vaultenv
nickel
vaultenv | nickel | |
---|---|---|
2 | 46 | |
432 | 2,153 | |
0.2% | 2.8% | |
4.3 | 9.5 | |
23 days ago | about 17 hours ago | |
Haskell | Rust | |
BSD 3-clause "New" or "Revised" License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vaultenv
-
Using secrets in kube prom stack helm chart
Having secrets in an external system (like Hashicorp Vault) and then using [vaultenv](https://github.com/channable/vaultenv) to inject these during `helm install/upgrade`. So you end up with something like `vaultenv ... -- helm install --set config.myvar=${VAULTENV_INJECTED_ENV_VALUE}` (or similar). Point is I use vaultenv to run helm with secrets injected as env vars only during the helm run, and use helm's `--set` flag to set individual secrets. This can get tedious if you have many secrets as you have to specify each of them individually with --set. Usually I wrap this in a Makefile or a shell script for easier invoking.
-
Nix is the ultimate DevOps toolkit
> Also, regarding DevOps, the tooling around Nix makes it a little brittle for anything event based--rapidly changing configurations on the fly due to network conditions (Consul, Ansible, etc). This is where configuration management is heading, and due to the static nature of Nix, delegating dynamic changes is hard/anti pattern.
Channable uses Consul, Vault, etc. for dynamic configuration and it works with Nix just fine.
You don't have to use static configuration files with Nix. Either fetch dynamic stuff using the Consul, Vault, etc. APIs at runtime or use a tool like vaultenv [1] or similar if you don't want this logic in your application code.
Put those tools in your systemd service before launching your app, and you're good to go.
(NB: I was DevOps teamlead at Channable while a part of this work was being done. Sad that I won't be able to see the final picture.)
[1]: https://github.com/channable/vaultenv
nickel
-
Nix – A One Pager
So, its key features are:
1. domain-specific: designed for conveniently creating and composing derivations. This reason alone already justifies a new language, or an embedded domain-specific language (such as the Guile/Scheme for guix), or a mix of both (Starlark, the build language of Bazel embedded in a restricted Python-variant).
2. purely functional: this ties well into the philosophical backing of Nix the package manager, which aims to be purely functional, also known as hermeticity in other build systems (Bazel).
3. lazily evaluated: similar to other build systems (including Bazel), so that you can build only what you need on demand.
4. dynamically typed: this one is controversial. Being dynamically typed—in other words, not developing a type system—gets Nix out of the door first. But users often complain about the lack of proper types and modularity. There are experiments to address this, such as Nickel (https://github.com/tweag/nickel).
It is understandable that a one-pager may not have space for the whys.
-
10 Ways for Kubernetes Declarative Configuration Management
Nickel:Nickel is a straightforward configuration language aimed at automatically generating static configuration files. Essentially, it's akin to JSON with the addition of functions and types.
-
Show HN: Togomak – declarative pipeline orchestrator based on HCL and Terraform
Also look at nickel which is an evolution of nix. It's my favorite in this space.
nickel-lang.org
https://github.com/tweag/nickel
- Show HN: Flake schemas – teaching Nix about your flake outputs
-
What config format do you prefer?
Or this https://github.com/tweag/nickel
-
Nickel 1.0
Nickel is a programming language. While HCL is just a configuration format, so not really comparable.
Here's a comparison with similar tools: https://github.com/tweag/nickel#comparison
-
Announcing Nickel 1.0, a configuration language written in (and usable from) Rust
As for 'providence', I suppose you meant provenance :) it's been delayed because this was less critical for 1.0 to decide on or to implement (as it: it doesn't break backward compatibility in any way to add this feature in the short term), but this is very much on the roadmap: Issue #235. That's a must-have in a language with merging like Nickel.
-
Rewrite it in Rust: Kubernetes
Have you considered using a different language for templating? this could be a BIG selling point. Some good ones are cue-lang (though I haven't seen support for rust), kcl or nickel-lang.
- Nickel v1.0.0
- Design rationale for the Nickel configuration language
What are some alternatives?
nixos - My NixOS Configurations
rnix-lsp - WIP Language Server for Nix! [maintainer=@aaronjanse]
haskell-nix - Nix and Haskell in production
asdf - Extendable version manager with support for Ruby, Node.js, Elixir, Erlang & more
nix-gui - Use NixOS Without Coding
nixos - NixOS Configuration
nix-doc - An interactive Nix documentation tool providing a CLI for function search, a Nix plugin for docs in the REPL, and a ctags implementation for Nix script
pndev - CLI tool for es-development
AppImageKit - Package desktop applications as AppImages that run on common Linux-based operating systems, such as RHEL, CentOS, openSUSE, SLED, Ubuntu, Fedora, debian and derivatives. Join #AppImage on irc.libera.chat
nix-1p - A (more or less) one page introduction to Nix, the language.
nix - Nix, the purely functional package manager