nixfiles
agenix
nixfiles | agenix | |
---|---|---|
8 | 10 | |
149 | 1,241 | |
- | - | |
9.0 | 7.3 | |
27 days ago | 4 days ago | |
Nix | Nix | |
- | Creative Commons Zero v1.0 Universal |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
nixfiles
- My First Impressions of Nix
-
How can I calculate the "age of money" with (h)ledger?
If you're familiar with Python, I have a script which does that (along with a few other metrics): https://github.com/barrucadu/nixfiles/blob/1c99414156a7081ade210a9f43a3941b44a4ef0b/hosts/nyarlathotep/jobs/hledger-export-to-promscale.py
-
Issues getting docker containers with databases set up
I run a lot of services through docker containers, here's how I structure things: https://github.com/barrucadu/nixfiles/blob/master/services/concourse.nix
-
Who's here runs NixOS with opt in state?
I do. I have a fairly small chunk of configuration to stick all persistent state I care about in a different ZFS dataset (mounted to /persist) and do the rollback.
-
Do you all just git init inside your /etc/nixos directory?
It's what I do.
-
Erase your darlings: immutable infrastructure for mutable systems (erasing root on every boot)
You can see the relevant bit of my config on github.
-
How do you manage your private keys?
My solution - which is not great, mind you - is to have my NixOS config defined across two git repos: one is public, the other is private and has all the secrets.
-
Erasing root on every boot
All my nixos config is on github.
agenix
-
password manager solution advice
How about: https://github.com/ryantm/agenix
-
how to store secrets needed at install time
I've heard good things about and seen sops-nix used on a few really solid configs. Others tend to use Age or Homeage.
-
Ask HN: A Better Docker Compose?
I don't have a write-up, just my code in git. But it's not public. I'm not using anything out of the ordinary - Nix containers, modules, and functions, and the Agenix module with uses a private key to decrypt secrets at start. The Nix language is inherently composable. Here are some links that explain:
Containers:
https://nixos.wiki/wiki/NixOS_Containers
Modules:
https://nixos.wiki/wiki/NixOS_modules
Functions:
https://www.reddit.com/r/NixOS/comments/zzstun/please_help_m...
Agenix:
https://github.com/ryantm/agenix
-
ridiculously easy mail server setup with NixOS
For passwords I am using agenix which is also pretty awesome, an alternative could have been sops.nix.
-
NixOS for Apt/Yum Users: a Gift That Keeps on Giving
Alternatively, you could simply add the wireless connection files to the Networkmanager dir in /etc using environment.etc. Though keep in mind that any file declared in your config is readable by any user in your system. agenix would be the solution to that.
-
What to do...
One think I saw that I don't recommend is to change your password after installing; that's not very reporoducible, use users.users..hashedPassword or users.users..passwordFile with agenix or sops-nix.
-
Understanding nixos secrets management/aws configuration
Answering your broader question (secret management) colmena does that for me outside the Nix store. I also use git-crypt to store secrets in the repo. There are also more Nix-y alternatives like agenix.
-
If you’re not using SSH certificates you’re doing SSH wrong
I feel that trying to make SSH keys short-lived is becoming more painful each year because there's an increase of tools that use SSH keys for purposes other than SSH logins. For example, age [1] encrypts files with SSH keys, agenix [2] does secrets management with it, Git can now sign commits with it [3], and even ssh-keygen can now sign arbitrary data [4]. All of these become useless the moment you start using short-lived keys.
[1]: https://github.com/FiloSottile/age
[2]: https://github.com/ryantm/agenix
[3]: https://calebhearth.com/sign-git-with-ssh
[4]: https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html
-
homeage: declarative runtime decrypted age secrets for home manager
I built this because I try to keep as much as possible outside of my system config but all of the secret managers I found were system only. I had no idea how to solve this until I found RaitoBezarius' awesome pull request to agenix where it all clicked. It also exposed me to the inner workings of home-manager which has definitely made me appreciate it more! I kept this separate from agenix because I am interested only in a module rather than a CLI and thus see it as having a different fit.
-
How do you manage your private keys?
I've been thinking about the same thing. I haven't gotten around to it yet but agenix looked the most promising to me so far
What are some alternatives?
sops-nix - Atomic secret provisioning for NixOS based on sops
NixOS-Guide - NixOS Guide. Learn all about the immutable Nix Operating System and the declarative Nix Expression Language.
nixos-config - My NixOS configurations.
.dots - just my .dotfiles
nixos-config - Mirror of https://code.balsoft.ru/balsoft/nixos-config
digga - A flake utility library to craft shell-, home-, and hosts- environments.
homeage - runtime decrypted age secrets for nix home manager
impermanence - Modules to help you handle persistent state on systems with ephemeral root storage [maintainer=@talyz]
pass-import - A pass extension for importing data from most existing password managers
slips - SatoshiLabs Improvement Proposals