about summary refs log tree commit diff stats
Commit message (Collapse)AuthorAge
* Fix(flake): Make the addition output file betterene2023-02-20
|
* Fix(hosts): Use correct names and add mammunene2023-02-20
|
* Feat(flake): Move the nixosConfigurations to a fileene2023-02-20
|
* Fix(flake): Rebase to a good baseene2023-02-20
|
* Fix(bootstrap): Record the dependenciesene2023-02-20
|
* Feat(flake): Move the in and outputs to separate filesene2023-02-20
|
* Feat(bootstrap): Add a script for quick activationene2023-02-20
|
* Feat(flake): Reorder hostsene2023-02-20
|
* Fix(bootstrap): Fix nasty grep bugene2023-02-19
|
* Fix(bootstrap): Allow to run the installer multiple timesene2023-02-19
|
* Fix(bootstrap): Remove useless awk callene2023-02-19
|
* Fix(river): Record the deps for the init scriptene2023-02-19
|
* Feat(home-manager): Actually deploy the packagesene2023-02-19
|
* Feat(lib): Import my system libraryene2023-02-19
|
* Feat(lf): Add dependencies for the shell scriptsene2023-02-19
|
* Fix(bootstrap): Fix a copy and paste oversightene2023-02-19
|
* Fix(system): Fully embrace the home packagesene2023-02-19
|
* Feat(bootstrap): Separate the builder to a libraryene2023-02-19
|
* Fix(bootstrap): Remove false btrfs subvolumeene2023-02-19
|
* Fix(Update): Update depsene2023-02-19
|
* Fix(bootstrap): Use real pathene2023-02-19
|
* Fix(bootstrap): Declare dependenciesene2023-02-19
|
* Fix(bootstrap): Finish the nix side of thingsene2023-02-19
|
* Fix: Further improve the secret handlingene2023-02-19
|
* Fix(home-manager): Remove typosene2023-02-19
|
* Fix: Add a way to use secretsene2023-02-19
|
* Fix: Remove impure importene2023-02-19
|
* Fix: Import the new configsene2023-02-19
|
* Fix(bootstrap): Use a derivationene2023-02-19
|
* Docs: Add new todo itemsene2023-02-19
|
* Fix(lf): Update to new lib versionene2023-02-19
|
* Fix(system): Fix typosene2023-02-19
|
* Feat(bootstrap): Add a Script to make nix run with bootstrap viableene2023-02-19
|
* Feat: Add 'spawn' host, to simply create a bootable baseene2023-02-19
|
* Fix(home-manager): Use the system impermance configene2023-02-18
|
* Fix: Add snap-sync through the nix flakeene2023-02-18
|
* Feat: Move (nearly all) packages to user configsene2023-02-18
|
* Fix(zsh): Add reminder to (someday) import a pluginene2023-02-18
|
* Fix: Add fonts explicitlyene2023-02-18
|
* Feat(home-manager): Add mpvene2023-02-18
|
* Feat(home-manager): Add btopene2023-02-18
|
* Fix: Add scanning and full printing supportene2023-02-18
|
* Fix: Ignore Session.vim Filesene2023-02-18
|
* Feat: Move nheko from system to user packagesene2023-02-18
|
* Style(home-manager): Format with alejandraene2023-02-18
|
* Feat: Add encryption through agenixene2023-02-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are other alternatives: * [This blog post about NixOs secret encryption](https://xeiaso.net/blog/nixos-encrypted-secrets-2021-01-20) * Directly to agenix: * A [rewrite in rust](https://github.com/yaxitech/ragenix) * A dead (?) [rewrite in rust](https://github.com/cole-h/agenix-cli) * An implementation of Sops for nix: [Sops-nix](https://github.com/Mic92/sops-nix) * See the [NixOs wiki entry](https://nixos.wiki/wiki/Comparison_of_secret_managing_schemes) for further options. Reasons for agenix: I mostly just ruled other options out, until this was the only real thing: * The blog post was created in a time, where tools like agenix where not available, and it (very simplified) just shows, how to implement a basic version of agenix * The rewrite are both in itself interesting, but lack community support, this is however subject to change, and thus a migration to a rewrite might be feasible in the future. * Sops seems like a really nice thing, with support for nearly all relevant encryption options, but the documentation for sops-nix seems rather lack-luster for me, so I decided to stay with agenix, especially because I should not need the extra encryption options. * And lastly most of the option on the wiki page need excessive manual intervention on every reboot (maybe because the were written with servers in mind), but I would like to be able to deploy once and then never have to think about secret management. So you see, I mostly just used what seemed to be the easiest for my situation right now, and agenix works rather well. If there weren't one big downside, I would really like it: Encrypting a file with age — which is what agenix uses under the hood — requires a key, which in the case of agenix is the public ssh key. Being asymmetric encryption, the decryption requires the private key, which is in my case stored in an ssh-agent, feed directly from KeepassXC. And this is where the problem lives, I want to be able to decrypt the secrets (obviously), and this only works if I copy the private key to a file, which, whilst being a manual process, completely breaks the point behind using an ssh-agent with KeepassXC integration in the first place. There are however open Issues on both the rage an agenix issue trackers, so the hope of fixing this is still there.
* Feat(home-manager): Add local packagesene2023-02-17
|
* Chore: Add todo fileene2023-02-17
|
* Feat(services): Add snapper config for the persistent volumeene2023-02-17
|
* Fix(system): Rework some btrfs subvolume names and add lazyatimeene2023-02-17
| | | | | | The lazyatime mount setting should increase the performance somewhat, especially because I don't really need atime. Thought using noatime might make this setting completely useless, so it might get removed again.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-29 11:59:02 +0000