feat: moar nix

2025-06-18 21:41:53 +01:00 · 2025-06-18 21:41:53 +01:00 · 2025eb74a4
commit 2025eb74a4
parent 7e3bf4d6f3
23 changed files with 1408 additions and 15 deletions
--- a/secrets/atticd.env.age
+++ b/secrets/atticd.env.age
--- a/secrets/authentik.env.age
+++ b/secrets/authentik.env.age
@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 IYaO9g m8IFAIsugPKr+aH/NKMEuEaUKxgsOEkglfVU+LeCkHE
+UmtFqaY5jLy0Vw/mrfGVADj1RFCCdLHE4g1t8SXjiR4
+-> ssh-ed25519 Xqrm3g ZemtqeCHXBipTzFF8Wi6bYMQhOtUPa7cmFDea9RFB2Q
+5/ZkLwrYpRyGMb/iQ3rOzZgCfod01lk5s+QgSajESq8
+-> ssh-ed25519 FkAUOA BdMn4hxvWNOvSM5wRhsDtKEFrOOJoqHEF659cC6pO1c
+9Txf5IOCDLIVR6aaR29EXfXF505GBzYJv79c2aSad6w
+-> ssh-ed25519 G48T3w uV889WAiFjGtIrdqqf05C7Coy+0ZaaeGd0PMCCzfa1U
+K32JwPfl2pTNhHZpWbbwD0ESdQhy4VuVG2R+2uy48Qs
+--- L4+z0lU8ww3YDkHUpR7zCMLfQMLzpW8VLl22u2yHtTE
+KC7ãD<EFBFBD>%£Æs<ˆht¦1„Ó¿2.æ@†ôŒ(Ø÷U.wûÈJ7.xs˜þvð>‡AžQhÀäDÞZ¦î×¦Æã©ùÏêˆ]p]’±7ôóks]úFg@Z ¦a+?}©`€µfN6;øœ×âb”¹øyÂ'<27>Ø½0and¨[‘žÃØÄo›Â3W4£kP†Ð·Ü_Lu2,#{Y;÷¿G7†éH×Í‘<C38D>4¢„8`He¤ägÅ;î!/ÙØÉNg`ÐIñîÙÃßßtYàï=Â¯²ÉpQvT~Ý
"¨§ö<C2A7>Äý,æ$	¦Ÿ–
j6Ý†e·”_}¢–=Û‚ @ØkjÕ#|––-l1q<31>B
--- a/secrets/blog.dbpass.age
+++ b/secrets/blog.dbpass.age
@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 IYaO9g ddDuW7b6yGdgv2TWdNWtn/9cA7Onw7NhnmAqk217jWk
+kEZ6a9fr2ujIjFrUmpcrPkOSHiD76r8XoqQ+STYCZxg
+-> ssh-ed25519 Xqrm3g 8IHpKy90zF1jGTJ8GpN5pzJvJ53sGWO94ze3sI5wDVw
+wNlEOKy4z8f9Fj+/dyfe/gw4csMokoCIGmGGhvZTTXc
+-> ssh-ed25519 FkAUOA QRc7iYIMYP/wFDOeswkIoVY9ybFO21GJTX5f0ddAZR0
+W/ZCrz/Ce17zZRqKcych5fxJQDB+ShLCYGFAWBHgrJs
+-> ssh-ed25519 G48T3w 1EUU7Vjhf/i8b9oxfg9IhQcu6Wolto74yK/6TvbLZ3g
+LQsvfwD1Urxo/wdUkt0QktWEEh0X9E5htHLusqdZRUg
+--- HEFxRiVTg2950mW0Gjf8wuzpMo7sa72gn3w92fhbBv4
+qE;'Q､
+G｡ｳAｷVi"恥喘无蜥Vﾜﾓﾍｵｷ闘ﾂﾅ
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -4,6 +4,8 @@
    fileName: _:
    lib.nameValuePair (lib.removeSuffix ".age" fileName) {
      file = ./. + "/${fileName}";
+      # FIXME: Don't do this bruh
+      mode = "0644";
    }
  ) (import ./secrets.nix);
 }
--- a/secrets/forgejo.dbpass.age
+++ b/secrets/forgejo.dbpass.age
@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 IYaO9g VGA0gLwtQGiFgmgEf3tjwTgHLgGEi1RUDmDRLTnIFHY
+p74Eblp5zp+6PQNxEPeAdfEYjIWCJptatCJjiqGzXTw
+-> ssh-ed25519 Xqrm3g tCFqDPviklsnX5sM1k6aZTTEYXsMRCGE/fPR9Pvy0D0
+EN3zvXgiR2I2gsoJHrf4Ws0e0APrIL4abJpTxmCU0QY
+-> ssh-ed25519 FkAUOA v78yauukg/kqKxwyV7OSjrK6cTYsR/WMfrmqX2To50Q
+JBBrbiE1OcrU1ccc2dcR075/smE4S34fmEMed8dxhRw
+-> ssh-ed25519 G48T3w MJ/fDTqSKaiQayZMYxaIOaQimPMEzsjxHXEYUKB5VBE
+x7/Tc8vC5s14t5AAsZBI74h9ylqZWgARDof8tBwkxfE
+--- X2s9FwwDdkcRWFMNLiv1JX/BE8RcPZGP86vh+PdpdtE
+‹ŽŽ¤S=Ý¡ÔÏxUÒ]®:Éþ¨FÃÃ<C383>hÄD!ÓÐ/7‘
--- a/secrets/pgadmin.password.age
+++ b/secrets/pgadmin.password.age
@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 IYaO9g MOUCzOR71o8NIie8OHb738/OQ63ztsQm+sJktwTRHUY
+lFIByNCGmCE2PWOp2PZE/hxFw4xkn9yUM50gwc2ut68
+-> ssh-ed25519 Xqrm3g IwwSBGM8ua3DqaQN+Wbnf3OmysOfLGJ7TOuNJZYNT3g
+kxZmpD/qBlRvJocKxJdwmS5xDTcqDh4n8OuioR+hKtc
+-> ssh-ed25519 FkAUOA Uu9awt3H4XnIKzJQZvgJDdqrY6KrCMWJ5QPc25N5gQw
+bdXLLhlC6I3QtDcRPXY1gKUhHKePpeQaSWqO2I5CTzg
+-> ssh-ed25519 G48T3w ScMxEKkuhSvubQpJCnhr3UdMBl+aF20Bejx3tiBB+lg
+DZaY3phejHvYxGrZdE6VnLWrQG/h9Vxm9587SuoEZcE
+--- 8B25N9XV5c5T0lLQhUYLs7VV0Zi9Jn1VE8cEGAYyKPs
+p褐蛉皿ﾎﾛﾝｬ咲蜻ｹm烋ｭ<E7838B><EFBDAD>Oｹmﾙ苴ﾛ<E88BB4>ﾁｶm朽5
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,10 +1,21 @@
+# Used by the agenix cli and our module to generate all of the secret entries into the agenix module (see ./default.nix)
 let
+  # host-key.pub
  amy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDTbclOyOwIAPgVE/v5lIuf0P+Tq/Qkw3+GFa4YuRaCC amy@nixon";
  users = [ amy ];

+  # /etc/ssh/ssh_host_ed25519_key.pub on each host
  nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMAy1iKOrL2yBCWljLnuwo29G5plDblI41jJ4Woy1el root@nixos";
-  systems = [ nixos ];
+  nix01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBQfwok81BymeM9zW8D/LPZxRX6HGLkeTi1hS7GjPoZF root@nix01";
+  nix02 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFJBDr16y8BAhtLfbc2WYJLwtgrxEyrpJx0zJpHPn/Z root@nix02";
+  systems = [ nixos nix01 nix02 ];
 in
 {
  "atticd.env.age".publicKeys = users ++ systems;
+  "blog.dbpass.age".publicKeys = users ++ systems;
+  "pgadmin.password.age".publicKeys = users ++ systems;
+  "sharkey.dbpass.age".publicKeys = users ++ systems;
+  "sharkey.redispass.age".publicKeys = users ++ systems;
+  "authentik.env.age".publicKeys = users ++ systems;
+  "forgejo.dbpass.age".publicKeys = users ++ systems;
 }
--- a/secrets/sharkey.dbpass.age
+++ b/secrets/sharkey.dbpass.age
--- a/secrets/sharkey.redispass.age
+++ b/secrets/sharkey.redispass.age
@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 IYaO9g DItojUGo0JgjIqrK08qOAHEPQJyi1O1nxrPlgy/AP1E
+mCBsazT0fmMkZS0IPAwED+T9HKTe3tKyQ1Za/aJIgH8
+-> ssh-ed25519 Xqrm3g SElTQ//ZPGb3WcAl8eAlJ15GBFWNdcsb3YQIb70OxlU
+sZ2t9r5/D31qnAsrB/L5wktCpqioX2wXqbVxXfhSKWQ
+-> ssh-ed25519 FkAUOA pt/3qcltuba+E+z82uhY7jvV28wmrKv49kiTIVYcn3o
+B2PoSaa8WTGFNk6R0tq6JXXRQQa3MthhRZtWDfS1MYs
+-> ssh-ed25519 G48T3w Zn7f2iF40UtqNyIp+mR/uzK3Gie0ei7EnYqlk83P/08
+eefHjO7mEHG6XmX0iN+vVtMHUe1F25p4Revh6Ii8SUY
+--- fU40EtRSgZ9IrSbs8CytvsbTaTWh30xoKsMHmMkUWsE
+Kｶ=ｽmｨv畋鈑甫>+<2B>ﾄe1n&@cq迂!#9ｰ･Tq;ﾐ<>