Just chiming in about the secrets, but I have found that guix-sops works really well so far: https://fishinthecalculator.me/blog/secrets-management-with-sops-guix.html
There are a few things I would like to see (i.e. symmetrical encryption, being able to use s-expressions instead of yaml, etc), but for the most part it works very well on my servers. On April 29, 2024 12:34:43 PM EDT, Felix Lechner via <[email protected]> wrote: >Ideally, / would be empty, except for /gnu/store and mount points for >/home and /root. Some folks run / on a tmpfs and manage to get pretty >close. One challenge is that we haven't figured out what to do with >secrets. The store is public, so they can't go there.
