overhaul secrets

author: seth <[email protected]> 2023-05-03 12:43:16 -0400
committer: seth <[email protected]> 2023-05-03 12:43:16 -0400
commit: dd0f82a707e76fb7c32442b11bb6cda56e1d05d5 (patch)
tree: 48bd6e6b49c556b872bd70dc16478f309d65cb15 /secrets/secrets.nix
parent: d5aa9c43eec40a85a31b9962797dba6a5dc3d039 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..0087acc
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,24 @@
+let
+  main = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5K+yLHuz4kyCkJDX2Gd/uGVNEJroIAU/h0f9E2Mapn getchoo-nix"
+  ];
+
+  atlas = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBA861lnShM2ejpzn9arzhpw33I4XdtULfZWhMp/plvL root@atlas"];
+  p-body = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAVieG9wj00Cz0Co7QYNkoTgfO+B8EO5vlZdfMvCHD76 root@p-body"];
+  keys = main ++ atlas ++ p-body;
+in {
+  "shared/rootPassword.age".publicKeys = main;
+  "shared/sethPassword.age".publicKeys = main;
+
+  "hosts/atlas/rootPassword.age".publicKeys = keys;
+  "hosts/atlas/atlasPassword.age".publicKeys = keys;
+  "hosts/atlas/binaryCache.age".publicKeys = keys;
+  "hosts/atlas/clusterToken.age".publicKeys = keys;
+  "hosts/atlas/secretsJson.age".publicKeys = keys;
+
+  "hosts/p-body/rootPassword.age".publicKeys = keys;
+  "hosts/p-body/pbodyPassword.age".publicKeys = keys;
+  "hosts/p-body/binaryCache.age".publicKeys = keys;
+  "hosts/p-body/clusterToken.age".publicKeys = keys;
+  "hosts/p-body/secretsJson.age".publicKeys = keys;
+}
author	seth <[email protected]>	2023-05-03 12:43:16 -0400
committer	seth <[email protected]>	2023-05-03 12:43:16 -0400
commit	dd0f82a707e76fb7c32442b11bb6cda56e1d05d5 (patch)
tree	48bd6e6b49c556b872bd70dc16478f309d65cb15 /secrets/secrets.nix
parent	d5aa9c43eec40a85a31b9962797dba6a5dc3d039 (diff)