1.4 KiB
1.4 KiB
dotnix
Prerequisites
You need to prepare a couple things before installation due to the way secrets are managed.
Prepare secrets repo
- Ensure all required dependencies are present.
nix-shell -p sops age git
- Initialize your secrets repo. You can do this anywhere on your system except this repository.
mkdir secrets
cd secrets
git init
- Create your gitignore. You want this to make sure that you do not accidentally push your private key.
echo "keys.txt" > .gitignore
- Generate your private key.
age-keygen -o ./keys.txt
- Create your sops configuration file.
cat <<EOF > .sops.yaml
keys:
- &master $(age-keygen -y ./keys.txt)
creation_rules:
- path_regex: .*\.(yaml|json|env|ini)$
key_groups:
- age:
- *master
EOF
- Create a password file for your user.
mkpasswd | wl-copy # if you're on x11, replace `wl-copy` with `xclip -sel clipboard`
sops <username>.yaml
Where <username> is the user set to be used in flake.nix.
Then edit the file to look like this.
user_password: <The pasted password from mkpasswd>
- Commit and push your changes.
git remote add origin git@example.com:example/secrets
git add .
git commit -m "batman"
git push --set-upstream origin master
- Update the submodule to use your secrets repository.
cd <Path to the configuration repo>
git submodule set-url -- secrets <ssh uri to your repository>