Re: Guix home, guix system, channels, some noob questions

[Sébastien Rey-Coyrehourcq]

Thanks Julien, Daniel, Dominic, Efraim for these very detailed answers 
and snippets, that will be very useful in my current migration from 
Ubuntu to Guix.

I answer here if i need some highlights or if i found interesting 
questions or remarks to share with you.

Best regards,

Le 26/05/2022 à 02:31, Dominic Martinez a écrit :
> Sébastien Rey-Coyrehourcq <sebastien.rey-coyrehourcq@univ-rouen.fr> 
> writes:
>
> > The only things holding me back at the moment is two things :
> >
> > a) doom emacs flavour, how to manage the fact that doom use straigt.el
> > to maintain packages
>
> I don't think it's possible to use Doom with Guix emacs packages, but 
> you can just set up Doom as you would on another distro. I did this 
> while I transitioned to a Guix config, using ~home-files-service-type~ 
> to deploy my Doom config files.
>
> > b) "password / secrets" management ?
> >
> > There are two things, file to directly encrypt (like ssh key) and
> > password to hide into configuration file (templating)
> >
> > b.1) So, that need to encrypt/decrypt more or less "on-the-fly" the
> > files using gpg/yubikey or age like yadm ( 
> > https://yadm.io/docs/encryption ) or chezmoi
> > (https://www.chezmoi.io/user-guide/encryption/gpg/) do ?
>
> I use small wrappers around GPG's built in encryption 
> (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2663) 
> and decryption 
> (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2691) 
> functions to manage secrets directly in my repository on the fly. Then 
> I can have supported services call the script to get secrets without 
> storing them in plain-text 
> (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1648).
>
> > b.2) And for templating, like replacing ${mypassword} into some
> > configuration file by getting info stored into password manager like 
> > "pass", i also don't know how to do that.
>
> Org makes this really convienent. Using noweb and shell scripts I can 
> decrypt and insert secrets into templated areas when I tangle my 
> configuration files. That way my repo only contains encrypted secrets, 
> but as long as I have my GPG keys I can build my configuration files 
> locally. See 
> https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L5 and 
> https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1937.
>
> > c) synchronization of my .dotfiles between two different OS/System :
> > Ubuntu (home) / Guix (work & home)
>
> I keep all my configuration in a git repository, then use ~guix home~ 
> to put all the files in the right places. As others have noted, there 
> are many ways to identify the current system and do system-specific 
> operations. I personally use an environment variable to keep track, 
> and wrap guix operations with scripts that detect the system and use 
> different system/home configurations 
> (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2366). 
> Then all I have to do is supply the script with the system name on the 
> first run, and ~home-environment-variables-service-type~ takes it from 
> there.

OpenPGP_0xD262AFCCE42732D3.asc
Description: OpenPGP public key

OpenPGP_signature
Description: OpenPGP digital signature