Commit graph

56 commits

Author SHA1 Message Date
chayleaf 69ce2ffdbc store secrets separate from this flake
This uses a native plugin (pkgs.nix-plugins) to avoid using --impure,
other options involving secret files are too limited for my use case as
I need eval-time access to secrets. Moving it to a private flake is
another option, but Nix flakes are poorly suited for non-monorepos.
Previously I just renamed .git to .git.bak to make sure Nix pulls the
"private" subdir into store as well, but this new system may be more
robust and can be extended to way be more secure in the future (e.g.
right now I copy the secret .nix files to store, but in general there's
no need to do that).

Of course the main drawback is that now I require a plugin for this
flake to work.
2023-05-26 00:46:38 +07:00
chayleaf febfcb416b more polish for hm nixos module integration
still, it makes system config eval too slow so i'd like to avoid using
it
2023-05-25 11:34:27 +07:00
chayleaf 6a329dab38 refactor pkgs, allow NixOS HM module to be used 2023-05-25 06:26:52 +07:00
chayleaf d86b83c319 update private config sample 2023-05-25 05:09:17 +07:00
chayleaf 10f795dbb3 nuke flake-utils-plus 2023-05-25 05:02:42 +07:00
chayleaf 4f531a83a9 merge into a single flake
However, Nix has some annoying store semantics when integrating with
.git repos, so I move .git to .git.bak whenever I'm not working with
git.
2023-05-25 04:39:57 +07:00