Y
Hacker News
new
|
ask
|
show
|
jobs
by
yencabulator
1414 days ago
These days, that's all included in nixos-rebuild itself, not much need for wrappers anymore. I migrated from Colmena to just nixos-rebuild.
1 comments
VTimofeenko
1414 days ago
Huh, I guess I was woefully behind on changes to nixos-rebuild. Thanks for the pointer, I will check it out
link
yencabulator
1413 days ago
One thing nixos-rebuild doesn't get you is a secrets transmission mechanism. I've been dabbling to build something independent of NixOS/Nix that would still do that neatly...
link
VTimofeenko
1413 days ago
May I suggest agenix? It dovetails into my deploy-rs flake setup very nicely and I can track the encrypted secrets in the flake repo.
I keep the "master" key encrypted in pass passing it in a zsh's "=" subshell to agenix.
link