Based on cachix-deploy-hetzner-dedicated.
Based on Cachix Deploy for nix-darwin.
Make sure to install rosetta: softwareupdate --install-rosetta --agree-to-license
Secrets are managed by agenix: https://github.com/ryantm/agenix
Edit secrets/secrets.nix to add secrets, machines, and users.
You can get the public key for a machine with ssh-keyscan:
ssh-keyscan <IP/DOMAIN>Create a new encrypted secret with:
cd secrets
agenix -e <NAME>.age -i ~/.ssh/<publickey>cd secrets
agenix -e <NAME>.age -i ~/.ssh/<publickey>