I want to create a cicd workflow which will build the NixOS and deploy it for me when I push any changes to the configuration. This is the configuration I have right now, and I am deploying with a single command deploy
now
It is working ok, but I cannot deploy in cicd, because I have hidden my ip in a flake in my local.
How should I deal with this kind of private configuration? I have thought of using .gitignore
to ignore those private/secret files inside my current deploy flake, but it won’t work because flake tries to be pure and only takes in files from inputs
or something that would be committed to git.
For dealing with runtime secret(like password or secret key), I am using agenix
with is working ok. I hope I am explaining myself clearly so that you understand my issue.