diff --git a/doc/integrations/deploy.md b/doc/integrations/deploy.md index 642267c..2282eb7 100644 --- a/doc/integrations/deploy.md +++ b/doc/integrations/deploy.md @@ -45,5 +45,32 @@ deploy '.#hostName' --hostname host.example.com > ##### _Note:_ > Your user will need **passwordless** sudo access +### Home Manager + +Digga's `lib.mkDeployNodes` provides only `system` profile. +In order to deploy your `home-manager` configuration you should provide additional profile(s) to deploy-rs config: +```nix +# Initially, this line looks like this: deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { }; +deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations + { + = { + profilesOrder = [ "system" "" ""]; + profiles. = { + user = ""; + path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.; + }; + profiles. = { + user = ""; + path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.; + }; + }; + }; +``` + +Substitute ``, `` and `` placeholders (omitting the `<>`). + +`` is there to illustrate deploying multiple `home-manager` configurations. Either substitute those as well, +or remove them altogether. Don't forget the `profileOrder` variable. + [d-rs]: https://github.com/serokell/deploy-rs diff --git a/doc/secrets.md b/doc/secrets.md index 6afe2f6..996f418 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -1,11 +1,8 @@ # Secrets -Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix] +Secrets are managed using [agenix][agenix] so you can keep your flake in a public repository like GitHub without exposing your password or other sensitive data. -By default, everything in the secrets folder is automatically encrypted. Just -be sure to run `git-crypt init` before putting anything in here. - ## Agenix Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets within the nix store because it is world-readable. @@ -104,7 +101,6 @@ secrets get decrypted. You can learn about them by looking at the > You can take a look at the [agenix repository][agenix] for more information > about the tool. -[git-crypt]: https://github.com/AGWA/git-crypt [agenix]: https://github.com/ryantm/agenix [age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix [secrets-issue]: https://github.com/NixOS/nix/issues/8 diff --git a/doc/start/bootstrapping.md b/doc/start/bootstrapping.md index f4c5190..b8a0ad0 100644 --- a/doc/start/bootstrapping.md +++ b/doc/start/bootstrapping.md @@ -6,7 +6,7 @@ This will help you boostrap a bare host with the help of the _Note: nothing prevents you from remotely executing the boostrapping process. See below._ -Once your target host has booted into the live iso, you need to partion +Once your target host has booted into the live iso, you need to partition and format your disk according to the [official manual][manual]. ## Mount partitions diff --git a/secrets/.gitattributes b/secrets/.gitattributes deleted file mode 100644 index 901863e..0000000 --- a/secrets/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -* filter=git-crypt diff=git-crypt -.gitattributes !filter !diff -secrets.nix !filter !diff -README.md !filter !diff diff --git a/shell/devos.nix b/shell/devos.nix index 9090143..6f01267 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -30,10 +30,6 @@ in unset _PATH ''); - packages = with pkgs; [ - git-crypt - ]; - commands = with pkgs; [ (devos nixUnstable) (devos agenix) diff --git a/users/nixos/default.nix b/users/nixos/default.nix index 5c037fe..077a52e 100644 --- a/users/nixos/default.nix +++ b/users/nixos/default.nix @@ -3,7 +3,6 @@ home-manager.users = { inherit (hmUsers) nixos; }; users.users.nixos = { - uid = 1000; password = "nixos"; description = "default"; isNormalUser = true;