diff options
-rw-r--r-- | README.org | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/README.org b/README.org index 377e658..828bb77 100644 --- a/README.org +++ b/README.org @@ -1,5 +1,31 @@ Tools, scripts, and configurations for my machines. +* Secret management with =agenix= +We use =agenix= to manipulate our secrets. +** Create a new secret +To create a new secret: +#+begin_src sh +cd ../secrets +agenix -e <name of the secret>.age +#+end_src +** Manage the secrets +In [[file+sys:../secrets/secrets.nix][secrets.nix]] you need to add the secret and who need to have access to it. + +In the configuration for one of the host, you'll then need to add: +#+begin_src nix +age.secrets.restic = { + file = ../../../secrets/restic-backups.age; + owner = "root"; + group = "root"; + path = "/etc/restic/secret"; + mode = "600"; +}; +#+end_src +** Edit secrets +This is the easiest command to work with 1password: +#+begin_src sh +agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub) +#+end_src * Services ** ddns-updater This service runs on =vm-synology=. |