let admin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6DjXTAxesXpQ65l659iAjzEb6VpRaWKSg4AXxifPw9 Skynet Admin"; silver_laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQWfVKls31yK1aZeAu5mCE+xycI9Kt3Xoj+gfvEonDg silver@helios"; silver_laptop_2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOmm4CCnpT+tF7vecSrku0+7aDA1z3pQ+PDqZvoCynCR silver@aether"; silver_desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN34yTh0nk7HAz8id5Z/wiIX3H7ptleDyXy5bfbemico Desktop"; thenobrainer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKjaKI97NY7bki07kxAvo95196NXCaMvI1Dx7dMW05Q1 thenobrainer"; eliza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJaVEGPDxG/0gbYJovPB+tiODgBDUABlgc1OokmF3WA eliza-skynet"; esy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINS2UR/o+nK8lNHHTj5I84ZAAp6P+ZhXqhedMfx0KHE4 "; users = [ admin silver_laptop silver_laptop_2 silver_desktop thenobrainer eliza esy ]; agentjones = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHOxA3uYcqS5gTrG1hS8XXwehzQYAI2I4iULtU8cXft root@agentjones"; vendetta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFvcxiSYE38V1IopHj7Z7ZWP1IqnskYCdhj8yCQohVUM root@vendetta"; vigil = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICDsz1bjNAThqwF48dKIJGOECsCKHTj/Gn5Gh9XyzoSO root@vigil"; galatea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII3Mke5YtaMkLvXJxJ3y7YAIEBesoJk3qJyJsnoLUWgW root@galatea"; optimus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqYbbWy3WWtxvD96Hx+RfTx7fJPPirIEa5bOvUILi9r root@optimus"; glados = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ6go7ScvOga9vYqC5HglPfh2Nu8wQTpEKpvIZuMAZom root@glados"; wheatly = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEehcrWqZbTr4+do1ONE9Il/SayP0xXMvhozm845tonN root@wheatly"; kitt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPble6JA2O/Wwv0Fztl/kiV0qj+QMjS+jTTj1Sz8k9xK root@kitt"; gir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINL2qk/e0QBqpTQ2xDjF7Cv4c92jJ53jW2fuu88hAF/u root@gir"; neuromancer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEFAs6lBJSUBRhtZO3zGKhEIlWvqnHFGAQuQ//9FdAn6 root@neuromancer"; skynet = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIFPXJswth8H1k8+zrg8vCnPkfG1hIIa3wR9DBmjpB5 root@skynet"; earth = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMpvgQcvK7iAm0QrIp5qSvUJzDhOrSBN9MJn9JUSI31I root@earth"; cadie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIACcwg27wzzFVvzuTytcnzRmCfGkhULwlHJA/3BeVtgf root@cadie"; marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIAme2vuVpGYX4La/JtXm3zunsWNDP+SlGmBk/pWmYkH root@marvin"; calculon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGsmeBfh4Jw2GOL7Iyswzn4TVNzalDbxDgh7WuQotFxR root@calculon"; ariia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4kV6W1/tP/nf2ZWNhRoV1mK04R4pS+c5vdsA1n5gpN root@ariia"; systems = [ agentjones vendetta vigil galatea optimus glados wheatly kitt gir neuromancer skynet earth cadie marvin calculon ariia ]; dns = [ vendetta vigil ]; email = [ gir ]; ldap = [ kitt ] ++ gitlab ++ email; gitlab = [ glados ]; gitlab_runners = [ wheatly ]; grafana = [ ariia ]; # these need dns stuff webservers = [ # ULFM galatea # Games optimus # skynet is a webserver for users skynet # our offical server earth # nix calculon ] # ldap servers are web facing ++ ldap ++ gitlab ++ nextcloud; restic = [ neuromancer ]; discord = [ kitt ]; nextcloud = [ cadie ]; bitwarden = [ kitt ]; in { # nix run github:ryantm/agenix -- -e secret1.age "dns_certs.secret.age".publicKeys = users ++ systems; "dns_dnskeys.conf.age".publicKeys = users ++ dns; "stream_ulfm.age".publicKeys = users ++ [galatea]; "gitlab/pw.age".publicKeys = users ++ gitlab; "gitlab/db_pw.age".publicKeys = users ++ gitlab; "gitlab/secrets_db.age".publicKeys = users ++ gitlab; "gitlab/secrets_secret.age".publicKeys = users ++ gitlab; "gitlab/secrets_otp.age".publicKeys = users ++ gitlab; "gitlab/secrets_jws.age".publicKeys = users ++ gitlab; "gitlab/ldap_pw.age".publicKeys = users ++ gitlab; "gitlab/runners/runner01.age".publicKeys = users ++ gitlab_runners; "gitlab/runners/runner02.age".publicKeys = users ++ gitlab_runners; "forgejo/runners/token.age".publicKeys = users ++ gitlab_runners; "forgejo/runners/ssh.age".publicKeys = users ++ gitlab_runners; # for ldap "ldap/pw.age".publicKeys = users ++ ldap ++ bitwarden; # for use connectring to teh ldap "ldap/details.age".publicKeys = users ++ ldap ++ discord ++ bitwarden; # everyone has access to this "backup/restic.age".publicKeys = users ++ systems; "backup/restic_pw.age".publicKeys = users ++ restic; # discord bot and discord "discord/token.age".publicKeys = users ++ discord; # email stuff "email/details.age".publicKeys = users ++ ldap ++ discord; # nextcloud "nextcloud/pw.age".publicKeys = users ++ nextcloud; # handles pulling in data from teh wolves api "wolves/details.age".publicKeys = users ++ ldap ++ discord; # for bitwarden connector "bitwarden/id.age".publicKeys = users ++ bitwarden; "bitwarden/secret.age".publicKeys = users ++ bitwarden; "bitwarden/details.age".publicKeys = users ++ bitwarden; # grafana "grafana/pw.age".publicKeys = users ++ grafana; }