NixiN/nixin-krops
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update readme

Browse source
This commit is contained in:
Douze Bé 2024-12-19 18:30:31 +01:00
parent 0791356a34
commit e78a33bd48
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
README.md
View file

@ -16,7 +16,8 @@ These configurations can import shared modules stored in the modules directory
```
├── modules
│   ├── nixin.nix
│   └── users.nix
│   ├── users.nix
│   └── wireguard-client.nix
```
The file `nixpkgs.json` contains the revision of nixpkgs to use. See the tips section for how to update it
@ -27,7 +28,15 @@ The servers mush be accessible with ssh as `root` or as a user with passwordless
Secrets are stored in a sub directory of a separate git repository, managed with [passwordstore](https://www.passwordstore.org/)
This directory must available at ` ~/.password-store/nixin-password-store/krops`. (This is also defined in `krops.nix`)
When building the configuration on the server, the secrets files are decrypted and copied to the /var/srv/secret directory
When building the configuration on the server, the secrets files are decrypted and copied to server into the /var/srv/secret directory
Referencing a secret file path in the configuration is done like this :
```nix
privateKeyFile = toString <secrets/wg-private.key>;
```
If instead the content of the file needs to be substituted into the configuration it can be done like this :
```nix
security.pki.certificates = [ (builtins.readFile toString <secrets/ca-bundle.crt>) ];
```
Sample `/var/src` on a server after configuration deployment :
```sh