mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-12-16 05:43:22 +00:00
Kevin Veen-Birkenbach
486a98af3e
This commit introduces the new 'dev-nix' Ansible role, which installs the Nix package manager in a secure and reproducible way using a locally stored, SHA256-verified installer script. Key features: - Local pinned installer (no network download during execution) - SHA256 checksum validation to prevent execution of modified installers - Multi-user (daemon) installation mode - Optional shell integration via /etc/profile.d - Fully idempotent, distro-agnostic design This role matches the structure and conventions of existing dev-* roles in the Infinito.Nexus ecosystem. https://chatgpt.com/share/69387c73-bf3c-800f-abcd-c5e7d3717059
1.1 KiB
1.1 KiB
dev-nix
This role installs the Nix package manager in a secure and reproducible way.
Description
The role provides an offline-friendly and deterministic installation of Nix by using a locally stored installer script that is verified via SHA256 before execution. This avoids remote code downloads during Ansible runs and ensures a stable installation across different systems.
Overview
The installer script is shipped with the role and copied to the target host. Its checksum is validated against a predefined SHA256 value. Only if the checksum matches, the installer is executed in multi-user (daemon) mode. Optionally, the role can install a small shell snippet to automatically load the Nix environment.
Features
- Local, pinned Nix installer (no network download at runtime)
- SHA256 checksum verification
- Multi-user (daemon) installation mode
- Optional shell integration via
/etc/profile.d - Fully idempotent and distro-agnostic
Further Resources
- Nix project: https://nixos.org
- Nix releases: https://releases.nixos.org
- Infinito.Nexus License: https://s.infinito.nexus/license