depot/secrets.nix

let
  max = (import ./users/max/userinfo.nix null).sshKeys;
  hosts = builtins.mapAttrs (_: v: v._module.specialArgs.depot.reflection)
    (builtins.getFlake "git+file://${builtins.getEnv "PWD"}").nixosConfigurations;
  systemKeys = x: x.ssh.id.publicKey or null;
in with hosts;
{
  "cluster/services/dns/acme-dns-direct-key.age".publicKeys = max ++ map systemKeys [ checkmate grail thunderskin VEGAS prophet ];
  "cluster/services/dns/acme-dns-db-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
  "cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
  "cluster/services/monitoring/secrets/loki-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate grail prophet ];
  "cluster/services/monitoring/secrets/tempo-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
  "cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
  "secrets/dovecot-ldap-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-secret-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/hyprspace-key-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
  "secrets/hyprspace-key-grail.age".publicKeys = max ++ map systemKeys [ grail ];
  "secrets/hyprspace-key-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
  "secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
  "secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
  "secrets/wireguard-key-storm-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
}
secrets: move secrets.nix to root 2022-08-03 23:23:24 +03:00			`let`
			`max = (import ./users/max/userinfo.nix null).sshKeys;`
hosts/thunderskin: init 2023-03-20 20:52:07 +02:00			`hosts = builtins.mapAttrs (_: v: v._module.specialArgs.depot.reflection)`
secrets: fix flake url 2023-10-25 18:33:08 +03:00			`(builtins.getFlake "git+file://${builtins.getEnv "PWD"}").nixosConfigurations;`
secrets: move secrets.nix to root 2022-08-03 23:23:24 +03:00			`systemKeys = x: x.ssh.id.publicKey or null;`
			`in with hosts;`
			`{`
cluster/services/dns: switch to acme-dns, host static records 2023-12-03 17:30:16 +02:00			`"cluster/services/dns/acme-dns-direct-key.age".publicKeys = max ++ map systemKeys [ checkmate grail thunderskin VEGAS prophet ];`
			`"cluster/services/dns/acme-dns-db-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];`
cluster/services/monitoring: rekey secrets 2023-06-03 02:43:22 +03:00			`"cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];`
			`"cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];`
cluster/services/monitoring: prepare loki for s3 2023-11-07 21:29:45 +02:00			`"cluster/services/monitoring/secrets/loki-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/monitoring: move one blackbox agent from VEGAS to grail 2023-11-05 01:12:19 +02:00			`"cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate grail prophet ];`
cluster/services/monitoring: move tempo to s3 2023-11-09 00:10:10 +02:00			`"cluster/services/monitoring/secrets/tempo-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/storage: init 2023-07-05 21:53:04 +03:00			`"cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
cluster/services/storage: move prophet storage to S3 2023-11-02 04:22:28 +02:00			`"cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
cluster/services/storage: add grail to garage cluster 2023-11-04 02:38:35 +02:00			`"cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];`
			`"cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];`
VEGAS/mail: adjust ldap settings for idm-ldap 2023-10-25 20:30:49 +03:00			`"secrets/dovecot-ldap-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
VEGAS/gitlab: use Patroni database 2022-08-09 23:33:05 +03:00			`"secrets/gitlab-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
secrets: move secrets.nix to root 2022-08-03 23:23:24 +03:00			`"secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/gitlab-secret-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
hosts/checkmate: add hyprspace 2023-03-01 22:51:49 +02:00			`"secrets/hyprspace-key-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];`
hosts/grail: enable hyprspace 2023-11-04 02:04:30 +02:00			`"secrets/hyprspace-key-grail.age".publicKeys = max ++ map systemKeys [ grail ];`
hosts/thunderskin: init 2023-03-20 20:52:07 +02:00			`"secrets/hyprspace-key-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];`
secrets: move secrets.nix to root 2022-08-03 23:23:24 +03:00			`"secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];`
			`"secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`"secrets/wireguard-key-storm-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];`
			`}`