You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
2 weeks ago | |
---|---|---|
hosts/hel1-a | 2 months ago | |
secrets | 2 months ago | |
.envrc | 2 months ago | |
.gitattributes | 5 months ago | |
.gitignore | 2 months ago | |
.sops.yaml | 2 months ago | |
LICENSE | 2 months ago | |
README.md | 2 months ago | |
configuration.nix | 2 weeks ago | |
data.nix | 2 months ago | |
flake.lock | 2 weeks ago | |
flake.nix | 2 weeks ago | |
hardware-configuration.nix | 2 months ago | |
krops.nix | 2 months ago | |
nixpkgs.nix | 2 months ago | |
yubikey-installer.nix | 2 months ago | |
zfs.nix | 2 months ago |
README.md
Config
This is an attempt to configure my NixOS servers with krops. Usage:
$ direnv allow .
$ nix-build ./krops.nix -A hel1a && ./result
There is probably nothing to look at here.
Upcoming flakes:
$ nix build .#deploy.nodes.hel1-a.profiles.system.path
Managing secrets
Encode a secret on host:
rage -e -r $(ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub) -o secret.age /etc/plaintext
Decode a secret on host (to test things out):
age -d -i <(sudo ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key) secret.age
If/when str4d/rage#379 is fixed, we
can replace the above command to rage
.