You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Motiejus Jakštys
247910a2f0
|
2 weeks ago | |
|---|---|---|
| hosts/hel1-a | 2 months ago | |
| secrets | 2 months ago | |
| .envrc | 2 months ago | |
| .gitattributes | 5 months ago | |
| .gitignore | 2 months ago | |
| .sops.yaml | 2 months ago | |
| LICENSE | 2 months ago | |
| README.md | 2 months ago | |
| configuration.nix | 2 weeks ago | |
| data.nix | 2 months ago | |
| flake.lock | 2 weeks ago | |
| flake.nix | 2 weeks ago | |
| hardware-configuration.nix | 2 months ago | |
| krops.nix | 2 months ago | |
| nixpkgs.nix | 2 months ago | |
| yubikey-installer.nix | 2 months ago | |
| zfs.nix | 2 months ago | |
README.md
Config
This is an attempt to configure my NixOS servers with krops. Usage:
$ direnv allow .
$ nix-build ./krops.nix -A hel1a && ./result
There is probably nothing to look at here.
Upcoming flakes:
$ nix build .#deploy.nodes.hel1-a.profiles.system.path
Managing secrets
Encode a secret on host:
rage -e -r $(ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub) -o secret.age /etc/plaintext
Decode a secret on host (to test things out):
age -d -i <(sudo ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) secret.age
If/when str4d/rage#379 is fixed, we
can replace the above command to rage.