JakeHillion/nixos
1
0
Fork 0
Code Issues 10 Pull Requests 6 Actions 1 Packages Projects Releases Wiki Activity
3295b20277
nixos/secrets/secrets.nix
Jake Hillion 3295b20277
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details
tywin: storj: enable on d2
2023-07-31 10:47:15 +01:00

101 lines
5.5 KiB
Nix
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

let
users = {
jake = {
gendry = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw4lgH20nfuchDqvVf0YciqN0GnBw5hfh8KIun5z0P7wlNgVYnCyvPvdIlGf2Nt1z5EGfsMzMLhKDOZkcTMlhupd+j2Er/ZB764uVBGe1n3CoPeasmbIlnamZ12EusYDvQGm2hVJTGQPPp9nKaRxr6ljvTMTNl0KWlWvKP4kec74d28MGgULOPLT3HlAyvUymSULK4lSxFK0l97IVXLa8YwuL5TNFGHUmjoSsi/Q7/CKaqvNh+ib1BYHzHYsuEzaaApnCnfjDBNexHm/AfbI7s+g3XZDcZOORZn6r44dOBNFfwvppsWj3CszwJQYIFeJFuMRtzlC8+kyYxci0+FXHn";
mbp = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAyFsYYjLZ/wyw8XUbcmkk6OKt2IqLOnWpRE5gEvm3X0V4IeTOL9F4IL79h7FTsPvi2t9zGBL1hxeTMZHSGfrdWaMJkQp94gA1W30MKXvJ47nEVt0HUIOufGqgTTaAn4BHxlFUBUuS7UxaA4igFpFVoPJed7ZMhMqxg+RWUmBAkcgTWDMgzUx44TiNpzkYlG8cYuqcIzpV2dhGn79qsfUzBMpGJgkxjkGdDEHRk66JXgD/EtVasZvqp5/KLNnOpisKjR88UJKJ6/buV7FLVra4/0hA9JtH9e1ecCfxMPbOeluaxlieEuSXV2oJMbQoPP87+/QriNdi/6QuCHkMDEhyGw==";
};
};
jake_users = builtins.attrValues users.jake;
systems = {
uk = {
co = {
hillion = {
ts = {
home = {
microserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPPOCPqXm5a+vGB6PsJFvjKNgjLhM5MxrwCy6iHGRjXw root@microserver";
router = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlCj/i2xprN6h0Ik2tthOJQy6Qwq3Ony73+yfbHYTFu root@router";
};
parents = { microserver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL0cjjNQPnJwpu4wcYmvfjB1jlIfZwMxT+3nBusoYQFr root@microserver"; };
strangervm = { vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINb9mgyD/G3Rt6lvO4c0hoaVOlLE8e3+DUfAoB1RI5cy root@vm"; };
terminals = { jakehillion = { gendry = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPXM5aDvNv4MTITXAvJWSS2yvr/mbxJE31tgwJtcl38c root@gendry"; }; };
storage = { tywin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGATsjWO0qZNFp2BhfgDuWi+e/ScMkFxp79N2OZoed1k root@tywin"; };
};
};
};
};
};
all_systems = builtins.attrValues systems;
ts = systems.uk.co.hillion.ts;
in
{
# User Passwords
"passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
# Tailscale Pre-Auth Keys
"tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
"tailscale/microserver.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.microserver ];
"tailscale/microserver.parents.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.parents.microserver ];
"tailscale/router.home.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.home.router ];
"tailscale/vm.strangervm.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
"tailscale/tywin.storage.ts.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
# Resilio Sync Secrets
## Encrypted Resilio Sync Secrets
"resilio/encrypted/dad.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
"resilio/encrypted/projects.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
"resilio/encrypted/resources.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
"resilio/encrypted/sync.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
## Read/Write Resilio Sync Secrets
"resilio/plain/dad.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
"resilio/plain/joseph.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
"resilio/plain/projects.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
"resilio/plain/resources.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
"resilio/plain/sync.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ts.storage.tywin ];
# Matrix Secrets
"matrix/matrix.hillion.co.uk/macaroon_secret_key.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
"matrix/matrix.hillion.co.uk/email.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
# Backups Secrets
"restic/128G.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.strangervm.vm ];
"restic/1.6T.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.home.router ];
"git/git_backups_ecdsa.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
"git/git_backups_remotes.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
# Spotify Secrets
"spotify/11132032266.age".publicKeys = jake_users ++ [ ts.terminals.jakehillion.gendry ];
# Drone Secrets
"drone/gitea_client_secret.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
"drone/rpc_secret.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
# Mastodon Secrets
"mastodon/social.hillion.co.uk/otp_secret_file.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
"mastodon/social.hillion.co.uk/secret_key_base.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
"mastodon/social.hillion.co.uk/vapid_private_key.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
"mastodon/social.hillion.co.uk/mastodon_at_social.hillion.co.uk.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
# Chia Secrets
"chia/farmer.key.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
# Storj Secrets
"storj/auth.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
# Version tracker secrets
"version_tracker/ssh.key.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
# Home Automation secrets
"mqtt/zigbee2mqtt.age".publicKeys = jake_users ++ [ ts.home.router ];
"mqtt/homeassistant.age".publicKeys = jake_users ++ [ ];
# Wireguard Secrets
"wireguard/downloads.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
# Deluge Secrets
"deluge/auth.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
}
Reference in New Issue View Git Blame Copy Permalink