infra/secrets/secrets.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

83 lines
4 KiB
Nix
Raw Normal View History

let
2024-04-03 18:54:40 +00:00
admins = import ../logins/admins.nix;
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
flora-6-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@flora-6";
2024-05-22 19:49:34 +00:00
metronom-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLX6UvvrKALKL0xsNnytLPHryzZF5evUnxAgGokf14i root@metronom";
tankstelle-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdF6cJKPDiloWiDja1ZtqkXDdXOCHPs10HD+JMzgeU4 root@tankstelle";
2024-04-03 18:54:40 +00:00
adminKeys = builtins.foldl' (
keys: login: keys ++ (builtins.attrValues login.secretEncryptionKeys)
) [ ] (builtins.attrValues admins);
nachtigallKeys = [ nachtigall-host ];
tankstelleKeys = [ tankstelle-host ];
flora6Keys = [ flora-6-host ];
2024-05-22 19:49:34 +00:00
metronomKeys = [ metronom-host ];
in
{
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall
2024-04-03 18:54:40 +00:00
"nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ adminKeys;
"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
2024-05-30 17:17:21 +00:00
"tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;
2024-04-03 18:54:40 +00:00
"flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
2024-05-22 19:49:34 +00:00
"metronom-wg-private-key.age".publicKeys = metronomKeys ++ adminKeys;
2024-04-03 18:54:40 +00:00
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
"mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
"mastodon-vapid-public-key.age".publicKeys = nachtigallKeys ++ adminKeys;
"mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ adminKeys;
"mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
2024-04-03 18:54:40 +00:00
"keycloak-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
2023-10-28 19:46:18 +00:00
2024-04-03 18:54:40 +00:00
"forgejo-actions-runner-token.age".publicKeys = flora6Keys ++ adminKeys;
"tankstelle-forgejo-actions-runner-token.age".publicKeys = tankstelleKeys ++ adminKeys;
2024-04-03 18:54:40 +00:00
"forgejo-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
"forgejo-mailer-password.age".publicKeys = nachtigallKeys ++ adminKeys;
2024-04-05 17:14:10 +00:00
"forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
2024-04-03 18:54:40 +00:00
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys;
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
"matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
2023-10-28 16:53:02 +00:00
2024-04-03 18:54:40 +00:00
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys;
2023-10-29 14:38:44 +00:00
2024-04-03 18:54:40 +00:00
"searx-environment.age".publicKeys = nachtigallKeys ++ adminKeys;
2024-04-03 18:54:40 +00:00
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
2024-04-03 18:54:40 +00:00
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;
2024-04-03 18:54:40 +00:00
"mediawiki-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
"mediawiki-admin-password.age".publicKeys = nachtigallKeys ++ adminKeys;
"mediawiki-oidc-client-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
"mediawiki-secret-key.age".publicKeys = nachtigallKeys ++ adminKeys;
2024-04-03 18:54:40 +00:00
"coturn-static-auth-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
2024-04-03 18:54:40 +00:00
"grafana-admin-password.age".publicKeys = flora6Keys ++ adminKeys;
"grafana-keycloak-client-secret.age".publicKeys = flora6Keys ++ adminKeys;
"grafana-smtp-password.age".publicKeys = flora6Keys ++ adminKeys;
2024-05-15 15:15:46 +00:00
"alertmanager-envfile.age".publicKeys = flora6Keys ++ adminKeys;
2024-04-03 18:54:40 +00:00
"nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ adminKeys;
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys =
flora6Keys ++ nachtigallKeys ++ adminKeys;
"obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
"obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys;
2024-05-22 19:49:34 +00:00
# mail
"mail/hensoko.age".publicKeys = metronomKeys ++ adminKeys;
}