secrets: move all the secrets under module/

Refactor a bit the configuration, which should simplify the management
and usage of secrets from now on.

1 files changed, 27 insertions, 0 deletions

diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
new file mode 100644
index 0000000..45b1d33
--- /dev/null
+++ b/modules/secrets/secrets.nix
@@ -0,0 +1,27 @@
+let
+  fcuny_aptos =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl";
+  users = [ fcuny_aptos ];
+
+  aptos =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTcPGaiL+/Mwl8JzLHrBwas7QvWPjix4lnaAA1tw+5t";
+  tahoe =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEq1IQRvj2jofCHOO6M28w2SRdgtHU06NJvwAwv/b69F";
+
+  systems = [ aptos tahoe ];
+in {
+  "network/aptos/wireguard_privatekey.age".publicKeys = [ fcuny_aptos aptos ];
+
+  "network/tahoe/wireguard_privatekey.age".publicKeys =
+    [ fcuny_aptos aptos tahoe ];
+
+  "traefik/gcp_service_account.json.age".publicKeys =
+    [ fcuny_aptos aptos tahoe ];
+
+  "unifi/unifi-poller.age".publicKeys = [ fcuny_aptos aptos tahoe ];
+
+  "restic/repo-systems.age".publicKeys = [ fcuny_aptos aptos tahoe ];
+  "rclone/config.ini.age".publicKeys = [ fcuny_aptos aptos tahoe ];
+  "rclone/gcs_service_account.json.age".publicKeys =
+    [ fcuny_aptos aptos tahoe ];
+}