No description

Find a file

Charlotte Van Petegem 9cc2fce05b Add kharbranth host key		2021-06-27 11:46:36 +02:00
.git-crypt	Initial commit	2020-02-10 17:27:13 +01:00
containers/data-access	Start using age for secret management	2021-06-20 00:18:20 +02:00
machines	Finish modularising config	2021-06-27 00:32:31 +02:00
modules	Finish modularising config	2021-06-27 00:32:31 +02:00
patches	Update dependencies	2021-06-10 10:13:45 +02:00
secrets	Add kharbranth host key	2021-06-27 11:46:36 +02:00
shells	Update dependencies	2021-06-26 11:50:08 +02:00
.gitattributes	Basic configuration for new servers and start modularizing config	2020-12-01 19:23:28 +01:00
flake.lock	Add kharbranth host key	2021-06-27 11:46:36 +02:00
flake.nix	Start using age for secret management	2021-06-20 00:18:20 +02:00
license.md	Update license.md	2020-09-27 14:41:25 +02:00
README.md	Start using age for secret management	2021-06-20 00:18:20 +02:00
remote.sh	Update dependencies	2021-04-23 11:10:23 +02:00
secrets.nix	Add kharbranth host key	2021-06-27 11:46:36 +02:00
update.sh	Update dependencies	2021-04-16 10:45:04 +02:00

README.md

NixOS config

Secrets

There are two types of secrets in this repository. Secret secrets, and secret configuration.

Secret secrets should never be world-readable, even to users who are logged in to one of the hosts managed by this configuration. These are generally managed by agenix, allowing them to still be put in the nix store.

Secret configuration is generally more security through obscurity (e.g. some services that I run that I don't want the whole world to know what ports they run on). These are managed with git-crypt and are files that end in secret.nix.

Setting up a new dev environment

Create a new *.nix file in the shells directory that describes the environment (this is the hard part).
Execute use_nix > .envrc to initialize the .envrc file.
Execute ln -s /path/to/correct/file.nix shell.nix.
Execute direnv allow to load the .envrc file which in turn loads your environment.