mirror of
https://github.com/davegallant/davegallant.github.io.git
synced 2025-08-06 00:33:39 +00:00
deploy: 56510900c52e6a8a451c9d00b40223b29ea5627e
This commit is contained in:
davegallant
@@ -68,4 +68,4 @@
|
||||
</span></span><span style=display:flex><span> policy_arn <span style=color:#f92672>=</span> <span style=color:#e6db74>"arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"</span>
|
||||
</span></span><span style=display:flex><span> role <span style=color:#f92672>=</span> <span style=color:#66d9ef>aws_iam_role</span>.<span style=color:#66d9ef>ebs_csi_driver</span>.<span style=color:#66d9ef>name</span>
|
||||
</span></span><span style=display:flex><span>}
|
||||
</span></span></code></pre></div><p>The above configuration follows the docs, binding an IAM role to the service account <em>kube-system/ebs-csi-controller-sa</em> using an OpenID connect provider.</p><p>After applying the changes above, I deployed <a href=https://docs.aws.amazon.com/eks/latest/userguide/ebs-sample-app.html class=link--external target=_blank rel=noreferrer>the sample application</a> and noticed that the persistent volume claims were bound to EBS volumes.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
</span></span></code></pre></div><p>The above configuration follows the docs, binding an IAM role to the service account <em>kube-system/ebs-csi-controller-sa</em> using an OpenID connect provider.</p><p>After applying the changes above, I deployed <a href=https://docs.aws.amazon.com/eks/latest/userguide/ebs-sample-app.html class=link--external target=_blank rel=noreferrer>the sample application</a> and noticed that the persistent volume claims were bound to EBS volumes.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
@@ -63,4 +63,4 @@ Let’s try to run it.</p><div class=highlight><pre tabindex=0 style=color:#
|
||||
</span></span></code></pre></div><p>This is a breaking change in Python3.8.</p><p>So what is calling <code>platform.linux_distribution</code>?</p><p>Let’s search for it:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-shell data-lang=shell><span style=display:flex><span>$ sudo grep -r <span style=color:#e6db74>'linux_distribution'</span> /opt/appgate/linux/
|
||||
</span></span><span style=display:flex><span>/opt/appgate/linux/nm.py: <span style=color:#66d9ef>if</span> platform.linux_distribution<span style=color:#f92672>()[</span>0<span style=color:#f92672>]</span> !<span style=color:#f92672>=</span> <span style=color:#e6db74>'Fedora'</span>:
|
||||
</span></span></code></pre></div><p>Aha! So this is in the local AppGate source code. This should be an easy fix. Let’s just replace this line with:</p><div class=highlight><pre tabindex=0 style=color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code class=language-python data-lang=python><span style=display:flex><span><span style=color:#66d9ef>if</span> <span style=color:#66d9ef>True</span>: <span style=color:#75715e># Since we are not using Fedora :)</span>
|
||||
</span></span></code></pre></div><h1 id=wrapping-up>Wrapping up<a href=#wrapping-up class=post-heading__anchor aria-hidden=true>#</a></h1><p>It turns out there are <a href=https://docs.python.org/3.7/library/platform.html#platform.linux_distribution class=link--external target=_blank rel=noreferrer>breaking changes</a> in Python3.8.</p><p>The docs say <code>Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.</code></p><p>I suppose this highlights one of the caveats of relying upon the system’s python, rather than having an isolated, dedicated environment for all dependencies.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
</span></span></code></pre></div><h1 id=wrapping-up>Wrapping up<a href=#wrapping-up class=post-heading__anchor aria-hidden=true>#</a></h1><p>It turns out there are <a href=https://docs.python.org/3.7/library/platform.html#platform.linux_distribution class=link--external target=_blank rel=noreferrer>breaking changes</a> in Python3.8.</p><p>The docs say <code>Deprecated since version 3.5, will be removed in version 3.8: See alternative like the distro package.</code></p><p>I suppose this highlights one of the caveats of relying upon the system’s python, rather than having an isolated, dedicated environment for all dependencies.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@@ -47,4 +47,4 @@
|
||||
</span></span><span style=display:flex><span>0
|
||||
</span></span><span style=display:flex><span>podman start -a davegallant.github.io_hello_world_1
|
||||
</span></span><span style=display:flex><span>Hello world
|
||||
</span></span></code></pre></div><p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p><h3 id=summary>Summary<a href=#summary class=post-heading__anchor aria-hidden=true>#</a></h3><p>Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.</p><p>One caveat to mention is that there isn’t an official graphical user interface for Podman, but there is an <a href=https://github.com/containers/podman/issues/11494 class=link--external target=_blank rel=noreferrer>open issue</a> considering one. If you rely heavily on Docker Desktop’s UI, you may not be as interested in using podman yet.</p><blockquote><p>Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using <a href=https://en.wikipedia.org/wiki/SSHFS class=link--external target=_blank rel=noreferrer>sshfs</a> was shared <a href=https://github.com/containers/podman/issues/8016#issuecomment-920015800 class=link--external target=_blank rel=noreferrer>here</a>.</p></blockquote><p>I had been experimenting with Podman on Linux before writing this, but after listening to this <a href=https://kubernetespodcast.com/episode/164-podman/ class=link--external target=_blank rel=noreferrer>podcast episode</a>, I was inspired to give Podman a try on macOS.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
</span></span></code></pre></div><p>This should more or less provide the same results you would come to expect with docker. The README does clearly state that podman-compose is under development.</p><h3 id=summary>Summary<a href=#summary class=post-heading__anchor aria-hidden=true>#</a></h3><p>Installing Podman on macOS was not seamless, but it was manageable well within 30 minutes. I would recommend giving Podman a try to anyone who is unhappy with experiencing forced docker updates, or who is interested in using a more modern technology for running containers.</p><p>One caveat to mention is that there isn’t an official graphical user interface for Podman, but there is an <a href=https://github.com/containers/podman/issues/11494 class=link--external target=_blank rel=noreferrer>open issue</a> considering one. If you rely heavily on Docker Desktop’s UI, you may not be as interested in using podman yet.</p><blockquote><p>Update: After further usage, bind mounts do not seem to work out of the box when the client and host are on different machines. A rather involved solution using <a href=https://en.wikipedia.org/wiki/SSHFS class=link--external target=_blank rel=noreferrer>sshfs</a> was shared <a href=https://github.com/containers/podman/issues/8016#issuecomment-920015800 class=link--external target=_blank rel=noreferrer>here</a>.</p></blockquote><p>I had been experimenting with Podman on Linux before writing this, but after listening to this <a href=https://kubernetespodcast.com/episode/164-podman/ class=link--external target=_blank rel=noreferrer>podcast episode</a>, I was inspired to give Podman a try on macOS.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
@@ -48,4 +48,4 @@ As of 2021/11, it is still defaulting to the 1.19 channel, so I overrode it to 1
|
||||
</span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010>
|
||||
</span></span></span><span style=display:flex><span><span style=color:#960050;background-color:#1e0010></span>NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
|
||||
</span></span><span style=display:flex><span>horizontalpodautoscaler.autoscaling/tekton-pipelines-webhook Deployment/tekton-pipelines-webhook 9%/100% 1 5 1 12h
|
||||
</span></span></code></pre></div><p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p><p>If I’m feeling adventurous, I might experiment with <a href=https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental class=link--external target=_blank rel=noreferrer>K3s rootless</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
</span></span></code></pre></div><p>I made sure to install Tailscale in the container so that I can easily access K3s from anywhere.</p><p>If I’m feeling adventurous, I might experiment with <a href=https://rancher.com/docs/k3s/latest/en/advanced/#running-k3s-with-rootless-mode-experimental class=link--external target=_blank rel=noreferrer>K3s rootless</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
@@ -88,4 +88,4 @@
|
||||
</span></span><span style=display:flex><span> <span style=color:#f92672>from</span>: <span style=color:#ae81ff>RFD Notify</span>
|
||||
</span></span><span style=display:flex><span> <span style=color:#f92672>body</span>: |<span style=color:#e6db74>
|
||||
</span></span></span><span style=display:flex><span><span style=color:#e6db74> ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}</span>
|
||||
</span></span></code></pre></div><p>And voilà:</p><p><img src=gitea-workflow.png alt=image></p><p>You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have <a href=https://tailscale.com/tailscale-ssh class=link--external target=_blank rel=noreferrer>tailscale ssh</a> enabled.</p><h2 id=areas-for-improvement>Areas for improvement<a href=#areas-for-improvement class=post-heading__anchor aria-hidden=true>#</a></h2><p>One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this <a href=https://github.com/go-gitea/gitea/issues/23725 class=link--external target=_blank rel=noreferrer>doesn’t seem possible</a> without adding logic to each workflow.</p><h2 id=conclusion>Conclusion<a href=#conclusion class=post-heading__anchor aria-hidden=true>#</a></h2><p>Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources. It likely helps that the codebase is largely written in go.</p><p>By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.</p><p>Check out my gitea instance exposed via Funnel <a href=https://gitea.snake-cloud.ts.net class=link--external target=_blank rel=noreferrer>here</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
</span></span></code></pre></div><p>And voilà:</p><p><img src=gitea-workflow.png alt=image></p><p>You may be wondering how the gitea runner is allowed to connect to the other hosts using ansible? Well, the nodes are in the same tailnet and have <a href=https://tailscale.com/tailscale-ssh class=link--external target=_blank rel=noreferrer>tailscale ssh</a> enabled.</p><h2 id=areas-for-improvement>Areas for improvement<a href=#areas-for-improvement class=post-heading__anchor aria-hidden=true>#</a></h2><p>One enhancement that I would like to see is the ability to send notifications on workflow failures. Currently, this <a href=https://github.com/go-gitea/gitea/issues/23725 class=link--external target=_blank rel=noreferrer>doesn’t seem possible</a> without adding logic to each workflow.</p><h2 id=conclusion>Conclusion<a href=#conclusion class=post-heading__anchor aria-hidden=true>#</a></h2><p>Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantially more resources. It likely helps that the codebase is largely written in go.</p><p>By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.</p><p>Check out my gitea instance exposed via Funnel <a href=https://gitea.snake-cloud.ts.net class=link--external target=_blank rel=noreferrer>here</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
@@ -15,4 +15,4 @@ If this sounds more appealing, install <a href=https://github.com/antitree/krew-
|
||||
</span></span><span style=display:flex><span>using: image=serjs/go-socks5-proxy
|
||||
</span></span><span style=display:flex><span>Creating SOCKS5 Proxy (Pod)...
|
||||
</span></span><span style=display:flex><span>pod/davegallant-proxy created
|
||||
</span></span></code></pre></div><p>With the above proxy connection open, it is possible to access both the DNS and private IPs accessible within the k8s cluster. In this case, I am able to access the private database, since there is network connectivity between the k8s cluster and the database.</p><h2 id=caveats-and-conclusion>Caveats and Conclusion<a href=#caveats-and-conclusion class=post-heading__anchor aria-hidden=true>#</a></h2><p>The above outlined solution makes some assumptions:</p><ul><li>there is a k8s cluster</li><li>the k8s cluster has network connectivity to the desired private database</li></ul><p>If these stars align, than this solution might work as a stopgap for accessing a private Azure DB (and I’m assuming this could work similarly on AWS).</p><p>It would be nice if Azure provided tooling similar to cloud-sql-proxy, so that using private databases would be more of a convenient experience.</p><p>One other thing to note is that some clients (such as <a href=https://dbeaver.io/ class=link--external target=_blank rel=noreferrer>dbeaver</a>) <a href=https://github.com/dbeaver/dbeaver/issues/872 class=link--external target=_blank rel=noreferrer>do not provide DNS resolution over SOCKS</a>. So in this case, you won’t be able to use DNS as if you were inside the cluster, but instead have to rely on knowing private ip addresses.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
</span></span></code></pre></div><p>With the above proxy connection open, it is possible to access both the DNS and private IPs accessible within the k8s cluster. In this case, I am able to access the private database, since there is network connectivity between the k8s cluster and the database.</p><h2 id=caveats-and-conclusion>Caveats and Conclusion<a href=#caveats-and-conclusion class=post-heading__anchor aria-hidden=true>#</a></h2><p>The above outlined solution makes some assumptions:</p><ul><li>there is a k8s cluster</li><li>the k8s cluster has network connectivity to the desired private database</li></ul><p>If these stars align, than this solution might work as a stopgap for accessing a private Azure DB (and I’m assuming this could work similarly on AWS).</p><p>It would be nice if Azure provided tooling similar to cloud-sql-proxy, so that using private databases would be more of a convenient experience.</p><p>One other thing to note is that some clients (such as <a href=https://dbeaver.io/ class=link--external target=_blank rel=noreferrer>dbeaver</a>) <a href=https://github.com/dbeaver/dbeaver/issues/872 class=link--external target=_blank rel=noreferrer>do not provide DNS resolution over SOCKS</a>. So in this case, you won’t be able to use DNS as if you were inside the cluster, but instead have to rely on knowing private ip addresses.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
File diff suppressed because one or more lines are too long
@@ -46,4 +46,4 @@
|
||||
</span></span><span style=display:flex><span>
|
||||
</span></span><span style=display:flex><span><span style=color:#f92672>volumes</span>:
|
||||
</span></span><span style=display:flex><span> <span style=color:#f92672>postgresdata</span>:
|
||||
</span></span></code></pre></div><p>After invidious was up and running, I installed <a href=https://tailscale.com/ class=link--external target=_blank rel=noreferrer>Tailscale</a> on it to leverage its MagicDNS, and I’m now able to access this instance from anywhere at <a href=http://invidious:3000/feed/subscriptions class=link--external target=_blank rel=noreferrer>http://invidious:3000/feed/subscriptions</a>.</p><h3 id=redirecting-youtube-links>Redirecting YouTube links<a href=#redirecting-youtube-links class=post-heading__anchor aria-hidden=true>#</a></h3><p>I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.</p><p>I went looking for a way to redirect paths at the browser level. I found the lightweight proxy <a href=https://requestly.io/ class=link--external target=_blank rel=noreferrer>requestly</a>, which can be used to modify http requests in my browser. I created the following rules:</p><p><img src=requestly-rules.png alt=requestly></p><p>Now the link <a href="https://www.youtube.com/watch?v=-lz30by8-sU" class=link--external target=_blank rel=noreferrer>https://www.youtube.com/watch?v=-lz30by8-sU</a> will redirect to <a href="http://invidious:3000/watch?v=-lz30by8-sU" class=link--external target=_blank rel=noreferrer>http://invidious:3000/watch?v=-lz30by8-sU</a></p><p>I’m still looking for ways to improve this invidious setup. There doesn’t appear to be a way to stream in 4K yet.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
</span></span></code></pre></div><p>After invidious was up and running, I installed <a href=https://tailscale.com/ class=link--external target=_blank rel=noreferrer>Tailscale</a> on it to leverage its MagicDNS, and I’m now able to access this instance from anywhere at <a href=http://invidious:3000/feed/subscriptions class=link--external target=_blank rel=noreferrer>http://invidious:3000/feed/subscriptions</a>.</p><h3 id=redirecting-youtube-links>Redirecting YouTube links<a href=#redirecting-youtube-links class=post-heading__anchor aria-hidden=true>#</a></h3><p>I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.</p><p>I went looking for a way to redirect paths at the browser level. I found the lightweight proxy <a href=https://requestly.io/ class=link--external target=_blank rel=noreferrer>requestly</a>, which can be used to modify http requests in my browser. I created the following rules:</p><p><img src=requestly-rules.png alt=requestly></p><p>Now the link <a href="https://www.youtube.com/watch?v=-lz30by8-sU" class=link--external target=_blank rel=noreferrer>https://www.youtube.com/watch?v=-lz30by8-sU</a> will redirect to <a href="http://invidious:3000/watch?v=-lz30by8-sU" class=link--external target=_blank rel=noreferrer>http://invidious:3000/watch?v=-lz30by8-sU</a></p><p>I’m still looking for ways to improve this invidious setup. There doesn’t appear to be a way to stream in 4K yet.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
File diff suppressed because one or more lines are too long
@@ -114,4 +114,4 @@
|
||||
</span></span><span style=display:flex><span> };
|
||||
</span></span><span style=display:flex><span>}
|
||||
</span></span></code></pre></div><p>Save the file and run:</p><pre tabindex=0><code>home-manager switch
|
||||
</code></pre><p>You should see another wave of <code>/nix/store/*</code> paths. The new configuration should now be active.</p><p>If you run <code>zsh</code>, you should see that you have <a href=https://starship.rs/ class=link--external target=_blank rel=noreferrer>starship</a> and access to several other utils such as <code>rg</code>, <code>fd</code>, and <code>exa</code>.</p><p>This basic configuration above is also defining your <code>~/.config/git/config</code> and <code>.zshrc</code>. If you already have either of these files, home-manager will complain about them already existing.</p><p>If you run <code>cat ~/.zshrc</code>, you will see the way these configuration files are generated.</p><p>You can extend this configuration for programs such as (neo)vim, emacs, alacritty, ssh, etc. To see other programs, take a look at <a href=https://github.com/nix-community/home-manager/tree/master/modules/programs class=link--external target=_blank rel=noreferrer>home-manager/modules/programs</a>.</p><h2 id=gateway-to-nix>Gateway To Nix<a href=#gateway-to-nix class=post-heading__anchor aria-hidden=true>#</a></h2><p>In ways, home-manager can be seen as a gateway to the nix ecosystem. If you have enjoyed the way you can declare user configuration with home-manager, you may be interested in expanding your configuration to include other system dependencies and configuration. For example, in Linux you can define your entire system’s configuration (including the kernel, kernel modules, networking, filesystems, etc) in nix. For macOS, there is <a href=https://github.com/LnL7/nix-darwin class=link--external target=_blank rel=noreferrer>nix-darwin</a> that includes nix modules for configuring launchd, dock, and other preferences and services. You may also want to check out <a href=https://nixos.wiki/wiki/Flakes class=link--external target=_blank rel=noreferrer>Nix Flakes</a>: a more recent feature that allows you declare dependencies, and have them automatically pinned and hashed in <code>flake.lock</code>, similar to that of many modern package managers.</p><h2 id=wrapping-up>Wrapping up<a href=#wrapping-up class=post-heading__anchor aria-hidden=true>#</a></h2><p>The title of this post is slightly misleading, since it’s possible to retain some of your dotfiles and have them intermingle with home-manager by including them alongside nix. The idea of defining user configuration using nix can provide a clean way to maintain your configuration, and allow it to be portable across platforms. Is it worth the effort to migrate away from shell scripts and dotfiles? I’d say so.</p><p>You can find my nix config <a href=https://github.com/davegallant/nix-config class=link--external target=_blank rel=noreferrer>here</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
</code></pre><p>You should see another wave of <code>/nix/store/*</code> paths. The new configuration should now be active.</p><p>If you run <code>zsh</code>, you should see that you have <a href=https://starship.rs/ class=link--external target=_blank rel=noreferrer>starship</a> and access to several other utils such as <code>rg</code>, <code>fd</code>, and <code>exa</code>.</p><p>This basic configuration above is also defining your <code>~/.config/git/config</code> and <code>.zshrc</code>. If you already have either of these files, home-manager will complain about them already existing.</p><p>If you run <code>cat ~/.zshrc</code>, you will see the way these configuration files are generated.</p><p>You can extend this configuration for programs such as (neo)vim, emacs, alacritty, ssh, etc. To see other programs, take a look at <a href=https://github.com/nix-community/home-manager/tree/master/modules/programs class=link--external target=_blank rel=noreferrer>home-manager/modules/programs</a>.</p><h2 id=gateway-to-nix>Gateway To Nix<a href=#gateway-to-nix class=post-heading__anchor aria-hidden=true>#</a></h2><p>In ways, home-manager can be seen as a gateway to the nix ecosystem. If you have enjoyed the way you can declare user configuration with home-manager, you may be interested in expanding your configuration to include other system dependencies and configuration. For example, in Linux you can define your entire system’s configuration (including the kernel, kernel modules, networking, filesystems, etc) in nix. For macOS, there is <a href=https://github.com/LnL7/nix-darwin class=link--external target=_blank rel=noreferrer>nix-darwin</a> that includes nix modules for configuring launchd, dock, and other preferences and services. You may also want to check out <a href=https://nixos.wiki/wiki/Flakes class=link--external target=_blank rel=noreferrer>Nix Flakes</a>: a more recent feature that allows you declare dependencies, and have them automatically pinned and hashed in <code>flake.lock</code>, similar to that of many modern package managers.</p><h2 id=wrapping-up>Wrapping up<a href=#wrapping-up class=post-heading__anchor aria-hidden=true>#</a></h2><p>The title of this post is slightly misleading, since it’s possible to retain some of your dotfiles and have them intermingle with home-manager by including them alongside nix. The idea of defining user configuration using nix can provide a clean way to maintain your configuration, and allow it to be portable across platforms. Is it worth the effort to migrate away from shell scripts and dotfiles? I’d say so.</p><p>You can find my nix config <a href=https://github.com/davegallant/nix-config class=link--external target=_blank rel=noreferrer>here</a>.</p></div><script type=text/javascript src=https://storage.ko-fi.com/cdn/widget/Widget_2.js></script><script type=text/javascript>kofiwidget2.init("Buy me a coffee","#32344a","F1F2S4LWI"),kofiwidget2.draw()</script><br><br><section id=comments class=comments><div class='container sep-before'><div class=comments><script>let theme="dark-blue",script=document.createElement("script");script.src="https://utteranc.es/client.js",script.setAttribute("repo","davegallant/site"),script.setAttribute("issue-term","pathname"),script.setAttribute("theme",theme),script.setAttribute("crossorigin","anonymous"),script.setAttribute("async",""),document.querySelector("div.comments").innerHTML="",document.querySelector("div.comments").appendChild(script)</script></div></div></section></article></div><div class=sidebar></div></main><footer><div class=copyright>Dave Gallant</div></footer><script src=/js/main.c26c1b7b76f4923d8125720886ede9ca08bfe20b924683914ba4c1c35d53667c6c2d764f5482d3860d36b9e58a50255bc22a03ff145555979852c5ec74f15e51.js></script><script src=/js/flexsearch.14d6ec971ca1482f729fabd3c5ebd8964fbdb7a063dd0de72d95551a1d8724aab0d0b94794be534bed8655a95929e44116e09ccda5ccd97d3a883b8e350e9344.js></script><script defer src=https://static.cloudflareinsights.com/beacon.min.js data-cf-beacon='{"token": "b96799f53f9940dca6f660e6052ba009"}'></script><script async src="https://www.googletagmanager.com/gtag/js?id=G-V8WJDERTX9"></script><script>var doNotTrack=!1;if(!doNotTrack){window.dataLayer=window.dataLayer||[];function gtag(){dataLayer.push(arguments)}gtag("js",new Date),gtag("config","G-V8WJDERTX9",{anonymize_ip:!1})}</script></div></body></html>
|
||||
Reference in New Issue
Block a user