Hi Nix Devs, I'm having some difficulties separating sensitive information from a nix expression used by NixOps.
I keep the server config in a separate file, servers.nix: { vm01 = { config, pkgs, nodes, ... }: { deployment = { targetHost = "192.168.121.50"; }; ... } } Currently I have all relevant software config for each server in a nix expression platforms.nix as follows (where vm01 is the hostname): { vm01 = { config, pkgs, ... }: { services.symfony.platforms = { database = { username = "www"; /* password = "1234567" -> moved to keys.nix */ }; ... } } I want to remove the sensitive info from this file and put it in a separate nix expression, eg. keys.nix, maintaining the same structure so the files can be merged. In keys.nix I currently have { vm01 = { { config, pkgs, ... }: { services.symfony.platforms.database.password = "12345678"; .. } } } I've modified my nixops deploy to have keys.nix loaded after the servers.nix and platforms.nix files, but I keep getting errors like "the attribute password does not exist" I must be overlooking something obvious as all the other files I define in my deploy are being merged correctly. Can anyone advise me on how to achieve this? The underlying reason is that I'm using git-crypt to encrypt the platforms.nix file, but this makes it impossible to work with branches (or git logs) etc. as the whole file is encrypted and git cannot merge binary files (it simply replaces them). Kind regards! Erik aka 4levels
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev