Payas Relekar
629846a1f9
agenix uses age (a utility + standard) that encrypts secrets using ssh key. This simplifies secrets management quite a bit compared to GPG (my attempts for which have failed so far). Changes included: - Encrypt all current keys (mail, backups) using age, configured via agenix - All encrypted keys are committed to git repo and decrypted during boot - None of the keys are used anywhere just yet. They will replace file paths in future commit after testing - Decrypted keys are available after boot under user name with read-only permissions at default agenix location (as of this commit) - The Nix variable path is provided by agenix and can be used instead of having to recreate - multiple keys can be specified for single key, but for now I am only using one For now, the code is dirty and can definitely use improvements. It is just at a place where it is all working right now. TODO: Get age + agenix in environment packages available at runtime in NixOS Links: - https://github.com/ryantm/agenix - https://github.com/hlissner/dotfiles |
||
---|---|---|
.. | ||
secrets | ||
backup.nix | ||
configuration.nix | ||
hardware-configuration.nix | ||
home.nix | ||
sound.nix |