about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--README.md40
-rw-r--r--README.org33
2 files changed, 40 insertions, 33 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0fd9de9
--- /dev/null
+++ b/README.md
@@ -0,0 +1,40 @@
+Tools, scripts, and configurations for my machines.
+
+# Secret management with `agenix`
+I use `[agenix](https://github.com/ryantm/agenix)` to manage secrets.
+
+## Create a new secret
+To create a new secret:
+```shell
+cd secrets
+agenix -e <name of the secret>.age
+```
+
+## Manage the secrets
+In [secrets.nix](secrets/secrets.nix) you need to add the secret and who need to have access to it.
+
+In the configuration for one of the host, you'll then need to add:
+```nix
+age.secrets.restic = {
+    file = ../../../secrets/restic-backups.age;
+    owner = "root";
+    group = "root";
+    path = "/etc/restic/secret";
+    mode = "600";
+};
+```
+
+## Edit secrets
+This is the easiest command to work with 1password:
+```shell
+agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
+```
+
+There's a target in the [Justfile](justfile) to edit the secrets: `just secrets <secret-name>`.
+
+# Services
+
+## ddns-updater
+This service runs on `vm-synology`.
+
+There's a web UI accessible at <http://vm-synology:8000> to check the status of the updates.
diff --git a/README.org b/README.org
deleted file mode 100644
index 5e6b6a3..0000000
--- a/README.org
+++ /dev/null
@@ -1,33 +0,0 @@
-Tools, scripts, and configurations for my machines.
-
-* Secret management with =agenix=
-We use =agenix= to manipulate our secrets.
-** Create a new secret
-To create a new secret:
-#+begin_src sh
-cd ../secrets
-agenix -e <name of the secret>.age
-#+end_src
-** Manage the secrets
-In [[file+sys:../secrets/secrets.nix][secrets.nix]] you need to add the secret and who need to have access to it.
-
-In the configuration for one of the host, you'll then need to add:
-#+begin_src nix
-age.secrets.restic = {
-  file = ../../../secrets/restic-backups.age;
-  owner = "root";
-  group = "root";
-  path = "/etc/restic/secret";
-  mode = "600";
-};
-#+end_src
-** Edit secrets
-This is the easiest command to work with 1password:
-#+begin_src sh
-agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
-#+end_src
-* Services
-** ddns-updater
-This service runs on =vm-synology=.
-
-There's a web UI accessible at http://vm-synology:8000 to check the status of the updates.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-26 05:06:41 +0000