My configuration. Probably nothing to look for here.
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
Deployerbot Main 0333bc3848 flake.lock: Update
Flake lock file updates:

• Updated input 'nix-index-database':
    'github:Mic92/nix-index-database/25d6369c232bbea1ec1f90226fd17982e7a0a647' (2023-09-24)
  → 'github:Mic92/nix-index-database/031d4b22505fdea47bd53bfafad517cd03c26a4f' (2023-10-01)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/adcfd6aa860d1d129055039696bc457af7d50d0e' (2023-09-28)
  → 'github:NixOS/nixos-hardware/0ab3ee718e964fb42dc57ace6170f19cb0b66532' (2023-10-01)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/5cfafa12d57374f48bcc36fda3274ada276cf69e' (2023-09-27)
  → 'github:NixOS/nixpkgs/32dcb45f66c0487e92db8303a798ebc548cadedc' (2023-09-30)
• Updated input 'nur':
    'github:nix-community/NUR/de1f391fb5953123d0244282540eee79bfe4ed0d' (2023-09-30)
  → 'github:nix-community/NUR/d091fda7b4526d15a9c1bbe80db998676212af16' (2023-10-01)
10 hours ago
hosts statix: fix bugs with inherit 11 hours ago
modules nix gc: TTL 2d, run weekly 11 hours ago
secrets rekey 13 hours ago
.envrc flakes 3 months ago
.gitattributes Configure git repository for gpg file diff. 9 months ago
.gitignore enable some checks in pre-commit hooks 11 hours ago
LICENSE add a license 6 months ago
README.md rename vno1-rp3b to vno3-rp3b 3 weeks ago
data.nix certget 1 week ago
flake.lock flake.lock: Update 10 hours ago
flake.nix pre-commit-hooks: explicit gitignore 11 hours ago
nixpkgs.nix nix fmt . 6 months ago
secrets.nix rekey 13 hours ago
statix.toml statix: fix bugs with inherit 11 hours ago
yubikey-installer.nix update yubikey-installer.nix to 23.05 and nix flake update 2 months ago

README.md

Config

Flakes:

$ deploy --interactive '#vno1-oh2'

$ nix build .#deploy.nodes.fra1-a.profiles.system.path

Other:

$ nix build .#nixosConfigurations.vno3-rp3b.config.system.build.toplevel

Debug

$ nix eval .#nixosConfigurations.vno1-oh2.config.services.nsd

Encoding host-only secrets

Encode a secret on host:

rage -e -r "$(cat /etc/ssh/ssh_host_ed25519_key.pub)" -o secret.age /path/to/plaintext

Decode a secret on host (to test things out):

rage -d -i /etc/ssh/ssh_host_ed25519_key secret.age