diff options
Diffstat (limited to 'secrets')
-rw-r--r-- | secrets/acme.age | 10 | ||||
-rw-r--r-- | secrets/binarycache.age | bin | 0 -> 435 bytes | |||
-rw-r--r-- | secrets/dyndns.age | bin | 0 -> 476 bytes | |||
-rw-r--r-- | secrets/identities/se.txt | 4 | ||||
-rw-r--r-- | secrets/paperless.age | 7 | ||||
-rw-r--r-- | secrets/powerdns.age | 7 | ||||
-rw-r--r-- | secrets/secrets.nix | 31 | ||||
-rw-r--r-- | secrets/syncthing.age | bin | 0 -> 608 bytes |
8 files changed, 59 insertions, 0 deletions
diff --git a/secrets/acme.age b/secrets/acme.age new file mode 100644 index 00000000..0a7be3b7 --- /dev/null +++ b/secrets/acme.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 cvV2sw 9M8YWkJtggtWDra9rnc3iaf9qbXF+pdRaVtQbSMOQkY +/jxEwLo3+qmuyWIpQD65O2Kp0qEKJwydM4tFnXdvRfU +-> ssh-ed25519 hzg5VQ BLUqRuSfJXtSc/M1H1jTBwCWnkSZqm5SC+LrxIXNn34 +D1A2DDFQ7FK3bOPUvJJpumQM7MeESMHqhwZXxug6b34 +-> piv-p256 u9NeZg AkXH20bJj+m6TgPzvsPltDyOIPRAB9YR0MXx/b8DFFD2 +kGH6MvfeDaKgXf5Ba92PF4PwTRotSZglGQZO2impo1Q +--- wYsP2oTEuD/C40pKjx0LAYuoE9/w2LgxuDRGqsmcnCo +5ZPse!$lI}4o!6W1[c͆7;IO hn_"Ɗ[㉪}QܭR@:Mlw_cl]lk:mߊb}#WkUV;NYha!e:8éTC8l5[qc]U}}`NxdX1D# +ck \ No newline at end of file diff --git a/secrets/binarycache.age b/secrets/binarycache.age new file mode 100644 index 00000000..fae59d4d --- /dev/null +++ b/secrets/binarycache.age Binary files differdiff --git a/secrets/dyndns.age b/secrets/dyndns.age new file mode 100644 index 00000000..cd1668f1 --- /dev/null +++ b/secrets/dyndns.age Binary files differdiff --git a/secrets/identities/se.txt b/secrets/identities/se.txt new file mode 100644 index 00000000..e1c6b851 --- /dev/null +++ b/secrets/identities/se.txt @@ -0,0 +1,4 @@ +# created: 2024-04-10T12:44:17Z +# access control: any biometry or passcode +# public key: age1se1qdx3wrvaxevk3g40ngqreqc9n4gl0rwcjdvnptz5vw96jjjuf2rv2wp8c5m +AGE-PLUGIN-SE-1QJPQZ7P3SGQHGVYP75XQYUNTXXQ7UVQTPSPKY6TYQSZ85T758GCYSRQRWP6KYPZPQ3X3WRVAXEVK3G40NGQREQC9N4GL0RWCJDVNPTZ5VW96JJJUF2RV2XR0REV8SUYMVLR9LK9VWDZGRRTNSKQL0ATZYYWS9NAZZACW5QMMXQYQCQMJDDHSYQGQXQRSCQNTWSPQZPPS9CXQYAMTQS599D2V5HHZE0VLL5MW9EW28X23MP9NRSULQL3GAHD0RU0M5EG3F38XWDKEJM6LPWTNQPCVQF3XXQSPPYCQWRQZDDMQYQGZXQTSCQMTD9JQGY8R2D8H498GF5PMR8WYFNAUD7L8XQNSCQMJDDKSGGYSRXZGXMRKCX08VHSJTFQWK28KT7SX2TYS6HLC3CQQUE303RKEEUC85RQZV4JRZAPSWGXQXCTRDSCKKVPFPSPK7CMTXY3RQGQVQD3HQMCVR9ZX2ANFVDJ57AMWV4EYZAT5DPJKUARFVDSHG6T0DCCQJRQYDAJX2MQPQYQNQ2SVQ3HHXEMWXY3RQGQVQD3HQMCVR9ZX2ANFVDJ57AMWV4EYZAT5DPJKUARFVDSHG6T0DCCQWRQZDASSZQGP9T2Q6F \ No newline at end of file diff --git a/secrets/paperless.age b/secrets/paperless.age new file mode 100644 index 00000000..5fe24928 --- /dev/null +++ b/secrets/paperless.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 cvV2sw ytN6X4qbcYAEijPOcZ3CV0BQOU5Osocy5Zv3ebnekF0 +WNzH2Gr0L1qKENdRalb44Xg0Ay4tD38+CED6crF3Nd4 +-> piv-p256 u9NeZg A4sl4hcJrAyDZxWkPn84u3gNXLZBj3guVya3vP60X3WT +8uVbdrw6ZNvpaYc056vqTMDraJYLMWviXt+LnhGQDn4 +--- m1ofHvgDQvjWZV9iU5ran6oG1pK+jfMKKiouQc9SYfo +c&$IנX8pcPoborVE.,.Z*"- `wLeӊxl f-4%9-vC90YP!n fsVO?CfӉCd_iW,lZ>J`9 \ No newline at end of file diff --git a/secrets/powerdns.age b/secrets/powerdns.age new file mode 100644 index 00000000..b4a3de03 --- /dev/null +++ b/secrets/powerdns.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 cvV2sw 8XNRgmCnrZX7Gug5WDA9uBUPjXW+hz+NxGbpAfI5nBY +5DvhP919xM/ccBaRHjd+JnsiWNSbz3118p5iHUoDf8E +-> piv-p256 u9NeZg AlR0PR5A+mSyaT8wStnNKuWnO28YwUEwV/UPXK2JvlEi +xBtUPfZehUkzTeNTVk6FBZt4R/XfvKwzrkWipVJbHMY +--- mdXzr4rVzRNBekbnenHAXzr8SFYhHRJIO0/HaeL7QVI +$GAC[bmtty$Oc:<'`V<'/ XJ*!@լ!|g8ņ4ǞE`CpmAK- \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 00000000..86d1062c --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,31 @@ +let + users = { + alan = [ + "age1se1qdx3wrvaxevk3g40ngqreqc9n4gl0rwcjdvnptz5vw96jjjuf2rv2wp8c5m" # mba age-plugin-se + ]; + }; + + machines = { + linde = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHdh3J7dEmh9G+CVmzFEC8/ont35ZXpCFcpLUO863vC"; + nanopi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/KOwhb4pyuw4U8hnkPAbRNk6o41Fmvsa67cY6MHA9k"; + }; + + secrets = with machines; { + acme = [ linde nanopi ]; + + binarycache = [ linde ]; + paperless = [ linde ]; + powerdns = [ linde ]; + + dyndns = [ nanopi ]; + syncthing = [ nanopi ]; + }; +in +builtins.listToAttrs ( + map + (secretName: { + name = "${secretName}.age"; + value.publicKeys = secrets.${secretName} ++ users.alan; + }) + (builtins.attrNames secrets) +) diff --git a/secrets/syncthing.age b/secrets/syncthing.age new file mode 100644 index 00000000..680dd1ce --- /dev/null +++ b/secrets/syncthing.age Binary files differ |