home lab init

2025-06-03 23:07:46 +02:00 · 2025-06-03 23:07:46 +02:00 · 7278922625
commit 7278922625
65 changed files with 27336 additions and 0 deletions
--- a/nixos/secrets/README.md
+++ b/nixos/secrets/README.md
@ -0,0 +1,51 @@
+
+🔑 2. Generate an age Keypair
+
+age-keygen -o secrets/age.key
+
+This will output something like:
+
+# created: 2025-06-02T22:00:00Z
+# public key: age1abcdefghijk...
+
+Copy that public key somewhere — you’ll need it for encrypting.
+
+✅ You should now have:
+
+secrets/
+├── age.key        # keep this safe and private!
+
+📝 3. Create Encrypted Secrets File
+
+sops --age age1abcdefghijk... secrets/secrets.yaml
+
+This opens a YAML file in your $EDITOR. Add secrets like:
+
+forgejo-admin-password: "my-super-secret-password"
+
+Save and close the file — it’s now encrypted using the public key.
+
+✅ Now you should have:
+
+secrets/
+├── age.key
+├── secrets.yaml   # encrypted file (safe to commit)
+
+You can commit secrets.yaml, but do not commit age.key unless you're OK with putting it on a VM.
+
+
+🧪 Test Decryption Locally
+
+export SOPS_AGE_KEY_FILE=secrets/age.key
+
+To test:
+
+sops -d secrets/secrets.yaml
+
+To edit:
+
+sops secrets/secrets.yaml
+
+
+
+[plasmagoat@forgejo:~]$ sudo chmod 400 /etc/sops/age.key && sudo chown root:root /etc/sops/age.key