about summary refs log tree commit diff
path: root/README.md
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--README.md40
1 files changed, 40 insertions, 0 deletions
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0fd9de9
--- /dev/null
+++ b/README.md
@@ -0,0 +1,40 @@
+Tools, scripts, and configurations for my machines.
+
+# Secret management with `agenix`
+I use `[agenix](https://github.com/ryantm/agenix)` to manage secrets.
+
+## Create a new secret
+To create a new secret:
+```shell
+cd secrets
+agenix -e <name of the secret>.age
+```
+
+## Manage the secrets
+In [secrets.nix](secrets/secrets.nix) you need to add the secret and who need to have access to it.
+
+In the configuration for one of the host, you'll then need to add:
+```nix
+age.secrets.restic = {
+    file = ../../../secrets/restic-backups.age;
+    owner = "root";
+    group = "root";
+    path = "/etc/restic/secret";
+    mode = "600";
+};
+```
+
+## Edit secrets
+This is the easiest command to work with 1password:
+```shell
+agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
+```
+
+There's a target in the [Justfile](justfile) to edit the secrets: `just secrets <secret-name>`.
+
+# Services
+
+## ddns-updater
+This service runs on `vm-synology`.
+
+There's a web UI accessible at <http://vm-synology:8000> to check the status of the updates.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-26 17:41:00 +0000