Hi, I’m playing around with a flake-based multi-host repository (a repository containing multiple NixOS configurations for different machines) as I’ve seen many people do. I think that this approach has some benefits because it allows one to share common modules, packages, and other code.
Though I’m wondering about the security implications of such an approach. I noticed that the whole source of the repository is copied into the nix store of a deployed machine, even the parts which shouldn’t be evaluated for the deployed NixOS configuration (I was surprised because I thought lazy evaluation takes care of that). I think this could cause some (severe) information leakage, e.g., system/network configs, user names, etc. I know that managing secrets like passwords, ssh keys is an issue in NixOS and should be done with special consideration. But even if secrets are encrypted the leakage of their mere existence could be problematic (Imagine that you are an IT service provider and manage multiple, independent clients and you leak one client’s information to another).
I would be curious if anyone else has had thoughts about how to approach managing mutli-host setups from a security & maintainability perspective (with standard NixOS setups, without relying on too much on 3rd party tools as those might introduce additional problems).