motiejus
/
config
1
Fork 0
Code Packages Releases Activity

secrets: move to blocks

This commit is contained in:
Motiejus Jakštys 2023-08-14 09:28:54 +03:00
parent eae289f94e
commit 92c8136ce4
2 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/hel1-a/configuration.nix
View File

@ -423,6 +423,5 @@
"macaroon_secret_key:${config.age.secrets.synapse-macaroon-secret-key.path}" "macaroon_secret_key:${config.age.secrets.synapse-macaroon-secret-key.path}"
]; ];
}; };
}; };
} }

44
secrets.nix
View File

@ -7,21 +7,31 @@ let
hel1-a = (import ./data.nix).hosts."hel1-a.servers.jakst".publicKey; hel1-a = (import ./data.nix).hosts."hel1-a.servers.jakst".publicKey;
vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey; vno1-oh2 = (import ./data.nix).hosts."vno1-oh2.servers.jakst".publicKey;
systems = [hel1-a vno1-oh2]; systems = [hel1-a vno1-oh2];
in {
# hel1-a + motiejus
"secrets/hel1-a/borgbackup/password.age".publicKeys = [hel1-a] ++ motiejus;
"secrets/hel1-a/synapse/jakstys_lt_signing_key.age".publicKeys = [hel1-a] ++ motiejus;
"secrets/hel1-a/synapse/registration_shared_secret.age".publicKeys = [hel1-a] ++ motiejus;
"secrets/hel1-a/synapse/macaroon_secret_key.age".publicKeys = [hel1-a] ++ motiejus;
"secrets/vno1-oh2/zfs-passphrase.age".publicKeys = [hel1-a] ++ motiejus;
# vno1-oh2 + motiejus mk = auth:
"secrets/hel1-a/zfs-passphrase.age".publicKeys = [vno1-oh2] ++ motiejus; listToAttrs (
"secrets/vno1-oh2/borgbackup/password.age".publicKeys = [vno1-oh2] ++ motiejus; map (keyName: {
"secrets/letsencrypt/account.key.age".publicKeys = [vno1-oh2] ++ motiejus; name = key;
value = {publicKeys = auth;};
# everywhere + motiejus })
"secrets/motiejus_passwd_hash.age".publicKeys = systems ++ motiejus; keys
"secrets/root_passwd_hash.age".publicKeys = systems ++ motiejus; );
"secrets/postfix_sasl_passwd.age".publicKeys = systems ++ motiejus; in
} {}
// mk ([hel1-a] ++ motiejus) [
"secrets/hel1-a/borgbackup/password.age"
"secrets/hel1-a/synapse/jakstys_lt_signing_key.age"
"secrets/hel1-a/synapse/registration_shared_secret.age"
"secrets/hel1-a/synapse/macaroon_secret_key.age"
"secrets/vno1-oh2/zfs-passphrase.age"
]
// mk ([vno1-oh2] ++ motiejus) [
"secrets/hel1-a/zfs-passphrase.age"
"secrets/vno1-oh2/borgbackup/password.age"
"secrets/letsencrypt/account.key.age"
]
// mk (systems ++ motiejus) [
"secrets/motiejus_passwd_hash.age"
"secrets/root_passwd_hash.age"
"secrets/postfix_sasl_passwd.age"
]