blob: 3e0c38a0d9bcfa62c28c9b5fa35d4c7d74f3486d (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
let
hosts = {
bree = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFM4wZaYwz8kuu6lNrdrN6QOyouGQ0v1ye+Iwh1jawNi";
mba = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLQTIPZraE+jpMqGkh8yUhNFzRJbMarX5Mky3nETw6c";
mbp = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINXiA49xsrOJp7wOTYeX5+9o3gly8LyN6gvJoNVQmswv";
rivendell = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd";
argonath = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHi9jHqRjpMzXlznTXi4nEtlRlFfyIzB6Ur9A+HDfFoq";
};
users = {
fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdyJepi/NyO6d9eP8m48Ga/gdjB5ENHRXYM1ZqFZR8t";
};
age = [
"age1yubikey1qv92lk8ckjm2qs900h89pz9myl3nfjnz7fc0eluppexyfgc0pfnjusaje3w"
"age1yubikey1qd30fnnxd2uh9lgw0dr7nwvmn003rmzkrg87xfw67gdsf7u0lhm3kd4w8ul"
"age1yubikey1qwrxced5j32ks5cc5aqffwz68yva9ukkz6tx5xm2sjn8swl2evtlsjlmsy9"
];
in
{
"acme-cloudflare-env.age".publicKeys = [
users.fcuny
hosts.argonath
]
++ age;
"restic-pw.age".publicKeys = [
users.fcuny
hosts.rivendell
]
++ age;
"restic-nas-smb-config.age".publicKeys = [
users.fcuny
hosts.rivendell
]
++ age;
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINE3mdcVS7+DPr7MZzIh3JsuI5t4z83j7ZAdAYxFLW4S rsync-nas
"rsync-ssh-nas.age".publicKeys = [
users.fcuny
hosts.rivendell
]
++ age;
# this is the SSH key we use to access the remote builder.
"ssh-remote-builder.age".publicKeys = [
users.fcuny
hosts.mba
]
++ age;
"miniflux-oidc.age".publicKeys = [
users.fcuny
hosts.rivendell
]
++ age;
"grafana-oidc.age".publicKeys = [
users.fcuny
hosts.rivendell
]
++ age;
# generated with:
# openssl rand 64 | openssl base64 -A | tr '+/' '-_' | tr -d '='
"authelia-storage-key.age".publicKeys = [
users.fcuny
hosts.rivendell
]
++ age;
# generated with:
# openssl rand 64 | openssl base64 -A | tr '+/' '-_' | tr -d '='
"authelia-jwt-key.age".publicKeys = [
users.fcuny
hosts.rivendell
]
++ age;
# generated with:
# authelia crypto pair rsa generate
"authelia-jwks.age".publicKeys = [
users.fcuny
hosts.rivendell
]
++ age;
"authelia-users.yaml.age".publicKeys = [
users.fcuny
hosts.rivendell
]
++ age;
"bree/wireguard.age".publicKeys = [
users.fcuny
hosts.bree
]
++ age;
"bree/disk-passphrase.age".publicKeys = [
users.fcuny
hosts.bree
]
++ age;
"bree/disk-unlock-key.age".publicKeys = [
users.fcuny
hosts.bree
]
++ age;
"rivendell/wireguard.age".publicKeys = [
users.fcuny
hosts.rivendell
]
++ age;
"argonath/wireguard.age".publicKeys = [
users.fcuny
hosts.argonath
]
++ age;
"anthropic-api-key.age".publicKeys = [
users.fcuny
hosts.mba
hosts.mbp
]
++ age;
}
|
