cluster/services/cachix-deploy-agent: init

This commit is contained in:
Max Headroom 2023-07-21 01:15:10 +02:00
parent 53e8f2cabf
commit 664b92203d
7 changed files with 54 additions and 0 deletions

View file

@ -0,0 +1,10 @@
{ config, ... }:
{
age.secrets.cachixDeployToken.file = ./credentials/${config.networking.hostName}.age;
services.cachix-agent = {
enable = true;
credentialsFile = config.age.secrets.cachixDeployToken.path;
};
}

View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A GNlG6hVK8HfQKEWmMJwQ3qhmZOv9zSVWP6V7/5LVslc
8i6bXmEmU8T9lApB0avHZublAUZiT3wHxmM5CUYxMo4
-> ssh-ed25519 5/zT0w emP71+/eiA/GQ7EUekXlcXdQpL3yNVT3llw5hGNerXI
gQ9QYqo3/V7AnQjK1MYOclsVX0B2Yg8QLqs5tTaYBFY
-> ssh-ed25519 d3WGuA I2JHyhEO3xb9rniTY10FTujaWRDLAtChR7SQzbSw3nU
AsNx/YxGHOTuon/ZEyu+s9zJ+OmELXFwcnRyu/XLlp4
-> c[ehZ89-grease "^$r q6K1MR <4 '!b
L/iRQ+g
--- rH4ZWJU4EIRFC4ffXvBbnYS7Y/khTCu2Bu1SJHrOhcs
?+1/}$qxë<78>ÕF<C395><w/ÑÑ<>ay•$º”Žæ{V<>Ômñ¿±yšèKÝl¥¬ÔݦUÛGf(³9tiŒ™­^%y¬‰cî`šµ…{»dÒý\T0†GÒXkç*lë;*,8AŒªa4'ŠQÍ«Íi¿™yĹåÌZè?¬Ó#ˆ]3}5iÁÉ|\ßØã®p©Ó½¨m­Æ—xDæÌ= Àx”³ï#<23>Òƺ±Ÿêã<ø WOÈE®v‡P!zÙÛÅÙsñLÃK

View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A ZP3yjzSbThB4TLzZTQ/numJtFThdJWSe/Q9BMgM1bVQ
6OuYa43hZFSWdBISWTFkWNQGhmBbCdJgu6anJA3Zqh0
-> ssh-ed25519 5/zT0w YmDcssGTmOawG7ajGWaprSO2wAiYJeTv4MPTmtRIvh0
CJungpLxidWgJTe3vyMpryBpnIGotKCuC1KUlQhhYRs
-> ssh-ed25519 TCgorQ sVuFjKWVxsFbmzn+jyiW8psOzTneUQGmCZbzJ7/XLRg
1vRKXRWxsQ3BceWYbqxerbFz4IO5U0sF93G6dLGjzgk
-> 1W#:-grease lN~;YPE^ YAa8 7s BEq(."'
HKosiz64wAOAc4QckSNsMC6i4Bq6uxTBuPttJoaUOrJ9sWAL4K8aY8s
--- ucYe/fF2tsm2+9HmTOnFLSt6VN3F+gNkXcxYDMWn1bY
œó@p¢v/ÆPR[ÿ§» d®ºÂüÍå,mµ[/ú@pLËê}¯·‚*tÐïÞd|Ô-9!>l}"âöÈÏß›Ê/gÛôL­‰Dã<44>“»hÛÝE©<>×»e9+Ãdï<64>ÒyÀ<79>f½xnŠFÂð­;‡ókÌk­Nè÷æ™9lƒœÍeñŠß—tègŠ®ñ&•0Ë%Ø<1ÌÔôìHaйA™3$ÓôØ`Þ?b¹!¼Å’?<3F>EdÝ7ú¦¸Ÿw

View file

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A ejtj6uy0U2VGcZ/TL5Izny/xZ2UyqajHJnPoelogenw
JRcAb/P/QxYbVFwmnlqqnEQHOkMTepjgFHEmr7CyCYk
-> ssh-ed25519 5/zT0w XyKUhRUuw3jVxEfImymDRv6Yds8IP885AGk1hRdZ4Rc
5IrW0varzs44P+25vQe1+88oVNyXTnmzpytO8f2hX4s
-> ssh-ed25519 YIaSKQ NKvJ4j+UQk6vdddf5YuGlIxlZPiUY1JdD611RQD2vlQ
kkGF2wR5hoOpWM34/48I9EAM0kMI+VZSfOcal5ikGKY
-> q9os-grease #6 _f|$T F4q*O ",M\
sQRm7N0k+xtMD0a/lg7bif11LYTmo72t/+a3OfIwsXKUInz7Mij21ZMhkBS9NEpg
ep7ywonuBh0Sb5ro2FNmcw9tm2p+qQ0/lLeDHCDBsi9rEcC0RD0uxHEJQbykxQ
--- W71uGICSIj89KLvZDEVB02LtjNOa6vM9sEfUAk2VltI
—å®!#jŠªúÝ<}Åêíñ¿uü£ L•6 ©Mãϼ…`À<1C>rºE £ãÊØ,) <>½ÏC¿Ÿ3¤‡Yèù€T^@s@š²%b³5îý­G¼[msF»t+†Î©Ó•&kg*4[úøÊ.æ`Ѭ&ù• *Ÿ§×óÇøÄTvÄÕ³è  8μNöRó‰á¿Žsª7{}Š]y "ŠÝ!E|í0°´Nýyiý'úsöÌî:<3A>

View file

@ -0,0 +1,6 @@
{
services.cachix-deploy-agent = {
nodes.agent = [ "checkmate" "prophet" "VEGAS" "thunderskin" ];
nixos.agent = ./agent.nix;
};
}

View file

@ -6,6 +6,10 @@ let
in with hosts;
{
"cluster/services/attic/attic-server-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/cachix-deploy-agent/credentials/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
"cluster/services/cachix-deploy-agent/credentials/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/cachix-deploy-agent/credentials/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/cachix-deploy-agent/credentials/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
"cluster/services/dns/pdns-admin-oidc-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/dns/pdns-admin-salt.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/dns/pdns-admin-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];