kenji/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add(README): migrated SOPS documentation to secrets/

Browse Source
This commit is contained in:
kenji
2026-01-03 10:09:05 -06:00
parent 5443027e94
commit 15b2c36247
2 changed files with 53 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+2 -52
View File
@@ -2,56 +2,6 @@
HakaseOS is an opinionated NixOS configuration heavily inspired by OmarchyOS.
## Features
* Vim keybindings
* Simple Setup
* Pre-configured Firefox
* Vim Keybindings
* Hardened Firefox
## How to Use SOPS
SOPS is an important aspect of this operating system. Learning to use it is important for security and modularity. It is impertinent that you do not lose the `private key`, as it is irrecoverable.
To get started, follow the instructions below.
1. Create a folder.
```sh
mkdir -p ~/.config/sops/age
```
2. Generate a private key using `age`
```sh
nix-shell -p age --run "age-keygen -o ~/.config/sops/age/keys.txt"
```
**OR**
Use `ssh-to-age` to convert `id_ed22519` to `age`.
```sh
nix-shell -p ssh-to-age --run "ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt"
```
There are other ways of generating a private key. Refer to [sops-nix](https://github.com/Mic92/sops-nix).
3. Get a **public key**.
```sh
nix-shell -p age --run "age-keygen -y ~/.config/sops/age/keys.txt"
```
4. On the same directory as `flake.nix`, create `.sops.yaml` and paste the following below.
```yaml
# This example uses YAML anchors which allows reuse of multiple keys
# without having to repeat yourself.
# Also see https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml
# for a more complex example.
keys:
- &admin_alice 2504791468b153b8a3963cc97ba53d1919c5dfd4
- &admin_bob age12zlz6lvcdk6eqaewfylg35w0syh58sm7gh53q5vvn7hd7c6nngyseftjxl
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_alice
age:
- *admin_bob
```
Replace as according to your needs.
5. Create a sops `.yaml` file.
```sh
nix-shell -p sops --run "sops secrets/example.yaml"
```
NOTE: If you add a new host to your `.sops.yaml`, you will need to update the keys for all secrets.
```sh
nix-shell -p sops --run "sops updatekeys secrets/example.yaml"
```