MODEL/usda-vision
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dce72a6ab9380d724ba0e2306a67371dfdb5fb7e
usda-vision/SETUP_COMPLETE.md

5.1 KiB
Raw Blame History

USDA Vision - Flake Migration Complete

Summary

Your USDA Vision repository now has:

  1. Self-contained Nix flake (flake.nix)

    • Independent build system
    • Development environment
    • NixOS module for deployment

  2. Encrypted secrets management (ragenix)

    • .age files safe to commit to git
    • Key-based access control
    • No more plaintext .env files

  3. Modular build (package.nix, camera-sdk.nix)

    • Cleaner organization
    • Easier to maintain
    • Reusable components

  4. Updated parent (../default.nix)

    • Now references the flake
    • Removed 200+ lines of inline derivations

Files Added

Core Flake Files

  • flake.nix - Main flake definition with outputs
  • package.nix - Application build logic
  • camera-sdk.nix - Camera SDK build logic
  • secrets.nix - ragenix configuration

Secrets Infrastructure

  • secrets/secrets.nix - Public key list
  • secrets/README.md - Secrets documentation
  • secrets/.gitignore - Protect plaintext files

Documentation & Helpers

  • FLAKE_SETUP.md - Complete setup guide
  • setup-dev.sh - Interactive setup script
  • .envrc - direnv integration (optional)

Parent Directory

  • NIX_FLAKE_MIGRATION.md - Migration summary

Next Steps

1. Commit the Flake Files

The flake needs to be in git to work:

cd /home/engr-ugaif/usda-dash-config/usda-vision

# Add all new flake files
git add flake.nix package.nix camera-sdk.nix secrets.nix
git add secrets/secrets.nix secrets/README.md secrets/.gitignore
git add FLAKE_SETUP.md setup-dev.sh .envrc .gitignore

# Commit
git commit -m "Add Nix flake with ragenix secrets management

- Self-contained flake build system
- Development shell with all tools
- ragenix for encrypted secrets
- Modular package definitions
"

2. Set Up Your Age Key

cd /home/engr-ugaif/usda-dash-config/usda-vision

# Option A: Use the interactive setup script
./setup-dev.sh

# Option B: Manual setup
mkdir -p ~/.config/age
age-keygen -o ~/.config/age/keys.txt
# Then add your public key to secrets/secrets.nix

3. Encrypt Your Secrets

# Enter the development environment
nix develop

# Encrypt main .env file
ragenix -e secrets/env.age
# Paste your current .env contents, save, exit

# Encrypt Azure config
ragenix -e secrets/env.azure.age  
# Paste your current .env.azure contents, save, exit

# Commit encrypted secrets
git add secrets/env.age secrets/env.azure.age
git commit -m "Add encrypted environment configuration"

4. Test the Setup

# Test that the build works
nix build

# Test the development shell
nix develop
# You should see a welcome message

# Inside the dev shell, verify tools
docker-compose --version
supabase --version
ragenix --help

5. Update the Parent Repository

cd /home/engr-ugaif/usda-dash-config

# Commit the updated default.nix
git add default.nix NIX_FLAKE_MIGRATION.md
git commit -m "Update default.nix to use usda-vision flake

- Removed inline derivations
- Now references usda-vision flake packages
- Cleaner, more maintainable code
"

6. Clean Up Old Files (Optional)

After verifying everything works, you can delete the old plaintext secrets:

cd /home/engr-ugaif/usda-dash-config/usda-vision

# These are already git-ignored, but remove them locally
rm -f .env .env.azure management-dashboard-web-app/.env

echo "✅ Old plaintext secrets removed"

Verification Checklist

  • Flake files committed to git
  • Age key generated at ~/.config/age/keys.txt
  • Public key added to secrets/secrets.nix
  • Secrets encrypted and committed
  • nix build succeeds
  • nix develop works
  • Parent default.nix updated and committed
  • Old .env files deleted

Usage Quick Reference

Development

# Enter dev environment (one-time per session)
cd usda-vision
nix develop

# Edit secrets
ragenix -e secrets/env.age

# Normal docker-compose workflow
docker-compose up -d
docker-compose logs -f

Building

# Build everything
nix build

# Build specific packages
nix build .#usda-vision
nix build .#camera-sdk

Secrets Management

# Edit encrypted secret
ragenix -e secrets/env.age

# Re-key after adding a new public key
ragenix -r

# View decrypted (careful!)
age -d -i ~/.config/age/keys.txt secrets/env.age

Troubleshooting

"cannot decrypt: no valid identity"

Your age key isn't configured. Run:

./setup-dev.sh

"error: flake.nix is not in git"

Commit the flake files:

git add flake.nix package.nix camera-sdk.nix secrets.nix
git commit -m "Add flake files"

"experimental feature 'flakes' not enabled"

Add to ~/.config/nix/nix.conf:

experimental-features = nix-command flakes

Documentation

Questions?

Refer to FLAKE_SETUP.md for detailed documentation, or run:

./setup-dev.sh  # Interactive setup

Migration completed on: 2026-01-30 Created by: GitHub Copilot

Reference in New Issue View Git Blame Copy Permalink