36 lines
1.0 KiB
Markdown
36 lines
1.0 KiB
Markdown
# VCP Bundeslager 2022 Nixfiles
|
|
|
|
## How to deploy
|
|
```
|
|
./deploy.sh apply switch --on vpn7
|
|
```
|
|
|
|
or to deploy all gateways:
|
|
|
|
```
|
|
./deploy.sh apply switch --on gateway
|
|
```
|
|
|
|
There is a special case for the nixdeploy-host:
|
|
```
|
|
./deploy.sh apply-local switch --sudo --node nixdeploy
|
|
```
|
|
|
|
## Secrets
|
|
Secrets are managed with sops, see https://github.com/Mic92/sops-nix
|
|
|
|
To **add yourself**, follow steps 2 and 4 of above mentioned README and add yourself to `.sops.yaml` in `keys` and all creation rules.
|
|
|
|
To **add a new host**, configure a creation rule in `.sops.yaml`,
|
|
configure the key (e.g. fetch it with `nix-shell -p ssh-to-age --run 'ssh-keyscan hostname.bula22.de | ssh-to-age'` and add it to `keys`.
|
|
|
|
Then you can create a secrets file with `nix-shell -p sops --run "sops hosts/hostname/secrets.yaml"`, add your secrets and then configure your secrets. Example:
|
|
```nix
|
|
sops.secrets.nerd_secret = {
|
|
sopsFile = ./secrets.yaml;
|
|
owner = "nerd";
|
|
restartUnits = [ "nerd.service" ];
|
|
};
|
|
```
|
|
Your secret will then be available in `/run/secrets/secret_name`.
|