The problem is that I have my config on Github and would like to make it public, so I need to hide this ID. I already use sops-nix to hide passwords and other stuff, but I could not find a way to do this. Is there any other way?
This is a pretty frequent question. There are effectively two options, git-crypt, or you maintain a second configuration in a private repository that is imported by the public one to add the sensitive options. Flakes are usually used for the latter, but you can also achieve that in a traditional config with fetchFromGitHub.
This is assuming the values aren’t actually secret secret but just sensitive. If they are secrets, then this particular NixOS module does not support treating these values as secret and you would have to write your own that does permit reading the values from a file so you can use sops - or of course patch the upstream one and contribute so everyone can benefit
I don’t think that’s true for nextdns IDs (can DNS-over-TLS/HTTPS server URLs be intercepted by recursive DNS servers? I think so?) and that’d be an awfully small entropy if it were, so treating it as sensitive is probably fine, but I’ve never used the service myself.
Hey, I don’t know about the interception thing, but I just don’t want my ID to be public. I found a solution with their own client, which has a config-file argument. So I’m using it like this:
@arthsmn Thanks for the solution. Quick question - what do you have stored in the nextdnsID? I’d like to also pass in some settings to build the config. sops-nix doesn’t allow for multiline strings right?
Hmm… interesting. I did try that initially. I was getting a similar error from sops-nix when I had my config in non-string form. Let me try again, maybe I had a syntax error.
