cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

chore(age): adding bunk credentials to agenix

Browse Source
This commit is contained in:
cnst
2025-09-27 19:54:03 +02:00
parent f6bb6672bb
commit fda7d972c4
1 changed files with 42 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
secrets/secrets.nix
View File

@@ -1,7 +1,11 @@
let let
# --- Users --- # --- Users ---
cnst = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev"; ukima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
kima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix"; rkima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
# --- Hosts: bunk ---
ubunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXCjkKouZrsMoswMIeueO8X/c3kuY3Gb0E9emvkqwUv cnst@cnixpad";
rbunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH72llEVDSHH/FZnjLVCe6zfdkdJRRVg2QL+ifHiPXXk root@cnix";
# --- Hosts: sobotka --- # --- Hosts: sobotka ---
usobotka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5ydTeaWcowmNXdDNqIa/lb5l9w5CAzyF2Kg6U5PSSu cnst@sobotka"; usobotka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5ydTeaWcowmNXdDNqIa/lb5l9w5CAzyF2Kg6U5PSSu cnst@sobotka";
@@ -12,9 +16,13 @@ let
rziggy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnca8xg1MZ4Hx5k5SVFSxcPnWc1O6r7w7JGYzX9aQm8 root@nixos"; rziggy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnca8xg1MZ4Hx5k5SVFSxcPnWc1O6r7w7JGYzX9aQm8 root@nixos";
# --- Groups --- # --- Groups ---
core = [ kima = [
cnst ukima
kima rkima
];
bunk = [
ubunk
rbunk
]; ];
sobotka = [ sobotka = [
usobotka usobotka
@@ -24,38 +32,39 @@ let
uziggy uziggy
rziggy rziggy
]; ];
all = core ++ sobotka ++ ziggy; all = kima ++ bunk ++ sobotka ++ ziggy;
in { in
{
# Generic # Generic
"cnstssh.age".publicKeys = core; "cnstssh.age".publicKeys = kima;
"cnixssh.age".publicKeys = core; "cnixssh.age".publicKeys = kima;
"certpem.age".publicKeys = core; "certpem.age".publicKeys = kima;
"keypem.age".publicKeys = core; "keypem.age".publicKeys = kima;
"mailpwd.age".publicKeys = core; "mailpwd.age".publicKeys = kima;
"gcapi.age".publicKeys = core; "gcapi.age".publicKeys = kima;
# Shared between core + sobotka # Shared between kima + sobotka
"cloudflareEnvironment.age".publicKeys = core ++ sobotka; "cloudflareEnvironment.age".publicKeys = kima ++ sobotka;
"vaultwardenEnvironment.age".publicKeys = core ++ sobotka; "vaultwardenEnvironment.age".publicKeys = kima ++ sobotka;
"homepageEnvironment.age".publicKeys = core ++ sobotka; "homepageEnvironment.age".publicKeys = kima ++ sobotka;
"cloudflareFirewallApiKey.age".publicKeys = core ++ sobotka; "cloudflareFirewallApiKey.age".publicKeys = kima ++ sobotka;
"vaultwardenCloudflared.age".publicKeys = core ++ sobotka; "vaultwardenCloudflared.age".publicKeys = kima ++ sobotka;
"nextcloudCloudflared.age".publicKeys = core ++ sobotka; "nextcloudCloudflared.age".publicKeys = kima ++ sobotka;
"nextcloudAdminPass.age".publicKeys = core ++ sobotka; "nextcloudAdminPass.age".publicKeys = kima ++ sobotka;
"cloudflareDnsApiToken.age".publicKeys = core ++ sobotka; "cloudflareDnsApiToken.age".publicKeys = kima ++ sobotka;
"cloudflareDnsCredentials.age".publicKeys = core ++ sobotka; "cloudflareDnsCredentials.age".publicKeys = kima ++ sobotka;
"wgCredentials.age".publicKeys = core ++ sobotka; "wgCredentials.age".publicKeys = kima ++ sobotka;
"wgSobotkaPrivateKey.age".publicKeys = core ++ sobotka; "wgSobotkaPrivateKey.age".publicKeys = kima ++ sobotka;
"gluetunEnvironment.age".publicKeys = core ++ sobotka; "gluetunEnvironment.age".publicKeys = kima ++ sobotka;
"sobotkaPihole.age".publicKeys = core ++ sobotka; "sobotkaPihole.age".publicKeys = kima ++ sobotka;
"slskd.age".publicKeys = core ++ sobotka; "slskd.age".publicKeys = kima ++ sobotka;
"authentikEnv.age".publicKeys = core ++ sobotka; "authentikEnv.age".publicKeys = kima ++ sobotka;
"traefikEnv.age".publicKeys = core ++ sobotka; "traefikEnv.age".publicKeys = kima ++ sobotka;
# Ziggy-specific # Ziggy-specific
"cloudflareDnsCredentialsZiggy.age".publicKeys = core ++ ziggy; "cloudflareDnsCredentialsZiggy.age".publicKeys = kima ++ ziggy;
"ziggyPihole.age".publicKeys = core ++ ziggy; "ziggyPihole.age".publicKeys = kima ++ ziggy;
# Both sobotka + ziggy (for HA stuff like keepalived) # Both sobotka + ziggy (for HA stuff like keepalived)
"keepalived.age".publicKeys = core ++ sobotka ++ ziggy; "keepalived.age".publicKeys = kima ++ sobotka ++ ziggy;
} }