institute of numerical and applied mathematics (NAM)
Various VMs (cups, X2go, Kerberos, license servers, Puppet)
many client computers can (and will) be disconnected
configuration for the hosts (puppet/foreman used at the moment)
need configuration for quite different groups of hosts
want to use Nixos (drop puppet):
Nixops not quite usable (because of disconnected hosts)
configuration inside the channel (so the client gets the updates)
Hydra: Periodically checks out the various branches of the repository, builds institute specific packages and the channel.
periodically run
nixos-rebuild switch --upgradecentral module nam/default.nix serves as an entry point for all own modules nam/modules.
nam.Hostid: identifies the host
profiles (set of activated modules, like host groups; module itself)
Mapping Hostid ↦ list of profiles
have credentials inside configs ↦ need to encrypt
Use GPG encryption and activate them in the default profile activation script.
private keys are installed during installation.
bootstrap (PXE)
create GPG-key and upload public key
basic nixos-configuration together with HostID
hardware-configuration.nix
set up channel and make a rebuild
need of appropriate (development) environments
nix-shell
user-profiles (more stable and easy to switch)
add packages to ghc/python/.. : script for management of nix-expressions
how to upgrade?
does our setup make sense?
global configuration (/etc) or part of Packages?
user convenience
dashboard?
actual make automated installation work
need to create many options for packages (because we configure a lot)
actual make the configuration modules and profiles