50 lines
973 B
Markdown
50 lines
973 B
Markdown
|
# dotnix
|
||
|
|
|
||
|
|
## Prerequisites
|
||
|
|
|
||
|
|
You need to prepare a couple things before installation due to the way secrets are managed.
|
||
|
|
|
||
|
|
### Prepare secrets repo
|
||
|
|
|
||
|
|
1. Ensure all required dependencies are present
|
||
|
|
```sh
|
||
|
|
# If you're already using Nix you can simply run this
|
||
|
|
nix-shell -p sops age
|
||
|
|
```
|
||
|
|
|
||
|
|
2. Initialize your secrets repo. You can do this anywhere on your system except this repository.
|
||
|
|
```sh
|
||
|
|
mkdir secrets
|
||
|
|
cd secrets
|
||
|
|
git init
|
||
|
|
```
|
||
|
|
|
||
|
|
3. Create your gitignore. You want this to make sure that you do not accidentally push your private key.
|
||
|
|
```sh
|
||
|
|
echo "keys.txt" > .gitignore
|
||
|
|
```
|
||
|
|
|
||
|
|
4. Generate your private key.
|
||
|
|
```sh
|
||
|
|
age-keygen -o ./keys.txt
|
||
|
|
```
|
||
|
|
|
||
|
|
5. Create your sops configuration file
|
||
|
|
```sh
|
||
|
|
cat <<EOF > .sops.yaml
|
||
|
|
keys:
|
||
|
|
- &master $(age-keygen -y ./keys.txt)
|
||
|
|
creation_rules:
|
||
|
|
- path_regex: .*\.(yaml|json|env|ini)$
|
||
|
|
key_groups:
|
||
|
|
- age:
|
||
|
|
- *master
|
||
|
|
EOF
|
||
|
|
```
|
||
|
|
|
||
|
|
?. Update the submodule to use your repo
|
||
|
|
```sh
|
||
|
|
git submodule set-url -- secrets <ssh uri to your repository>
|
||
|
|
```
|
||
|
|
|