Sébastien Rey-Coyrehourcq writes: > The only things holding me back at the moment is two things : > > a) doom emacs flavour, how to manage the fact that doom use > straigt.el > to maintain packages I don't think it's possible to use Doom with Guix emacs packages, but you can just set up Doom as you would on another distro. I did this while I transitioned to a Guix config, using ~home-files-service-type~ to deploy my Doom config files. > b) "password / secrets" management ? > > There are two things, file to directly encrypt (like ssh key) > and > password to hide into configuration file (templating) > > b.1) So, that need to encrypt/decrypt more or less "on-the-fly" > the > files using gpg/yubikey or age like yadm ( > https://yadm.io/docs/encryption ) or chezmoi > (https://www.chezmoi.io/user-guide/encryption/gpg/) do ? I use small wrappers around GPG's built in encryption (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2663) and decryption (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2691) functions to manage secrets directly in my repository on the fly. Then I can have supported services call the script to get secrets without storing them in plain-text (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1648). > b.2) And for templating, like replacing ${mypassword} into some > configuration file by getting info stored into password manager > like > "pass", i also don't know how to do that. Org makes this really convienent. Using noweb and shell scripts I can decrypt and insert secrets into templated areas when I tangle my configuration files. That way my repo only contains encrypted secrets, but as long as I have my GPG keys I can build my configuration files locally. See https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L5 and https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1937. > c) synchronization of my .dotfiles between two different > OS/System : > Ubuntu (home) / Guix (work & home) I keep all my configuration in a git repository, then use ~guix home~ to put all the files in the right places. As others have noted, there are many ways to identify the current system and do system-specific operations. I personally use an environment variable to keep track, and wrap guix operations with scripts that detect the system and use different system/home configurations (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2366). Then all I have to do is supply the script with the system name on the first run, and ~home-environment-variables-service-type~ takes it from there.