33 lines
805 B
Markdown
33 lines
805 B
Markdown
# Secrets
|
|
|
|
Encrypted with [sops](https://github.com/getsops/sops) using the
|
|
host's age key.
|
|
|
|
## First-time setup on the server
|
|
|
|
1. Generate an age key for the host:
|
|
```
|
|
sudo mkdir -p /var/lib/sops-nix
|
|
sudo age-keygen -o /var/lib/sops-nix/key.txt
|
|
sudo chmod 600 /var/lib/sops-nix/key.txt
|
|
```
|
|
2. Read the public key:
|
|
```
|
|
sudo grep "public key" /var/lib/sops-nix/key.txt
|
|
```
|
|
3. On a workstation, put that public key into `.sops.yaml` at
|
|
the repo root and encrypt `tide.yaml.example` into
|
|
`tide.yaml`.
|
|
|
|
`tide.yaml` is encrypted and committed. `tide.yaml.example` is
|
|
the plaintext template.
|
|
|
|
## Rabbi Gerzi
|
|
|
|
Create `rabbi-gerzi.env` as a SOPS-encrypted dotenv file with:
|
|
|
|
```dotenv
|
|
APP_KEY=base64:...
|
|
RABBI_GERZI_INITIAL_ADMIN_EMAIL=...
|
|
RABBI_GERZI_INITIAL_ADMIN_PASSWORD=...
|
|
```
|