https://i.stack.imgur.com/JG9yA.png
- Reasoning hugely increase congnitive load.
- Not aware of what happens.
- Much easier to make a mistake, because a change affects almost whole system.
- ifconfig/iptables/nm-tui/gnome settings/etc
- Did some tweaks. Forgot about it. Did reboot. Broke everything.
Nope.
- # of packages, dhcp, etc.
- NetworkManager configuration and similar.
- db cache, db data, etc.
revisioned configuration and revisioned pkgs.
f(config, pkgs) -> system
f(config, pkgs, encrypted-secrets) -> system
+ security key
You can’t make secrets a part of OS.
- Threw out ssd of your localhost, insert new one
- Boot from usb stick, connect to network
- Clone
rde-config
repo cd rde-config
[rde partition config.scm /device]
rde system init config.scm /device/partition
reboot
- Pre-configure as much as possible
- Update only by
system reconfigure
- Erase
/
with snapshot on each boot - Boot the system
- Make another snapshot
- Work
- Diff changes
- Move state to config
Immutable OS + User programs with state
Good practice. https://i.stack.imgur.com/JG9yA.png
[rde partition config.scm /device]
[rde security-key init /device/partition]
rde system init config.scm /device/partition
rde state init config.scm /device/partition
reboot
- Define state components
- Work
- Diff changes
- Eliminate uncontrolled state
rde state check-untracked
rde state edit # state.scm config
rde state sync
rde state status
Part of the system + secret key.
- 2-step deployement
In most cases we do not care.
No need to init, possible to retrieve manually
Same as
Can be archiveable or not. Something that we are agree to lose.
It’s obviously possible to reduce the amount of state, but it requires some time to implement such solution.