nix-gscheits/README.md

# Nix Gscheits

NixOS configurations of the FabLab Bad Windsheim

## General

This project uses Nix Flakes
which currently are only available in unstable Nix.

To make the project more accessible to users of stable nix,
a compatibility layer is provided.
If you use [direnv](https://direnv.net/),
a wrapper for unstable nix should transparently be added to the shell.
This might only work if you are a [trusted user](https://nixos.org/manual/nix/stable/#conf-trusted-users).

Secrets for NixOS machines are managed with sops using [sops-nix](https://github.com/Mic92/sops-nix).
The gpg keys are stored in `keys`
and a flake app is provided for conveniently displaying the fingerprint of a stored key:
`nix run .#showKeyFingerprint machines/raven`

### Directory structure

 * `machines`: NixOS configurations for machines.
 * `modules`: Modules that either alter default values
   or add modules that can be enabled via options.
 * `pkgs`: nixpkgs overlay for packages not in nixpkgs.

## Deployment

The deployment uses [krops](https://github.com/krebs/krops)
(more precisely [Mic92’s fork with flake support](https://github.com/Mic92/krops)).

If your public key is installed for root on the target system,
deploying is as easy as `nix run .#deploy/hostname`.

Building a configuration locally is possible by running `nixos-rebuild build --flake .#HOSTNAME`
or on systems with stable Nix (using the compatibility wrapper) `nix build .#nixosConfigurations.HOSTNAME.config.system.build.toplevel`.

## License

This project is licensed under the MIT license.
For details, please see the [COPYING](./COPYING) file.

Note: The MIT license does not apply to the built packages or system closures,
only to the source files in this repository.
It also might not apply to patches included in this repository,
which may be derivative works.