forked from fediversity/fediversity
		
	Update secrets' README
This commit is contained in:
		
							parent
							
								
									21e8c962bf
								
							
						
					
					
						commit
						d9c5da6f8b
					
				
					 1 changed files with 10 additions and 8 deletions
				
			
		|  | @ -25,19 +25,21 @@ As an example, let us add a secret in a file “cheeses” whose content should | ||||||
| 3. If you are doing something flake-related such as NixOps4, remember to commit | 3. If you are doing something flake-related such as NixOps4, remember to commit | ||||||
|    or at least stage the secret. |    or at least stage the secret. | ||||||
| 
 | 
 | ||||||
| 4. In the machine's configuration, load the Agenix NixOS module, declare your | 4. In the machine's configuration, load our `ageSecrets` NixOS module, declare the machine's host key and start using your secrets, eg.: | ||||||
|    secret, possibly with owner/group, and use it where necessary, eg.: |  | ||||||
|    ```nix |    ```nix | ||||||
|    { config, ... }: |    { self, config, ... }: | ||||||
|    { |    { | ||||||
|      imports = [ inputs.agenix.x86_64-linux.nixosModules.default ]; |      imports = [ self.nixosModules.ageSecrets ]; | ||||||
|      age.secrets.cheeses.file = ../secrets/cheeses.age; |      fediversity.hostPublicKey = self.keys.systems.vmFromage; | ||||||
|      # age.secrets.cheeses.owner = "jeanpierre"; |  | ||||||
|      # age.secrets.cheeses.group = "france"; |  | ||||||
|      # age.secrets.cheeses.mode = "440"; |  | ||||||
|      services.imaginaryCheeseFactory.frenchSecretFile = config.age.secrets.cheeses.path; |      services.imaginaryCheeseFactory.frenchSecretFile = config.age.secrets.cheeses.path; | ||||||
|    } |    } | ||||||
|    ``` |    ``` | ||||||
|  |    If the secrets requires specific owner/group/mode, those can be set with: | ||||||
|  |    ```nix | ||||||
|  |    age.secrets.cheeses.owner = "jeanpierre"; | ||||||
|  |    age.secrets.cheeses.group = "france"; | ||||||
|  |    age.secrets.cheeses.mode = "440"; | ||||||
|  |    ``` | ||||||
| 
 | 
 | ||||||
| 5. Never read the content of the file in Nix, that is never do anything like: | 5. Never read the content of the file in Nix, that is never do anything like: | ||||||
|    ```nix |    ```nix | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		
		Reference in a new issue