From b1adcf0223f9f4d96da20c72904cdc4d9a41be6d Mon Sep 17 00:00:00 2001 From: oluceps Date: Mon, 4 Nov 2024 22:02:05 +0800 Subject: [PATCH] + improve docs --- README.md | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index abf8978..1e5d8dd 100644 --- a/README.md +++ b/README.md @@ -49,19 +49,25 @@ Adding nixosModule config: { imports = [ inputs.vaultix.nixosModules.default ]; vaultix = { + settings = { + storageLocation = # relative to flake root, used for storing host public key - # re-encrypted secrets. - storageLocation = "./secret/renc/${config.networking.hostName}"; + "./secret/renc/${config.networking.hostName}"; + # extraRecipients = # not supported yet, plain to used in edit command # [ data.keys.ageKey ]; + identity = # See https://github.com/str4d/age-plugin-yubikey # Also supports age native secrets (with password encrypted) (self + "/secret/age-yubikey-identity-0000ffff.txt.pub"); }; + secrets = { + # this parts keeps identical with agenix example = { file = ./secret/example.age; mode = "640"; @@ -71,7 +77,6 @@ Adding nixosModule config: # symlink = true; # both not supported yet # path = "/some/place"; }; - # ... }; }; } @@ -93,7 +98,7 @@ nix run .#vaultix.x86_64-linux.renc ## Cli Args -Seldon use cli directly. Use Nix Wrapped App such as `nix run .#vaultix.x86_64-linux.renc`. +Seldom use cli directly. Use Nix Wrapped App such as `nix run .#vaultix.x86_64-linux.renc`. Currently not support `edit` command, you could directly use rage for creating your encrypted file.