yisroelbaum/home-server-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
home-server-config/secrets/README.md
Yisroel Baum d195c6b37c wire tide service into nixos config 
Imports the tide nixos module from the TIDE flake and configures
it for tide.yisroelbaum.com (frontend) and apitide.yisroelbaum.com
(backend), reusing the existing wildcard ACME cert. Secrets are
pulled from sops-encrypted secrets/tide.yaml; replace the
placeholder with real encrypted content before deploy.
2026-05-08 10:56:13 +03:00

616 B
Raw Blame History

Secrets

Encrypted with sops using the host's age key.

First-time setup on the server

  1. Generate an age key for the host: 
    sudo mkdir -p /var/lib/sops-nix
sudo age-keygen -o /var/lib/sops-nix/key.txt
sudo chmod 600 /var/lib/sops-nix/key.txt
  2. Read the public key: 
    sudo grep "public key" /var/lib/sops-nix/key.txt
  3. On a workstation, put that public key into .sops.yaml at the repo root and encrypt tide.yaml.example into tide.yaml.

tide.yaml is encrypted and committed. tide.yaml.example is the plaintext template.