greg
/
nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: nixops-krops migration guide

This commit is contained in:
nixbitcoin 2021-03-10 14:08:43 +01:00 committed by Erik Arvstedt
parent 7c0b521785
commit 520a983862
No known key found for this signature in database
GPG Key ID: 33312B944DD97846
1 changed files with 130 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
docs/nixops-krops-migration.md Normal file
View File

@ -0,0 +1,130 @@
# Tutorial: Moving from a NixOps to a Krops deployment
1. Add a new ssh key to your nix-bitcoin node
Krops doesn't automatically generate ssh keys like NixOps, instead you add your own.
If you don't have a ssh key yet
```
ssh-keygen -t ed25519 -f ~/.ssh/bitcoin-node
```
Edit `configuration.nix`
```
users.users.root = {
openssh.authorizedKeys.keys = [
"<contents of ~/.ssh/bitcoin-node.pub or existing .pub key file>"
];
};
```
Deploy new key
```
nixops deploy -d bitcoin-node
```
2. Update your nix-bitcoin, depending on your setup either with `fetch-release` or `git`. Make sure you are at least on `v0.0.41`.
3. Pull the latest nix-bitcoin source
```
cd ~/nix-bitcoin
git pull
```
4. Copy new and updated files into your deployment folder
```
cd <deployment directory, for example `~/nix-bitcoin-node`>
cp -r ~/nix-bitcoin/examples/{krops,shell.nix} .
```
5. Edit your ssh config
```
nano ~/.ssh/config
```
and add the node with an entry similar to the following (make sure to fix `Hostname` and `IdentityFile`):
```
Host bitcoin-node
# FIXME
Hostname NODE_IP_ADDRESS_OR_HOST_NAME_HERE
User root
PubkeyAuthentication yes
# FIXME
IdentityFile <ssh key from step 1 or path to existing key>
AddKeysToAgent yes
```
6. Make sure you are in the deployment directory and edit `krops/deploy.nix`
```
nano krops/deploy.nix
```
Locate the `FIXME` and set the target to the name of the ssh config entry created earlier, i.e. `bitcoin-node`.
Note that any file imported by your `configuration.nix` must be copied to the target machine by krops.
For example, if there is an import of `networking.nix` you must add it to `extraSources` in `krops/deploy.nix` like this:
```
extraSources = {
"hardware-configuration.nix".file = toString ../hardware-configuration.nix;
"networking.nix".file = toString ../networking.nix;
};
```
7. If `lnd` or `joinmarket` is enabled on your node, run the commmand
```
nix-shell --run 'nix-instantiate --eval -E "
(import <nixpkgs/nixos> {
configuration = { lib, ... }: {
imports = [ ./configuration.nix ];
nix-bitcoin.configVersion = lib.mkDefault \"0.0.31\";
nix-bitcoin.secretsSetupMethod = lib.mkForce \"manual\";
};
}).vm.outPath
"'
```
and follow the migration instructions from the error message.
8. Optional: Disallow substitutes
You may have been building nix-bitcoin "without substitutes" to avoid pulling in binaries from the Nix cache. If you want to continue doing so, you have to add the following line to the `configuration.nix`:
```
nix.extraOptions = "substitute = false";
```
If the build process fails for some reason when deploying with `krops-deploy` (see later step), it may be difficult to find the cause due to the missing output.
In that case, it is possible to SSH into the target machine and run
```
nixos-rebuild -I /var/src switch
```
9. Deploy with krops
```
nix-shell --run krops-deploy
```
Remove the old secrets directory. For krops deployments, secrets are always
located at `/var/src/secrets`.
```
ssh bitcoin-node 'rm -rf /secrets'
```
9. You can now access `bitcoin-node` via ssh
```
ssh operator@bitcoin-node
```
10. You can remove the remaining traces of nixops as follows:
```
nix-shell
nix run -f '<nix-bitcoin>' nixops19_09 -c nixops delete -d bitcoin-node --force
git rm -r nixops
```