mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

docs: begin structure documentation

Browse source
This commit is contained in:
oddlama 2023-03-27 16:59:23 +02:00
parent 0bc49cc3f9
commit 1afff422de
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
1 changed files with 43 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

43
README.md
View file

@ -1,5 +1,48 @@
# About
## Structure
- `hosts/`
- `common/` shared configuration
- `core/` configuration that is shared across all machines. (base setup, ssh, ...)
- `<hostname>/`
- `secrets/` Local secrets for this host. Still theoretically accessible by other hosts, but owned by this one.
- `secrets.nix.age` Repository-wide local secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`.
- `host.pub` This host's public key.Repository-wide local secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`.
- `nom/`
- `modules/` additional NixOS modules that are not yet upstreamed.
- `nix/` library functions and plumbing
- `apps.nix` Additional runnable actions for this flake (**WIP:** infrastructure graph renderer)
- `checks.nix` pre-commit-hooks for this repository
- `colmena.nix` Setup for distributed deployment using colmena (actually defines all NixOS hosts)
- `dev-shell.nix` Environment setup for `nix develop` for using this flake
- `extra-builtins.nix` Extra builtins via nix-plugins to support transparent repository-wide secrets
- `home-manager.nix` Definition of home-manager only hosts (not used currently)
- `hosts.nix` Wrapper that extracts all defined hosts from `hosts/`
- `overlays/**` Local overlay packages. Subject for removal.
- `overlay.nix` Overlay defintions
- `overlay.nix` Overlay defintions
- `rage-decrypt.sh` Auxiliary script for repository-wide secrets
- `secrets.nix` Helper to access repository-wide secrets, used by colmena.nix
- `secrets/` Global secrets and age identities
- `secrets.nix.age` Repository-wide global secrets. Decrypted on import via `builtins.extraBuiltins.rageImportEncrypted`.
- `backup.pub` Backup age identity in case I lose my YubiKey
- `yk1-nix-rage.pub` Master YubiKey split-identity
- `pkgs/` Custom packages and scripts
- `users/` User account configuration via home-manager. Imported by each host separately.
## Stuff