NixiN/nixin-krops
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update readme

Browse source
This commit is contained in:
Douze Bé 2024-12-20 00:22:55 +01:00
parent a6e68d4de8
commit 8773346e88
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -16,6 +16,7 @@ These configurations can import shared modules stored in the modules directory
```
├── modules
│   ├── nixin.nix
│   ├── reverse-proxy.nix
│   ├── users.nix
│   └── wireguard-client.nix
```
@ -27,13 +28,13 @@ The file `krops.nix` is the main deployment configuration that ties everything u
The servers mush be accessible with ssh as `root` or as a user with passwordless sudo capability, as defined in `krops.nix`
Secrets are stored in a sub directory of a separate git repository, managed with [passwordstore](https://www.passwordstore.org/)
This directory must available at ` ~/.password-store/nixin-password-store/krops`. (This is also defined in `krops.nix`)
When building the configuration on the server, the secrets files are decrypted and copied to server into the /var/srv/secret directory
This directory must be available at ` ~/.password-store/nixin-password-store/krops`. (This is also defined in `krops.nix`)
When deploying a configuration, the secrets files are decrypted and copied to server into the /var/srv/secret directory
Referencing a secret file path in the configuration is done like this :
```nix
privateKeyFile = toString <secrets/wg-private.key>;
```
If instead the content of the file needs to be substituted into the configuration it can be done like this :
If instead the content of a secret file needs to be substituted into the configuration, it can be done like this :
```nix
security.pki.certificates = [ (builtins.readFile toString <secrets/ca-bundle.crt>) ];
```
@ -71,4 +72,3 @@ nixos-rebuild switch -I /var/src
## References
- krops : https://github.com/krebs/krops