From 809e8652ff986abe51fd324506d6c3302774248e Mon Sep 17 00:00:00 2001 From: clerie Date: Mon, 1 May 2023 15:19:59 +0200 Subject: [PATCH] secrets.nix: note down what happends --- secrets.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/secrets.nix b/secrets.nix index a9044a9..098713f 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,3 +1,20 @@ +/* + Because I'm way too lazy I'm automatically generating the secret files config. + Secrets can be found below + hosts/${hostname}/secrets/*.age + + Pubkeys can be found for the specific host below + hosts/${hostname}/ssh.pub + The users have their keys below + users/${username}/ssh.pub + + Secrets get encrypted for the host they are in and the users specified. + + Every host with a secrets directory has an entry for a secret called "new". + This exist to overcome the chicken and egg problem. + Create a secret with them name new in the specific secrets directory and rename it afterwards with the suffix .age. +*/ + let pubkeysFor = directory: let instances = builtins.attrNames (builtins.readDir directory);