docs: add section for things should be absent in the project README

This commit is contained in:
Gabriel Arazas 2023-01-15 13:40:08 +08:00
parent 83aaea863e
commit ca2d818411

View File

@ -135,6 +135,33 @@ Nothing special here.
There's no use for anyone else, really. :( There's no use for anyone else, really. :(
=== What should not be here?
Despite being a NixOS configuration, this is not meant to be fully reproducible by anyone.
There are still some things that would need to be privately held such as the following list of things not visible here.
- Associated private keys: GPG, SSH, age, you name it.
They are used with a secret management tool (see <<secrets-management>> for more information) to encrypt the more sensitive parts of the system such as credentials and environment files.
- Disposable hosts configurations.
They will typically just make a messier mess than the current situation.
Though the unreproducible part is only like 10% of the whole configuration, it can be successfully deployed by anyone.
Keep in mind, it comes with a few restrictions due to the lack of the appropriate credentials.
- Certain tasks will not start.
Most of the project tasks found in this repo requires the associated private key with the task which are not found in this repo.
This is locked behind a secrets management tool.
An example would be the link:./modules/nixos/tasks/backup-archive[Borg backup task] where it needs several files and credentials locked from the secrets management tool.
- Certain components will be missing.
Most notably, the associated SSH key for the hosts.
You won't be able to connect to the host if you don't have the private key.
- Not to mention not all modules listed committed here are up-to-date.
Though this only applies to non-critical services like the link:./modules/nixos/tasks/multimedia-archive[multimedia archiving service].
=== The remote repo === The remote repo
For a complete overkill, we use a CI to further the configuration abomination. For a complete overkill, we use a CI to further the configuration abomination.
@ -201,6 +228,7 @@ It is exported in the flakes at `outputs.homeConfigurations`.
For more information, see the link:./users/README.adoc[related documentation]. For more information, see the link:./users/README.adoc[related documentation].
[#secrets-management]
=== Secrets management === Secrets management
This repo uses link:https://github.com/mozilla/sops[sops] as the main secret management tool. This repo uses link:https://github.com/mozilla/sops[sops] as the main secret management tool.