blob: 5e6b6a33ee82e80a7f3c68133675c9686e27a016 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Tools, scripts, and configurations for my machines.
* Secret management with =agenix=
We use =agenix= to manipulate our secrets.
** Create a new secret
To create a new secret:
#+begin_src sh
cd ../secrets
agenix -e <name of the secret>.age
#+end_src
** Manage the secrets
In [[file+sys:../secrets/secrets.nix][secrets.nix]] you need to add the secret and who need to have access to it.
In the configuration for one of the host, you'll then need to add:
#+begin_src nix
age.secrets.restic = {
file = ../../../secrets/restic-backups.age;
owner = "root";
group = "root";
path = "/etc/restic/secret";
mode = "600";
};
#+end_src
** Edit secrets
This is the easiest command to work with 1password:
#+begin_src sh
agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
#+end_src
* Services
** ddns-updater
This service runs on =vm-synology=.
There's a web UI accessible at http://vm-synology:8000 to check the status of the updates.
|
