[Sleepytime]

>Is there some way I can boot-to-git-configuration?

Yes, the NixOS installer is a live disk with all the features of NixOS. I have booted configurations directly from IPFS in the installer, and many nix commands and functions support git (or GitHub) natively.

You can declaratively specify your whole infrastructure from software configuration to remote machines with their own VMs.

For example here's my nix function for matrix: https://0x0.st/-2CA.nix

It does a whole bunch of stuff.

First it reads in the hostname and domain from the system configuration and put that in a variable to be used when configuring the subdomains later.

Then it opens up your firewall, starts a postgres service, creates the matrix db/user, configures nginx for matrix.hortname.domain, gets your SSL certificate (and sets up automatic renewal), sets up matrix, and lastly a hosted web client at element.host.domain. All services run under their own users on the host system.

It's zero configuration, I just import that to any machine that I want and it's running a matrix server with all appropriate ancillary configuration done.

[flatiron]

i hope you aren't still using that shared secret

[pxc]

Nix's IPFS support is for everything in the Nix store, which is world-readable and in which NixOS places no secrets. Options for managing secrets in/with Nix projects either encrypt them in the store or never have them touch the store (encrypted or otherwise).

Mutable state like database contents, including their password databases, don't go in the Nix store either.

[GordonS]

Or the password for that Postgres user...

[alias_neo]

Thanks I'll have a read through it, I can lots of uses for this already!