Re: Guix home, guix system, channels, some noob questions

Wed, 01 Jun 2022 13:38:26 -0700

Thanks Julien, Daniel, Dominic, Efraim for these very detailed answers and snippets, that will be very useful in my current migration from Ubuntu to Guix.
I answer here if i need some highlights or if i found interesting questions or remarks to share with you. 

Best regards,

Le 26/05/2022 à 02:31, Dominic Martinez a écrit :



Sébastien Rey-Coyrehourcq <[email protected]> 
writes:



The only things holding me back at the moment is two things :

a) doom emacs flavour, how to manage the fact that doom use straigt.el
to maintain packages



I don't think it's possible to use Doom with Guix emacs packages, but 
you can just set up Doom as you would on another distro. I did this 
while I transitioned to a Guix config, using ~home-files-service-type~ 
to deploy my Doom config files.



b) "password / secrets" management ?

There are two things, file to directly encrypt (like ssh key) and
password to hide into configuration file (templating)

b.1) So, that need to encrypt/decrypt more or less "on-the-fly" the

files using gpg/yubikey or age like yadm ( 
https://yadm.io/docs/encryption ) or chezmoi

(https://www.chezmoi.io/user-guide/encryption/gpg/) do ?



I use small wrappers around GPG's built in encryption 
(https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2663) 
and decryption 
(https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2691) 
functions to manage secrets directly in my repository on the fly. Then 
I can have supported services call the script to get secrets without 
storing them in plain-text 
(https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1648).



b.2) And for templating, like replacing ${mypassword} into some

configuration file by getting info stored into password manager like 
"pass", i also don't know how to do that.



Org makes this really convienent. Using noweb and shell scripts I can 
decrypt and insert secrets into templated areas when I tangle my 
configuration files. That way my repo only contains encrypted secrets, 
but as long as I have my GPG keys I can build my configuration files 
locally. See 
https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L5 and 
https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1937.



c) synchronization of my .dotfiles between two different OS/System :
Ubuntu (home) / Guix (work & home)



I keep all my configuration in a git repository, then use ~guix home~ 
to put all the files in the right places. As others have noted, there 
are many ways to identify the current system and do system-specific 
operations. I personally use an environment variable to keep track, 
and wrap guix operations with scripts that detect the system and use 
different system/home configurations 
(https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2366). 
Then all I have to do is supply the script with the system name on the 
first run, and ~home-environment-variables-service-type~ takes it from 
there.



Attachment:
OpenPGP_0xD262AFCCE42732D3.asc

Description: OpenPGP public key



Attachment:
OpenPGP_signature

Description: OpenPGP digital signature


























					Reply via email to