Cluster secrets #100
4 changed files with 0 additions and 73 deletions
49
secrets.nix
49
secrets.nix
|
@ -5,60 +5,17 @@ let
|
||||||
systemKeys = x: x.ssh.id.publicKey or null;
|
systemKeys = x: x.ssh.id.publicKey or null;
|
||||||
in with hosts;
|
in with hosts;
|
||||||
{
|
{
|
||||||
"cluster/services/attic/attic-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/attic/attic-s3-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/attic/attic-server-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/cachix-deploy-agent/credentials/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
|
|
||||||
"cluster/services/cachix-deploy-agent/credentials/grail.age".publicKeys = max ++ map systemKeys [ grail ];
|
|
||||||
"cluster/services/cachix-deploy-agent/credentials/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
|
||||||
"cluster/services/cachix-deploy-agent/credentials/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/cachix-deploy-agent/credentials/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
|
|
||||||
"cluster/services/dns/acme-dns-direct-key.age".publicKeys = max ++ map systemKeys [ checkmate grail thunderskin VEGAS prophet ];
|
"cluster/services/dns/acme-dns-direct-key.age".publicKeys = max ++ map systemKeys [ checkmate grail thunderskin VEGAS prophet ];
|
||||||
"cluster/services/dns/acme-dns-db-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
|
"cluster/services/dns/acme-dns-db-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
|
||||||
"cluster/services/forge/credentials/forgejo-oidc-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/forge/credentials/forgejo-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/forge/credentials/forgejo-s3-access-key-id.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/forge/credentials/forgejo-s3-secret-access-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-effects-secrets-private-void.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-hyprspace-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-hyprspace-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-max-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-max-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-nixpak-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-nixpak-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
|
||||||
"cluster/services/idm/secrets/service-account-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
|
|
||||||
"cluster/services/idm/secrets/service-account-grail.age".publicKeys = max ++ map systemKeys [ grail ];
|
|
||||||
"cluster/services/idm/secrets/service-account-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
|
||||||
"cluster/services/idm/secrets/service-account-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/idm/secrets/service-account-soda.age".publicKeys = max ++ map systemKeys [ soda ];
|
|
||||||
"cluster/services/idm/secrets/service-account-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
|
|
||||||
"cluster/services/ipfs/cluster-secret.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
|
||||||
"cluster/services/ipfs/cluster-pinsvc-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
|
||||||
"cluster/services/irc/irc-peer-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
|
||||||
"cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
"cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||||
"cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
"cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
|
||||||
"cluster/services/monitoring/secrets/loki-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"cluster/services/monitoring/secrets/loki-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate grail prophet ];
|
"cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate grail prophet ];
|
||||||
"cluster/services/monitoring/secrets/tempo-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"cluster/services/monitoring/secrets/tempo-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"cluster/services/patroni/passwords/metrics.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
|
|
||||||
"cluster/services/patroni/passwords/replication.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
|
|
||||||
"cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
|
|
||||||
"cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
|
|
||||||
"cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
"cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||||
"cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
|
"cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
|
||||||
"cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
|
"cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
|
||||||
"cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
|
|
||||||
"cluster/services/wireguard/mesh-keys/grail.age".publicKeys = max ++ map systemKeys [ grail ];
|
|
||||||
"cluster/services/wireguard/mesh-keys/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
|
|
||||||
"cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
|
||||||
"secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/dovecot-ldap-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/dovecot-ldap-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/gitlab-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/gitlab-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
|
@ -77,15 +34,9 @@ in with hosts;
|
||||||
"secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
"secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||||
"secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/matrix-appservice-discord-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"secrets/searxng-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/synapse-ldap.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/synapse-turn.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
|
||||||
"secrets/wireguard-key-storm-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"secrets/wireguard-key-storm-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 NO562A eDXO2rf1oCP7G9J7pB03shPO9BMIZ2pEhBqlaEiO+DI
|
|
||||||
Nb6n+yZJ3+ZQQWefjUbV6xiem+4gpOdE0IoA5F9L4zs
|
|
||||||
-> ssh-ed25519 5/zT0w I/KivuQEA2nwCF0qq4G81dKvwU/Zni2Fuz+xSraW52E
|
|
||||||
osPx87gVzeEEIPBnhTn0APxBuA/IL8ySuMzzVrjYqEI
|
|
||||||
-> ssh-ed25519 d3WGuA yrjBtwpNIgsCHG835akTfrwYdncm+yEHT1GnmWQvVnQ
|
|
||||||
Myfat35n/tjZzsqeaLEZLpZGxwgBKo7lBVi1uMIzsRo
|
|
||||||
-> 1.=T-grease )oe@8$5 _OQDI/o^ &l$G\
|
|
||||||
aR164gwY7SDkig
|
|
||||||
--- 32woYizDIa931hDX2PO8wLOYmnOhSscYaI38pvUmBLs
|
|
||||||
ÿ2ã(<06>ì°cZÄBý„»¸o"Ê´¡±•¿%¡·W9<01>ãd'ØikCà‹FƒÆž
ˈkPÃVÊNü>ö˜²×[Ý<>»
|
|
Binary file not shown.
|
@ -1,13 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 NO562A 2h+cvDs0ZF/4KjtEdZVAt82fol+7LpAZPDDn6AvUOTg
|
|
||||||
NhTqPo8kezw8958g6XStj+zwfgLtsAVUFZ6Utj5SgUM
|
|
||||||
-> ssh-ed25519 5/zT0w CxBTfWH4/UfDAdo3G30bHleMU9FdRdTA4RapQN25ISU
|
|
||||||
F+fvzsSuMv3kINJmEodraZcC16WbslE0w4oDo6sSjqA
|
|
||||||
-> ssh-ed25519 d3WGuA IdssM5x5IKzLJeQNyGS6CFDcre0w6yG+X8WToFU66R8
|
|
||||||
95lNHp1fepWe6CqecaGNZhg7Oh7lBw86UeSRGY7w1wE
|
|
||||||
-> y>hqw-grease m, z7 ;#ddi
|
|
||||||
/DsgoGG5+p/B7Dri153Ta5PxZT5IsMF9e8ispSE0E8sA2QkPxT2GGNRRlvYkzXSF
|
|
||||||
6b9vv3P9IvPA4m2VQRJ6IlUPAmx00n0G9U5BqxrCknSZ242+QG3zFA
|
|
||||||
--- eJGQ5eUCAuhrs7ozhissFClHKDQVgBbkU7ZXbAA4xNg
|
|
||||||
Bñt<C3B1>7ç²û„ÊT]P®°÷7<C3B7>þe†J$_´
|
|
||||||
j*ôH%"žX•â 0Æê‡ë¼$¯Ä/vòÐa¾‰¡>L<>Q*Ç>}ð±/kËÁgç
|
|
Loading…
Reference in a new issue