From 243116e2288005c90824a6d0d0ac400b973629ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 24 Oct 2021 19:36:56 +0200 Subject: [PATCH 1/2] Remove git crypt, update docs --- doc/secrets.md | 6 +----- shell/devos.nix | 4 ---- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/doc/secrets.md b/doc/secrets.md index 6afe2f6..996f418 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -1,11 +1,8 @@ # Secrets -Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix] +Secrets are managed using [agenix][agenix] so you can keep your flake in a public repository like GitHub without exposing your password or other sensitive data. -By default, everything in the secrets folder is automatically encrypted. Just -be sure to run `git-crypt init` before putting anything in here. - ## Agenix Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets within the nix store because it is world-readable. @@ -104,7 +101,6 @@ secrets get decrypted. You can learn about them by looking at the > You can take a look at the [agenix repository][agenix] for more information > about the tool. -[git-crypt]: https://github.com/AGWA/git-crypt [agenix]: https://github.com/ryantm/agenix [age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix [secrets-issue]: https://github.com/NixOS/nix/issues/8 diff --git a/shell/devos.nix b/shell/devos.nix index 9090143..6f01267 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -30,10 +30,6 @@ in unset _PATH ''); - packages = with pkgs; [ - git-crypt - ]; - commands = with pkgs; [ (devos nixUnstable) (devos agenix) From 6962aab06c1b679163e41cd70a697807b199548e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 24 Oct 2021 19:39:23 +0200 Subject: [PATCH 2/2] Remove .gitattributes files --- secrets/.gitattributes | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 secrets/.gitattributes diff --git a/secrets/.gitattributes b/secrets/.gitattributes deleted file mode 100644 index 901863e..0000000 --- a/secrets/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -* filter=git-crypt diff=git-crypt -.gitattributes !filter !diff -secrets.nix !filter !diff -README.md !filter !diff