Thanks Julien, Daniel, Dominic, Efraim for these very detailed answers and snippets, that will be very useful in my current migration from Ubuntu to Guix. I answer here if i need some highlights or if i found interesting questions or remarks to share with you. Best regards, Le 26/05/2022 à 02:31, Dominic Martinez a écrit : > > Sébastien Rey-Coyrehourcq > writes: > >> The only things holding me back at the moment is two things : >> >> a) doom emacs flavour, how to manage the fact that doom use straigt.el >> to maintain packages > > I don't think it's possible to use Doom with Guix emacs packages, but > you can just set up Doom as you would on another distro. I did this > while I transitioned to a Guix config, using ~home-files-service-type~ > to deploy my Doom config files. > >> b) "password / secrets" management ? >> >> There are two things, file to directly encrypt (like ssh key) and >> password to hide into configuration file (templating) >> >> b.1) So, that need to encrypt/decrypt more or less "on-the-fly" the >> files using gpg/yubikey or age like yadm ( >> https://yadm.io/docs/encryption ) or chezmoi >> (https://www.chezmoi.io/user-guide/encryption/gpg/) do ? > > I use small wrappers around GPG's built in encryption > (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2663) > and decryption > (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2691) > functions to manage secrets directly in my repository on the fly. Then > I can have supported services call the script to get secrets without > storing them in plain-text > (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1648). > >> b.2) And for templating, like replacing ${mypassword} into some >> configuration file by getting info stored into password manager like >> "pass", i also don't know how to do that. > > Org makes this really convienent. Using noweb and shell scripts I can > decrypt and insert secrets into templated areas when I tangle my > configuration files. That way my repo only contains encrypted secrets, > but as long as I have my GPG keys I can build my configuration files > locally. See > https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L5 and > https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1937. > >> c) synchronization of my .dotfiles between two different OS/System : >> Ubuntu (home) / Guix (work & home) > > I keep all my configuration in a git repository, then use ~guix home~ > to put all the files in the right places. As others have noted, there > are many ways to identify the current system and do system-specific > operations. I personally use an environment variable to keep track, > and wrap guix operations with scripts that detect the system and use > different system/home configurations > (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2366). > Then all I have to do is supply the script with the system name on the > first run, and ~home-environment-variables-service-type~ takes it from > there.