NixOS manages dependencies in a very strict way—sometimes too strict? Here at Flying Circus, many users prefer to compile custom applications in home directories. They link them against libraries they have installed before by nix-env. This works well… until something is updated! On the next change anywhere down the dependency chain, libraries get new hashes in the Nix store, the garbage collector removes old versions, and user applications break until recompiled.
In this blog post, I would like to introduce fc-userscan. This little tool scans (home) directories recursively for Nix store references and registers them as per-user roots with the garbage collector. This way, dependencies will be protected even if they cease to be referenced from “official” Nix roots like the current-system profile or a user’s local Nix profile. After registering formerly unmanaged references with fc-userscan, one can fearlessly run updates and garbage collection.
Continue reading Announcing fc-userscan
It used to run fine for years… but now the (deprecated) Puppet infrastructure at the Flying Circus is showing signs of aging. It’s not about server hardware or something like this (fully virtualized anyway) – it’s about SSL certificates of Puppet’s own SSL infrastructure. Time for a face lift.
In the following, I will describe what we did to renew both CA and Puppet server certificates. Despite that this problem should occur on every Puppet server running for a prolonged amount of time, I found remarkably few resources on the net (that did not involve completely replacing the CA) – so I’m going to share our findings.
Continue reading How to renew Puppet CA and server certificates in place
The latest Amazon S3 outage showed me one thing again: more diversity is better.
Diversity is a current topic that includes social issues like women in tech. However, on a technical basis diversity also is important. It’s known that monocultures are more affected by diseases and other issues. So when half of the internet is using Amazon, a lot goes down if Amazon fails.
Every system will eventually fail. This is true for Amazon, as well as us. The internet is moving fast away from independent, interconnected nodes to an oligopoly. Nobody gets fired for using AWS nowadays. And that’s a problem I think. We need to embrace independent providers for the better of the internet.
Photo by Andrew Fogg.
We have been looking for a way to allow developers to run the Flying Circus managed components in local installations, so they can develop while being offline or before starting to run the application in our commercial environment. Continue reading Technical Preview: running Flying Circus managed components locally in Vagrant