yisroelbaum/home-server-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
home-server-config/secrets
History
Yisroel Baum 5585eaf745
update tide and secrets with mailjet config
2026-05-11 10:38:59 +03:00
..
README.md wire tide service into nixos config 2026-05-08 10:56:13 +03:00
tide.yaml update tide and secrets with mailjet config 2026-05-11 10:38:59 +03:00
tide.yaml.example wire tide service into nixos config 2026-05-08 10:56:13 +03:00

README.md

Secrets

Encrypted with sops using the host's age key.

First-time setup on the server

  1. Generate an age key for the host: 
    sudo mkdir -p /var/lib/sops-nix
sudo age-keygen -o /var/lib/sops-nix/key.txt
sudo chmod 600 /var/lib/sops-nix/key.txt
  2. Read the public key: 
    sudo grep "public key" /var/lib/sops-nix/key.txt
  3. On a workstation, put that public key into .sops.yaml at the repo root and encrypt tide.yaml.example into tide.yaml.

tide.yaml is encrypted and committed. tide.yaml.example is the plaintext template.