Agenix: Difference between revisions
imported>Onny Add more informations to configure section |
imported>Onny Add example configuration |
||
| Line 58: | Line 58: | ||
</nowiki>}} | </nowiki>}} | ||
SSH public keys for a specific user or system can be generated with <code>ssh-keygen</code>, see [[SSH_public_key_authentication|this page]] for more information. | SSH public keys for a specific user or system can be generated with <code>ssh-keygen</code>, see [[SSH_public_key_authentication|this page]] for more information. Usually the public key of your user can be found in <code>~/.ssh/id_rsa.pub</code> and the system one in <code>/etc/ssh/ssh_host_rsa_key.pub</code>. | ||
== Usage == | |||
Creating a secret file, which contents will be encrypted | |||
<syntaxhighlight lang="bash"> | |||
# cd /etc/nixos/secrets | |||
# agenix -e secret1.age | |||
</syntaxhighlight> | |||
The agenix command will open your default terminal editor. Write in your secret, for example <code>password123</code>. | |||
The filename <code>secret1.age</code> is specified above in the agenix <code>secrets.nix</code> configuration. So agenix will know which keys to use for a specific user or system. | |||
To use and reference the secret inside your Nix configuration, an example would look like this | |||
<syntaxhighlight lang="nix"> | |||
age.secrets.nextcloud.file = /etc/nixos/secrets/secret1.age; | |||
services.nextcloud = { | |||
enable = true; | |||
package = pkgs.nextcloud25; | |||
hostName = "localhost"; | |||
config.adminpassFile = config.age.secrets.nextcloud.path; | |||
}; | |||
</syntaxhighlight> | |||
Here, the service [[Nextcloud]] requires a password for the administrator account. In this case, the password is stored in an age-encrypted file, so no plaintext passwords will be copied into your world-readable Nix-store. | |||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Security]] | [[Category:Security]] | ||