add nixos integration example
This commit is contained in:
parent
f350bfd7fd
commit
3b810b074c
@ -135,8 +135,25 @@ For convenience, Clan CLI allows group creation to simplify access management. H
|
|||||||
|
|
||||||
# NixOS integration
|
# NixOS integration
|
||||||
|
|
||||||
A NixOS machine will automatically import all secrets that were encrypted for the same.
|
A NixOS machine will automatically import all secrets that are encrypted for the
|
||||||
At runtime it will
|
current machine. At runtime it will use the host key to decrypt all secrets into
|
||||||
|
a in-memory, non-persistent filesystem using
|
||||||
|
[sops-nix](https://github.com/Mic92/sops-nix). In your nixos configuration you
|
||||||
|
can get a path to secrets like this `config.sops.secrets.<name>.path`. Example:
|
||||||
|
|
||||||
|
```nix
|
||||||
|
{ config, ...}: {
|
||||||
|
sops.secrets.my-password.neededForUsers = true;
|
||||||
|
|
||||||
|
users.users.mic92 = {
|
||||||
|
isNormalUser = true;
|
||||||
|
passwordFile = config.sops.secrets.my-password.path;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
See the [readme](https://github.com/Mic92/sops-nix) of sops-nix for more
|
||||||
|
examples.
|
||||||
|
|
||||||
# Importing existing sops-based keys / sops-nix
|
# Importing existing sops-based keys / sops-nix
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user