[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Guix home, guix system, channels, some noob questions

From: Dominic Martinez
Subject: Re: Guix home, guix system, channels, some noob questions
Date: Wed, 25 May 2022 20:31:31 -0400
User-agent: mu4e 1.6.10; emacs 27.2

Sébastien Rey-Coyrehourcq <> writes:

The only things holding me back at the moment is two things :

a) doom emacs flavour, how to manage the fact that doom use straigt.el
to maintain packages

I don't think it's possible to use Doom with Guix emacs packages, but you can just set up Doom as you would on another distro. I did this while I transitioned to a Guix config, using ~home-files-service-type~ to deploy my Doom config files.

b) "password / secrets" management ?

There are two things, file to directly encrypt (like ssh key) and
password to hide into configuration file (templating)

b.1) So, that need to encrypt/decrypt more or less "on-the-fly" the files using gpg/yubikey or age like yadm ( ) or chezmoi
( do ?

I use small wrappers around GPG's built in encryption ( and decryption ( functions to manage secrets directly in my repository on the fly. Then I can have supported services call the script to get secrets without storing them in plain-text (

b.2) And for templating, like replacing ${mypassword} into some
configuration file by getting info stored into password manager like "pass", i also don't know how to do that.

Org makes this really convienent. Using noweb and shell scripts I can decrypt and insert secrets into templated areas when I tangle my configuration files. That way my repo only contains encrypted secrets, but as long as I have my GPG keys I can build my configuration files locally. See and

c) synchronization of my .dotfiles between two different OS/System :
Ubuntu (home) / Guix (work & home)

I keep all my configuration in a git repository, then use ~guix home~ to put all the files in the right places. As others have noted, there are many ways to identify the current system and do system-specific operations. I personally use an environment variable to keep track, and wrap guix operations with scripts that detect the system and use different system/home configurations ( Then all I have to do is supply the script with the system name on the first run, and ~home-environment-variables-service-type~ takes it from there.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]