Sébastien Rey-Coyrehourcq <sebastien.rey-coyrehourcq@univ-rouen.fr>
writes:
The only things holding me back at the moment is two things :
a) doom emacs flavour, how to manage the fact that doom use straigt.el
to maintain packages
I don't think it's possible to use Doom with Guix emacs packages, but
you can just set up Doom as you would on another distro. I did this
while I transitioned to a Guix config, using ~home-files-service-type~
to deploy my Doom config files.
b) "password / secrets" management ?
There are two things, file to directly encrypt (like ssh key) and
password to hide into configuration file (templating)
b.1) So, that need to encrypt/decrypt more or less "on-the-fly" the
files using gpg/yubikey or age like yadm (
https://yadm.io/docs/encryption ) or chezmoi
(https://www.chezmoi.io/user-guide/encryption/gpg/) do ?
I use small wrappers around GPG's built in encryption
(https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2663)
and decryption
(https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2691)
functions to manage secrets directly in my repository on the fly. Then
I can have supported services call the script to get secrets without
storing them in plain-text
(https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1648).
b.2) And for templating, like replacing ${mypassword} into some
configuration file by getting info stored into password manager like
"pass", i also don't know how to do that.
Org makes this really convienent. Using noweb and shell scripts I can
decrypt and insert secrets into templated areas when I tangle my
configuration files. That way my repo only contains encrypted secrets,
but as long as I have my GPG keys I can build my configuration files
locally. See
https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L5 and
https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1937.
c) synchronization of my .dotfiles between two different OS/System :
Ubuntu (home) / Guix (work & home)
I keep all my configuration in a git repository, then use ~guix home~
to put all the files in the right places. As others have noted, there
are many ways to identify the current system and do system-specific
operations. I personally use an environment variable to keep track,
and wrap guix operations with scripts that detect the system and use
different system/home configurations
(https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2366).
Then all I have to do is supply the script with the system name on the
first run, and ~home-environment-variables-service-type~ takes it from
there.