A KISS deployment tool to keep your NixOS fleet (servers & workstations) up to date.
This name was chosen because Bento are good, and comes with the idea of "ready to use". And it doesn't use "nix" in its name.
Use with flakes: nix shell github:rapenne-s/bento
There is currently no tool to manage a bunch of NixOS systems that could be workstations anywhere in the world, or servers in a datacenter, using flakes or not.
Most NixOS deployment tools are working on a "push" model, in which a system is connecting to a remote NixOS to push its new version.
Bento has a different approach with a "pull" model:
This setup need a machine to be online most of the time. NixOS systems (clients) will regularly check for updates on this machine over ssh.
Bento doesn't necesserarily require a public IP, don't worry, you can use tor hidden service, i2p tunnels, a VPN or whatever floats your boat given it permit to connect to ssh.
Bento will use nvd
instead of nix store diff-closures
if it's available in the $PATH
.
The ssh server is containing all the configuration files for the machines. When you make a change, run bento
to rebuild systems and copy all the configuration files to a new directory used by each client as a sftp chroot, each client regularly poll for changes in their dedicated sftp directory and if it changed, they download all the configuration files and run nixos-rebuild. It automatically detects if the configuration is using flakes or not.
bento
is the only script to add to $PATH
, however a few other files are required to setup your configuration management:
utils/fleet.nix
file that must be included in the ssh host server configuration, it declares the hosts with their name and ssh key, creates the chroots and enable sftp for each of them. You basically need to update this file when a key change, or a host is added/removedutils/bento.nix
that has to be imported into each host configuration, it adds a systemd timer triggering a service looking for changes and potentially trigger a rebuild if anybento deploy
create copies of configuration files for each host found in host
into the corresponding chroot directory (default is /home/chroot/$machine/
bento build
iterates over each host configuration to run nixos-rebuild build
, but you can pass dry-build
as a parameter if you just want to ensures each configuration is valid.On the client, the system configuration is stored in /var/bento/
and also contains scripts update.sh
and bootstrap.sh
used to look for changes and trigger a rebuild.
There is a diagram showing the design pattern of bento:
last_time_changed
fileconfig.sh
should have variables for the local / remote / both nixos-rebuild
parameters (useful for --fallback
)