Some checks failed
Build legacy Nix package on Ubuntu / build (push) Has been cancelled
61 lines
948 B
Markdown
61 lines
948 B
Markdown
Notes:
|
|
|
|
|
|
|
|
# Build Tooling requirements:
|
|
|
|
* Eval / Check / Lint
|
|
* `deadnix`
|
|
* `nixfmt`
|
|
* `nix-tree`
|
|
* `nix-visualize`
|
|
|
|
* Diff
|
|
* `nvd`
|
|
* `nix-diff`
|
|
* secrets (list commits affecting secret)
|
|
|
|
* Secret Management:
|
|
* Generate & Store from expression to pass-like-store
|
|
* lazy eval secret decryption and recryption
|
|
* Deploy to ```systemd-secrets```
|
|
|
|
* NextBoot to drv (&reboot)
|
|
|
|
# Architecture Considerations
|
|
## `action`:
|
|
|
|
### Arguments
|
|
`buildOn = any of [local, target, delegate=$?]`
|
|
`filter = any of [$hostname, $fqdn, $label]`
|
|
`goal = any of nix-eval $system.config.system.*` TODO: figure out better fitering
|
|
|
|
|
|
|
|
## goals:
|
|
|
|
|
|
## action
|
|
```toml
|
|
[action."diff"]
|
|
command = ""
|
|
```
|
|
|
|
|
|
## connection:
|
|
information to establish execution on an actor
|
|
```toml
|
|
[[connection]]
|
|
type = "ssh"
|
|
source = "global"
|
|
destination = "target"
|
|
```
|
|
|
|
## actor:
|
|
```toml
|
|
[actor]
|
|
capabilities = {
|
|
build = [ "self", "native" ]
|
|
secrets.unattended = true
|
|
}
|
|
```
|