config

NixOS config
Log | Files | Refs | README | LICENSE

secrets.nix (2699B) - Raw

      1 let
      2   motiejus = builtins.attrValues {
      3     yk1 = "age1yubikey1qtwmhf7h7ljs3dyx06wyzme4st6w4calkdpmsxgpxc9t2cldezvasd6n8wg";
      4     yk2 = "age1yubikey1qgyvs2ul0enzqf4sscq96zyxk73jnj4lknpemak2hp39lejdwc0s5uzzhpc";
      5     bk1 = "age1kyehn8yr9tfu3w0z4d9p9qrj0tjjh92ljxmz2nyr6xnm7y8kpv5spwwc9n";
      6     bk2 = "age14f39j0wx84n93lgqn6d9gcd3yhuwak6qwrxy8v83ydn7266uafts09ecva";
      7   };
      8 
      9   fwminex = (import ./data.nix).hosts."fwminex.jakst.vpn".publicKey;
     10   vno3-nk = (import ./data.nix).hosts."vno3-nk.jakst.vpn".publicKey;
     11   fra1-c = (import ./data.nix).hosts."fra1-c.jakst.vpn".publicKey;
     12   vno1-gdrx = (import ./data.nix).hosts."vno1-gdrx.jakst.vpn".publicKey;
     13   vno2-desk2 = (import ./data.nix).hosts."vno2-desk2.jakst.vpn".publicKey;
     14   macworx = (import ./data.nix).hosts."macworx.jakst.vpn".publicKey;
     15 
     16   systems = [
     17     fra1-c
     18     fwminex
     19     vno3-nk
     20     vno1-gdrx
     21     vno2-desk2
     22     macworx
     23   ];
     24 
     25   mk =
     26     auth: keyNames:
     27     builtins.listToAttrs (
     28       map (keyName: {
     29         name = keyName;
     30         value = {
     31           publicKeys = auth;
     32         };
     33       }) keyNames
     34     );
     35 in
     36 { }
     37 // mk ([ vno3-nk ] ++ motiejus) [
     38   "secrets/vno3-nk/syncthing/key.pem.age"
     39   "secrets/vno3-nk/syncthing/cert.pem.age"
     40   "secrets/vno3-nk/borgbackup-password.age"
     41 ]
     42 // mk ([ vno2-desk2 ] ++ motiejus) [
     43   "secrets/vno2-desk2/syncthing/key.pem.age"
     44   "secrets/vno2-desk2/syncthing/cert.pem.age"
     45 ]
     46 // mk ([ vno1-gdrx ] ++ motiejus) [
     47   "secrets/vno1-gdrx/syncthing/key.pem.age"
     48   "secrets/vno1-gdrx/syncthing/cert.pem.age"
     49 
     50   #"secrets/vno3-nk/borgbackup-password.age"
     51   #"secrets/fwminex/borgbackup-password.age"
     52   #"secrets/fra1-c/borgbackup-password.age"
     53 ]
     54 //
     55   mk
     56     (
     57       [
     58         fra1-c
     59         vno3-nk
     60         fwminex
     61       ]
     62       ++ motiejus
     63     )
     64     [
     65       "secrets/motiejus_server_passwd_hash.age"
     66       "secrets/root_server_passwd_hash.age"
     67     ]
     68 //
     69   mk
     70     (
     71       [
     72         fwminex
     73         vno3-nk
     74       ]
     75       ++ motiejus
     76     )
     77     [
     78       "secrets/timelapse.age"
     79     ]
     80 // mk ([ fwminex ] ++ motiejus) [
     81   "secrets/vaultwarden/secrets.env.age"
     82   "secrets/letsencrypt/account.key.age"
     83   "secrets/frigate.age"
     84   "secrets/r1-htpasswd.age"
     85 
     86   "secrets/synapse/jakstys_lt_signing_key.age"
     87   "secrets/synapse/registration_shared_secret.age"
     88   "secrets/synapse/macaroon_secret_key.age"
     89 
     90   "secrets/fwminex/syncthing/key.pem.age"
     91   "secrets/fwminex/syncthing/cert.pem.age"
     92   "secrets/fwminex/up.jakstys.lt.env.age"
     93   "secrets/fwminex/borgbackup-password.age"
     94 ]
     95 // mk (
     96   [
     97     fra1-c
     98   ]
     99   ++ motiejus
    100 ) [ "secrets/fra1-c/borgbackup-password.age" ]
    101 // mk (systems ++ motiejus) [
    102   "secrets/motiejus_passwd_hash.age"
    103   "secrets/root_passwd_hash.age"
    104   "secrets/postfix_sasl_passwd.age"
    105   "secrets/ssh8022.age"
    106 ]