Cluster secrets #100

Merged
max merged 17 commits from pr-cluster-secrets into master 2024-07-08 22:23:11 +03:00
4 changed files with 0 additions and 73 deletions
Showing only changes of commit 624961c85e - Show all commits

View file

@ -5,60 +5,17 @@ let
systemKeys = x: x.ssh.id.publicKey or null; systemKeys = x: x.ssh.id.publicKey or null;
in with hosts; in with hosts;
{ {
"cluster/services/attic/attic-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/attic/attic-s3-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/attic/attic-server-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/cachix-deploy-agent/credentials/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
"cluster/services/cachix-deploy-agent/credentials/grail.age".publicKeys = max ++ map systemKeys [ grail ];
"cluster/services/cachix-deploy-agent/credentials/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/cachix-deploy-agent/credentials/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/cachix-deploy-agent/credentials/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
"cluster/services/dns/acme-dns-direct-key.age".publicKeys = max ++ map systemKeys [ checkmate grail thunderskin VEGAS prophet ]; "cluster/services/dns/acme-dns-direct-key.age".publicKeys = max ++ map systemKeys [ checkmate grail thunderskin VEGAS prophet ];
"cluster/services/dns/acme-dns-db-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ]; "cluster/services/dns/acme-dns-db-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
"cluster/services/forge/credentials/forgejo-oidc-secret.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/forge/credentials/forgejo-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/forge/credentials/forgejo-s3-access-key-id.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/forge/credentials/forgejo-s3-secret-access-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-config.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-cache-credentials-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-effects-secrets-private-void.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-hyprspace-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-hyprspace-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-max-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-max-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-nixpak-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-nixpak-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/hercules-ci-multi-agent/secrets/hci-token-private-void-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/idm/secrets/service-account-checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
"cluster/services/idm/secrets/service-account-grail.age".publicKeys = max ++ map systemKeys [ grail ];
"cluster/services/idm/secrets/service-account-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/idm/secrets/service-account-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/idm/secrets/service-account-soda.age".publicKeys = max ++ map systemKeys [ soda ];
"cluster/services/idm/secrets/service-account-thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
"cluster/services/ipfs/cluster-secret.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/ipfs/cluster-pinsvc-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/irc/irc-peer-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ]; "cluster/services/monitoring/secrets/grafana-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ]; "cluster/services/monitoring/secrets/grafana-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
"cluster/services/monitoring/secrets/loki-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "cluster/services/monitoring/secrets/loki-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate grail prophet ]; "cluster/services/monitoring/secrets/secret-monitoring/blackbox.age".publicKeys = max ++ map systemKeys [ checkmate grail prophet ];
"cluster/services/monitoring/secrets/tempo-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "cluster/services/monitoring/secrets/tempo-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/patroni/passwords/metrics.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
"cluster/services/patroni/passwords/replication.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
"cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
"cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ grail thunderskin VEGAS ];
"cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ]; "cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ]; "cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
"cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ]; "cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ grail VEGAS prophet ];
"cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
"cluster/services/wireguard/mesh-keys/grail.age".publicKeys = max ++ map systemKeys [ grail ];
"cluster/services/wireguard/mesh-keys/thunderskin.age".publicKeys = max ++ map systemKeys [ thunderskin ];
"cluster/services/wireguard/mesh-keys/VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/wireguard/mesh-keys/prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"secrets/coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/dovecot-ldap-token.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/dovecot-ldap-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/gitlab-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/gitlab-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/gitlab-initial-root-password.age".publicKeys = max ++ map systemKeys [ VEGAS ];
@ -77,15 +34,9 @@ in with hosts;
"secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/hyprspace-key-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ]; "secrets/hyprspace-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/matrix-appservice-discord-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/searxng-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/synapse-ldap.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/synapse-turn.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"secrets/wireguard-key-storm-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ]; "secrets/wireguard-key-storm-VEGAS.age".publicKeys = max ++ map systemKeys [ VEGAS ];
} }

View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A eDXO2rf1oCP7G9J7pB03shPO9BMIZ2pEhBqlaEiO+DI
Nb6n+yZJ3+ZQQWefjUbV6xiem+4gpOdE0IoA5F9L4zs
-> ssh-ed25519 5/zT0w I/KivuQEA2nwCF0qq4G81dKvwU/Zni2Fuz+xSraW52E
osPx87gVzeEEIPBnhTn0APxBuA/IL8ySuMzzVrjYqEI
-> ssh-ed25519 d3WGuA yrjBtwpNIgsCHG835akTfrwYdncm+yEHT1GnmWQvVnQ
Myfat35n/tjZzsqeaLEZLpZGxwgBKo7lBVi1uMIzsRo
-> 1.=T-grease )oe@8$5 _OQDI/o^ &l$G\
aR164gwY7SDkig
--- 32woYizDIa931hDX2PO8wLOYmnOhSscYaI38pvUmBLs
ÿ2ã(<06>ì°cZÄBý„»¸o" Ê´¡±•¿%¡·W9<01>ãd'ØikCàFƒÆž ˈkPÃVÊNü>ö˜²×[Ý<>»

Binary file not shown.

View file

@ -1,13 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A 2h+cvDs0ZF/4KjtEdZVAt82fol+7LpAZPDDn6AvUOTg
NhTqPo8kezw8958g6XStj+zwfgLtsAVUFZ6Utj5SgUM
-> ssh-ed25519 5/zT0w CxBTfWH4/UfDAdo3G30bHleMU9FdRdTA4RapQN25ISU
F+fvzsSuMv3kINJmEodraZcC16WbslE0w4oDo6sSjqA
-> ssh-ed25519 d3WGuA IdssM5x5IKzLJeQNyGS6CFDcre0w6yG+X8WToFU66R8
95lNHp1fepWe6CqecaGNZhg7Oh7lBw86UeSRGY7w1wE
-> y>hqw-grease m, z7 ;#ddi
/DsgoGG5+p/B7Dri153Ta5PxZT5IsMF9e8ispSE0E8sA2QkPxT2GGNRRlvYkzXSF
6b9vv3P9IvPA4m2VQRJ6IlUPAmx00n0G9U5BqxrCknSZ242+QG3zFA
--- eJGQ5eUCAuhrs7ozhissFClHKDQVgBbkU7ZXbAA4xNg
Bñt<C3B1>7ç²û„ÊT]P®°÷7<C3B7>þe†J$_´
j*ôH%"žX•â 0Æê‡ë¼$¯Ä/vòÐa¾‰¡>L<>Q*Ç>}ð±/kËÁgç