From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id AIsaHuzPjmIjSQEAbAwnHQ (envelope-from ) for ; Thu, 26 May 2022 02:55:08 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id hy4AHuzPjmJmqwAAauVa8A (envelope-from ) for ; Thu, 26 May 2022 02:55:08 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id BFCBBDC9F for ; Thu, 26 May 2022 02:55:07 +0200 (CEST) Received: from localhost ([::1]:40170 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nu1mM-0004C8-QM for larch@yhetil.org; Wed, 25 May 2022 20:55:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:36364) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nu1lh-0004C0-TB for help-guix@gnu.org; Wed, 25 May 2022 20:54:25 -0400 Received: from mta-13-4.privateemail.com ([198.54.127.109]:41314) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nu1le-0001Sn-RU for help-guix@gnu.org; Wed, 25 May 2022 20:54:24 -0400 Received: from mta-13.privateemail.com (localhost [127.0.0.1]) by mta-13.privateemail.com (Postfix) with ESMTP id 602DD18000A5; Wed, 25 May 2022 20:54:14 -0400 (EDT) Received: from guix (unknown [10.20.151.157]) by mta-13.privateemail.com (Postfix) with ESMTPA id BB60C18000B6; Wed, 25 May 2022 20:54:10 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=dominicm.dev; s=default; t=1653526454; bh=xHvCkSu08exVt9wUy9yriiraPze8UsUW2gq4BNxagoU=; h=References:From:To:Cc:Subject:Date:In-reply-to:From; b=QxlvtGnbQUPCUFkEXd27ZNWcIktIa1uU0jF5oLnjmqQfjX5WLAbczlamL/ifTme8+ QWkmFIZ2CKOpnD53DlRC0TbG9FqEDiDWlG+aAO2ZwKGxst1EQSqp8eqCMGFDUQhPZO GboV8kRseUU+PAmvkY+CcxIsXh9bljBCOhEtzDiTCumfH/lhOOSLz9T6WKOYkdjq4W ug6hAft04rOpFDzCLGWsDYLBaAiNvMVr8WOWBMLA3DzFttDlKBsY2qYTzvz/Jewc5D TxkINhKNXlLazJyhAk1KmGMrOxZD+OPLcC1QOFiyXCBQzBGBdeVTEcM+Q15W664C7m ykJllzfskclYw== References: <05b8334e-8ecb-1373-97b3-10b8617ed3c8@univ-rouen.fr> <490A4062-75F7-4919-803D-47E98DF9421C@lepiller.eu> <85258fe5-a220-41c6-d153-86de8c6bd57e@univ-rouen.fr> <34587fa7-652f-19a0-3006-aa3e707b13fb@univ-rouen.fr> <357B4763-2DA0-4255-9E58-B882E8ED1A9A@lepiller.eu> <36a809b0-6d5a-2f29-4c5f-07a418e05cbd@univ-rouen.fr> <441E1AD5-DFC9-4BBD-A45C-8328B51BE8D6@lepiller.eu> <635b0475-0134-acb4-8245-afcb571327a0@univ-rouen.fr> <87ee0s62m7.fsf@ruhr-uni-bochum.de> <481369ed-182c-000c-5927-f8879503cc39@univ-rouen.fr> <877d6k5yf7.fsf@ruhr-uni-bochum.de> <87pmkc4g8z.fsf@ruhr-uni-bochum.de> <2e112f4a-980c-f3fb-167f-624914a71384@univ-rouen.fr> User-agent: mu4e 1.6.10; emacs 27.2 From: Dominic Martinez To: sebastien.rey-coyrehourcq@univ-rouen.fr Cc: Daniel =?utf-8?Q?Mei=C3=9Fner?= , Julien Lepiller , help-guix@gnu.org Subject: Re: Guix home, guix system, channels, some noob questions Date: Wed, 25 May 2022 20:31:31 -0400 In-reply-to: <2e112f4a-980c-f3fb-167f-624914a71384@univ-rouen.fr> Message-ID: <87zgj56rm6.fsf@dominicm.dev> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Virus-Scanned: ClamAV using ClamSMTP Received-SPF: pass client-ip=198.54.127.109; envelope-from=dom@dominicm.dev; helo=MTA-13-4.privateemail.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1653526508; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=xHvCkSu08exVt9wUy9yriiraPze8UsUW2gq4BNxagoU=; b=gwFErBiotzVTYIYX2+3U4zrnPi3t80Zs5pwb9h6UXnBa1H1pVQcBwfpHbELdCkATLfPm18 A9PB5PV36XjW0BaePU8uiejzpv/7jTcxgYCNcrgh2D0nYBQpESIuqgEijHuNVKzsQQxAKO jtjFwZbjdcQhSIvs5IFRFdsth/0Xq4zmn+Ft4lZ/URgINcY0p6FQdba9ETDkhdGTZigZAs GwWWl+eizx+U/DPpoXza+M2J38RjUbOObRgoaHuJrRRPk4dnqYFzeuNAw8vE03v8Ql4AfV 7gvAlM9Z+fUXSi2cwHxH1ATrAUw6MXbFUwmh1zka37xtuOhp9YXwnxBBLbINMg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1653526508; a=rsa-sha256; cv=none; b=qrMATvNrgPpDUD8EuFkIOrOe4Cczo1X/4fDdgf+vK98MOQSbjgYn7lz/+GWdxWaDwC1N6v ojkCohyvQNcFc/CzD8He3/7aTU1hZ40JQiEEe3budKCQpLbJh/TJMzkzyQ7Lo+Iqbl2QVK Xbz1nP2LK6GZqLkYjLn3Pknx6snxnhm6eEH0T7JPqejm5dz9dAYyeKR1irtF6gfZ0TFJlp 7fv4ub18tcE7cOzMGXR3mW4VxX44wKChDQzCmdAE+xHtfhpDeGSwycGuMMmBQFtHsxGmNq i31Jz3ihnyazWu6ET3dTNeWn9rqDx4Ipc7EBSxmTSsNOj2mv0rk4sGV03/GQvQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=dominicm.dev header.s=default header.b=QxlvtGnb; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -0.94 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=dominicm.dev header.s=default header.b=QxlvtGnb; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: BFCBBDC9F X-Spam-Score: -0.94 X-Migadu-Scanner: scn0.migadu.com X-TUID: q3LabtC9ZohG --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable S=C3=A9bastien Rey-Coyrehourcq=20 writes: > The only things holding me back at the moment is two things : > > a) doom emacs flavour, how to manage the fact that doom use=20 > straigt.el > to maintain packages I don't think it's possible to use Doom with Guix emacs packages,=20 but you can just set up Doom as you would on another distro. I did=20 this while I transitioned to a Guix config, using=20 ~home-files-service-type~ to deploy my Doom config files. > b) "password / secrets" management ? > > There are two things, file to directly encrypt (like ssh key)=20 > and > password to hide into configuration file (templating) > > b.1) So, that need to encrypt/decrypt more or less "on-the-fly"=20 > the > files using gpg/yubikey or age like yadm (=20 > https://yadm.io/docs/encryption ) or chezmoi > (https://www.chezmoi.io/user-guide/encryption/gpg/) do ? I use small wrappers around GPG's built in encryption=20 (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2663)=20 and decryption=20 (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2691)=20 functions to manage secrets directly in my repository on the=20 fly. Then I can have supported services call the script to get=20 secrets without storing them in plain-text=20 (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1648). > b.2) And for templating, like replacing ${mypassword} into some > configuration file by getting info stored into password manager=20 > like=20 > "pass", i also don't know how to do that. Org makes this really convienent. Using noweb and shell scripts I=20 can decrypt and insert secrets into templated areas when I tangle=20 my configuration files. That way my repo only contains encrypted=20 secrets, but as long as I have my GPG keys I can build my=20 configuration files locally. See=20 https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L5=20 and=20 https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L1937. > c) synchronization of my .dotfiles between two different=20 > OS/System : > Ubuntu (home) / Guix (work & home) I keep all my configuration in a git repository, then use ~guix=20 home~ to put all the files in the right places. As others have=20 noted, there are many ways to identify the current system and do=20 system-specific operations. I personally use an environment=20 variable to keep track, and wrap guix operations with scripts that=20 detect the system and use different system/home configurations=20 (https://git.sr.ht/~dominicm/dotfiles/tree/main/item/System.org#L2366). The= n=20 all I have to do is supply the script with the system name on the=20 first run, and ~home-environment-variables-service-type~ takes it=20 from there. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQRtp6gAxeTcYmhxQ/1Bnl1fEVBrXQUCYo7PsQAKCRBBnl1fEVBr XdNoAP4zzsM4u3uxO/K0f6wBxtPYzTiDC8IoHR8WGvJPZ16RsQD/TRgQlZ0WMIe8 VRO4F8JL8/yMN5Q2MZ0Rugt8dWiCRAc= =lRSB -----END PGP SIGNATURE----- --=-=-=--