Merge remote-tracking branch 'origin/devos'
This commit is contained in:
commit
fd6409372e
|
@ -45,5 +45,32 @@ deploy '.#hostName' --hostname host.example.com
|
||||||
|
|
||||||
> ##### _Note:_
|
> ##### _Note:_
|
||||||
> Your user will need **passwordless** sudo access
|
> Your user will need **passwordless** sudo access
|
||||||
|
### Home Manager
|
||||||
|
|
||||||
|
Digga's `lib.mkDeployNodes` provides only `system` profile.
|
||||||
|
In order to deploy your `home-manager` configuration you should provide additional profile(s) to deploy-rs config:
|
||||||
|
```nix
|
||||||
|
# Initially, this line looks like this: deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { };
|
||||||
|
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations
|
||||||
|
{
|
||||||
|
<HOSTNAME> = {
|
||||||
|
profilesOrder = [ "system" "<HM_PROFILE>" "<ANOTHER_HM_PROFILE>"];
|
||||||
|
profiles.<HM_PROFILE> = {
|
||||||
|
user = "<YOUR_USERNAME>";
|
||||||
|
path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.<YOUR_USERNAME>;
|
||||||
|
};
|
||||||
|
profiles.<ANOTHER_HM_PROFILE> = {
|
||||||
|
user = "<ANOTHER_USERNAME>";
|
||||||
|
path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.<ANOTHER_USERNAME>;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
```
|
||||||
|
|
||||||
|
Substitute `<HOSTNAME>`, `<HM_PROFILE>` and `<YOUR_USERNAME>` placeholders (omitting the `<>`).
|
||||||
|
|
||||||
|
`<ANOTHER_HM_PROFILE>` is there to illustrate deploying multiple `home-manager` configurations. Either substitute those as well,
|
||||||
|
or remove them altogether. Don't forget the `profileOrder` variable.
|
||||||
|
|
||||||
|
|
||||||
[d-rs]: https://github.com/serokell/deploy-rs
|
[d-rs]: https://github.com/serokell/deploy-rs
|
||||||
|
|
|
@ -1,11 +1,8 @@
|
||||||
# Secrets
|
# Secrets
|
||||||
Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix]
|
Secrets are managed using [agenix][agenix]
|
||||||
so you can keep your flake in a public repository like GitHub without
|
so you can keep your flake in a public repository like GitHub without
|
||||||
exposing your password or other sensitive data.
|
exposing your password or other sensitive data.
|
||||||
|
|
||||||
By default, everything in the secrets folder is automatically encrypted. Just
|
|
||||||
be sure to run `git-crypt init` before putting anything in here.
|
|
||||||
|
|
||||||
## Agenix
|
## Agenix
|
||||||
Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets
|
Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets
|
||||||
within the nix store because it is world-readable.
|
within the nix store because it is world-readable.
|
||||||
|
@ -104,7 +101,6 @@ secrets get decrypted. You can learn about them by looking at the
|
||||||
> You can take a look at the [agenix repository][agenix] for more information
|
> You can take a look at the [agenix repository][agenix] for more information
|
||||||
> about the tool.
|
> about the tool.
|
||||||
|
|
||||||
[git-crypt]: https://github.com/AGWA/git-crypt
|
|
||||||
[agenix]: https://github.com/ryantm/agenix
|
[agenix]: https://github.com/ryantm/agenix
|
||||||
[age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix
|
[age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix
|
||||||
[secrets-issue]: https://github.com/NixOS/nix/issues/8
|
[secrets-issue]: https://github.com/NixOS/nix/issues/8
|
||||||
|
|
|
@ -6,7 +6,7 @@ This will help you boostrap a bare host with the help of the
|
||||||
_Note: nothing prevents you from remotely executing the boostrapping
|
_Note: nothing prevents you from remotely executing the boostrapping
|
||||||
process. See below._
|
process. See below._
|
||||||
|
|
||||||
Once your target host has booted into the live iso, you need to partion
|
Once your target host has booted into the live iso, you need to partition
|
||||||
and format your disk according to the [official manual][manual].
|
and format your disk according to the [official manual][manual].
|
||||||
|
|
||||||
## Mount partitions
|
## Mount partitions
|
||||||
|
|
4
secrets/.gitattributes
vendored
4
secrets/.gitattributes
vendored
|
@ -1,4 +0,0 @@
|
||||||
* filter=git-crypt diff=git-crypt
|
|
||||||
.gitattributes !filter !diff
|
|
||||||
secrets.nix !filter !diff
|
|
||||||
README.md !filter !diff
|
|
|
@ -30,10 +30,6 @@ in
|
||||||
unset _PATH
|
unset _PATH
|
||||||
'');
|
'');
|
||||||
|
|
||||||
packages = with pkgs; [
|
|
||||||
git-crypt
|
|
||||||
];
|
|
||||||
|
|
||||||
commands = with pkgs; [
|
commands = with pkgs; [
|
||||||
(devos nixUnstable)
|
(devos nixUnstable)
|
||||||
(devos agenix)
|
(devos agenix)
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
home-manager.users = { inherit (hmUsers) nixos; };
|
home-manager.users = { inherit (hmUsers) nixos; };
|
||||||
|
|
||||||
users.users.nixos = {
|
users.users.nixos = {
|
||||||
uid = 1000;
|
|
||||||
password = "nixos";
|
password = "nixos";
|
||||||
description = "default";
|
description = "default";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
|
Loading…
Reference in a new issue