felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

docs(README): add agenix instructions

Browse source
This commit is contained in:
Felix Schröter 2022-10-04 11:10:30 +02:00
parent 3efffb2e70
commit c70ecc1dd1
Signed by: felschr
GPG key ID: 671E39E6744C807D
1 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
README.md
View file

@ -16,6 +16,20 @@ Copy the configuration from `/etc/nixos` to `/mnt/etc/nixos`.
Reference this hardware config in a `nixosConfigurations.<config>` section in `flake.nix`. Reference this hardware config in a `nixosConfigurations.<config>` section in `flake.nix`.
Now set up a device key that will be used by agenix.
Create a new key and re-encrypt the secrets on an existing device & pull the changes.
To create a new key run:
```sh
mkdir -p /mnt/etc/secrets/initrd
ssh-keygen -t ed25519 -N "" -f /mnt/etc/secrets/initrd/ssh_host_ed25519_key
```
You will likely need to temporarily set `age.identityPaths` for the installation to succeed:
```sh
age.identityPaths = "/etc/secrets/initrd/ssh_host_ed25519_key";
```
To install run the following command where `<config>` matches `outputs.nixosConfigurations.<config>` in `flake.nix`: To install run the following command where `<config>` matches `outputs.nixosConfigurations.<config>` in `flake.nix`:
```sh ```sh