eve-psr-nix0/README

# eve-psr-nix0

This repository holds the configuration for my primary home server. 
This README exists to document solutions used or implemented with Nix.

---

## cheatsheet

### Enter the developer shell without pulling down the repository:
```
$> nix develop git+https://git.eversole.co/eve-psr-nix0
$nix> # Success!
```

The rest of the cheatsheet assumes you have already cloned the repository and entered the developer shell: 
```
$> git clone https://git.eversole.co/eve-psr-nix0
$> cd eve-psr-nix0
$> nix develop
$nix> # Success! Now we have our development dependencies.
````

### Use the developer shell alias to remotely build and deploy the configuration to eve-psr-nix0:
```
# This is it! Check the shellHook in outputs.devShell.x86_64-linux for more details.
$nix> deploy 
```

### Format .nix source files:
```
$nix> nix fmt *.nix
```

### Create a new agenix secret:
```
# Add a new key to the secrets.nix attribute set
$nix> $EDITOR secrets.nix 
# Replace $SECRET_PATH with the actual 'secrets/$SECRET_NAME.age' path to edit the secrets file
$nix> agenix -e $SECRET_PATH 
# Redeploy; the secret will now be available in /run/agenix/$SECRET_NAME on the target host
$nix> deploy 
```

### Add a new agenix secret recipient:
```
# Add a named variable in the let binding; associate it in the "publicKeys" list of applicable secrets
$nix> #EDITOR secrets.nix
# Redeploy
$nix> deploy
```

## agenix

agenix ( https://github.com/ryantm/agenix ) is utilized by this project for 
secret management, allowing us to include sensitive environment information
or other secrets that the deployment target may need. The files are included
directly in the nix store, but they are encrypted via/to ed25519 SSH keys
and are then decrypted on the target host.

## license and copyright

Copyright James Eversole
Refer to LICENSE file for ISC license details