diff --git a/README.md b/README.md index f71bc0c..98b7f4d 100644 --- a/README.md +++ b/README.md @@ -2,56 +2,6 @@ HakaseOS is an opinionated NixOS configuration heavily inspired by OmarchyOS. ## Features -* Vim keybindings -* Simple Setup -* Pre-configured Firefox +* Vim Keybindings +* Hardened Firefox -## How to Use SOPS -SOPS is an important aspect of this operating system. Learning to use it is important for security and modularity. It is impertinent that you do not lose the `private key`, as it is irrecoverable. - -To get started, follow the instructions below. -1. Create a folder. -```sh -mkdir -p ~/.config/sops/age -``` -2. Generate a private key using `age` -```sh -nix-shell -p age --run "age-keygen -o ~/.config/sops/age/keys.txt" -``` -**OR** -Use `ssh-to-age` to convert `id_ed22519` to `age`. -```sh -nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt" -``` -There are other ways of generating a private key. Refer to [sops-nix](https://github.com/Mic92/sops-nix). -3. Get a **public key**. -```sh -nix-shell -p age --run "age-keygen -y ~/.config/sops/age/keys.txt" -``` -4. On the same directory as `flake.nix`, create `.sops.yaml` and paste the following below. -```yaml -# This example uses YAML anchors which allows reuse of multiple keys -# without having to repeat yourself. -# Also see https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml -# for a more complex example. -keys: - - &admin_alice 2504791468b153b8a3963cc97ba53d1919c5dfd4 - - &admin_bob age12zlz6lvcdk6eqaewfylg35w0syh58sm7gh53q5vvn7hd7c6nngyseftjxl -creation_rules: - - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - key_groups: - - pgp: - - *admin_alice - age: - - *admin_bob - -``` -Replace as according to your needs. -5. Create a sops `.yaml` file. -```sh -nix-shell -p sops --run "sops secrets/example.yaml" -``` -NOTE: If you add a new host to your `.sops.yaml`, you will need to update the keys for all secrets. -```sh -nix-shell -p sops --run "sops updatekeys secrets/example.yaml" -``` diff --git a/secrets/README.md b/secrets/README.md new file mode 100644 index 0000000..e5cc30e --- /dev/null +++ b/secrets/README.md @@ -0,0 +1,51 @@ +# How to Use SOPS +SOPS is an important aspect of this operating system. Learning to use it is important for security and modularity. It is **important** that you do not lose the `private key`, as it is irrecoverable. + +To get started, follow the instructions below. +1. Create a folder. +```sh +mkdir -p ~/.config/sops/age +``` +2. Generate a private key using `age` +```sh +nix-shell -p age --run "age-keygen -o ~/.config/sops/age/keys.txt" +``` +**...OR** +Use `ssh-to-age` to convert `id_ed22519` to `age`. +```sh +nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt" +``` +There are other ways of generating a private key. Refer to [sops-nix](https://github.com/Mic92/sops-nix). + +3. Get a **public key**. +```sh +nix-shell -p age --run "age-keygen -y ~/.config/sops/age/keys.txt" +``` +4. On the same directory as `flake.nix`, create `.sops.yaml` and paste the following below. +```yaml +# This example uses YAML anchors which allows reuse of multiple keys +# without having to repeat yourself. +# Also see https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml +# for a more complex example. +keys: + - &admin_alice 2504791468b153b8a3963cc97ba53d1919c5dfd4 + - &admin_bob age12zlz6lvcdk6eqaewfylg35w0syh58sm7gh53q5vvn7hd7c6nngyseftjxl +creation_rules: + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - pgp: + - *admin_alice + age: + - *admin_bob + +``` +Replace as according to your needs. + +5. Create a sops `.yaml` file. +```sh +nix-shell -p sops --run "sops secrets/example.yaml" +``` +NOTE: If you add a new host to your `.sops.yaml`, you will need to update the keys for all secrets. +```sh +nix-shell -p sops --run "sops updatekeys secrets/example.yaml" +```