diff options
Diffstat (limited to 'secrets/secrets.nix')
-rw-r--r-- | secrets/secrets.nix | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 00000000..86d1062c --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,31 @@ +let + users = { + alan = [ + "age1se1qdx3wrvaxevk3g40ngqreqc9n4gl0rwcjdvnptz5vw96jjjuf2rv2wp8c5m" # mba age-plugin-se + ]; + }; + + machines = { + linde = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHdh3J7dEmh9G+CVmzFEC8/ont35ZXpCFcpLUO863vC"; + nanopi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/KOwhb4pyuw4U8hnkPAbRNk6o41Fmvsa67cY6MHA9k"; + }; + + secrets = with machines; { + acme = [ linde nanopi ]; + + binarycache = [ linde ]; + paperless = [ linde ]; + powerdns = [ linde ]; + + dyndns = [ nanopi ]; + syncthing = [ nanopi ]; + }; +in +builtins.listToAttrs ( + map + (secretName: { + name = "${secretName}.age"; + value.publicKeys = secrets.${secretName} ++ users.alan; + }) + (builtins.attrNames secrets) +) |