nibylandia/secrets.nix

let
  ar_khas =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas";
  ar_microlith =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt ar@microlith";
  ar = [ ar_khas ar_microlith ];

  scylla =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1X7EaPNfLhWH32IAyaZj2dhJz+QLnyGuXPCZUYRTjg";
  khas =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6VxPqJHYKmVB5d7bd6vuRqBNKXV1fo2R/WvdSF77xa";
  zorigami =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/7CsIWlJH2F0VQpgsGgZOQeAd7Zh98WpCvmTyXCTty";
  stereolith =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVuDOcKE8ANKGjd6kfFH1qLLzLwg91o0exJ0isIEw4O";
  microlith =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDghNuH/3G+0BXwrBZWZXX0V3K0tfu/Q/AKokLXY5zTD";
  akamanto =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKb4i+BmIb2wiT4y5uWsCOmSo1dRp6Ql36toUsRHN6pC";
in {

  "secrets/secureboot-key.age".publicKeys = ar
    ++ [ khas microlith zorigami scylla ];
  "secrets/secureboot-cert.age".publicKeys = ar
    ++ [ khas microlith zorigami scylla ];
  "secrets/khas-ar.age".publicKeys = ar ++ [ khas ];
  "secrets/microlith-ar.age".publicKeys = ar ++ [ microlith ];
  "secrets/nix-store.age".publicKeys = ar
    ++ [ zorigami scylla stereolith khas microlith akamanto ];
  "secrets/wg/nibylandia_scylla.age".publicKeys = ar ++ [ scylla ];
  "secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = ar ++ [ scylla ];
  "secrets/lan/nibylandia-ddns-kea.age".publicKeys = ar ++ [ scylla ];
  "secrets/lan/nibylandia-ddns-bind.age".publicKeys = ar ++ [ scylla ];
  "secrets/notbotEnvironment.age".publicKeys = ar ++ [ zorigami ];
  "secrets/nextCloudAdmin.age".publicKeys = ar ++ [ zorigami ];
  "secrets/nextCloudExporter.age".publicKeys = ar ++ [ zorigami ];
  "secrets/norkclubMinecraftRestic.age".publicKeys = ar ++ [ zorigami ];
  "secrets/cassAuth.age".publicKeys = ar ++ [ zorigami ];
  "secrets/miniflux.age".publicKeys = ar ++ [ zorigami ];
  "secrets/stuffAuth.age".publicKeys = ar ++ [ stereolith ];
  "secrets/wg/nibylandia_zorigami.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/ar.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/apo.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/amie.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/mastodon.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/mastodonPlain.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/madargon.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/enki.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/matrix.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/vaultwarden.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/vaultwardenPlain.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/keycloak.age".publicKeys = ar ++ [ zorigami ];
  "secrets/mail/keycloakPlain.age".publicKeys = ar ++ [ zorigami ];
  "secrets/keycloakDatabase.age".publicKeys = ar ++ [ zorigami ];
  "secrets/synapseExtraConfig.age".publicKeys = ar ++ [ zorigami ];
  "secrets/gitea-runner-token-zorigami.age".publicKeys = ar ++ [ zorigami ];
  "secrets/gitea-runner-token-scylla.age".publicKeys = ar ++ [ scylla ];
  "secrets/ci-secrets.age".publicKeys = ar ++ [
    scylla
    zorigami
  ]; # TODO: we're not getting ssh keys for the generated disk image, so we need to embed it at disk image build time

  inherit ar;
}
scaffolding 2023-09-03 11:35:16 +00:00			`let`
			`ar_khas =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGfIRe1nH6vwjQTjqHNnkKAdr1VYqGEeQnqInmf3A6UN ar@khas";`
			`ar_microlith =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6rEwERSm/Fj4KO4SxFIo0BUvi9YNyf8PSL1FteMcMt ar@microlith";`
			`ar = [ ar_khas ar_microlith ];`

			`scylla =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN1X7EaPNfLhWH32IAyaZj2dhJz+QLnyGuXPCZUYRTjg";`
Basic secureboot and khas (laptop) config 2023-09-18 20:42:25 +00:00			`khas =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO6VxPqJHYKmVB5d7bd6vuRqBNKXV1fo2R/WvdSF77xa";`
scaffolding 2023-09-03 11:35:16 +00:00			`zorigami =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/7CsIWlJH2F0VQpgsGgZOQeAd7Zh98WpCvmTyXCTty";`
			`stereolith =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVuDOcKE8ANKGjd6kfFH1qLLzLwg91o0exJ0isIEw4O";`
nixos/microlith: initial import 2023-10-08 22:07:57 +00:00			`microlith =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDghNuH/3G+0BXwrBZWZXX0V3K0tfu/Q/AKokLXY5zTD";`
nixos/akamanto: we have klipper working, somewhat 2023-10-27 04:07:03 +00:00			`akamanto =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKb4i+BmIb2wiT4y5uWsCOmSo1dRp6Ql36toUsRHN6pC";`
scaffolding 2023-09-03 11:35:16 +00:00			`in {`

.: microvm experiments + zorigami 2023-10-14 21:24:33 +00:00			`"secrets/secureboot-key.age".publicKeys = ar`
			`++ [ khas microlith zorigami scylla ];`
			`"secrets/secureboot-cert.age".publicKeys = ar`
			`++ [ khas microlith zorigami scylla ];`
Actually working configuration for khas + cleanups 2023-10-08 16:11:54 +00:00			`"secrets/khas-ar.age".publicKeys = ar ++ [ khas ];`
nixos/microlith: initial import 2023-10-08 22:07:57 +00:00			`"secrets/microlith-ar.age".publicKeys = ar ++ [ microlith ];`
.: enable using ci-hosts as substituters 2023-10-20 11:15:59 +00:00			`"secrets/nix-store.age".publicKeys = ar`
nixos/akamanto: we have klipper working, somewhat 2023-10-27 04:07:03 +00:00			`++ [ zorigami scylla stereolith khas microlith akamanto ];`
scaffolding 2023-09-03 11:35:16 +00:00			`"secrets/wg/nibylandia_scylla.age".publicKeys = ar ++ [ scylla ];`
			`"secrets/wg/dn42_w1kl4s_scylla.age".publicKeys = ar ++ [ scylla ];`
			`"secrets/lan/nibylandia-ddns-kea.age".publicKeys = ar ++ [ scylla ];`
			`"secrets/lan/nibylandia-ddns-bind.age".publicKeys = ar ++ [ scylla ];`
.: microvm experiments + zorigami 2023-10-14 21:24:33 +00:00			`"secrets/notbotEnvironment.age".publicKeys = ar ++ [ zorigami ];`
scaffolding 2023-09-03 11:35:16 +00:00			`"secrets/nextCloudAdmin.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/nextCloudExporter.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/norkclubMinecraftRestic.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/cassAuth.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/miniflux.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/stuffAuth.age".publicKeys = ar ++ [ stereolith ];`
			`"secrets/wg/nibylandia_zorigami.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/mail/ar.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/mail/apo.age".publicKeys = ar ++ [ zorigami ];`
.: microvm experiments + zorigami 2023-10-14 21:24:33 +00:00			`"secrets/mail/amie.age".publicKeys = ar ++ [ zorigami ];`
scaffolding 2023-09-03 11:35:16 +00:00			`"secrets/mail/mastodon.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/mail/mastodonPlain.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/mail/madargon.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/mail/enki.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/mail/matrix.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/mail/vaultwarden.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/mail/vaultwardenPlain.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/mail/keycloak.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/mail/keycloakPlain.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/keycloakDatabase.age".publicKeys = ar ++ [ zorigami ];`
.: microvm experiments + zorigami 2023-10-14 21:24:33 +00:00			`"secrets/synapseExtraConfig.age".publicKeys = ar ++ [ zorigami ];`
ci: run from hswaw forgejo on our own hosts 2023-10-14 23:29:23 +00:00			`"secrets/gitea-runner-token-zorigami.age".publicKeys = ar ++ [ zorigami ];`
			`"secrets/gitea-runner-token-scylla.age".publicKeys = ar ++ [ scylla ];`
ci-runners: secret available at image build time 2023-10-23 12:11:38 +00:00			`"secrets/ci-secrets.age".publicKeys = ar ++ [`
			`scylla`
			`zorigami`
			`]; # TODO: we're not getting ssh keys for the generated disk image, so we need to embed it at disk image build time`
Actually working configuration for khas + cleanups 2023-10-08 16:11:54 +00:00
			`inherit ar;`
scaffolding 2023-09-03 11:35:16 +00:00			`}`