secrets/secrets.nix at 23c29bc784a238edd5e44ce31a95f15f79a09c47 · wiro.world/dotfiles

wiro.world / dotfiles

yep, more dotfiles

dotfiles / secrets / secrets.nix

at 23c29bc784a238edd5e44ce31a95f15f79a09c47 1.3 kB view raw

 1let
 2  inherit (import ./keys.nix) servers sessions systems users;
 3
 4  nixos = systems ++ users;
 5  home-manager = sessions ++ users;
 6  deploy = servers ++ users;
 7in
 8{
 9  # Used in NixOS config
10  "backup-rclone-googledrive.age".publicKeys = nixos;
11  "backup-restic-key.age".publicKeys = nixos;
12
13  # Used in Home Manager
14  "api-crates-io.age".publicKeys = home-manager;
15  "api-wakatime.age".publicKeys = home-manager;
16  "api-wakapi.age".publicKeys = home-manager;
17
18  # Used in server deployment
19
20  # Defines `PDS_JWT_SECRET`, `PDS_ADMIN_PASSWORD`, `PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX`, `PDS_EMAIL_SMTP_URL`, `PDS_EMAIL_FROM_ADDRESS`.
21  "pds-env.age".publicKeys = deploy;
22  # Defines `LLDAP_JWT_SECRET`, `LLDAP_KEY_SEED`.
23  "lldap-env.age".publicKeys = deploy;
24  "headscale-oidc-secret.age".publicKeys = deploy;
25  "grafana-oidc-secret.age".publicKeys = deploy;
26  "authelia-jwt-secret.age".publicKeys = deploy;
27  "authelia-issuer-private-key.age".publicKeys = deploy;
28  "authelia-storage-key.age".publicKeys = deploy;
29  "authelia-ldap-password.age".publicKeys = deploy;
30  "authelia-smtp-password.age".publicKeys = deploy;
31  "tuwunel-registration-tokens.age".publicKeys = deploy;
32
33  # Not used in config but useful
34  "pgp-ca5e.age".publicKeys = users;
35  "ssh-uxgi.age".publicKeys = users;
36}