Start using age for secret management
This commit is contained in:
Charlotte Van Petegem
parent
276c8f33c8
commit
da9160559c
39 changed files with 281 additions and 30 deletions
15
README.md
15
README.md
|
|
@ -1,5 +1,20 @@
|
|||
# NixOS config
|
||||
|
||||
## Secrets
|
||||
|
||||
There are two types of secrets in this repository. Secret secrets, and
|
||||
secret configuration.
|
||||
|
||||
Secret secrets should never be world-readable, even to users who are
|
||||
logged in to one of the hosts managed by this configuration. These are
|
||||
generally managed by agenix, allowing them to still be put in the nix
|
||||
store.
|
||||
|
||||
Secret configuration is generally more security through obscurity
|
||||
(e.g. some services that I run that I don't want the whole world to
|
||||
know what ports they run on). These are managed with git-crypt and are
|
||||
files that end in `secret.nix`.
|
||||
|
||||
## Setting up a new dev environment
|
||||
|
||||
* Create a new `*.nix` file in the shells directory that describes the environment (this is the hard part).
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue