2023-04-14 14:12:45 +03:00
|
|
|
let
|
|
|
|
motiejus_yk1 = "age1yubikey1qtwmhf7h7ljs3dyx06wyzme4st6w4calkdpmsxgpxc9t2cldezvasd6n8wg";
|
2023-07-20 16:32:46 +03:00
|
|
|
motiejus_yk2 = "age1yubikey1qgyvs2ul0enzqf4sscq96zyxk73jnj4lknpemak2hp39lejdwc0s5uzzhpc";
|
2023-04-14 14:12:45 +03:00
|
|
|
motiejus_bk1 = "age1kyehn8yr9tfu3w0z4d9p9qrj0tjjh92ljxmz2nyr6xnm7y8kpv5spwwc9n";
|
2023-07-20 16:32:46 +03:00
|
|
|
motiejus = [motiejus_yk1 motiejus_yk2 motiejus_bk1];
|
2023-04-14 14:12:45 +03:00
|
|
|
|
|
|
|
hel1-a = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu";
|
2023-07-22 20:25:28 +03:00
|
|
|
vno1-oh2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY";
|
|
|
|
systems = [hel1-a vno1-oh2];
|
2023-04-14 14:12:45 +03:00
|
|
|
in {
|
|
|
|
"secrets/hel1-a/borgbackup/password.age".publicKeys = [hel1-a] ++ motiejus;
|
|
|
|
"secrets/hel1-a/postfix/sasl_passwd.age".publicKeys = [hel1-a] ++ motiejus;
|
|
|
|
"secrets/hel1-a/turn/static_auth_secret.age".publicKeys = [hel1-a] ++ motiejus;
|
|
|
|
"secrets/hel1-a/synapse/jakstys_lt_signing_key.age".publicKeys = [hel1-a] ++ motiejus;
|
|
|
|
"secrets/hel1-a/synapse/registration_shared_secret.age".publicKeys = [hel1-a] ++ motiejus;
|
|
|
|
"secrets/hel1-a/synapse/macaroon_secret_key.age".publicKeys = [hel1-a] ++ motiejus;
|
|
|
|
|
2023-07-23 14:27:29 +03:00
|
|
|
"secrets/hel1-a/zfs-passphrase.age".publicKeys = [vno1-oh2] ++ motiejus;
|
|
|
|
"secrets/vno1-oh2/zfs-passphrase.age".publicKeys = [hel1-a] ++ motiejus;
|
|
|
|
|
2023-07-22 20:25:28 +03:00
|
|
|
"secrets/motiejus_passwd_hash.age".publicKeys = [hel1-a vno1-oh2] ++ motiejus;
|
|
|
|
"secrets/root_passwd_hash.age".publicKeys = [hel1-a vno1-oh2] ++ motiejus;
|
2023-07-23 15:02:58 +03:00
|
|
|
|
|
|
|
host_pubkeys = {
|
|
|
|
"hel1-a.servers.jakst" = hel1-a;
|
|
|
|
"vno1-oh2.servers.jakst" = vno1-oh2;
|
|
|
|
};
|
2023-04-14 14:12:45 +03:00
|
|
|
}
|