let admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"; silver_laptop_wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHNLroAjCVR9Tx382cqdxPZ5KY32r/yoQH1mgsYNqpm Silver_Laptop_WSL_Deb"; thenobrainer ="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"; users = [ admin silver_laptop_wsl thenobrainer ]; # change this when its properly set up agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAbqYQrdVHmGgXZJoMWWRDGVEIj775Zrf4PxB5hoth+k root@agentjones"; ash = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJDVQGjIwMQmkElGshgKDAlChM2xdNN6iI5Ap2IbAs5"; # dns servers vendetta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxTrUPZPqttuxfmmP8BTACTAkv1yY1nfzEd64hN4LT+ root@vendetta"; vigil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDsz1bjNAThqwF48dKIJGOECsCKHTj/Gn5Gh9XyzoSO root@vigil"; galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea"; optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus"; glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados"; wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEehcrWqZbTr4+do1ONE9Il/SayP0xXMvhozm845tonN root@wheatly"; kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt"; gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir"; neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7NRDOGzSO4XVEezMS/9pI3chKbOH0fw2aikLRvea2P root@neuromancer"; skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet"; systems = [ agentjones ash vendetta vigil galatea optimus glados wheatly kitt gir neuromancer skynet ]; dns = [ vendetta vigil ]; email = [ gir ]; ldap = [ kitt ] ++ gitlab ++ email; gitlab = [ glados ]; gitlab_runners = [ wheatly ]; # these need dns stuff webservers = [ # ULFM galatea # Games optimus # skynet is a webserver skynet ] # ldap servers are web facing ++ ldap ++ gitlab; restic = [ neuromancer ]; in { # nix run github:ryantm/agenix -- -e secret1.age "dns_certs.secret.age".publicKeys = users ++ webservers; "dns_dnskeys.conf.age".publicKeys = users ++ dns; "stream_ulfm.age".publicKeys = users ++ [galatea]; "gitlab/pw.age".publicKeys = users ++ gitlab; "gitlab/db_pw.age".publicKeys = users ++ gitlab; "gitlab/secrets_db.age".publicKeys = users ++ gitlab; "gitlab/secrets_secret.age".publicKeys = users ++ gitlab; "gitlab/secrets_otp.age".publicKeys = users ++ gitlab; "gitlab/secrets_jws.age".publicKeys = users ++ gitlab; "gitlab/ldap_pw.age".publicKeys = users ++ gitlab; "gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners; "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners; # for ldap "ldap/pw.age".publicKeys = users ++ ldap; "ldap/self_service.age".publicKeys = users ++ ldap; # everyone has access to this "backup/restic.age".publicKeys = users ++ systems; "backup/restic_pw.age".publicKeys = users ++ restic; }