Merge branch 'main' into teutat3s

This commit is contained in:
teutat3s 2021-12-01 12:22:19 +01:00
commit f570efefe9
Signed by untrusted user: teutat3s
GPG key ID: 4FA1D3FA524F22C1
5 changed files with 29 additions and 11 deletions

View file

@ -45,5 +45,32 @@ deploy '.#hostName' --hostname host.example.com
> ##### _Note:_
> Your user will need **passwordless** sudo access
### Home Manager
Digga's `lib.mkDeployNodes` provides only `system` profile.
In order to deploy your `home-manager` configuration you should provide additional profile(s) to deploy-rs config:
```nix
# Initially, this line looks like this: deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { };
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations
{
<HOSTNAME> = {
profilesOrder = [ "system" "<HM_PROFILE>" "<ANOTHER_HM_PROFILE>"];
profiles.<HM_PROFILE> = {
user = "<YOUR_USERNAME>";
path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.<YOUR_USERNAME>;
};
profiles.<ANOTHER_HM_PROFILE> = {
user = "<ANOTHER_USERNAME>";
path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.<ANOTHER_USERNAME>;
};
};
};
```
Substitute `<HOSTNAME>`, `<HM_PROFILE>` and `<YOUR_USERNAME>` placeholders (omitting the `<>`).
`<ANOTHER_HM_PROFILE>` is there to illustrate deploying multiple `home-manager` configurations. Either substitute those as well,
or remove them altogether. Don't forget the `profileOrder` variable.
[d-rs]: https://github.com/serokell/deploy-rs

View file

@ -1,11 +1,8 @@
# Secrets
Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix]
Secrets are managed using [agenix][agenix]
so you can keep your flake in a public repository like GitHub without
exposing your password or other sensitive data.
By default, everything in the secrets folder is automatically encrypted. Just
be sure to run `git-crypt init` before putting anything in here.
## Agenix
Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets
within the nix store because it is world-readable.
@ -104,7 +101,6 @@ secrets get decrypted. You can learn about them by looking at the
> You can take a look at the [agenix repository][agenix] for more information
> about the tool.
[git-crypt]: https://github.com/AGWA/git-crypt
[agenix]: https://github.com/ryantm/agenix
[age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix
[secrets-issue]: https://github.com/NixOS/nix/issues/8

View file

@ -6,7 +6,7 @@ This will help you boostrap a bare host with the help of the
_Note: nothing prevents you from remotely executing the boostrapping
process. See below._
Once your target host has booted into the live iso, you need to partion
Once your target host has booted into the live iso, you need to partition
and format your disk according to the [official manual][manual].
## Mount partitions

View file

@ -30,10 +30,6 @@ in
unset _PATH
'');
packages = with pkgs; [
git-crypt
];
commands = with pkgs; [
(devos nixUnstable)
(devos agenix)

View file

@ -3,7 +3,6 @@
home-manager.users = { inherit (hmUsers) nixos; };
users.users.nixos = {
uid = 1000;
password = "nixos";
description = "default";
isNormalUser = true;