feat: Add flake and ragenix package generation and dev environment

2026-01-30 12:02:13 -05:00
parent 59ad94bba2
commit b77bca6f0a
13 changed files with 1293 additions and 0 deletions
--- a/SETUP_COMPLETE.md
+++ b/SETUP_COMPLETE.md
@@ -0,0 +1,241 @@
+# USDA Vision - Flake Migration Complete ✅
+
+## Summary
+
+Your USDA Vision repository now has:
+
+1. **Self-contained Nix flake** (`flake.nix`)
+   - Independent build system
+   - Development environment
+   - NixOS module for deployment
+
+2. **Encrypted secrets management** (ragenix)
+   - `.age` files safe to commit to git
+   - Key-based access control
+   - No more plaintext `.env` files
+
+3. **Modular build** (package.nix, camera-sdk.nix)
+   - Cleaner organization
+   - Easier to maintain
+   - Reusable components
+
+4. **Updated parent** (../default.nix)
+   - Now references the flake
+   - Removed 200+ lines of inline derivations
+
+## Files Added
+
+### Core Flake Files
+- ✅ `flake.nix` - Main flake definition with outputs
+- ✅ `package.nix` - Application build logic  
+- ✅ `camera-sdk.nix` - Camera SDK build logic
+- ✅ `secrets.nix` - ragenix configuration
+
+### Secrets Infrastructure
+- ✅ `secrets/secrets.nix` - Public key list
+- ✅ `secrets/README.md` - Secrets documentation
+- ✅ `secrets/.gitignore` - Protect plaintext files
+
+### Documentation & Helpers
+- ✅ `FLAKE_SETUP.md` - Complete setup guide
+- ✅ `setup-dev.sh` - Interactive setup script
+- ✅ `.envrc` - direnv integration (optional)
+
+### Parent Directory
+- ✅ `NIX_FLAKE_MIGRATION.md` - Migration summary
+
+## Next Steps
+
+### 1. Commit the Flake Files
+
+The flake needs to be in git to work:
+
+```bash
+cd /home/engr-ugaif/usda-dash-config/usda-vision
+
+# Add all new flake files
+git add flake.nix package.nix camera-sdk.nix secrets.nix
+git add secrets/secrets.nix secrets/README.md secrets/.gitignore
+git add FLAKE_SETUP.md setup-dev.sh .envrc .gitignore
+
+# Commit
+git commit -m "Add Nix flake with ragenix secrets management
+
+- Self-contained flake build system
+- Development shell with all tools
+- ragenix for encrypted secrets
+- Modular package definitions
+"
+```
+
+### 2. Set Up Your Age Key
+
+```bash
+cd /home/engr-ugaif/usda-dash-config/usda-vision
+
+# Option A: Use the interactive setup script
+./setup-dev.sh
+
+# Option B: Manual setup
+mkdir -p ~/.config/age
+age-keygen -o ~/.config/age/keys.txt
+# Then add your public key to secrets/secrets.nix
+```
+
+### 3. Encrypt Your Secrets
+
+```bash
+# Enter the development environment
+nix develop
+
+# Encrypt main .env file
+ragenix -e secrets/env.age
+# Paste your current .env contents, save, exit
+
+# Encrypt Azure config
+ragenix -e secrets/env.azure.age  
+# Paste your current .env.azure contents, save, exit
+
+# Commit encrypted secrets
+git add secrets/env.age secrets/env.azure.age
+git commit -m "Add encrypted environment configuration"
+```
+
+### 4. Test the Setup
+
+```bash
+# Test that the build works
+nix build
+
+# Test the development shell
+nix develop
+# You should see a welcome message
+
+# Inside the dev shell, verify tools
+docker-compose --version
+supabase --version
+ragenix --help
+```
+
+### 5. Update the Parent Repository
+
+```bash
+cd /home/engr-ugaif/usda-dash-config
+
+# Commit the updated default.nix
+git add default.nix NIX_FLAKE_MIGRATION.md
+git commit -m "Update default.nix to use usda-vision flake
+
+- Removed inline derivations
+- Now references usda-vision flake packages
+- Cleaner, more maintainable code
+"
+```
+
+### 6. Clean Up Old Files (Optional)
+
+After verifying everything works, you can delete the old plaintext secrets:
+
+```bash
+cd /home/engr-ugaif/usda-dash-config/usda-vision
+
+# These are already git-ignored, but remove them locally
+rm -f .env .env.azure management-dashboard-web-app/.env
+
+echo "✅ Old plaintext secrets removed"
+```
+
+## Verification Checklist
+
+- [ ] Flake files committed to git
+- [ ] Age key generated at `~/.config/age/keys.txt`
+- [ ] Public key added to `secrets/secrets.nix`
+- [ ] Secrets encrypted and committed
+- [ ] `nix build` succeeds
+- [ ] `nix develop` works
+- [ ] Parent `default.nix` updated and committed
+- [ ] Old `.env` files deleted
+
+## Usage Quick Reference
+
+### Development
+
+```bash
+# Enter dev environment (one-time per session)
+cd usda-vision
+nix develop
+
+# Edit secrets
+ragenix -e secrets/env.age
+
+# Normal docker-compose workflow
+docker-compose up -d
+docker-compose logs -f
+```
+
+### Building
+
+```bash
+# Build everything
+nix build
+
+# Build specific packages
+nix build .#usda-vision
+nix build .#camera-sdk
+```
+
+### Secrets Management
+
+```bash
+# Edit encrypted secret
+ragenix -e secrets/env.age
+
+# Re-key after adding a new public key
+ragenix -r
+
+# View decrypted (careful!)
+age -d -i ~/.config/age/keys.txt secrets/env.age
+```
+
+## Troubleshooting
+
+### "cannot decrypt: no valid identity"
+
+Your age key isn't configured. Run:
+```bash
+./setup-dev.sh
+```
+
+### "error: flake.nix is not in git"
+
+Commit the flake files:
+```bash
+git add flake.nix package.nix camera-sdk.nix secrets.nix
+git commit -m "Add flake files"
+```
+
+### "experimental feature 'flakes' not enabled"
+
+Add to `~/.config/nix/nix.conf`:
+```
+experimental-features = nix-command flakes
+```
+
+## Documentation
+
+- **Full Setup Guide**: [FLAKE_SETUP.md](FLAKE_SETUP.md)
+- **Secrets Guide**: [secrets/README.md](secrets/README.md)
+- **Migration Summary**: [../NIX_FLAKE_MIGRATION.md](../NIX_FLAKE_MIGRATION.md)
+
+## Questions?
+
+Refer to [FLAKE_SETUP.md](FLAKE_SETUP.md) for detailed documentation, or run:
+
+```bash
+./setup-dev.sh  # Interactive setup
+```
+
+---
+
+**Migration completed on**: 2026-01-30
+**Created by**: GitHub Copilot