diff --git a/README.md b/README.md index 32ac5a8..07293af 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,48 @@ # About +## Structure + +- `hosts/` + + - `common/` shared configuration + + - `core/` configuration that is shared across all machines. (base setup, ssh, ...) + + - `/` + + - `secrets/` Local secrets for this host. Still theoretically accessible by other hosts, but owned by this one. + + - `secrets.nix.age` Repository-wide local secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`. + - `host.pub` This host's public key.Repository-wide local secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`. + + - `nom/` + +- `modules/` additional NixOS modules that are not yet upstreamed. + +- `nix/` library functions and plumbing + + - `apps.nix` Additional runnable actions for this flake (**WIP:** infrastructure graph renderer) + - `checks.nix` pre-commit-hooks for this repository + - `colmena.nix` Setup for distributed deployment using colmena (actually defines all NixOS hosts) + - `dev-shell.nix` Environment setup for `nix develop` for using this flake + - `extra-builtins.nix` Extra builtins via nix-plugins to support transparent repository-wide secrets + - `home-manager.nix` Definition of home-manager only hosts (not used currently) + - `hosts.nix` Wrapper that extracts all defined hosts from `hosts/` + - `overlays/**` Local overlay packages. Subject for removal. + - `overlay.nix` Overlay defintions + - `overlay.nix` Overlay defintions + - `rage-decrypt.sh` Auxiliary script for repository-wide secrets + - `secrets.nix` Helper to access repository-wide secrets, used by colmena.nix + +- `secrets/` Global secrets and age identities + + - `secrets.nix.age` Repository-wide global secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`. + - `backup.pub` Backup age identity in case I lose my YubiKey + - `yk1-nix-rage.pub` Master YubiKey split-identity + +- `pkgs/` Custom packages and scripts + +- `users/` User account configuration via home-manager. Imported by each host separately. ## Stuff