secrets: move the actual secrets with hosts config

Having the secrets closer to the host is easier to manage. At the moment I don't have secrets that are shared across multiple hosts, so that's an OK approach.
author: Franck Cuny <franck@fcuny.net> 2022-04-13 10:23:20 -0700
committer: Franck Cuny <franck@fcuny.net> 2022-04-13 10:23:20 -0700
commit: 5e4d8a007254b9811c86b2ea142a280c9828271d (patch)
tree: 83c1b8e3ab3b502cb82c79d8438e201334f012c4 /hosts/tahoe/secrets/secrets.nix
parent: secrets: fix the path to the ssh key (diff)
download: infra-5e4d8a007254b9811c86b2ea142a280c9828271d.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
new file mode 100644
index 0000000..d6b7272
--- /dev/null
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -0,0 +1,14 @@
+let
+  fcuny_aptos =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl";
+in {
+  "wireguard_privatekey.age".publicKeys = [ fcuny_aptos ];
+
+  "traefik/gcp_service_account.json.age".publicKeys = [ fcuny_aptos ];
+
+  "unifi/unifi-poller.age".publicKeys = [ fcuny_aptos ];
+
+  "restic/repo-systems.age".publicKeys = [ fcuny_aptos ];
+  "rclone/config.ini.age".publicKeys = [ fcuny_aptos ];
+  "rclone/gcs_service_account.json.age".publicKeys = [ fcuny_aptos ];
+}
author	Franck Cuny <franck@fcuny.net>	2022-04-13 10:23:20 -0700
committer	Franck Cuny <franck@fcuny.net>	2022-04-13 10:23:20 -0700
commit	5e4d8a007254b9811c86b2ea142a280c9828271d (patch)
tree	83c1b8e3ab3b502cb82c79d8438e201334f012c4 /hosts/tahoe/secrets/secrets.nix
parent	secrets: fix the path to the ssh key (diff)
download	infra-5e4d8a007254b9811c86b2ea142a280c9828271d.tar.gz