ecs-blueprints
agenix
ecs-blueprints | agenix | |
---|---|---|
2 | 10 | |
217 | 1,241 | |
1.8% | - | |
7.8 | 7.3 | |
18 days ago | 5 days ago | |
Python | Nix | |
Apache License 2.0 | Creative Commons Zero v1.0 Universal |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ecs-blueprints
- Help with the architecture of ECS Clusters with Fargate in two availability zones (with AWS)
-
Ask HN: A Better Docker Compose?
I’ve been spending a week trying to learn how to deploy a collection of containers (my web app, a Postgres DB, and some microservices) to AWS and I am still so lost.
The first solution I happened upon was serverless. Specifically SST, which is written with AWS CDK, but you must develop on live services and I just can’t justify paying to develop.
Then I found Serverless Framework, which is an abstraction on CloudFormation, but the offline solutions like localstack get a lot of flack for being buggy and localstack charges for some services. I also looked into Architect but the documentation is abysmal.
Then I figured serverful might be the easier way to go. I found that docker compose has a built in integration with AWS ECS where it transforms your yaml into Cloudformation to provision the right services. However, it seems to just be missing key parts like custom domain and SSL certificate provisioning which seems to defeat the IaC ethos.
Then I figured I might go with Terraform and I found some seemingly good starters like https://github.com/aws-ia/terraform-aws-ecs-blueprints https://github.com/cloudposse/terraform-aws-ecs-web-app https://github.com/turnerlabs/terraform-ecs-fargate but the examples are just lacking. They don’t have any examples for multiple containers that can access each others’ resources that I can find. Reading these templates has at least given me a better idea of the resources I need to provision in AWS but the networking and configuration still frighten me. Like do I need to configure nginx with a reverse proxy myself? How do I orchestrate that container with the others? And apparently services can crash and just not restart? And I need to make sure to configure volumes for data that needs to persist. And setting up the CI/CD seems daunting.
I’ve also heard about docker swarm, kubernetes, pulumi, AWS SAM, etc but it’s a lot to learn. When I go on Discords for web frameworks, mostly everyone including the devs of these frameworks use 2nd tier managed providers like Vercel, Fly, Netlify, Supabase, Cloudflare, etc. But many of those are just not as reliable as core cloud providers and the cost is way higher. Glad to see I’m not alone in a very reasonable expectation of a simple way to orchestrate multiple containers on AWS, what must be the most common use case web developers have
agenix
-
password manager solution advice
How about: https://github.com/ryantm/agenix
-
how to store secrets needed at install time
I've heard good things about and seen sops-nix used on a few really solid configs. Others tend to use Age or Homeage.
-
Ask HN: A Better Docker Compose?
I don't have a write-up, just my code in git. But it's not public. I'm not using anything out of the ordinary - Nix containers, modules, and functions, and the Agenix module with uses a private key to decrypt secrets at start. The Nix language is inherently composable. Here are some links that explain:
Containers:
https://nixos.wiki/wiki/NixOS_Containers
Modules:
https://nixos.wiki/wiki/NixOS_modules
Functions:
https://www.reddit.com/r/NixOS/comments/zzstun/please_help_m...
Agenix:
https://github.com/ryantm/agenix
-
ridiculously easy mail server setup with NixOS
For passwords I am using agenix which is also pretty awesome, an alternative could have been sops.nix.
-
NixOS for Apt/Yum Users: a Gift That Keeps on Giving
Alternatively, you could simply add the wireless connection files to the Networkmanager dir in /etc using environment.etc. Though keep in mind that any file declared in your config is readable by any user in your system. agenix would be the solution to that.
-
What to do...
One think I saw that I don't recommend is to change your password after installing; that's not very reporoducible, use users.users..hashedPassword or users.users..passwordFile with agenix or sops-nix.
-
Understanding nixos secrets management/aws configuration
Answering your broader question (secret management) colmena does that for me outside the Nix store. I also use git-crypt to store secrets in the repo. There are also more Nix-y alternatives like agenix.
-
If you’re not using SSH certificates you’re doing SSH wrong
I feel that trying to make SSH keys short-lived is becoming more painful each year because there's an increase of tools that use SSH keys for purposes other than SSH logins. For example, age [1] encrypts files with SSH keys, agenix [2] does secrets management with it, Git can now sign commits with it [3], and even ssh-keygen can now sign arbitrary data [4]. All of these become useless the moment you start using short-lived keys.
[1]: https://github.com/FiloSottile/age
[2]: https://github.com/ryantm/agenix
[3]: https://calebhearth.com/sign-git-with-ssh
[4]: https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html
-
homeage: declarative runtime decrypted age secrets for home manager
I built this because I try to keep as much as possible outside of my system config but all of the secret managers I found were system only. I had no idea how to solve this until I found RaitoBezarius' awesome pull request to agenix where it all clicked. It also exposed me to the inner workings of home-manager which has definitely made me appreciate it more! I kept this separate from agenix because I am interested only in a module rather than a CLI and thus see it as having a different fit.
-
How do you manage your private keys?
I've been thinking about the same thing. I haven't gotten around to it yet but agenix looked the most promising to me so far
What are some alternatives?
terraform-ecs-fargate - A Terraform template used for provisioning web application stacks on AWS ECS Fargate
sops-nix - Atomic secret provisioning for NixOS based on sops
polycrate - Polycrate is a framework that lets you package, integrate and automate complex applications and infrastructure.
nixos-config - My NixOS configurations.
Netmaker - Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
nixos-config - Mirror of https://code.balsoft.ru/balsoft/nixos-config
Docker Compose - Define and run multi-container applications with Docker
homeage - runtime decrypted age secrets for nix home manager
Juju - Orchestration engine that enables the deployment, integration and lifecycle management of applications at any scale, on any infrastructure (Kubernetes or otherwise).
pass-import - A pass extension for importing data from most existing password managers
supabase - The open source Firebase alternative.
slips - SatoshiLabs Improvement Proposals