Skip to content

jtrrll/web-servers

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github
.github
 
 
modules
modules
 
 
.envrc
.envrc
 
 
.gitignore
.gitignore
 
 
.sops.yaml
.sops.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
flake.lock
flake.lock
 
 
flake.nix
flake.nix
 
 

Repository files navigation

web-servers

CI Status License

Multipurpose web servers. Managed via Nix.

Adding Secrets to a Server

Secrets are managed with sops-nix using age encryption derived from each server's SSH host key.

1. Get the server's age public key

ssh-keyscan -p 2222 <server-ip> 2>/dev/null | grep ed25519 | ssh-to-age

2. Add the key to .sops.yaml

keys:
  - &<hostname> <age-public-key>
creation_rules:
  - path_regex: modules/hosts/by_name/<hostname>/secrets\.yaml$
    key_groups:
      - age:
        - *<hostname>

3. Create or edit the encrypted secrets file

sops modules/hosts/by_name/<hostname>/secrets.yaml

This opens an editor where you enter secrets in plaintext. On save, sops encrypts the file with the server's public key. Commit the encrypted file to the repository.

4. Reference secrets in NixOS config

sops.secrets.my_secret.owner = "service-user";

The decrypted secret is available at config.sops.secrets.my_secret.path.

About

Multipurpose web servers

Resources

Readme

License

AGPL-3.0 license

Code of conduct

Code of conduct

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages