secrets: move secrets.nix to root

This commit is contained in:
Max Headroom 2022-08-03 22:23:24 +02:00
parent 9726abda88
commit acd4e1a09d
2 changed files with 45 additions and 45 deletions

45
secrets.nix Normal file
View file

@ -0,0 +1,45 @@
let
max = (import ./users/max/userinfo.nix null).sshKeys;
hosts = import ./hosts;
systemKeys = x: x.ssh.id.publicKey or null;
in with hosts;
{
"secrets/acme-dns-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/gitlab-runner-registration.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/gitlab-secret-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"secrets/hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"secrets/hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hci-token-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"secrets/hci-token-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hydra-bincache.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hydra-builder-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hydra-s3.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"secrets/ipfs-swarm-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/matrix-appservice-discord-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/minio-root-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/searxng-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/sips-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/synapse-ldap.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/synapse-turn.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/wireguard-key-storm-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/wireguard-key-wgautobahn.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/wireguard-key-wgmv.age".publicKeys = max ++ map systemKeys [ VEGAS ];
}

View file

@ -1,45 +0,0 @@
let
max = (import ../users/max/userinfo.nix null).sshKeys;
hosts = import ../hosts;
systemKeys = x: x.ssh.id.publicKey or null;
in with hosts;
{
"acme-dns-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-openid-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-runner-registration.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-secret-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-secret-jws.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-secret-otp.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"gitlab-secret-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hci-token-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"hci-token-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hydra-bincache.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hydra-builder-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hydra-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hydra-s3.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"ipfs-swarm-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"matrix-appservice-discord-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"minio-root-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"searxng-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"sips-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"synapse-ldap.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"synapse-turn.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"wireguard-key-storm-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"wireguard-key-wgautobahn.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"wireguard-key-wgmv.age".publicKeys = max ++ map systemKeys [ VEGAS ];
}