home-server-config/secrets/README.md

805 B

Secrets

Encrypted with sops using the host's age key.

First-time setup on the server

  1. Generate an age key for the host:
    sudo mkdir -p /var/lib/sops-nix
    sudo age-keygen -o /var/lib/sops-nix/key.txt
    sudo chmod 600 /var/lib/sops-nix/key.txt
    
  2. Read the public key:
    sudo grep "public key" /var/lib/sops-nix/key.txt
    
  3. On a workstation, put that public key into .sops.yaml at the repo root and encrypt tide.yaml.example into tide.yaml.

tide.yaml is encrypted and committed. tide.yaml.example is the plaintext template.

Rabbi Gerzi

Create rabbi-gerzi.env as a SOPS-encrypted dotenv file with:

APP_KEY=base64:...
RABBI_GERZI_INITIAL_ADMIN_EMAIL=...
RABBI_GERZI_INITIAL_ADMIN_PASSWORD=...