using FUSE. When > I unlock this container, the appropriate data is transferred to the > target system. How can this be handled with GuixSD? AFAIU with GuixSD > all data in the system-configuration is world-readable in the store. So > how can I automatically transfer e.g. passwords and private keys the the > target system? Not sure the right answer for this one :) But the right system might be user-hackable since Guix is Just Scheme (TM)? Probably the right route is to remote-copy the files while pushing the new state of the system over. Maybe having a loopback device with that data mounted in it is indeed a good idea, I don't know. > Q3: One of DepOps' main features for me is easy use and the automatic > refresh of Let's Encrypt certificates. Basically I just say: "Create > certificates for hostnames A, B, C" and everything happens > automatically: Configuration of nginx, creating the CSR, requesting the > certificate, renewal, etc. What is the status for something like this > for GuixSD? There's a wip-lets-encrypt branch on origin too! In fact I'm using it on a server! I'd really like to work on guix-deploy but I won't be able to until next year. It sounds like you have experience hacking similar systems; maybe look at wip-deploy and read David Thompson's old thread about it? (I'm too tired to look it up...) Happy hacking! I'm off for happy sleeping. :) - Chris