| .. | ||
| configuration.nix | ||
| flake.lock | ||
| flake.nix | ||
| keys.txt | ||
| README.md | ||
| secrets.yaml | ||
| sops.yaml | ||
| sshkey | ||
| sshkey.pub | ||
Use a VM to run this example
Build VM with:
nixos-rebuild build-vm --fast -I nixos-config=./configuration.nix -I nixpkgs=.
Start VM with:
QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-nixos-vm
User is nixos, password is nixos.
Ssh into VM with ssh -p 2222 nixos@localhost.
If you get into issues with ssh trying too many public keys and failing, try instead: ssh -o PasswordAuthentication=yes -o PreferredAuthentications=keyboard-interactive,password -o PubkeyAuthentication=no -p 2222 nixos@localhost.
For more information about running this example in a vm, see NixOS_modules#Developing_modules.
For more information about writing tests, see the manual.
Create your secret key which prints the public key used for admin:
nix-shell -p age --run 'age-keygen -o keys.txt'
Get target host age key which prints the public key used for vm:
nix-shell -p ssh-to-age --run 'ssh-keyscan -p 2222 -4 localhost | ssh-to-age'
Update admin and vm keys in sops.yaml.
Edit secret itself with:
nix-shell -p sops --run 'sops --config sops.yaml secrets.yaml'
Deploy with:
nix-shell -p colmena --run 'colmena apply'
Took 12 minutes for first deploy on my machine. Next deploys take about 12 seconds.