2023-10-28 14:45:30 +00:00
|
|
|
let
|
2024-04-03 18:54:40 +00:00
|
|
|
admins = import ../logins/admins.nix;
|
2023-10-28 14:45:30 +00:00
|
|
|
|
|
|
|
nachtigall-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7G0ufi+MNvaAZLDgpieHrABPGN7e/kD5kMFwSk4ABj root@nachtigall";
|
2023-11-06 20:28:37 +00:00
|
|
|
flora-6-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@flora-6";
|
2024-05-22 19:49:34 +00:00
|
|
|
metronom-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLX6UvvrKALKL0xsNnytLPHryzZF5evUnxAgGokf14i root@metronom";
|
2024-05-29 15:45:23 +00:00
|
|
|
tankstelle-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdF6cJKPDiloWiDja1ZtqkXDdXOCHPs10HD+JMzgeU4 root@tankstelle";
|
2023-10-28 14:45:30 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
adminKeys = builtins.foldl' (
|
|
|
|
keys: login: keys ++ (builtins.attrValues login.secretEncryptionKeys)
|
|
|
|
) [ ] (builtins.attrValues admins);
|
2023-10-28 14:45:30 +00:00
|
|
|
|
|
|
|
nachtigallKeys = [ nachtigall-host ];
|
2023-11-06 20:28:37 +00:00
|
|
|
|
2024-05-29 15:45:23 +00:00
|
|
|
tankstelleKeys = [ tankstelle-host ];
|
|
|
|
|
2023-11-06 20:28:37 +00:00
|
|
|
flora6Keys = [ flora-6-host ];
|
2024-05-22 19:49:34 +00:00
|
|
|
|
|
|
|
metronomKeys = [ metronom-host ];
|
2023-10-28 14:45:30 +00:00
|
|
|
in
|
|
|
|
{
|
2023-11-05 18:35:37 +00:00
|
|
|
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall
|
2024-04-03 18:54:40 +00:00
|
|
|
"nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
|
|
|
|
"nachtigall-wg-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2024-05-30 17:17:21 +00:00
|
|
|
"tankstelle-wg-private-key.age".publicKeys = tankstelleKeys ++ adminKeys;
|
2024-04-03 18:54:40 +00:00
|
|
|
"flora6-wg-private-key.age".publicKeys = flora6Keys ++ adminKeys;
|
2024-05-22 19:49:34 +00:00
|
|
|
"metronom-wg-private-key.age".publicKeys = metronomKeys ++ adminKeys;
|
2023-11-05 18:35:37 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
"mastodon-secret-key-base.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"mastodon-otp-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"mastodon-vapid-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"mastodon-vapid-public-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"mastodon-smtp-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"mastodon-extra-env-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2023-10-28 19:28:01 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
"keycloak-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2023-10-28 19:46:18 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
"forgejo-actions-runner-token.age".publicKeys = flora6Keys ++ adminKeys;
|
2024-05-29 15:45:23 +00:00
|
|
|
"tankstelle-forgejo-actions-runner-token.age".publicKeys = tankstelleKeys ++ adminKeys;
|
2024-04-03 18:54:40 +00:00
|
|
|
"forgejo-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"forgejo-mailer-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2024-04-05 17:14:10 +00:00
|
|
|
"forgejo-ssh-private-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2023-10-28 00:21:34 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
"matrix-mautrix-telegram-env-file.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"matrix-synapse-signing-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"matrix-synapse-secret-config.yaml.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"matrix-synapse-sliding-sync-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2023-10-28 16:53:02 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
"nextcloud-secrets.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2023-10-29 14:38:44 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
"searx-environment.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2023-11-05 21:54:09 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2023-11-06 20:28:37 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
"drone-db-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
|
|
|
"drone-secrets.age".publicKeys = flora6Keys ++ adminKeys;
|
2023-10-30 00:22:34 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
"mediawiki-database-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"mediawiki-admin-password.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"mediawiki-oidc-client-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"mediawiki-secret-key.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2023-11-19 16:22:09 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
"coturn-static-auth-secret.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2023-12-03 13:19:30 +00:00
|
|
|
|
2024-04-03 18:54:40 +00:00
|
|
|
"grafana-admin-password.age".publicKeys = flora6Keys ++ adminKeys;
|
|
|
|
"grafana-keycloak-client-secret.age".publicKeys = flora6Keys ++ adminKeys;
|
|
|
|
"grafana-smtp-password.age".publicKeys = flora6Keys ++ adminKeys;
|
2023-12-06 18:11:45 +00:00
|
|
|
|
2024-05-15 15:15:46 +00:00
|
|
|
"alertmanager-envfile.age".publicKeys = flora6Keys ++ adminKeys;
|
2024-04-03 18:54:40 +00:00
|
|
|
"nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys =
|
|
|
|
flora6Keys ++ nachtigallKeys ++ adminKeys;
|
2024-02-22 18:20:24 +00:00
|
|
|
|
|
|
|
"obs-portal-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
|
|
|
"obs-portal-database-env.age".publicKeys = nachtigallKeys ++ adminKeys;
|
2024-05-22 19:49:34 +00:00
|
|
|
|
|
|
|
# mail
|
|
|
|
"mail/hensoko.age".publicKeys = metronomKeys ++ adminKeys;
|
2023-10-28 14:45:30 +00:00
|
|
|
}
|