nixos/secrets/secrets.nix

148 lines
4.4 KiB
Nix
Raw Permalink Normal View History

2023-01-25 11:48:44 +00:00
let
admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin";
2023-09-26 00:26:24 +00:00
silver_laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWfVKls31yK1aZeAu5mCE+xycI9Kt3Xoj+gfvEonDg NixOS Laptop";
silver_desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN34yTh0nk7HAz8id5Z/wiIX3H7ptleDyXy5bfbemico Desktop";
thenobrainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer";
2023-01-25 11:48:44 +00:00
users = [
admin
2023-09-26 00:26:24 +00:00
silver_laptop
silver_desktop
thenobrainer
2023-01-25 11:48:44 +00:00
];
agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHOxA3uYcqS5gTrG1hS8XXwehzQYAI2I4iULtU8cXft root@agentjones";
vendetta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvcxiSYE38V1IopHj7Z7ZWP1IqnskYCdhj8yCQohVUM root@vendetta";
vigil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDsz1bjNAThqwF48dKIJGOECsCKHTj/Gn5Gh9XyzoSO root@vigil";
2023-04-20 18:21:28 +00:00
galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea";
optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus";
2023-06-15 01:47:56 +00:00
glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados";
2023-06-17 18:37:06 +00:00
wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEehcrWqZbTr4+do1ONE9Il/SayP0xXMvhozm845tonN root@wheatly";
2023-05-16 22:18:40 +00:00
kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt";
gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir";
neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFAs6lBJSUBRhtZO3zGKhEIlWvqnHFGAQuQ//9FdAn6 root@neuromancer";
2023-07-20 21:42:01 +00:00
skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet";
earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth";
2023-10-25 18:28:28 +00:00
cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie";
marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin";
2023-01-25 11:48:44 +00:00
systems = [
agentjones
vendetta
vigil
galatea
optimus
glados
wheatly
kitt
gir
neuromancer
2023-07-20 21:42:01 +00:00
skynet
earth
2023-10-25 18:28:28 +00:00
cadie
marvin
];
dns = [
vendetta
vigil
];
2023-04-23 03:22:01 +00:00
email = [
gir
];
ldap =
[
kitt
]
++ gitlab
++ email;
2023-06-15 01:47:56 +00:00
gitlab = [
glados
];
2023-06-17 18:37:06 +00:00
gitlab_runners = [
wheatly
];
# these need dns stuff
webservers =
[
# ULFM
galatea
# Games
optimus
# skynet is a webserver for users
skynet
# our offical server
earth
]
# ldap servers are web facing
++ ldap
2023-10-25 18:28:28 +00:00
++ gitlab
++ nextcloud;
2023-05-24 19:57:49 +00:00
restic = [
neuromancer
];
discord = [
kitt
];
nextcloud = [
2023-10-25 18:28:28 +00:00
cadie
];
bitwarden = [
kitt
];
in {
2023-01-25 11:48:44 +00:00
# nix run github:ryantm/agenix -- -e secret1.age
"dns_certs.secret.age".publicKeys = users ++ webservers;
"dns_dnskeys.conf.age".publicKeys = users ++ dns;
2023-04-21 00:44:11 +00:00
"stream_ulfm.age".publicKeys = users ++ [galatea];
2023-04-21 00:44:11 +00:00
2023-06-15 01:47:56 +00:00
"gitlab/pw.age".publicKeys = users ++ gitlab;
"gitlab/db_pw.age".publicKeys = users ++ gitlab;
"gitlab/secrets_db.age".publicKeys = users ++ gitlab;
"gitlab/secrets_secret.age".publicKeys = users ++ gitlab;
"gitlab/secrets_otp.age".publicKeys = users ++ gitlab;
"gitlab/secrets_jws.age".publicKeys = users ++ gitlab;
"gitlab/ldap_pw.age".publicKeys = users ++ gitlab;
2023-05-16 15:40:49 +00:00
2023-06-17 18:37:06 +00:00
"gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners;
"gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners;
2023-06-17 18:37:06 +00:00
# for ldap
"ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden;
# for use connectring to teh ldap
"ldap/details.age".publicKeys = users ++ ldap ++ discord ++ bitwarden;
# everyone has access to this
"backup/restic.age".publicKeys = users ++ systems;
"backup/restic_pw.age".publicKeys = users ++ restic;
# discord bot and discord
"discord/ldap.age".publicKeys = users ++ ldap ++ discord;
2023-08-28 17:01:34 +00:00
"discord/token.age".publicKeys = users ++ discord;
# email stuff
"email/details.age".publicKeys = users ++ ldap ++ discord;
# nextcloud
"nextcloud/pw.age".publicKeys = users ++ nextcloud;
2023-10-27 01:25:21 +00:00
# handles pulling in data from teh wolves api
"wolves/details.age".publicKeys = users ++ ldap ++ discord;
# for bitwarden connector
"bitwarden/id.age".publicKeys = users ++ bitwarden;
"bitwarden/secret.age".publicKeys = users ++ bitwarden;
"bitwarden/details.age".publicKeys = users ++ bitwarden;
}