mirror of
https://github.com/foo-dogsquared/nixos-config.git
synced 2025-01-30 22:57:55 +00:00
docs: add section for things should be absent in the project README
This commit is contained in:
parent
83aaea863e
commit
ca2d818411
28
README.adoc
28
README.adoc
@ -135,6 +135,33 @@ Nothing special here.
|
|||||||
There's no use for anyone else, really. :(
|
There's no use for anyone else, really. :(
|
||||||
|
|
||||||
|
|
||||||
|
=== What should not be here?
|
||||||
|
|
||||||
|
Despite being a NixOS configuration, this is not meant to be fully reproducible by anyone.
|
||||||
|
There are still some things that would need to be privately held such as the following list of things not visible here.
|
||||||
|
|
||||||
|
- Associated private keys: GPG, SSH, age, you name it.
|
||||||
|
They are used with a secret management tool (see <<secrets-management>> for more information) to encrypt the more sensitive parts of the system such as credentials and environment files.
|
||||||
|
|
||||||
|
- Disposable hosts configurations.
|
||||||
|
They will typically just make a messier mess than the current situation.
|
||||||
|
|
||||||
|
Though the unreproducible part is only like 10% of the whole configuration, it can be successfully deployed by anyone.
|
||||||
|
Keep in mind, it comes with a few restrictions due to the lack of the appropriate credentials.
|
||||||
|
|
||||||
|
- Certain tasks will not start.
|
||||||
|
Most of the project tasks found in this repo requires the associated private key with the task which are not found in this repo.
|
||||||
|
This is locked behind a secrets management tool.
|
||||||
|
An example would be the link:./modules/nixos/tasks/backup-archive[Borg backup task] where it needs several files and credentials locked from the secrets management tool.
|
||||||
|
|
||||||
|
- Certain components will be missing.
|
||||||
|
Most notably, the associated SSH key for the hosts.
|
||||||
|
You won't be able to connect to the host if you don't have the private key.
|
||||||
|
|
||||||
|
- Not to mention not all modules listed committed here are up-to-date.
|
||||||
|
Though this only applies to non-critical services like the link:./modules/nixos/tasks/multimedia-archive[multimedia archiving service].
|
||||||
|
|
||||||
|
|
||||||
=== The remote repo
|
=== The remote repo
|
||||||
|
|
||||||
For a complete overkill, we use a CI to further the configuration abomination.
|
For a complete overkill, we use a CI to further the configuration abomination.
|
||||||
@ -201,6 +228,7 @@ It is exported in the flakes at `outputs.homeConfigurations`.
|
|||||||
For more information, see the link:./users/README.adoc[related documentation].
|
For more information, see the link:./users/README.adoc[related documentation].
|
||||||
|
|
||||||
|
|
||||||
|
[#secrets-management]
|
||||||
=== Secrets management
|
=== Secrets management
|
||||||
|
|
||||||
This repo uses link:https://github.com/mozilla/sops[sops] as the main secret management tool.
|
This repo uses link:https://github.com/mozilla/sops[sops] as the main secret management tool.
|
||||||
|
Loading…
Reference in New Issue
Block a user