Simplest Possible Hardware Deployment

Hi All,

I want to deploy on remote metal machines somewhere in the world without an internet connection.

While keeping the process as simple as possible.

Here’s my sketch so far:

  1. install base nix on the PC

  2. copy machine’s public key

  3. generate new nix config binary using public key to encrypt secrets with Agenix

  4. deploy binary (USB stick + the normal commands)


  • perhaps I could install Nix with a specific private key while keeping it out of the main configuration somehow

And reduce the install process to one step…

Then again, probably not.