config/secrets.nix

65 lines
2.2 KiB
Nix
Raw Normal View History

2023-04-14 14:12:45 +03:00
let
2023-10-01 22:21:02 +03:00
motiejus = builtins.attrValues {
yk1 = "age1yubikey1qtwmhf7h7ljs3dyx06wyzme4st6w4calkdpmsxgpxc9t2cldezvasd6n8wg";
yk2 = "age1yubikey1qgyvs2ul0enzqf4sscq96zyxk73jnj4lknpemak2hp39lejdwc0s5uzzhpc";
bk1 = "age1kyehn8yr9tfu3w0z4d9p9qrj0tjjh92ljxmz2nyr6xnm7y8kpv5spwwc9n";
bk2 = "age14f39j0wx84n93lgqn6d9gcd3yhuwak6qwrxy8v83ydn7266uafts09ecva";
};
2023-04-14 14:12:45 +03:00
2023-09-15 13:23:52 +03:00
fwminex = (import ./data.nix).hosts."fwminex.motiejus.jakst".publicKey;
2024-03-18 17:46:17 +02:00
mtworx = (import ./data.nix).hosts."mtworx.motiejus.jakst".publicKey;
2023-08-26 07:18:27 +03:00
fra1-a = (import ./data.nix).hosts."fra1-a.servers.jakst".publicKey;
2023-07-23 15:33:57 +03:00
vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey;
vno3-rp3b = (import ./data.nix).hosts."vno3-rp3b.servers.jakst".publicKey;
2024-06-26 22:45:14 +03:00
systems = [fra1-a vno1-oh2 vno3-rp3b fwminex];
2023-04-14 14:12:45 +03:00
mk = auth: keyNames:
builtins.listToAttrs (
2023-08-14 09:28:54 +03:00
map (keyName: {
name = keyName;
2023-08-14 09:28:54 +03:00
value = {publicKeys = auth;};
})
keyNames
2023-08-14 09:28:54 +03:00
);
in
{}
// mk ([vno1-oh2] ++ motiejus) [
2023-08-26 23:45:03 +03:00
"secrets/fra1-a/zfs-passphrase.age"
2023-08-14 09:28:54 +03:00
"secrets/vno1-oh2/borgbackup/password.age"
"secrets/grafana.jakstys.lt/oidc.age"
2023-08-14 09:28:54 +03:00
"secrets/letsencrypt/account.key.age"
"secrets/headscale/oidc_client_secret2.age"
2023-09-07 13:04:38 +03:00
"secrets/vaultwarden/secrets.env.age"
2023-12-28 23:33:47 +02:00
"secrets/photoprism/admin_password.age"
2023-08-25 16:27:39 +03:00
2023-08-25 15:55:06 +03:00
"secrets/synapse/jakstys_lt_signing_key.age"
"secrets/synapse/registration_shared_secret.age"
"secrets/synapse/macaroon_secret_key.age"
2024-06-05 23:08:35 +03:00
"secrets/vno1-oh2/syncthing/key.pem.age"
"secrets/vno1-oh2/syncthing/cert.pem.age"
2023-08-25 15:55:06 +03:00
]
2023-08-27 15:16:52 +03:00
// mk ([fra1-a] ++ motiejus) [
2023-08-26 23:45:03 +03:00
"secrets/vno1-oh2/zfs-passphrase.age"
2024-01-25 14:48:17 +02:00
"secrets/fra1-a/borgbackup-password.age"
2023-08-26 23:45:03 +03:00
]
// mk ([vno3-rp3b] ++ motiejus) [
"secrets/vno3-rp3b/datapool-passphrase.age"
2023-09-11 12:01:03 +03:00
]
2024-03-18 17:46:17 +02:00
// mk ([mtworx] ++ motiejus) [
"secrets/motiejus_work_passwd_hash.age"
"secrets/root_work_passwd_hash.age"
2024-06-05 23:08:35 +03:00
"secrets/mtworx/syncthing/key.pem.age"
"secrets/mtworx/syncthing/cert.pem.age"
2024-03-18 17:46:17 +02:00
]
2024-06-05 22:54:59 +03:00
// mk ([fwminex] ++ motiejus) [
"secrets/fwminex/syncthing/key.pem.age"
"secrets/fwminex/syncthing/cert.pem.age"
]
2023-08-14 09:28:54 +03:00
// mk (systems ++ motiejus) [
"secrets/motiejus_passwd_hash.age"
"secrets/root_passwd_hash.age"
"secrets/postfix_sasl_passwd.age"
]