Где хранить пароли в NixOS?

NixOS хранит конфигурацию всей системы, включая пароли. И это, очевидно, небезопасно. В этой статье разберёмся, где никсоводы прячут свои пароли.

https://habr.com/ru/articles/1011264/

#nixos #nix #sops #age #sopsnix

Made my first contribution to #nixos this evening, in the #sopsnix project.

I'd been banging my head against the wall trying to figure out why my Sops-nix with #homemanager setup didn't work. I followed all the guides!

Turns out I had *one* failed systemd unit, which caused it to return 'degraded' on its status command, which you may notice isn't 'running', and that's all sops-nix under home-manager checked for when deciding whether it should restart the sops-nix.service unit (which is required for the secrets to show up).

So a quick PR to make it check for 'degraded' state too, and I hope it gets merged. 🙂

For all the #sops #nix enjoyers out there, Where do you keep your #AGE key? Does it just live on your drive? Do you use something like a #yubikey? Because boot strapping the key with sops obviously doesn't work

#nixos #homemanager #sopsnix