evlli/snow

some nix ... ... it's a deployment tool for nix, acronym pending

Find a file

Evelyn Alicke 27bc021e14 Some checks failed Build legacy Nix package on Ubuntu / build (push) Has been cancelled Details init		2025-02-19 18:11:54 +01:00
.github/workflows	init	2025-02-19 18:11:54 +01:00
src	init	2025-02-19 18:11:54 +01:00
.envrc	init	2025-02-19 18:11:54 +01:00
.forgejo	init	2025-02-19 18:11:54 +01:00
.gitignore	init	2025-02-19 18:11:54 +01:00
Cargo.toml	init	2025-02-19 18:11:54 +01:00
default.nix	init	2025-02-19 18:11:54 +01:00
flake.lock	init	2025-02-19 18:11:54 +01:00
flake.nix	init	2025-02-19 18:11:54 +01:00
README.md	init	2025-02-19 18:11:54 +01:00
shell.nix	init	2025-02-19 18:11:54 +01:00

README.md

Notes:

Build Tooling requirements:

Eval / Check / Lint
- deadnix
- nixfmt
- nix-tree
- nix-visualize
Diff
- nvd
- nix-diff
- secrets (list commits affecting secret)
Secret Management:
- Generate & Store from expression to pass-like-store
- lazy eval secret decryption and recryption
- Deploy to systemd-secrets
NextBoot to drv (&reboot)

Architecture Considerations

`action`:

Arguments

buildOn = any of [local, target, delegate=$?] filter = any of [$hostname, $fqdn, $label] goal = any of nix-eval $system.config.system.* TODO: figure out better fitering

goals:

action

[action."diff"]
command = ""

connection:

information to establish execution on an actor

[[connection]]
type = "ssh"
source = "global"
destination = "target"

actor:

[actor]
capabilities = {
  build = [ "self", "native" ]
  secrets.unattended = true
}