john/ad-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

secrets updates

Browse Source
This commit is contained in:
John Lancaster
2024-12-29 14:50:35 -06:00
parent 1020239659
commit 75baa6744c
4 changed files with 26 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -71,10 +71,14 @@ nixos-rebuild switch --flake git+https://gitea.john-stream.com/john/ad-nix#ad-ni
### Secrets
During build time `/etc/ssh/ssh_host_ed25519_key` automatically gets imported as an age key. If that fingerprint is included in the `.sops.yaml` file, then `secrets/secrets.yaml` can be decrypted during the build. Otherwise `~/.config/sops/age/keys.txt` needs to already be populated.
`secrets/secrets.yaml` needs to be edited from the terminal. There's a `sops-ad` command for convenience. The following keys are required:
- `telegraf_influx_token`
`~/.config/sops/age/keys.txt` needs to be set for the `sops-ad` command to work.
### Tailscale
Needs this in the `/etc/pve/lxc/<vmid>.conf` file on the proxmox host.