A review of Nix/NixOS after using it on all my machines for three years. I'll cover what works, what doesn't, and why it's the first OS that's stuck with me.
The process then still is: check out that Git repository, except there’s another step: copy over your private key so that you can decrypt your secrets.
The ssh key to access the private git repo is on the same yubikey as the decryption key (they are technically different GPG slots but I don’t need to care about that, just plug the key in, type in the pin, and it all works automagically)
I store my secrets in a separate private git repo and automatically decrypt them with my hardware key (https://github.com/balsoft/nixos-config/blob/master/modules/secrets.nix) so for me it’s literally just plug in my yubikey and
nixos-install github:balsoft/nixos-config#hostnameHow do you access the private Git repo then? Don’t you need a secret to access it?
The ssh key to access the private git repo is on the same yubikey as the decryption key (they are technically different GPG slots but I don’t need to care about that, just plug the key in, type in the pin, and it all works automagically)
That’s neat!