test
This commit is contained in:
parent
1c117ff29d
commit
eff2f36934
3 changed files with 6 additions and 3 deletions
|
@ -1,9 +1,9 @@
|
|||
keys:
|
||||
- &user-albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
|
||||
- &machine-nixos-laptop ca375f85e93f5327eca3e0af996236957c887168
|
||||
- &host-nixos-laptop ca375f85e93f5327eca3e0af996236957c887168
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(yml|yaml)$
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *user-albert
|
||||
- *machine-nixos-laptop
|
||||
- *host-nixos-laptop
|
|
@ -52,6 +52,9 @@ Repo for nix configuration files
|
|||
# GPG Keys
|
||||
1. Import the user private key: `gpg import gpg/users/albert/privkey.asc`
|
||||
2. Mark it as trusted: `gpg --edit-key albert@sysctl.io`, then type `trust`, then `5`
|
||||
3. On each new machine, run `nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o HOSTNAME.asc"`
|
||||
* This will output the identifier you add to `.sops.yaml`
|
||||
* Move `HOSTNAME.asc` to `keys/hosts/` and upload to git and rename accordingly.
|
||||
|
||||
1. Import your GPG key `albert.key`
|
||||
2. Add it to your GPG Keyring via `gpg --import albert.key`
|
||||
|
|
|
@ -51,5 +51,5 @@
|
|||
};
|
||||
|
||||
# Enable GPG Agent support:
|
||||
# programs.gnupg.agent.enableSSHSupport = true;
|
||||
programs.gnupg.agent.enableSSHSupport = true;
|
||||
}
|
Loading…
Reference in a new issue