131 lines
3.6 KiB
Markdown
131 lines
3.6 KiB
Markdown
# Tutorial: Moving from a NixOps to a Krops deployment
|
|
|
|
1. Add a new ssh key to your nix-bitcoin node
|
|
|
|
Krops doesn't automatically generate ssh keys like NixOps, instead you add your own.
|
|
|
|
If you don't have a ssh key yet
|
|
|
|
```
|
|
ssh-keygen -t ed25519 -f ~/.ssh/bitcoin-node
|
|
```
|
|
|
|
Edit `configuration.nix`
|
|
|
|
```
|
|
users.users.root = {
|
|
openssh.authorizedKeys.keys = [
|
|
"<contents of ~/.ssh/bitcoin-node.pub or existing .pub key file>"
|
|
];
|
|
};
|
|
```
|
|
|
|
Deploy new key
|
|
|
|
```
|
|
nixops deploy -d bitcoin-node
|
|
```
|
|
|
|
2. Update your nix-bitcoin, depending on your setup either with `fetch-release` or `git`. Make sure you are at least on `v0.0.41`.
|
|
|
|
3. Pull the latest nix-bitcoin source
|
|
|
|
```
|
|
cd ~/nix-bitcoin
|
|
git pull
|
|
```
|
|
|
|
4. Copy new and updated files into your deployment folder
|
|
|
|
```
|
|
cd <deployment directory, for example `~/nix-bitcoin-node`>
|
|
cp -r ~/nix-bitcoin/examples/{krops,shell.nix} .
|
|
```
|
|
|
|
5. Edit your ssh config
|
|
|
|
```
|
|
nano ~/.ssh/config
|
|
```
|
|
|
|
and add the node with an entry similar to the following (make sure to fix `Hostname` and `IdentityFile`):
|
|
|
|
```
|
|
Host bitcoin-node
|
|
# FIXME
|
|
Hostname NODE_IP_ADDRESS_OR_HOST_NAME_HERE
|
|
User root
|
|
PubkeyAuthentication yes
|
|
# FIXME
|
|
IdentityFile <ssh key from step 1 or path to existing key>
|
|
AddKeysToAgent yes
|
|
```
|
|
|
|
6. Make sure you are in the deployment directory and edit `krops/deploy.nix`
|
|
|
|
```
|
|
nano krops/deploy.nix
|
|
```
|
|
|
|
Locate the `FIXME` and set the target to the name of the ssh config entry created earlier, i.e. `bitcoin-node`.
|
|
|
|
Note that any file imported by your `configuration.nix` must be copied to the target machine by krops.
|
|
For example, if there is an import of `networking.nix` you must add it to `extraSources` in `krops/deploy.nix` like this:
|
|
```
|
|
extraSources = {
|
|
"hardware-configuration.nix".file = toString ../hardware-configuration.nix;
|
|
"networking.nix".file = toString ../networking.nix;
|
|
};
|
|
```
|
|
|
|
7. If `lnd` or `joinmarket` is enabled on your node, run the commmand
|
|
```
|
|
nix-shell --run 'nix-instantiate --eval -E "
|
|
(import <nixpkgs/nixos> {
|
|
configuration = { lib, ... }: {
|
|
imports = [ ./configuration.nix ];
|
|
nix-bitcoin.configVersion = lib.mkDefault \"0.0.31\";
|
|
nix-bitcoin.secretsSetupMethod = lib.mkForce \"manual\";
|
|
};
|
|
}).vm.outPath
|
|
"'
|
|
```
|
|
and follow the migration instructions from the error message.
|
|
|
|
8. Optional: Disallow substitutes
|
|
|
|
You may have been building nix-bitcoin "without substitutes" to avoid pulling in binaries from the Nix cache. If you want to continue doing so, you have to add the following line to the `configuration.nix`:
|
|
```
|
|
nix.extraOptions = "substitute = false";
|
|
```
|
|
|
|
If the build process fails for some reason when deploying with `krops-deploy` (see later step), it may be difficult to find the cause due to the missing output.
|
|
In that case, it is possible to SSH into the target machine and run
|
|
```
|
|
nixos-rebuild -I /var/src switch
|
|
```
|
|
|
|
9. Deploy with krops
|
|
|
|
```
|
|
nix-shell --run krops-deploy
|
|
```
|
|
Remove the old secrets directory. For krops deployments, secrets are always
|
|
located at `/var/src/secrets`.
|
|
```
|
|
ssh bitcoin-node 'rm -rf /secrets'
|
|
```
|
|
|
|
9. You can now access `bitcoin-node` via ssh
|
|
|
|
```
|
|
ssh operator@bitcoin-node
|
|
```
|
|
|
|
10. You can remove the remaining traces of nixops as follows:
|
|
```
|
|
nix-shell
|
|
nix run -f '<nix-bitcoin>' nixops19_09 -c nixops delete -d bitcoin-node --force
|
|
git rm -r nixops
|
|
```
|