kalipso/infrastructure
1
1
Fork 1
Code Issues 43 Pull Requests 3 Actions Projects 2 Releases Wiki Activity

[docs] update sops
All checks were successful
Evaluate Hydra Jobs / eval-hydra-jobs (push) Successful in 3m50s
Details

Browse Source
This commit is contained in:
kalipso
2025-01-14 13:46:08 +01:00
parent 468c3d63f9
commit 727f771c4f
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
doc/src/anleitung/sops.md
View File

@@ -23,3 +23,13 @@
- Write `- *admin_$USER` under the apropriate `key_grups:` of the secrets the user should have access to - Write `- *admin_$USER` under the apropriate `key_grups:` of the secrets the user should have access to
- `cd machines/` and reencrypt existing secrets for the new key with `sops updatekeys $path/to/secrets.yaml` - `cd machines/` and reencrypt existing secrets for the new key with `sops updatekeys $path/to/secrets.yaml`
## How to add host keys
If a new host is created we have to add its age keys to the sops config.
Do the following:
```bash
# ssh into the host and run:
nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'
# create new host with the output of that command in /machines/.sops.yaml
```