My configs ... but in Nix!
nix run .#deployNixosLocal -- '<config name>'nix run .#deployNixDarwin -- '<config name>'nix run .#deployHomeManagerLocal -- '<config name>'On first deploy, you may need to update your shell
nix run .#homeManagerUseFishRequires access to the admin ssh key
nix run .#deployNixosRemote -- '<config name>' '<ip>'Sops-nix is used for managing secrets.
Secrets are encrypted and stored in secrets/secrets.yaml. Only users with keys
in a key group can access secrets. Key group are declared in .sops.yaml.
Note: these commands currently use the 1password CLI to fetch the sops encryption key.
Prerequisites:
- Age keypair
1. Update .sops.yaml
- Add the keypair's public key to the
keyssection of file - Add a reference to the key in the
agekey group
2. Re-encrypt secrets/secrets.yaml with the new key groups
nix run .#secretsSyncnix run .#secretsEditnix run .#secretsRotatenix run .#saveAdminKeysThis will save a local copy of:
- admin SSH key: needed to deploy to remotes
- server (age) key: needed on all systems to access sops secrets
This requires a local copy of the admin SSH key and the server key.
nix run .#distributeAdminKeys -- '<ip>'nix fmtnix eval .#packages.aarch64-darwin --apply builtins.attrNamesYou can manually trigger the flake update CI task from the GitHub Actions interface. Follow these steps:
- Go to the repository on GitHub.
- Click on the "Actions" tab.
- In the left sidebar, find and click on the workflow named "Update flake.lock".
- Click on the "Run workflow" button.
- Confirm the action to manually trigger the workflow.
You can manually trigger the CI check from the GitHub Actions interface. Follow these steps:
- Go to the repository on GitHub.
- Click on the "Actions" tab.
- In the left sidebar, find and click on the workflow named "CI".
- Click on the "Run workflow" button.
- Confirm the action to manually trigger the workflow.
For more information on why actions don't trigger on auto-generated PRs, refer to this discussion.