summary refs log tree commit diff stats
path: root/secrets
diff options
context:
space:
mode:
Diffstat (limited to 'secrets')
-rw-r--r--secrets/acme.age10
-rw-r--r--secrets/binarycache.agebin0 -> 435 bytes
-rw-r--r--secrets/dyndns.agebin0 -> 476 bytes
-rw-r--r--secrets/identities/se.txt4
-rw-r--r--secrets/paperless.age7
-rw-r--r--secrets/powerdns.age7
-rw-r--r--secrets/secrets.nix31
-rw-r--r--secrets/syncthing.agebin0 -> 608 bytes
8 files changed, 59 insertions, 0 deletions
diff --git a/secrets/acme.age b/secrets/acme.age
new file mode 100644
index 00000000..0a7be3b7
--- /dev/null
+++ b/secrets/acme.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 cvV2sw 9M8YWkJtggtWDra9rnc3iaf9qbXF+pdRaVtQbSMOQkY
+/jxEwLo3+qmuyWIpQD65O2Kp0qEKJwydM4tFnXdvRfU
+-> ssh-ed25519 hzg5VQ BLUqRuSfJXtSc/M1H1jTBwCWnkSZqm5SC+LrxIXNn34
+D1A2DDFQ7FK3bOPUvJJpumQM7MeESMHqhwZXxug6b34
+-> piv-p256 u9NeZg AkXH20bJj+m6TgPzvsPltDyOIPRAB9YR0MXx/b8DFFD2
+kGH6MvfeDaKgXf5Ba92PF4PwTRotSZglGQZO2impo1Q
+--- wYsP2oTEuD/C40pKjx0LAYuoE9/w2LgxuDRGqsmcnCo
+5ZPse!$lI}4޻o!6W1[c͆7;IO hn_"Ɗ[㉪}QܭR@:Mlw_cl]lk:mߊb}#WkUV;NYha!e:8éTC8l5[qc]U}}`NxdX1D#
+ck
\ No newline at end of file
diff --git a/secrets/binarycache.age b/secrets/binarycache.age
new file mode 100644
index 00000000..fae59d4d
--- /dev/null
+++ b/secrets/binarycache.age
Binary files differdiff --git a/secrets/dyndns.age b/secrets/dyndns.age
new file mode 100644
index 00000000..cd1668f1
--- /dev/null
+++ b/secrets/dyndns.age
Binary files differdiff --git a/secrets/identities/se.txt b/secrets/identities/se.txt
new file mode 100644
index 00000000..e1c6b851
--- /dev/null
+++ b/secrets/identities/se.txt
@@ -0,0 +1,4 @@
+# created: 2024-04-10T12:44:17Z
+# access control: any biometry or passcode
+# public key: age1se1qdx3wrvaxevk3g40ngqreqc9n4gl0rwcjdvnptz5vw96jjjuf2rv2wp8c5m
+AGE-PLUGIN-SE-1QJPQZ7P3SGQHGVYP75XQYUNTXXQ7UVQTPSPKY6TYQSZ85T758GCYSRQRWP6KYPZPQ3X3WRVAXEVK3G40NGQREQC9N4GL0RWCJDVNPTZ5VW96JJJUF2RV2XR0REV8SUYMVLR9LK9VWDZGRRTNSKQL0ATZYYWS9NAZZACW5QMMXQYQCQMJDDHSYQGQXQRSCQNTWSPQZPPS9CXQYAMTQS599D2V5HHZE0VLL5MW9EW28X23MP9NRSULQL3GAHD0RU0M5EG3F38XWDKEJM6LPWTNQPCVQF3XXQSPPYCQWRQZDDMQYQGZXQTSCQMTD9JQGY8R2D8H498GF5PMR8WYFNAUD7L8XQNSCQMJDDKSGGYSRXZGXMRKCX08VHSJTFQWK28KT7SX2TYS6HLC3CQQUE303RKEEUC85RQZV4JRZAPSWGXQXCTRDSCKKVPFPSPK7CMTXY3RQGQVQD3HQMCVR9ZX2ANFVDJ57AMWV4EYZAT5DPJKUARFVDSHG6T0DCCQJRQYDAJX2MQPQYQNQ2SVQ3HHXEMWXY3RQGQVQD3HQMCVR9ZX2ANFVDJ57AMWV4EYZAT5DPJKUARFVDSHG6T0DCCQWRQZDASSZQGP9T2Q6F
\ No newline at end of file
diff --git a/secrets/paperless.age b/secrets/paperless.age
new file mode 100644
index 00000000..5fe24928
--- /dev/null
+++ b/secrets/paperless.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cvV2sw ytN6X4qbcYAEijPOcZ3CV0BQOU5Osocy5Zv3ebnekF0
+WNzH2Gr0L1qKENdRalb44Xg0Ay4tD38+CED6crF3Nd4
+-> piv-p256 u9NeZg A4sl4hcJrAyDZxWkPn84u3gNXLZBj3guVya3vP60X3WT
+8uVbdrw6ZNvpaYc056vqTMDraJYLMWviXt+LnhGQDn4
+--- m1ofHvgDQvjWZV9iU5ran6oG1pK+jfMKKiouQc9SYfo
+c&$IנX8pcPobor„VE.,.Z*"-	`wLeӊxl	f-4%9-vC90YP!n
fsVO?CfӉCd_iW,lZ>J`9
\ No newline at end of file
diff --git a/secrets/powerdns.age b/secrets/powerdns.age
new file mode 100644
index 00000000..b4a3de03
--- /dev/null
+++ b/secrets/powerdns.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 cvV2sw 8XNRgmCnrZX7Gug5WDA9uBUPjXW+hz+NxGbpAfI5nBY
+5DvhP919xM/ccBaRHjd+JnsiWNSbz3118p5iHUoDf8E
+-> piv-p256 u9NeZg AlR0PR5A+mSyaT8wStnNKuWnO28YwUEwV/UPXK2JvlEi
+xBtUPfZehUkzTeNTVk6FBZt4R/XfvKwzrkWipVJbHMY
+--- mdXzr4rVzRNBekbnenHAXzr8SFYhHRJIO0/HaeL7QVI
+$GAC[bmtty$Oc:<'`V<'/	XJ*!@լ!|g8ņ4ǞE`CpmAK-
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 00000000..86d1062c
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,31 @@
+let
+  users = {
+    alan = [
+      "age1se1qdx3wrvaxevk3g40ngqreqc9n4gl0rwcjdvnptz5vw96jjjuf2rv2wp8c5m" # mba age-plugin-se
+    ];
+  };
+
+  machines = {
+    linde = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHdh3J7dEmh9G+CVmzFEC8/ont35ZXpCFcpLUO863vC";
+    nanopi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/KOwhb4pyuw4U8hnkPAbRNk6o41Fmvsa67cY6MHA9k";
+  };
+
+  secrets = with machines; {
+    acme = [ linde nanopi ];
+
+    binarycache = [ linde ];
+    paperless = [ linde ];
+    powerdns = [ linde ];
+
+    dyndns = [ nanopi ];
+    syncthing = [ nanopi ];
+  };
+in
+builtins.listToAttrs (
+  map
+    (secretName: {
+      name = "${secretName}.age";
+      value.publicKeys = secrets.${secretName} ++ users.alan;
+    })
+    (builtins.attrNames secrets)
+)
diff --git a/secrets/syncthing.age b/secrets/syncthing.age
new file mode 100644
index 00000000..680dd1ce
--- /dev/null
+++ b/secrets/syncthing.age
Binary files differ