This commit is contained in:
iFargle 2023-09-23 09:05:32 +09:00
parent db2ea0f564
commit 5862f43f63
5 changed files with 18 additions and 18 deletions

View file

@ -6,7 +6,7 @@ keys:
- &host_nixos-rpi4-03 769021d2a24bf6e4d1c72791fc302f9a3cfb5171
creation_rules:
- path_regex: secrets/secrets.yaml
- path: secrets/secrets.yaml
key_groups:
- pgp:
- *user_albert
@ -15,7 +15,7 @@ creation_rules:
- *host_nixos-rpi4-03
- *host_nixos-vm-01
- path_regex: secrets/tailscale.yaml
- path: secrets/tailscale.yaml
key_groups:
- pgp:
- *user_albert

View file

@ -11,10 +11,12 @@ gpg --import $gpgKey
echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key 64F6C4EB46C4543A trust
# Setup SOPS
ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o /etc/nixos/git/keys/hosts/$(hostname).asc
# Update your .sops.yaml with this key
sops-update secrets/secrets.yaml
for i in $(ls secrets/):
echo "Copy this key to .sops.yaml: "
sudo ssh-to-pgp \
-comment "Generated `ddate`" \
-email "root@`hostname`" \
-i /etc/ssh/ssh_host_rsa_key \
-o /etc/nixos/git/keys/hosts/$(hostname).asc
# Set up ssh keys
ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa -N ""
@ -30,4 +32,10 @@ git push
popd
echo
echo
echo "Complete."
echo "Complete. Once '.sops.yaml' is updated, "
echo "you may run 'sops updateKeys secrets/*.yaml'"
echo "and reboot."
# Update your .sops.yaml with this key
# sops updateKeys secrets/secrets.yaml
# sops updateKeys secrets/tailscale.yaml

View file

@ -43,14 +43,6 @@
SSH_ASKPASS = "";
};
bashrcExtra = ''
sops-edit() {
nix-shell -p sops --run "sops $1"
}
sops-update() {
nix-shell -p sops --run "sops updatekeys $1"
}
nix-clean-all() {
sudo nix-env -u --always
sudo nix-collect-garbage -d

View file

@ -9,8 +9,8 @@
NIX_CONFIG = "experimental-features = nix-command flakes";
# imports all files ending in .asc/.gpg
sopsPGPKeyDirs = [
"${toString ./.}/keys/hosts"
"${toString ./.}/keys/users"
"keys/hosts"
"keys/users"
];
nativeBuildInputs = [