Tools, scripts, and configurations for my machines.

# Secret management with `agenix`
I use `[agenix](https://github.com/ryantm/agenix)` to manage secrets.

## Create a new secret
To create a new secret:
```shell
cd secrets
agenix -e <name of the secret>.age
```

## Manage the secrets
In [secrets.nix](secrets/secrets.nix) you need to add the secret and who need to have access to it.

In the configuration for one of the host, you'll then need to add:
```nix
age.secrets.restic = {
    file = ../../../secrets/restic-backups.age;
    owner = "root";
    group = "root";
    path = "/etc/restic/secret";
    mode = "600";
};
```

## Edit secrets
This is the easiest command to work with 1password:
```shell
agenix -e restic-backups.age -i (op read "op://Personal/nixos/private key?ssh-format=openssh"|psub)
```

There's a target in the [Justfile](justfile) to edit the secrets: `just secrets <secret-name>`.

# Services

## ddns-updater
This service runs on `vm-synology`.

There's a web UI accessible at <http://vm-synology:8000> to check the status of the updates.