about summary refs log tree commit diff
path: root/README.md
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2024-12-21 11:15:38 -0800
committerFranck Cuny <franck@fcuny.net>2024-12-21 11:15:38 -0800
commit8fa307aafc7d48546372d5d275cc93fcfc830dd6 (patch)
treebd024a675494212c96dbb153fc147ec66524a639 /README.md
parentsupport multiple architectures for sapi (diff)
downloadworld-8fa307aafc7d48546372d5d275cc93fcfc830dd6.tar.gz
convert org file to markdown HEAD main
Diffstat (limited to '')
-rw-r--r--README.md40
1 files changed, 40 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0fd9de9
--- /dev/null
+++ b/README.md
@@ -0,0 +1,40 @@
+Tools, scripts, and configurations for my machines.
+
+# Secret management with `agenix`
+I use `[agenix](https://github.com/ryantm/agenix)` to manage secrets.
+
+## Create a new secret
+To create a new secret:
+```shell
+cd secrets
+agenix -e <name of the secret>.age
+```
+
+## Manage the secrets
+In [secrets.nix](secrets/secrets.nix) you need to add the secret and who need to have access to it.
+
+In the configuration for one of the host, you'll then need to add:
+```nix
+age.secrets.restic = {
+    file = ../../../secrets/restic-backups.age;
+    owner = "root";
+    group = "root";
+    path = "/etc/restic/secret";
+    mode = "600";
+};
+```
+
+## Edit secrets
+This is the easiest command to work with 1password:
+```shell
+agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
+```
+
+There's a target in the [Justfile](justfile) to edit the secrets: `just secrets <secret-name>`.
+
+# Services
+
+## ddns-updater
+This service runs on `vm-synology`.
+
+There's a web UI accessible at <http://vm-synology:8000> to check the status of the updates.