Question 1

How does Bento compare to NixOps for NixOS deployment?

Accepted Answer

Bento uses a pull-based model with SSH/SFTP for privacy and firewall bypass, while NixOps is push-based. Bento is better for distributed, privacy-focused fleets, but NixOps might suit centralized, immediate deployments better.

Question 2

How to set up Bento with Tor hidden service for firewall bypass?

Accepted Answer

Configure the SSH server to use Tor as a tunnel, then set up clients to connect via the hidden service. The README mentions support for Tor, but specific steps require additional networking setup.

Question 3

Does Bento work with NixOS flakes?

Accepted Answer

Yes, Bento automatically detects if configurations use flakes or not, and it can be invoked with 'nix shell github:rapenne-s/bento' for flake-based setups, ensuring compatibility.

Question 4

Can Bento deploy secrets without storing them in the Nix store?

Accepted Answer

The README indicates secret deployment is 'soon' available, but currently, secrets might need alternative methods. Future updates aim to handle arbitrary files securely outside the Nix store.

Question 5

What happens if the central Bento server goes down during an update?

Accepted Answer

If the SFTP server is unreachable, clients won't receive log files, and systems will show as 'rebuild/sync pending'. Using redundant tunnels or monitoring can help mitigate this issue.

Question 6

How to add a new host to a Bento-managed fleet?

Accepted Answer

Update the fleet.nix file on the server to declare the new host with its SSH key, then run 'bento deploy' to copy configurations to the corresponding chroot directory for client access.

bento

What is bento?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions