diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..dbb8f47 --- /dev/null +++ b/LICENSE @@ -0,0 +1,5 @@ +Copyright James Eversole (james@eversole.co) + +Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/README b/README new file mode 100644 index 0000000..7cd7c70 --- /dev/null +++ b/README @@ -0,0 +1,64 @@ +# eve-psr-nix0 + +This repository holds the configuration for my primary home server. +This README exists to document solutions used or implemented with Nix. + +--- + +## cheatsheet + +### Use the developer shell without pulling down the repository: +``` +$> nix develop git+https://git.eversole.co/eve-psr-nix0 +$nix> # Success! +``` + +The rest of the cheatsheet assumes you have already cloned the repository and entered the developer shell: +``` +$> git clone https://git.eversole.co/eve-psr-nix0 +$> cd eve-psr-nix0 +$> nix develop +$nix> # Success! Now we have our development dependencies. +```` + +### Use the developer shell alias to remotely build and deploy the configuration to eve-psr-nix0: +``` +$nix> deploy +$nix> # That's it! Check the shellHook in outputs.devShell.x86_64-linux for more details. +``` + +### Format .nix source files: +``` +$nix> nix fmt *.nix +``` + +### Create a new agenix secret: +``` +# Add a new key to the secrets.nix attribute set +$nix> $EDITOR secrets.nix +# Replace $SECRET_PATH with the actual 'secrets/$SECRET_NAME.age' path to edit the secrets file +$nix> agenix -e $SECRET_PATH +# Redeploy; the secret will now be available in /run/agenix/$SECRET_NAME on the target host +$nix> deploy +``` + +### Add a new agenix secret recipient: +``` +# Add a named variable in the let binding; associate it in the "publicKeys" list of applicable secrets +$nix> #EDITOR secrets.nix +# Redeploy +$nix> deploy +``` + +## agenix + +agenix ( https://github.com/ryantm/agenix ) is utilized by this project for +secret management, allowing us to include sensitive environment information +or other secrets that the deployment target may need. The files are included +directly in the nix store, but they are encrypted via/to ed25519 SSH keys +and are then decrypted on the target host. + +## license and copyright + +Copyright James Eversole +Refer to LICENSE file for ISC license details