path: root/secrets/secrets.nix

   
           
let
  hosts = {
    bree = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFM4wZaYwz8kuu6lNrdrN6QOyouGQ0v1ye+Iwh1jawNi";
    mba = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLQTIPZraE+jpMqGkh8yUhNFzRJbMarX5Mky3nETw6c";
    rivendell = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd";
    argonath = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHi9jHqRjpMzXlznTXi4nEtlRlFfyIzB6Ur9A+HDfFoq";
  };
  users = {
    fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdyJepi/NyO6d9eP8m48Ga/gdjB5ENHRXYM1ZqFZR8t";
  };
in
{
  "acme-cloudflare-env.age".publicKeys = [
    users.fcuny
    hosts.argonath
  ];

  "restic-pw.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  "restic-nas-smb-config.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  # this is the SSH key we use to access the remote builder.
  "ssh-remote-builder.age".publicKeys = [
    users.fcuny
    hosts.mba
  ];

  "miniflux-oidc.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  # generated with:
  # openssl rand 64 | openssl base64 -A | tr '+/' '-_' | tr -d '='
  "authelia-storage-key.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  # generated with:
  # openssl rand 64 | openssl base64 -A | tr '+/' '-_' | tr -d '='
  "authelia-jwt-key.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  # generated with:
  # authelia crypto pair rsa generate
  "authelia-jwks.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  "authelia-users.yaml.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  "bree/wireguard.age".publicKeys = [
    users.fcuny
    hosts.bree
  ];

  "bree/disk-passphrase.age".publicKeys = [
    users.fcuny
    hosts.bree
  ];

  "bree/disk-unlock-key.age".publicKeys = [
    users.fcuny
    hosts.bree
  ];

  "rivendell/wireguard.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  "argonath/wireguard.age".publicKeys = [
    users.fcuny
    hosts.argonath
  ];
}
let
  hosts = {
    bree = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFM4wZaYwz8kuu6lNrdrN6QOyouGQ0v1ye+Iwh1jawNi";
    mba = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLQTIPZraE+jpMqGkh8yUhNFzRJbMarX5Mky3nETw6c";
    rivendell = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd";
    argonath = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHi9jHqRjpMzXlznTXi4nEtlRlFfyIzB6Ur9A+HDfFoq";
  };
  users = {
    fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdyJepi/NyO6d9eP8m48Ga/gdjB5ENHRXYM1ZqFZR8t";
  };
in
{
  "acme-cloudflare-env.age".publicKeys = [
    users.fcuny
    hosts.argonath
  ];

  "restic-pw.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  "restic-nas-smb-config.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  # this is the SSH key we use to access the remote builder.
  "ssh-remote-builder.age".publicKeys = [
    users.fcuny
    hosts.mba
  ];

  "miniflux-oidc.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  # generated with:
  # openssl rand 64 | openssl base64 -A | tr '+/' '-_' | tr -d '='
  "authelia-storage-key.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  # generated with:
  # openssl rand 64 | openssl base64 -A | tr '+/' '-_' | tr -d '='
  "authelia-jwt-key.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  # generated with:
  # authelia crypto pair rsa generate
  "authelia-jwks.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  "authelia-users.yaml.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  "bree/wireguard.age".publicKeys = [
    users.fcuny
    hosts.bree
  ];

  "bree/disk-passphrase.age".publicKeys = [
    users.fcuny
    hosts.bree
  ];

  "bree/disk-unlock-key.age".publicKeys = [
    users.fcuny
    hosts.bree
  ];

  "rivendell/wireguard.age".publicKeys = [
    users.fcuny
    hosts.rivendell
  ];

  "argonath/wireguard.age".publicKeys = [
    users.fcuny
    hosts.argonath
  ];
}