secrets: reorganize & rekey

1 files changed, 35 insertions, 15 deletions

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index bd1fb57..e2e78e2 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,18 +1,38 @@
 let
-  main = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5K+yLHuz4kyCkJDX2Gd/uGVNEJroIAU/h0f9E2Mapn getchoo-nix"
-  ];
+  toSecrets = import ./toSecrets.nix;
 
-  atlas = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBA861lnShM2ejpzn9arzhpw33I4XdtULfZWhMp/plvL root@atlas"] ++ main;
-in {
-  "shared/rootPassword.age".publicKeys = main;
-  "shared/sethPassword.age".publicKeys = main;
+  owners = {
+    getchoo = "age1zyqu6zkvl0rmlejhm5auzmtflfy4pa0fzwm0nzy737fqrymr7crsqrvnhs";
+  };
 
-  "systems/atlas/rootPassword.age".publicKeys = atlas;
-  "systems/atlas/userPassword.age".publicKeys = atlas;
-  "systems/atlas/miniflux.age".publicKeys = atlas;
-  "systems/atlas/tailscaleAuthKey.age".publicKeys = atlas;
-  "systems/atlas/cloudflaredCreds.age".publicKeys = atlas;
-  "systems/atlas/cloudflareApiKey.age".publicKeys = atlas;
-  "systems/atlas/teawieBot.age".publicKeys = atlas;
-}
+  hosts = {
+    glados = {
+      owner = owners.getchoo;
+      files = [
+        "rootPassword.age"
+        "sethPassword.age"
+      ];
+    };
+
+    glados-wsl = {
+      pubkey = "age16jps7cr3jtjjusf3p3yadcmnmmh2kzfyfcfpv2zs6hrmnlthhf2sr05jdn";
+      owner = owners.getchoo;
+      inherit (hosts.glados) files;
+    };
+
+    atlas = {
+      pubkey = "age18eu3ya4ucd2yzdrpkpg7wrymrxewt8j3zj2p2rqgcjeruacp0dgqryp39z";
+      owner = owners.getchoo;
+      files = [
+        "rootPassword.age"
+        "userPassword.age"
+        "miniflux.age"
+        "tailscaleAuthKey.age"
+        "cloudflaredCreds.age"
+        "cloudflareApiKey.age"
+        "teawieBot.age"
+      ];
+    };
+  };
+in
+  toSecrets hosts