config/secrets.nix

let
  motiejus_yk1 = "age1yubikey1qtwmhf7h7ljs3dyx06wyzme4st6w4calkdpmsxgpxc9t2cldezvasd6n8wg";
  motiejus_yk2 = "age1yubikey1qgyvs2ul0enzqf4sscq96zyxk73jnj4lknpemak2hp39lejdwc0s5uzzhpc";
  motiejus_bk1 = "age1kyehn8yr9tfu3w0z4d9p9qrj0tjjh92ljxmz2nyr6xnm7y8kpv5spwwc9n";
  motiejus = [motiejus_yk1 motiejus_yk2 motiejus_bk1];

  hel1-a = (import ./data.nix).hosts."hel1-a.servers.jakst".publicKey;
  vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey;
  vno1-rp3b = (import ./data.nix).hosts."vno1-rp3b.servers.jakst".publicKey;
  systems = [hel1-a vno1-oh2 vno1-rp3b];

  mk = auth: keyNames:
    builtins.listToAttrs (
      map (keyName: {
        name = keyName;
        value = {publicKeys = auth;};
      })
      keyNames
    );
in
  {}
  // mk ([hel1-a] ++ motiejus) [
    "secrets/hel1-a/headscale/oidc_client_secret2.age"
    "secrets/hel1-a/borgbackup/password.age"
    "secrets/hel1-a/synapse/jakstys_lt_signing_key.age"
    "secrets/hel1-a/synapse/registration_shared_secret.age"
    "secrets/hel1-a/synapse/macaroon_secret_key.age"
    "secrets/vno1-oh2/zfs-passphrase.age"
  ]
  // mk ([vno1-oh2] ++ motiejus) [
    "secrets/hel1-a/zfs-passphrase.age"
    "secrets/vno1-oh2/borgbackup/password.age"
    "secrets/grafana.jakstys.lt/oidc.age"
    "secrets/letsencrypt/account.key.age"
  ]
  // mk (systems ++ motiejus) [
    "secrets/motiejus_passwd_hash.age"
    "secrets/root_passwd_hash.age"
    "secrets/postfix_sasl_passwd.age"
  ]
flakes 2023-04-14 14:12:45 +03:00			`let`
			`motiejus_yk1 = "age1yubikey1qtwmhf7h7ljs3dyx06wyzme4st6w4calkdpmsxgpxc9t2cldezvasd6n8wg";`
add motiejus_yk2 2023-07-20 16:32:46 +03:00			`motiejus_yk2 = "age1yubikey1qgyvs2ul0enzqf4sscq96zyxk73jnj4lknpemak2hp39lejdwc0s5uzzhpc";`
flakes 2023-04-14 14:12:45 +03:00			`motiejus_bk1 = "age1kyehn8yr9tfu3w0z4d9p9qrj0tjjh92ljxmz2nyr6xnm7y8kpv5spwwc9n";`
add motiejus_yk2 2023-07-20 16:32:46 +03:00			`motiejus = [motiejus_yk1 motiejus_yk2 motiejus_bk1];`
flakes 2023-04-14 14:12:45 +03:00
move pubkeys back to data.nix 2023-07-23 15:33:57 +03:00			`hel1-a = (import ./data.nix).hosts."hel1-a.servers.jakst".publicKey;`
			`vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey;`
adding vno1-rp3b to deploy list 2023-08-16 15:58:35 +03:00			`vno1-rp3b = (import ./data.nix).hosts."vno1-rp3b.servers.jakst".publicKey;`
			`systems = [hel1-a vno1-oh2 vno1-rp3b];`
flakes 2023-04-14 14:12:45 +03:00
add oidc_client_secret2 client id: e25c15ea-41ca-4bf0-9ebf-2be9f2d1ccea 2023-08-14 10:05:28 +03:00			`mk = auth: keyNames:`
			`builtins.listToAttrs (`
secrets: move to blocks 2023-08-14 09:28:54 +03:00			`map (keyName: {`
add oidc_client_secret2 client id: e25c15ea-41ca-4bf0-9ebf-2be9f2d1ccea 2023-08-14 10:05:28 +03:00			`name = keyName;`
secrets: move to blocks 2023-08-14 09:28:54 +03:00			`value = {publicKeys = auth;};`
			`})`
add oidc_client_secret2 client id: e25c15ea-41ca-4bf0-9ebf-2be9f2d1ccea 2023-08-14 10:05:28 +03:00			`keyNames`
secrets: move to blocks 2023-08-14 09:28:54 +03:00			`);`
			`in`
			`{}`
			`// mk ([hel1-a] ++ motiejus) [`
add oidc_client_secret2 client id: e25c15ea-41ca-4bf0-9ebf-2be9f2d1ccea 2023-08-14 10:05:28 +03:00			`"secrets/hel1-a/headscale/oidc_client_secret2.age"`
secrets: move to blocks 2023-08-14 09:28:54 +03:00			`"secrets/hel1-a/borgbackup/password.age"`
			`"secrets/hel1-a/synapse/jakstys_lt_signing_key.age"`
			`"secrets/hel1-a/synapse/registration_shared_secret.age"`
			`"secrets/hel1-a/synapse/macaroon_secret_key.age"`
			`"secrets/vno1-oh2/zfs-passphrase.age"`
			`]`
			`// mk ([vno1-oh2] ++ motiejus) [`
			`"secrets/hel1-a/zfs-passphrase.age"`
			`"secrets/vno1-oh2/borgbackup/password.age"`
configure grafana oidc client id: 5349c113-467d-4b95-a61b-264f2d844da8 2023-08-14 15:30:01 +03:00			`"secrets/grafana.jakstys.lt/oidc.age"`
secrets: move to blocks 2023-08-14 09:28:54 +03:00			`"secrets/letsencrypt/account.key.age"`
			`]`
			`// mk (systems ++ motiejus) [`
			`"secrets/motiejus_passwd_hash.age"`
			`"secrets/root_passwd_hash.age"`
			`"secrets/postfix_sasl_passwd.age"`
			`]`