colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

doc: fix the updatekeys command to be non-interactive

Browse Source
This commit is contained in:
Colin
2025-06-02 09:13:14 +00:00
parent 1d1fe1d9b5
commit 98f505887e
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
doc/adding-a-host.md
View File

@@ -25,7 +25,7 @@ to add a host:
- instructions in hosts/common/secrets.nix
- run `ssh-to-age` on user/host pubkeys
- add age key to .sops.yaml
- update encrypted secrets: `find secrets -type f -exec sops updatekeys '{}' ';'`
- update encrypted secrets: `find secrets -type f -exec sops updatekeys -y '{}' ';'`
- setup wireguard keys
- `pk=$(wg genkey)`
- `echo "$pk" | sops encrypt --filename-override secrets/$(hostname)/wg-home.priv.bin --output secrets/$(hostname)/wg-home.priv.bin`

2
hosts/common/secrets.nix
View File

@@ -16,7 +16,7 @@
# for each host you want to decrypt secrets:
# $ cat /etc/ssh/ssh_host_keys/ssh_host_ed25519_key.pub | ssh-to-age
# add the result to .sops.yaml
# $ find secrets -type f -exec sops updatekeys '{}' ';'
# $ find secrets -type f -exec sops updatekeys -y '{}' ';'
#
# to create a new secret:
# $ sops secrets/example.yaml