David Arnold
David Arnold
I think I'll just copy&adapt https://github.com/NixOS/nixops/pull/1508
I discussed with @roberth and we kind of concluded that upstream `nixos` should eventually implement `nixpkgs.source` in addition to all the other `nixpkgs.*` options. This makes a lot of sense...
This is blocking https://github.com/wekan/wekan/issues/3262 as it seems... /cc @Reggino @aheckmann
Though — since 6 hours at time of writing — there is 3.6.2 with a CVE fix of a dependency https://github.com/mongodb/node-mongodb-native/releases
Oh, sorry, implicit context :stuck_out_tongue_closed_eyes: Simply to replace [`git crypt`](https://github.com/AGWA/git-crypt) in [`nixflk` (issue)](https://github.com/nrdxp/nixflk/issues/37)
PS: seems as this is the way git crypt works, itself: https://github.com/nrdxp/nixflk/blob/37d40e0cfe4e770a1ef388e93de3bd048d5aaee7/.gitattributes#L1
> Unless we can come up with some better plan for how to import the files into the NixOS configuration, they need to be encrypted at rest. My assumption was...
I'll comply this PR to this. Thanks for the advice and the argument.
https://github.com/yaxitech/ragenix/issues/52 is related here for the `export PATH="${lib.makeBinPath (with pkgs; [ xkcdpass ])}"` & the likes parts.
I think concretely it could mean the following: ```nix # secrets.nix { "path/to/1".publicKeys = []; "path/to/1".generate = '' xkcdpass -n 24 ''; } ``` so that `agenix -g path/to 1`...