From 8fa307aafc7d48546372d5d275cc93fcfc830dd6 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 21 Dec 2024 11:15:38 -0800
Subject: convert org file to markdown

---
 README.md | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 README.md

(limited to 'README.md')

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0fd9de9
--- /dev/null
+++ b/README.md
@@ -0,0 +1,40 @@
+Tools, scripts, and configurations for my machines.
+
+# Secret management with `agenix`
+I use `[agenix](https://github.com/ryantm/agenix)` to manage secrets.
+
+## Create a new secret
+To create a new secret:
+```shell
+cd secrets
+agenix -e <name of the secret>.age
+```
+
+## Manage the secrets
+In [secrets.nix](secrets/secrets.nix) you need to add the secret and who need to have access to it.
+
+In the configuration for one of the host, you'll then need to add:
+```nix
+age.secrets.restic = {
+    file = ../../../secrets/restic-backups.age;
+    owner = "root";
+    group = "root";
+    path = "/etc/restic/secret";
+    mode = "600";
+};
+```
+
+## Edit secrets
+This is the easiest command to work with 1password:
+```shell
+agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
+```
+
+There's a target in the [Justfile](justfile) to edit the secrets: `just secrets <secret-name>`.
+
+# Services
+
+## ddns-updater
+This service runs on `vm-synology`.
+
+There's a web UI accessible at <http://vm-synology:8000> to check the status of the updates.
-- 
cgit v1.2.3