secrets.nix: note down what happends

2023-05-01 15:19:59 +02:00 · 2023-05-01 15:19:59 +02:00 · 809e8652ff
parent 1b8b074dc5
commit 809e8652ff
1 changed files with 17 additions and 0 deletions
--- a/secrets.nix
+++ b/secrets.nix
@ -1,3 +1,20 @@
+/*
+  Because I'm way too lazy I'm automatically generating the secret files config.
+  Secrets can be found below
+    hosts/${hostname}/secrets/*.age
+
+  Pubkeys can be found for the specific host below
+    hosts/${hostname}/ssh.pub
+  The users have their keys below
+    users/${username}/ssh.pub
+
+  Secrets get encrypted for the host they are in and the users specified.
+
+  Every host with a secrets directory has an entry for a secret called "new".
+  This exist to overcome the chicken and egg problem.
+  Create a secret with them name new in the specific secrets directory and rename it afterwards with the suffix .age.
+*/
+
 let
  pubkeysFor = directory: let
    instances = builtins.attrNames (builtins.readDir directory);