I have issue which I would like to get some point of view of follow Nixers,
I am incharge right now on project that is sensitive situation (things needs to get fixed as soon as possible) the project it self is about a Linux system(Debian)+firmware+hardware that is getting sent to clients that might be behind firewall the OS itself getting provisioned with Ansible(either remote or locally) before that it will be boot to our own Debian image from 2020.
there were/are issues with this provisioning process mainly losing determinism of the build (apt-get install, Debian sources URL become invalid).
so in order to start a gradual change I started by creating a development environment in nix that will bring Ansible(and any other tool needed) and create a DSL out of writeShellScriptBins that will make the provision happen. this is good but it didn’t still solve the problem of determinism of the packages on the Debian system itself and the process needs the internet (if client is offline I would like to send them one executable that will update their system without the need for internet)
I guess the summarize the question I would like to get the “most birds in one stone” here therefor I see these options:
nix bundle- which will use my current writeshellscript which wraps over ansible
but this will only work on Linux machine (clients might be on windows)
, maybe can I scp the bundle result into the machine
Replace the entire Debian system with NixOS (create an image out of configuration.nix) if going this route I wonder what are my options/risks in terms on full offline update:
- sending them new image every time?
- how involve will this be?
- static compiled executables?
I am sorry if the question is too broad, but any idea will help.
could be even just a name drop of a library/tool.