nixos/secrets/secrets.nix

128 lines
6.7 KiB
Nix
Raw Normal View History

2022-11-20 20:29:49 +00:00
let
2023-01-21 19:06:39 +00:00
users = {
jake = {
gendry = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw4lgH20nfuchDqvVf0YciqN0GnBw5hfh8KIun5z0P7wlNgVYnCyvPvdIlGf2Nt1z5EGfsMzMLhKDOZkcTMlhupd+j2Er/ZB764uVBGe1n3CoPeasmbIlnamZ12EusYDvQGm2hVJTGQPPp9nKaRxr6ljvTMTNl0KWlWvKP4kec74d28MGgULOPLT3HlAyvUymSULK4lSxFK0l97IVXLa8YwuL5TNFGHUmjoSsi/Q7/CKaqvNh+ib1BYHzHYsuEzaaApnCnfjDBNexHm/AfbI7s+g3XZDcZOORZn6r44dOBNFfwvppsWj3CszwJQYIFeJFuMRtzlC8+kyYxci0+FXHn";
mbp = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAyFsYYjLZ/wyw8XUbcmkk6OKt2IqLOnWpRE5gEvm3X0V4IeTOL9F4IL79h7FTsPvi2t9zGBL1hxeTMZHSGfrdWaMJkQp94gA1W30MKXvJ47nEVt0HUIOufGqgTTaAn4BHxlFUBUuS7UxaA4igFpFVoPJed7ZMhMqxg+RWUmBAkcgTWDMgzUx44TiNpzkYlG8cYuqcIzpV2dhGn79qsfUzBMpGJgkxjkGdDEHRk66JXgD/EtVasZvqp5/KLNnOpisKjR88UJKJ6/buV7FLVra4/0hA9JtH9e1ecCfxMPbOeluaxlieEuSXV2oJMbQoPP87+/QriNdi/6QuCHkMDEhyGw==";
};
};
jake_users = builtins.attrValues users.jake;
systems = {
uk = {
co = {
hillion = {
ts = {
2024-04-22 20:49:43 +01:00
cx = {
boron = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDtcJ7HY/vjtheMV8EN2wlTw1hU53CJebGIeRJcSkzt5 root@boron";
2024-04-22 20:49:43 +01:00
};
2023-05-09 20:20:29 +01:00
home = {
microserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw root@microserver";
router = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu root@router";
};
2024-04-21 16:04:30 +01:00
lt = { be = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV3OSUT+cqFqrFHZGfn7/xi5FW3n1qjUFy8zBbYs2Sm root@be"; };
2024-04-19 18:22:40 +01:00
pop = { li = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQWgcDFL9UZBDKHPiEGepT1Qsc4gz3Pee0/XVHJ6V6u root@li"; };
2023-01-21 19:06:39 +00:00
terminals = { jakehillion = { gendry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c root@gendry"; }; };
2024-02-11 22:33:15 +00:00
storage = {
tywin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k root@tywin";
theon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN59psLVu3/sQORA4x3p8H3ei8MCQlcwX5T+k3kBeBMf root@theon";
};
2023-01-21 19:06:39 +00:00
};
};
};
};
};
all_systems = builtins.attrValues systems;
ts = systems.uk.co.hillion.ts;
2022-11-20 20:29:49 +00:00
in
{
2022-11-18 20:47:23 +00:00
# User Passwords
2024-04-21 16:04:30 +01:00
"passwords/jake.age".publicKeys = jake_users ++ [
ts.terminals.jakehillion.gendry
ts.home.router
ts.lt.be
];
2022-11-18 20:47:23 +00:00
2022-11-20 20:29:49 +00:00
# Tailscale Pre-Auth Keys
2024-04-21 16:04:30 +01:00
"tailscale/be.lt.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.lt.be ];
2024-04-22 20:49:43 +01:00
"tailscale/boron.cx.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.cx.boron ];
2023-01-21 19:06:39 +00:00
"tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
"tailscale/microserver.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.microserver ];
2024-04-19 18:22:40 +01:00
"tailscale/li.pop.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.pop.li ];
2023-05-09 20:20:29 +01:00
"tailscale/router.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.router ];
2024-02-11 22:33:15 +00:00
"tailscale/theon.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.theon ];
2023-05-20 16:54:50 +01:00
"tailscale/tywin.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
2022-11-20 20:29:49 +00:00
# Resilio Sync Secrets
## Encrypted Resilio Sync Secrets
2024-04-07 21:05:10 +01:00
"resilio/encrypted/dad.age".publicKeys = jake_users ++ [ ];
"resilio/encrypted/projects.age".publicKeys = jake_users ++ [ ];
"resilio/encrypted/resources.age".publicKeys = jake_users ++ [ ];
"resilio/encrypted/sync.age".publicKeys = jake_users ++ [ ];
2022-11-20 20:29:49 +00:00
## Read/Write Resilio Sync Secrets
2023-05-30 21:18:12 +01:00
"resilio/plain/dad.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
"resilio/plain/joseph.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
"resilio/plain/projects.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
"resilio/plain/resources.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
"resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
# Matrix Secrets
2024-05-18 18:52:16 +01:00
"matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"matrix/matrix.hillion.co.uk/email.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"matrix/matrix.hillion.co.uk/registration_shared_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
2023-01-19 21:02:10 +00:00
2024-05-24 09:52:22 +01:00
"matrix/matrix.hillion.co.uk/syncv3_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
2023-07-02 22:43:53 +01:00
# Backups Secrets
2024-05-18 18:52:16 +01:00
"restic/128G.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.cx.boron ts.home.microserver ];
"restic/1.6T.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.home.router ];
2023-01-21 18:32:16 +00:00
2023-07-02 22:43:53 +01:00
"git/git_backups_ecdsa.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
"git/git_backups_remotes.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
2023-01-17 22:36:39 +00:00
# Mastodon Secrets
2024-04-07 21:05:10 +01:00
"mastodon/social.hillion.co.uk/otp_secret_file.age".publicKeys = jake_users ++ [ ];
"mastodon/social.hillion.co.uk/secret_key_base.age".publicKeys = jake_users ++ [ ];
"mastodon/social.hillion.co.uk/vapid_private_key.age".publicKeys = jake_users ++ [ ];
"mastodon/social.hillion.co.uk/mastodon_at_social.hillion.co.uk.age".publicKeys = jake_users ++ [ ];
2023-05-11 21:12:57 +01:00
# Chia Secrets
"chia/farmer.key.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
2023-06-11 17:09:10 +01:00
# Storj Secrets
2023-07-30 21:46:41 +01:00
"storj/auth.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
# Version tracker secrets
2024-05-21 22:38:26 +01:00
"version_tracker/ssh.key.age".publicKeys = jake_users ++ [ ts.cx.boron ];
2023-06-19 20:00:33 +01:00
# Home Automation secrets
"mqtt/zigbee2mqtt.age".publicKeys = jake_users ++ [ ts.home.router ];
"mqtt/homeassistant.age".publicKeys = jake_users ++ [ ];
# Wireguard Secrets
"wireguard/downloads.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
# Deluge Secrets
"deluge/auth.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
2023-12-30 22:34:27 +00:00
# Gitea Secrets
2024-05-12 11:33:08 +01:00
"gitea/lfs_jwt_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"gitea/mailer_password.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"gitea/oauth_jwt_secret.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"gitea/security_secret_key.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"gitea/security_internal_token.age".publicKeys = jake_users ++ [ ts.cx.boron ];
2023-12-24 22:09:53 +00:00
2024-05-10 21:15:24 +01:00
"gitea/actions/boron.age".publicKeys = jake_users ++ [ ts.cx.boron ];
2023-12-24 22:09:53 +00:00
# HomeAssistant Secrets
"homeassistant/secrets.yaml.age".publicKeys = jake_users ++ [ ts.home.microserver ];
2024-04-13 22:43:03 +01:00
# Web certificates
2024-05-12 11:41:42 +01:00
"certs/hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"certs/blog.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"certs/gitea.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"certs/homeassistant.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
"certs/links.hillion.co.uk.pem.age".publicKeys = jake_users ++ [ ts.cx.boron ];
2022-11-20 20:29:49 +00:00
}