forked from pub-solar/os
Merge remote-tracking branch 'origin/devos'
This commit is contained in:
commit
fd6409372e
|
@ -45,5 +45,32 @@ deploy '.#hostName' --hostname host.example.com
|
|||
|
||||
> ##### _Note:_
|
||||
> Your user will need **passwordless** sudo access
|
||||
### Home Manager
|
||||
|
||||
Digga's `lib.mkDeployNodes` provides only `system` profile.
|
||||
In order to deploy your `home-manager` configuration you should provide additional profile(s) to deploy-rs config:
|
||||
```nix
|
||||
# Initially, this line looks like this: deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { };
|
||||
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations
|
||||
{
|
||||
<HOSTNAME> = {
|
||||
profilesOrder = [ "system" "<HM_PROFILE>" "<ANOTHER_HM_PROFILE>"];
|
||||
profiles.<HM_PROFILE> = {
|
||||
user = "<YOUR_USERNAME>";
|
||||
path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.<YOUR_USERNAME>;
|
||||
};
|
||||
profiles.<ANOTHER_HM_PROFILE> = {
|
||||
user = "<ANOTHER_USERNAME>";
|
||||
path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.<ANOTHER_USERNAME>;
|
||||
};
|
||||
};
|
||||
};
|
||||
```
|
||||
|
||||
Substitute `<HOSTNAME>`, `<HM_PROFILE>` and `<YOUR_USERNAME>` placeholders (omitting the `<>`).
|
||||
|
||||
`<ANOTHER_HM_PROFILE>` is there to illustrate deploying multiple `home-manager` configurations. Either substitute those as well,
|
||||
or remove them altogether. Don't forget the `profileOrder` variable.
|
||||
|
||||
|
||||
[d-rs]: https://github.com/serokell/deploy-rs
|
||||
|
|
|
@ -1,11 +1,8 @@
|
|||
# Secrets
|
||||
Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix]
|
||||
Secrets are managed using [agenix][agenix]
|
||||
so you can keep your flake in a public repository like GitHub without
|
||||
exposing your password or other sensitive data.
|
||||
|
||||
By default, everything in the secrets folder is automatically encrypted. Just
|
||||
be sure to run `git-crypt init` before putting anything in here.
|
||||
|
||||
## Agenix
|
||||
Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets
|
||||
within the nix store because it is world-readable.
|
||||
|
@ -104,7 +101,6 @@ secrets get decrypted. You can learn about them by looking at the
|
|||
> You can take a look at the [agenix repository][agenix] for more information
|
||||
> about the tool.
|
||||
|
||||
[git-crypt]: https://github.com/AGWA/git-crypt
|
||||
[agenix]: https://github.com/ryantm/agenix
|
||||
[age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix
|
||||
[secrets-issue]: https://github.com/NixOS/nix/issues/8
|
||||
|
|
|
@ -6,7 +6,7 @@ This will help you boostrap a bare host with the help of the
|
|||
_Note: nothing prevents you from remotely executing the boostrapping
|
||||
process. See below._
|
||||
|
||||
Once your target host has booted into the live iso, you need to partion
|
||||
Once your target host has booted into the live iso, you need to partition
|
||||
and format your disk according to the [official manual][manual].
|
||||
|
||||
## Mount partitions
|
||||
|
|
4
secrets/.gitattributes
vendored
4
secrets/.gitattributes
vendored
|
@ -1,4 +0,0 @@
|
|||
* filter=git-crypt diff=git-crypt
|
||||
.gitattributes !filter !diff
|
||||
secrets.nix !filter !diff
|
||||
README.md !filter !diff
|
|
@ -30,10 +30,6 @@ in
|
|||
unset _PATH
|
||||
'');
|
||||
|
||||
packages = with pkgs; [
|
||||
git-crypt
|
||||
];
|
||||
|
||||
commands = with pkgs; [
|
||||
(devos nixUnstable)
|
||||
(devos agenix)
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
home-manager.users = { inherit (hmUsers) nixos; };
|
||||
|
||||
users.users.nixos = {
|
||||
uid = 1000;
|
||||
password = "nixos";
|
||||
description = "default";
|
||||
isNormalUser = true;
|
||||
|
|
Loading…
Reference in a new issue