diff --git a/.sops.yaml b/.sops.yaml index f7d8a833..32e9d239 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,9 +1,9 @@ keys: - &user-albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A - - &machine-nixos-laptop ca375f85e93f5327eca3e0af996236957c887168 + - &host-nixos-laptop ca375f85e93f5327eca3e0af996236957c887168 creation_rules: - path_regex: secrets/[^/]+\.(yml|yaml)$ key_groups: - pgp: - *user-albert - - *machine-nixos-laptop \ No newline at end of file + - *host-nixos-laptop \ No newline at end of file diff --git a/README.md b/README.md index aab5c11c..cd30d8b7 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,9 @@ Repo for nix configuration files # GPG Keys 1. Import the user private key: `gpg import gpg/users/albert/privkey.asc` 2. Mark it as trusted: `gpg --edit-key albert@sysctl.io`, then type `trust`, then `5` +3. On each new machine, run `nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o HOSTNAME.asc"` + * This will output the identifier you add to `.sops.yaml` + * Move `HOSTNAME.asc` to `keys/hosts/` and upload to git and rename accordingly. 1. Import your GPG key `albert.key` 2. Add it to your GPG Keyring via `gpg --import albert.key` diff --git a/services/openssh.nix b/services/openssh.nix index 9c699b87..8aa6030e 100644 --- a/services/openssh.nix +++ b/services/openssh.nix @@ -51,5 +51,5 @@ }; # Enable GPG Agent support: - # programs.gnupg.agent.enableSSHSupport = true; + programs.gnupg.agent.enableSSHSupport = true; } \ No newline at end of file