MODEL/usda-vision
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dce72a6ab9380d724ba0e2306a67371dfdb5fb7e
usda-vision/SETUP_COMPLETE.md

242 lines
5.1 KiB
Markdown
Raw Blame History

# USDA Vision - Flake Migration Complete ✅
## Summary
Your USDA Vision repository now has:
1. **Self-contained Nix flake** (`flake.nix`)
- Independent build system
- Development environment
- NixOS module for deployment
2. **Encrypted secrets management** (ragenix)
- `.age` files safe to commit to git
- Key-based access control
- No more plaintext `.env` files
3. **Modular build** (package.nix, camera-sdk.nix)
- Cleaner organization
- Easier to maintain
- Reusable components
4. **Updated parent** (../default.nix)
- Now references the flake
- Removed 200+ lines of inline derivations
## Files Added
### Core Flake Files
-`flake.nix` - Main flake definition with outputs
-`package.nix` - Application build logic
-`camera-sdk.nix` - Camera SDK build logic
-`secrets.nix` - ragenix configuration
### Secrets Infrastructure
-`secrets/secrets.nix` - Public key list
-`secrets/README.md` - Secrets documentation
-`secrets/.gitignore` - Protect plaintext files
### Documentation & Helpers
-`FLAKE_SETUP.md` - Complete setup guide
-`setup-dev.sh` - Interactive setup script
-`.envrc` - direnv integration (optional)
### Parent Directory
-`NIX_FLAKE_MIGRATION.md` - Migration summary
## Next Steps
### 1. Commit the Flake Files
The flake needs to be in git to work:
```bash
cd /home/engr-ugaif/usda-dash-config/usda-vision
# Add all new flake files
git add flake.nix package.nix camera-sdk.nix secrets.nix
git add secrets/secrets.nix secrets/README.md secrets/.gitignore
git add FLAKE_SETUP.md setup-dev.sh .envrc .gitignore
# Commit
git commit -m "Add Nix flake with ragenix secrets management
- Self-contained flake build system
- Development shell with all tools
- ragenix for encrypted secrets
- Modular package definitions
"
```
### 2. Set Up Your Age Key
```bash
cd /home/engr-ugaif/usda-dash-config/usda-vision
# Option A: Use the interactive setup script
./setup-dev.sh
# Option B: Manual setup
mkdir -p ~/.config/age
age-keygen -o ~/.config/age/keys.txt
# Then add your public key to secrets/secrets.nix
```
### 3. Encrypt Your Secrets
```bash
# Enter the development environment
nix develop
# Encrypt main .env file
ragenix -e secrets/env.age
# Paste your current .env contents, save, exit
# Encrypt Azure config
ragenix -e secrets/env.azure.age
# Paste your current .env.azure contents, save, exit
# Commit encrypted secrets
git add secrets/env.age secrets/env.azure.age
git commit -m "Add encrypted environment configuration"
```
### 4. Test the Setup
```bash
# Test that the build works
nix build
# Test the development shell
nix develop
# You should see a welcome message
# Inside the dev shell, verify tools
docker-compose --version
supabase --version
ragenix --help
```
### 5. Update the Parent Repository
```bash
cd /home/engr-ugaif/usda-dash-config
# Commit the updated default.nix
git add default.nix NIX_FLAKE_MIGRATION.md
git commit -m "Update default.nix to use usda-vision flake
- Removed inline derivations
- Now references usda-vision flake packages
- Cleaner, more maintainable code
"
```
### 6. Clean Up Old Files (Optional)
After verifying everything works, you can delete the old plaintext secrets:
```bash
cd /home/engr-ugaif/usda-dash-config/usda-vision
# These are already git-ignored, but remove them locally
rm -f .env .env.azure management-dashboard-web-app/.env
echo "✅ Old plaintext secrets removed"
```
## Verification Checklist
- [ ] Flake files committed to git
- [ ] Age key generated at `~/.config/age/keys.txt`
- [ ] Public key added to `secrets/secrets.nix`
- [ ] Secrets encrypted and committed
- [ ] `nix build` succeeds
- [ ] `nix develop` works
- [ ] Parent `default.nix` updated and committed
- [ ] Old `.env` files deleted
## Usage Quick Reference
### Development
```bash
# Enter dev environment (one-time per session)
cd usda-vision
nix develop
# Edit secrets
ragenix -e secrets/env.age
# Normal docker-compose workflow
docker-compose up -d
docker-compose logs -f
```
### Building
```bash
# Build everything
nix build
# Build specific packages
nix build .#usda-vision
nix build .#camera-sdk
```
### Secrets Management
```bash
# Edit encrypted secret
ragenix -e secrets/env.age
# Re-key after adding a new public key
ragenix -r
# View decrypted (careful!)
age -d -i ~/.config/age/keys.txt secrets/env.age
```
## Troubleshooting
### "cannot decrypt: no valid identity"
Your age key isn't configured. Run:
```bash
./setup-dev.sh
```
### "error: flake.nix is not in git"
Commit the flake files:
```bash
git add flake.nix package.nix camera-sdk.nix secrets.nix
git commit -m "Add flake files"
```
### "experimental feature 'flakes' not enabled"
Add to `~/.config/nix/nix.conf`:
```
experimental-features = nix-command flakes
```
## Documentation
- **Full Setup Guide**: [FLAKE_SETUP.md](FLAKE_SETUP.md)
- **Secrets Guide**: [secrets/README.md](secrets/README.md)
- **Migration Summary**: [../NIX_FLAKE_MIGRATION.md](../NIX_FLAKE_MIGRATION.md)
## Questions?
Refer to [FLAKE_SETUP.md](FLAKE_SETUP.md) for detailed documentation, or run:
```bash
./setup-dev.sh # Interactive setup
```
---
**Migration completed on**: 2026-01-30
**Created by**: GitHub Copilot
Reference in New Issue View Git Blame Copy Permalink