Hacker News new | ask | show | jobs
by colordrops 1260 days ago
Could try Nix with Agenix. Modularized and composable, and secrets can be stored encrypted in git.
2 comments
yewenjie 1260 days ago
There is also https://github.com/hercules-ci/arion - run docker-compose with help from Nix/NixOS
link
xrd 1260 days ago
This sounds interesting. Do you have a good write-up?
link
colordrops 1260 days ago
I don't have a write-up, just my code in git. But it's not public. I'm not using anything out of the ordinary - Nix containers, modules, and functions, and the Agenix module with uses a private key to decrypt secrets at start. The Nix language is inherently composable. If you are familiar with Nix, it should be straightforward, otherwise it would probably be better to learn it first. Perhaps you could use this as a mechanism to learn. Here are some links that explain:

Containers:

https://nixos.wiki/wiki/NixOS_Containers

Modules:

https://nixos.wiki/wiki/NixOS_modules

Functions:

https://www.reddit.com/r/NixOS/comments/zzstun/please_help_m...

Agenix:

https://github.com/ryantm/agenix

link
xrd 1260 days ago
Thanks, this is very helpful.

At first glance, this looks a bit more complicated to me than docker compose. Using nix feels like it could make things more precise, and maybe that is better?

I'm still learning Nix, despite having it has my main laptop driver for over a year. It's magical and mystifying all at once!

link
colordrops 1260 days ago
Oh, it's vastly more powerful than docker compose. You can completely configure everything on your machine declaratively and reproducibly.
link