home-server-config/secrets/README.md

33 lines
805 B
Markdown

# Secrets
Encrypted with [sops](https://github.com/getsops/sops) using the
host's age key.
## First-time setup on the server
1. Generate an age key for the host:
```
sudo mkdir -p /var/lib/sops-nix
sudo age-keygen -o /var/lib/sops-nix/key.txt
sudo chmod 600 /var/lib/sops-nix/key.txt
```
2. Read the public key:
```
sudo grep "public key" /var/lib/sops-nix/key.txt
```
3. On a workstation, put that public key into `.sops.yaml` at
the repo root and encrypt `tide.yaml.example` into
`tide.yaml`.
`tide.yaml` is encrypted and committed. `tide.yaml.example` is
the plaintext template.
## Rabbi Gerzi
Create `rabbi-gerzi.env` as a SOPS-encrypted dotenv file with:
```dotenv
APP_KEY=base64:...
RABBI_GERZI_INITIAL_ADMIN_EMAIL=...
RABBI_GERZI_INITIAL_ADMIN_PASSWORD=...
```