kalipso/infrastructure
1
1
Fork 1
Code Issues 42 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

Update vpn to master
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (pull_request) Successful in 2m55s
Details
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 3m4s
Details

Browse Source
This commit is contained in:
ahtlon
2024-11-14 20:07:09 +01:00
parent 4320e6b500 a71061e24e
commit 5e3c6a4beb
2 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
doc/src/SUMMARY.md
View File

@@ -13,5 +13,6 @@
- [TODO](./todo.md) - [TODO](./todo.md)
- [How-to]() - [How-to]()
- [Wireguard](./anleitung/wireguard.md) - [Wireguard](./anleitung/wireguard.md)
- [Sops](./anleitung/sops.md)
- [Updates](./anleitung/updates.md) - [Updates](./anleitung/updates.md)
- [Rollbacks](./anleitung/rollback.md) - [Rollbacks](./anleitung/rollback.md)

25
doc/src/anleitung/sops.md Normal file
View File

@@ -0,0 +1,25 @@
# Sops
## How to add admin keys
- Git:
- Generate gpg key
- Add public key to `./machines/secrets/keys/users/`
- Write the fingerprint of the gpg key in `.sops.yaml` under `keys:` in the format `- &admin_$USER $FINGERPRINT`
- Age:
- Generate age key for Sops:
```
$ mkdir -p ~/.config/sops/age
$ age-keygen -o ~/.config/sops/age/keys.txt
```
or to convert an ssh ed25519 key to an age key
```
$ mkdir -p ~/.config/sops/age
$ nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt"
```
- Get public key using `$ age-keygen -y ~/.config/sops/age/keys.txt`
- Write public key in `.sops.yaml` under `keys:` in the format `- &admin_$USER $PUBKEY`
- Write `- *admin_$USER` under the apropriate `key_grups:` of the secrets the user should have access to
- `cd machines/` and reencrypt existing secrets for the new key with `sops updatekeys $path/to/secrets.yaml`