Open nh2 opened 5 years ago
The fact that it's
resources.ec2SecurityGroups.mygroup = { nodes, ... }:
and not
resources.ec2SecurityGroups = { nodes, ... }: { mygroup = ... }
also means I can't even inspect nodes
to generate security groups for all the regions I use in the network with map
, but instead have to declare them manually.
explanations on what's currently not possible (like resources depending on nodes machine config values)
I've used #1456 to do this successfully.
In nixops each machine in a network configuration gets passed in
resources
andnodes
to observe the entire network. Example:It appears that other
resources
also do this.E.g. ~it possible to write a
resources.ec2SecurityGroups
that collects all thenetworking.firewall.allowedTCPPorts
from all machines and opens ports in the AWS firewall for them~ Edit: this is not actually possible: Forresources.ec2SecurityGroups.mygroup = { nodes, ... }
, thenodes."mymachine".config.networking
does not evaluate becauseattribute 'config' missing
. It seems that works only for machines :disappointed:The manual does not show many examples of that. Most of the time it shows things like
There is only 1 example that shows something more sophisticated, and it's in a very specialised section without any explanation:
I often have trouble figuring out which things are allowed to be a function accepting
resources
,nodes
etc. and which ones not.I think we're not doing a good job yet explaining this general concept.
IRC discussion
Here's a discussion between @cleverca22 and me on IRC that sheds some more light into the workings
clever
nh2
clever
nh2
clever
nh2
Goal
Let's document this properly, with
resources
, usingnodes
etcnodes
machine config values)