albert/nix
albert/nix
1
0
Fork 0
Code Issues Pull requests Activity Actions

test

Browse source
This commit is contained in:
iFargle 2023-08-15 12:56:43 +09:00
parent 1c117ff29d
commit eff2f36934
3 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.sops.yaml
View file

@ -1,9 +1,9 @@
keys: keys:
- &user-albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A - &user-albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
- &machine-nixos-laptop ca375f85e93f5327eca3e0af996236957c887168 - &host-nixos-laptop ca375f85e93f5327eca3e0af996236957c887168
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yml|yaml)$ - path_regex: secrets/[^/]+\.(yml|yaml)$
key_groups: key_groups:
- pgp: - pgp:
- *user-albert - *user-albert
- *machine-nixos-laptop - *host-nixos-laptop

3
README.md
View file

@ -52,6 +52,9 @@ Repo for nix configuration files
# GPG Keys # GPG Keys
1. Import the user private key: `gpg import gpg/users/albert/privkey.asc` 1. Import the user private key: `gpg import gpg/users/albert/privkey.asc`
2. Mark it as trusted: `gpg --edit-key albert@sysctl.io`, then type `trust`, then `5` 2. Mark it as trusted: `gpg --edit-key albert@sysctl.io`, then type `trust`, then `5`
3. On each new machine, run `nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o HOSTNAME.asc"`
* This will output the identifier you add to `.sops.yaml`
* Move `HOSTNAME.asc` to `keys/hosts/` and upload to git and rename accordingly.
1. Import your GPG key `albert.key` 1. Import your GPG key `albert.key`
2. Add it to your GPG Keyring via `gpg --import albert.key` 2. Add it to your GPG Keyring via `gpg --import albert.key`

2
services/openssh.nix
View file

@ -51,5 +51,5 @@
}; };
# Enable GPG Agent support: # Enable GPG Agent support:
# programs.gnupg.agent.enableSSHSupport = true; programs.gnupg.agent.enableSSHSupport = true;
} }