From 243116e2288005c90824a6d0d0ac400b973629ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 24 Oct 2021 19:36:56 +0200 Subject: [PATCH 1/5] Remove git crypt, update docs --- doc/secrets.md | 6 +----- shell/devos.nix | 4 ---- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/doc/secrets.md b/doc/secrets.md index 6afe2f6a..996f4180 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -1,11 +1,8 @@ # Secrets -Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix] +Secrets are managed using [agenix][agenix] so you can keep your flake in a public repository like GitHub without exposing your password or other sensitive data. -By default, everything in the secrets folder is automatically encrypted. Just -be sure to run `git-crypt init` before putting anything in here. - ## Agenix Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets within the nix store because it is world-readable. @@ -104,7 +101,6 @@ secrets get decrypted. You can learn about them by looking at the > You can take a look at the [agenix repository][agenix] for more information > about the tool. -[git-crypt]: https://github.com/AGWA/git-crypt [agenix]: https://github.com/ryantm/agenix [age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix [secrets-issue]: https://github.com/NixOS/nix/issues/8 diff --git a/shell/devos.nix b/shell/devos.nix index 90901435..6f01267f 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -30,10 +30,6 @@ in unset _PATH ''); - packages = with pkgs; [ - git-crypt - ]; - commands = with pkgs; [ (devos nixUnstable) (devos agenix) From 6962aab06c1b679163e41cd70a697807b199548e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 24 Oct 2021 19:39:23 +0200 Subject: [PATCH 2/5] Remove .gitattributes files --- secrets/.gitattributes | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 secrets/.gitattributes diff --git a/secrets/.gitattributes b/secrets/.gitattributes deleted file mode 100644 index 901863e3..00000000 --- a/secrets/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -* filter=git-crypt diff=git-crypt -.gitattributes !filter !diff -secrets.nix !filter !diff -README.md !filter !diff From 89b3cf78fd7af80e4dce4bfa9b3e6120e8d323e0 Mon Sep 17 00:00:00 2001 From: Karolis Labrencis Date: Tue, 2 Nov 2021 23:42:38 +0200 Subject: [PATCH 3/5] Document using deploy-rs to deploy home-manager --- doc/integrations/deploy.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/doc/integrations/deploy.md b/doc/integrations/deploy.md index 642267c8..2282eb7f 100644 --- a/doc/integrations/deploy.md +++ b/doc/integrations/deploy.md @@ -45,5 +45,32 @@ deploy '.#hostName' --hostname host.example.com > ##### _Note:_ > Your user will need **passwordless** sudo access +### Home Manager + +Digga's `lib.mkDeployNodes` provides only `system` profile. +In order to deploy your `home-manager` configuration you should provide additional profile(s) to deploy-rs config: +```nix +# Initially, this line looks like this: deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { }; +deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations + { + = { + profilesOrder = [ "system" "" ""]; + profiles. = { + user = ""; + path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.; + }; + profiles. = { + user = ""; + path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.; + }; + }; + }; +``` + +Substitute ``, `` and `` placeholders (omitting the `<>`). + +`` is there to illustrate deploying multiple `home-manager` configurations. Either substitute those as well, +or remove them altogether. Don't forget the `profileOrder` variable. + [d-rs]: https://github.com/serokell/deploy-rs From 70545abd1bf263c6c5f575fee41ec137af630f95 Mon Sep 17 00:00:00 2001 From: Michael Reddick Date: Sat, 20 Nov 2021 15:58:37 -0600 Subject: [PATCH 4/5] docs: fix typo in start/bootstrapping --- doc/start/bootstrapping.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/start/bootstrapping.md b/doc/start/bootstrapping.md index f4c5190e..b8a0ad04 100644 --- a/doc/start/bootstrapping.md +++ b/doc/start/bootstrapping.md @@ -6,7 +6,7 @@ This will help you boostrap a bare host with the help of the _Note: nothing prevents you from remotely executing the boostrapping process. See below._ -Once your target host has booted into the live iso, you need to partion +Once your target host has booted into the live iso, you need to partition and format your disk according to the [official manual][manual]. ## Mount partitions From b15b8bf86551f0b4ed2c7ac2c569d6784cd25fd7 Mon Sep 17 00:00:00 2001 From: Dmytro Kostiuchenko Date: Mon, 29 Nov 2021 08:44:15 +0200 Subject: [PATCH 5/5] Do not hardcode UID for the exemplary user uid = 1000 is an unreasonable default for an examplary user nixos, because someone trying DevOs on a working NixOS installation likely has their own user with uid=1000 already. The code thus renders /etc/passwd invalid preventing user from logging in --- users/nixos/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/users/nixos/default.nix b/users/nixos/default.nix index 5c037fe8..077a52e4 100644 --- a/users/nixos/default.nix +++ b/users/nixos/default.nix @@ -3,7 +3,6 @@ home-manager.users = { inherit (hmUsers) nixos; }; users.users.nixos = { - uid = 1000; password = "nixos"; description = "default"; isNormalUser = true;