update secrets documentation
This commit is contained in:
4
TODO.md
4
TODO.md
@@ -13,3 +13,7 @@
|
|||||||
overlays = [{ ... }: {
|
overlays = [{ ... }: {
|
||||||
nixpkgs.crossSystem.system = "aarch64-linux";
|
nixpkgs.crossSystem.system = "aarch64-linux";
|
||||||
}];
|
}];
|
||||||
|
|
||||||
|
# better secrets management? read:
|
||||||
|
- https://christine.website/blog/nixos-encrypted-secrets-2021-01-20
|
||||||
|
- git-crypt (https://github.com/bobbbay/dotfiles.git)
|
||||||
|
|||||||
@@ -12,7 +12,11 @@ nix flake show
|
|||||||
|
|
||||||
|
|
||||||
# secrets
|
# secrets
|
||||||
change files in secrets/. they need to be checked into git with some placeholder text for them to be exposed to the flake,
|
|
||||||
|
`secrets/default.nix` declares the secrets exposed at evaluation time.
|
||||||
|
these are defined *outside* git by writing the actual values to `secrets/local.nix`.
|
||||||
|
|
||||||
|
*don't* check in the local.nix file. use `git update-index --assume-unchanged secrets/local.nix` to prevent it from ever being added.
|
||||||
but after that you can set them to their real value and run `git update-index --assume-unchanged secrets/*`
|
but after that you can set them to their real value and run `git update-index --assume-unchanged secrets/*`
|
||||||
|
|
||||||
## building images
|
## building images
|
||||||
|
|||||||
@@ -1,8 +0,0 @@
|
|||||||
populate the files here which are referenced from the rest of the nix config.
|
|
||||||
|
|
||||||
after modifying them, run `git update-index --assume-unchanged secrets/local.nix`
|
|
||||||
|
|
||||||
hacky secrets management. TODO: read:
|
|
||||||
- https://christine.website/blog/nixos-encrypted-secrets-2021-01-20
|
|
||||||
- git-crypt (https://github.com/bobbbay/dotfiles.git)
|
|
||||||
|
|
||||||
Reference in New Issue
Block a user