about summary refs log tree commit diff
path: root/README.md
blob: 0fd9de9250f7e6e1c78ea96c20306ad929275b3a (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
Tools, scripts, and configurations for my machines.

# Secret management with `agenix`
I use `[agenix](https://github.com/ryantm/agenix)` to manage secrets.

## Create a new secret
To create a new secret:
```shell
cd secrets
agenix -e <name of the secret>.age
```

## Manage the secrets
In [secrets.nix](secrets/secrets.nix) you need to add the secret and who need to have access to it.

In the configuration for one of the host, you'll then need to add:
```nix
age.secrets.restic = {
    file = ../../../secrets/restic-backups.age;
    owner = "root";
    group = "root";
    path = "/etc/restic/secret";
    mode = "600";
};
```

## Edit secrets
This is the easiest command to work with 1password:
```shell
agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
```

There's a target in the [Justfile](justfile) to edit the secrets: `just secrets <secret-name>`.

# Services

## ddns-updater
This service runs on `vm-synology`.

There's a web UI accessible at <http://vm-synology:8000> to check the status of the updates.