Hi All,
I want to deploy on remote metal machines somewhere in the world without an internet connection.
While keeping the process as simple as possible.
Here’s my sketch so far:
-
install base nix on the PC
-
copy machine’s public key
-
generate new nix config binary using public key to encrypt secrets with Agenix
-
deploy binary (USB stick + the normal commands)
But…
- perhaps I could install Nix with a specific private key while keeping it out of the main configuration somehow
And reduce the install process to one step…
Then again, probably not.