From mboxrd@z Thu Jan 1 00:00:00 1970 From: Hartmut Goebel Subject: Status of "GuixOps"? Date: Sun, 17 Sep 2017 20:34:50 +0200 Message-ID: <395924c1-6ec4-8b52-dd13-c3e0944c5133@crazy-compilers.com> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53676) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dtePC-0008S7-1V for guix-devel@gnu.org; Sun, 17 Sep 2017 14:35:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dteP8-0001Tg-6M for guix-devel@gnu.org; Sun, 17 Sep 2017 14:34:58 -0400 Received: from mail-out.m-online.net ([212.18.0.9]:38087) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dteP7-0001Sm-WE for guix-devel@gnu.org; Sun, 17 Sep 2017 14:34:54 -0400 Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 3xwHqc4PKgz1qqyR for ; Sun, 17 Sep 2017 20:34:52 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.70]) by mail.m-online.net (Postfix) with ESMTP id 3xwHqc2nspz1qqkG for ; Sun, 17 Sep 2017 20:34:52 +0200 (CEST) Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.70]) (amavisd-new, port 10024) with ESMTP id KxEnx3o93l8M for ; Sun, 17 Sep 2017 20:34:51 +0200 (CEST) Received: from hermia.goebel-consult.de (ppp-93-104-91-234.dynamic.mnet-online.de [93.104.91.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPS for ; Sun, 17 Sep 2017 20:34:51 +0200 (CEST) Received: from thisbe.goebel-consult.de (hermia.goebel-consult.de [192.168.110.7]) by hermia.goebel-consult.de (Postfix) with ESMTP id E9A7660D5C for ; Sun, 17 Sep 2017 20:34:50 +0200 (CEST) Content-Language: en-US List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Guix-devel Hi, in Ludo's presentation at GHM he presented "GuixOps" on a slide. What is the status of this approach? I'm very interested in trying it out and contributing. I contributed to DebOps when it was "young". So my point of view is influenced by how DebOps works. DebOps is a collection of interoperating role/recipes for Ansible. Debops has become quite complex and I would like to migrate to GuixSD for new systems. Q1: I did not follow the development closely, but I seem to recall that there is some guix sub-command for configuring a remote system. But grepping the manual for "remote", I did not find it, neither one of the commands did attract me. How is it called? Q2: DebOps has some tooling to securely store credentials, certificates, etc. It uses a gpg-encrypted container which is mounted using FUSE. When I unlock this container, the appropriate data is transferred to the target system. How can this be handled with GuixSD? AFAIU with GuixSD all data in the system-configuration is world-readable in the store. So how can I automatically transfer e.g. passwords and private keys the the target system? Q3: One of DepOps' main features for me is easy use and the automatic refresh of Let's Encrypt certificates. Basically I just say: "Create certificates for hostnames A, B, C" and everything happens automatically: Configuration of nginx, creating the CSR, requesting the certificate, renewal, etc. What is the status for something like this for GuixSD? -- Regards Hartmut Goebel | Hartmut Goebel | h.goebel@crazy-compilers.com | | www.crazy-compilers.com | compilers which you thought are impossible |