2022-11-20 20:29:49 +00:00
|
|
|
|
let
|
2023-01-21 19:06:39 +00:00
|
|
|
|
users = {
|
|
|
|
|
jake = {
|
|
|
|
|
gendry = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw4lgH20nfuchDqvVf0YciqN0GnBw5hfh8KIun5z0P7wlNgVYnCyvPvdIlGf2Nt1z5EGfsMzMLhKDOZkcTMlhupd+j2Er/ZB764uVBGe1n3CoPeasmbIlnamZ12EusYDvQGm2hVJTGQPPp9nKaRxr6ljvTMTNl0KWlWvKP4kec74d28MGgULOPLT3HlAyvUymSULK4lSxFK0l97IVXLa8YwuL5TNFGHUmjoSsi/Q7/CKaqvNh+ib1BYHzHYsuEzaaApnCnfjDBNexHm/AfbI7s+g3XZDcZOORZn6r44dOBNFfwvppsWj3CszwJQYIFeJFuMRtzlC8+kyYxci0+FXHn";
|
|
|
|
|
mbp = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAyFsYYjLZ/wyw8XUbcmkk6OKt2IqLOnWpRE5gEvm3X0V4IeTOL9F4IL79h7FTsPvi2t9zGBL1hxeTMZHSGfrdWaMJkQp94gA1W30MKXvJ47nEVt0HUIOufGqgTTaAn4BHxlFUBUuS7UxaA4igFpFVoPJed7ZMhMqxg+RWUmBAkcgTWDMgzUx44TiNpzkYlG8cYuqcIzpV2dhGn79qsfUzBMpGJgkxjkGdDEHRk66JXgD/EtVasZvqp5/KLNnOpisKjR88UJKJ6/buV7FLVra4/0hA9JtH9e1ecCfxMPbOeluaxlieEuSXV2oJMbQoPP87+/QriNdi/6QuCHkMDEhyGw==";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
jake_users = builtins.attrValues users.jake;
|
|
|
|
|
|
|
|
|
|
systems = {
|
|
|
|
|
uk = {
|
|
|
|
|
co = {
|
|
|
|
|
hillion = {
|
|
|
|
|
ts = {
|
2024-04-22 20:49:43 +01:00
|
|
|
|
cx = {
|
2024-04-28 10:26:06 +01:00
|
|
|
|
boron = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtcJ7HY/vjtheMV8EN2wlTw1hU53CJebGIeRJcSkzt5 root@boron";
|
2024-04-22 20:49:43 +01:00
|
|
|
|
};
|
2023-05-09 20:20:29 +01:00
|
|
|
|
home = {
|
|
|
|
|
microserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw root@microserver";
|
|
|
|
|
router = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu root@router";
|
|
|
|
|
};
|
2024-04-21 16:04:30 +01:00
|
|
|
|
lt = { be = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV3OSUT+cqFqrFHZGfn7/xi5FW3n1qjUFy8zBbYs2Sm root@be"; };
|
2024-04-19 18:22:40 +01:00
|
|
|
|
pop = { li = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u root@li"; };
|
2023-01-21 19:06:39 +00:00
|
|
|
|
terminals = { jakehillion = { gendry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c root@gendry"; }; };
|
2024-02-11 22:33:15 +00:00
|
|
|
|
storage = {
|
|
|
|
|
tywin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k root@tywin";
|
|
|
|
|
theon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN59psLVu3/sQORA4x3p8H3ei8MCQlcwX5T+k3kBeBMf root@theon";
|
|
|
|
|
};
|
2023-01-21 19:06:39 +00:00
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
all_systems = builtins.attrValues systems;
|
|
|
|
|
|
|
|
|
|
ts = systems.uk.co.hillion.ts;
|
2022-11-20 20:29:49 +00:00
|
|
|
|
in
|
|
|
|
|
{
|
2022-11-18 20:47:23 +00:00
|
|
|
|
# User Passwords
|
2024-04-21 16:04:30 +01:00
|
|
|
|
"passwords/jake.age".publicKeys = jake_users ++ [
|
|
|
|
|
ts.terminals.jakehillion.gendry
|
|
|
|
|
ts.home.router
|
|
|
|
|
ts.lt.be
|
|
|
|
|
];
|
2022-11-18 20:47:23 +00:00
|
|
|
|
|
2022-11-20 20:29:49 +00:00
|
|
|
|
# Tailscale Pre-Auth Keys
|
2024-04-21 16:04:30 +01:00
|
|
|
|
"tailscale/be.lt.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.lt.be ];
|
2024-04-22 20:49:43 +01:00
|
|
|
|
"tailscale/boron.cx.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
2023-01-21 19:06:39 +00:00
|
|
|
|
"tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
|
|
|
|
|
"tailscale/microserver.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.microserver ];
|
2024-04-19 18:22:40 +01:00
|
|
|
|
"tailscale/li.pop.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.pop.li ];
|
2023-05-09 20:20:29 +01:00
|
|
|
|
"tailscale/router.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.router ];
|
2024-02-11 22:33:15 +00:00
|
|
|
|
"tailscale/theon.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.theon ];
|
2023-05-20 16:54:50 +01:00
|
|
|
|
"tailscale/tywin.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
2022-11-20 20:29:49 +00:00
|
|
|
|
|
|
|
|
|
# Resilio Sync Secrets
|
|
|
|
|
## Encrypted Resilio Sync Secrets
|
2024-04-07 21:05:10 +01:00
|
|
|
|
"resilio/encrypted/dad.age".publicKeys = jake_users ++ [ ];
|
|
|
|
|
"resilio/encrypted/projects.age".publicKeys = jake_users ++ [ ];
|
|
|
|
|
"resilio/encrypted/resources.age".publicKeys = jake_users ++ [ ];
|
|
|
|
|
"resilio/encrypted/sync.age".publicKeys = jake_users ++ [ ];
|
2022-11-20 20:29:49 +00:00
|
|
|
|
|
|
|
|
|
## Read/Write Resilio Sync Secrets
|
2023-05-30 21:18:12 +01:00
|
|
|
|
"resilio/plain/dad.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
|
|
|
|
|
"resilio/plain/joseph.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
|
|
|
|
|
"resilio/plain/projects.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
|
|
|
|
|
"resilio/plain/resources.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
|
|
|
|
|
"resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
|
2022-11-13 16:25:13 +00:00
|
|
|
|
|
|
|
|
|
# Matrix Secrets
|
2024-05-18 18:52:16 +01:00
|
|
|
|
"matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
|
|
|
|
"matrix/matrix.hillion.co.uk/email.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
|
|
|
|
"matrix/matrix.hillion.co.uk/registration_shared_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
2023-01-19 21:02:10 +00:00
|
|
|
|
|
2024-05-24 09:52:22 +01:00
|
|
|
|
"matrix/matrix.hillion.co.uk/syncv3_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
|
|
|
|
|
2023-07-02 22:43:53 +01:00
|
|
|
|
# Backups Secrets
|
2024-05-18 18:52:16 +01:00
|
|
|
|
"restic/128G.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.cx.boron ts.home.microserver ];
|
2023-07-23 18:27:54 +01:00
|
|
|
|
"restic/1.6T.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.home.router ];
|
2023-01-21 18:32:16 +00:00
|
|
|
|
|
2023-07-02 22:43:53 +01:00
|
|
|
|
"git/git_backups_ecdsa.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
|
|
|
|
"git/git_backups_remotes.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
|
|
|
|
|
2023-01-17 22:36:39 +00:00
|
|
|
|
# Mastodon Secrets
|
2024-04-07 21:05:10 +01:00
|
|
|
|
"mastodon/social.hillion.co.uk/otp_secret_file.age".publicKeys = jake_users ++ [ ];
|
|
|
|
|
"mastodon/social.hillion.co.uk/secret_key_base.age".publicKeys = jake_users ++ [ ];
|
|
|
|
|
"mastodon/social.hillion.co.uk/vapid_private_key.age".publicKeys = jake_users ++ [ ];
|
|
|
|
|
"mastodon/social.hillion.co.uk/mastodon_at_social.hillion.co.uk.age".publicKeys = jake_users ++ [ ];
|
2023-05-11 21:12:57 +01:00
|
|
|
|
|
|
|
|
|
# Chia Secrets
|
|
|
|
|
"chia/farmer.key.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
2023-06-11 17:09:10 +01:00
|
|
|
|
|
|
|
|
|
# Storj Secrets
|
2023-07-30 21:46:41 +01:00
|
|
|
|
"storj/auth.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
2023-06-17 13:47:47 +01:00
|
|
|
|
|
|
|
|
|
# Version tracker secrets
|
2024-05-21 22:38:26 +01:00
|
|
|
|
"version_tracker/ssh.key.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
2023-06-19 20:00:33 +01:00
|
|
|
|
|
|
|
|
|
# Home Automation secrets
|
2023-07-23 18:27:54 +01:00
|
|
|
|
"mqtt/zigbee2mqtt.age".publicKeys = jake_users ++ [ ts.home.router ];
|
|
|
|
|
"mqtt/homeassistant.age".publicKeys = jake_users ++ [ ];
|
2023-03-18 22:41:29 +00:00
|
|
|
|
|
|
|
|
|
# Wireguard Secrets
|
|
|
|
|
"wireguard/downloads.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
|
|
|
|
|
|
|
|
|
# Deluge Secrets
|
|
|
|
|
"deluge/auth.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
2023-12-30 22:34:27 +00:00
|
|
|
|
|
|
|
|
|
# Gitea Secrets
|
2024-05-12 11:33:08 +01:00
|
|
|
|
"gitea/lfs_jwt_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
|
|
|
|
"gitea/mailer_password.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
|
|
|
|
"gitea/oauth_jwt_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
|
|
|
|
"gitea/security_secret_key.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
|
|
|
|
"gitea/security_internal_token.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
2023-12-24 22:09:53 +00:00
|
|
|
|
|
2024-05-10 21:15:24 +01:00
|
|
|
|
"gitea/actions/boron.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
2024-04-12 10:51:05 +01:00
|
|
|
|
|
2023-12-24 22:09:53 +00:00
|
|
|
|
# HomeAssistant Secrets
|
|
|
|
|
"homeassistant/secrets.yaml.age".publicKeys = jake_users ++ [ ts.home.microserver ];
|
2024-04-13 22:43:03 +01:00
|
|
|
|
|
|
|
|
|
# Web certificates
|
2024-05-12 11:41:42 +01:00
|
|
|
|
"certs/hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
|
|
|
|
"certs/blog.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
|
|
|
|
"certs/gitea.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
|
|
|
|
"certs/homeassistant.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
|
|
|
|
"certs/links.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
|
2022-11-20 20:29:49 +00:00
|
|
|
|
}
|