This commit is contained in:
iFargle 2023-08-15 12:56:43 +09:00
parent 1c117ff29d
commit eff2f36934
3 changed files with 6 additions and 3 deletions

View file

@ -1,9 +1,9 @@
keys:
- &user-albert D98BBC6C9A27324654C2D8C464F6C4EB46C4543A
- &machine-nixos-laptop ca375f85e93f5327eca3e0af996236957c887168
- &host-nixos-laptop ca375f85e93f5327eca3e0af996236957c887168
creation_rules:
- path_regex: secrets/[^/]+\.(yml|yaml)$
key_groups:
- pgp:
- *user-albert
- *machine-nixos-laptop
- *host-nixos-laptop

View file

@ -52,6 +52,9 @@ Repo for nix configuration files
# GPG Keys
1. Import the user private key: `gpg import gpg/users/albert/privkey.asc`
2. Mark it as trusted: `gpg --edit-key albert@sysctl.io`, then type `trust`, then `5`
3. On each new machine, run `nix-shell -p ssh-to-pgp --run "ssh-to-pgp -i /etc/ssh/ssh_host_rsa_key -o HOSTNAME.asc"`
* This will output the identifier you add to `.sops.yaml`
* Move `HOSTNAME.asc` to `keys/hosts/` and upload to git and rename accordingly.
1. Import your GPG key `albert.key`
2. Add it to your GPG Keyring via `gpg --import albert.key`

View file

@ -51,5 +51,5 @@
};
# Enable GPG Agent support:
# programs.gnupg.agent.enableSSHSupport = true;
programs.gnupg.agent.enableSSHSupport = true;
}