nix-files/readme.md

after checking out, drop secrets into secrets/

to build:
```sh
nixos-rebuild --flake "/etc/nixos/#uninsane" {build,switch}
```

query with:
```sh
nix flake show
```


# secrets

`secrets/default.nix` declares the secrets exposed at evaluation time.
these are defined *outside* git by writing the actual values to `secrets/local.nix`.

*don't* check in the local.nix file. use `git update-index --assume-unchanged secrets/local.nix` to prevent it from ever being added.
but after that you can set them to their real value and run `git update-index --assume-unchanged secrets/*`

## building images

to build a distributable image (GPT-formatted image with rootfs and /boot partition):
```sh
nix build .#imgs.lappy
```
this can then be `dd`'d onto a disk and directly booted from a EFI system.
there's some post-processing to do before running a rebuild on the deployed system (e.g. change fstab UUIDs)
refer to flake.nix for more details


# admin tips

online: <https://nixos.wiki/wiki/Cheatsheet>

verify ALL nix store contents with:
```sh
sudo nix-store --verify --check-contents  # add the --repair flag to auto-repair as well
```

search for a package with:
```sh
nix search nixpkgs <query string>
```

find which package owns some file with:
```sh
nix-locate /bin/vim  # or any other package-relative path
```
port to a flake built and switched. will try reboot. 2022-05-21 01:59:51 +00:00			`after checking out, drop secrets into secrets/`

			`to build:`
			```sh
			`nixos-rebuild --flake "/etc/nixos/#uninsane" {build,switch}`
			```

			`query with:`
			```sh
			`nix flake show`
			```
update readme to explain how to handle secrets with git 2022-05-21 02:08:49 +00:00

			`# secrets`
update secrets documentation 2022-05-27 08:01:06 +00:00
			`secrets/default.nix` declares the secrets exposed at evaluation time.
			these are defined outside git by writing the actual values to `secrets/local.nix`.

			don't check in the local.nix file. use `git update-index --assume-unchanged secrets/local.nix` to prevent it from ever being added.
update readme to explain how to handle secrets with git 2022-05-21 02:08:49 +00:00			but after that you can set them to their real value and run `git update-index --assume-unchanged secrets/*`
add a #lappy-gpt target which builds a flat, flashable image. the root part is ext4 instead of btrfs. nixos-generators doesn't support btrfs. the underlying machinery does though, so we can remove the middleman in a future patch to achieve that. 2022-05-22 01:05:32 +00:00
			`## building images`

readme: remove old image details 2022-05-22 10:14:50 +00:00			`to build a distributable image (GPT-formatted image with rootfs and /boot partition):`
add a #lappy-gpt target which builds a flat, flashable image. the root part is ext4 instead of btrfs. nixos-generators doesn't support btrfs. the underlying machinery does though, so we can remove the middleman in a future patch to achieve that. 2022-05-22 01:05:32 +00:00			```sh
flake: factor out some machine helpers new structure is `imgs.<foo>` to build a disk image 2022-05-22 21:39:52 +00:00			`nix build .#imgs.lappy`
add a #lappy-gpt target which builds a flat, flashable image. the root part is ext4 instead of btrfs. nixos-generators doesn't support btrfs. the underlying machinery does though, so we can remove the middleman in a future patch to achieve that. 2022-05-22 01:05:32 +00:00			```
readme: remove old image details 2022-05-22 10:14:50 +00:00			this can then be `dd`'d onto a disk and directly booted from a EFI system.
			`there's some post-processing to do before running a rebuild on the deployed system (e.g. change fstab UUIDs)`
			`refer to flake.nix for more details`
readme: inline a few tips 2022-05-26 20:21:40 +00:00

			`# admin tips`

			`online: <https://nixos.wiki/wiki/Cheatsheet>`

			`verify ALL nix store contents with:`
			```sh
			`sudo nix-store --verify --check-contents # add the --repair flag to auto-repair as well`
			```

			`search for a package with:`
			```sh
			`nix search nixpkgs <query string>`
			```

			`find which package owns some file with:`
			```sh
			`nix-locate /bin/vim # or any other package-relative path`
			```