nixos-servers/nixos/secrets/secrets.nix

# TODO: Just encrypt each file with all hosts' public keys (plus our personal public keys) and deploy when demanded.
let
  pkgs = import <nixpkgs> { };
  lib = pkgs.lib;
  secrets = {
    jefke = {
      publicKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJUSH2IQg8Y/CCcej7J6oe4co++6HlDo1MYDCR3gV3a pim@x260"
      ];
      encryptedFiles = [
        "jefke_host_ed25519.age"
        "jefke_user_ed25519.age"
        "postgresql_server.key.age"
      ];
    };
    atlas = {
      publicKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 pim@x260"
      ];
      encryptedFiles = [
        "atlas_host_ed25519.age"
        "atlas_user_ed25519.age"
      ];
    };
    lewis = {
      publicKeys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5lZjsqS6C50WO8p08TY7Fg8rqQH04EkpDTxCRGtR7a pim@x260"
      ];
      encryptedFiles = [
        "lewis_host_ed25519.age"
        "lewis_user_ed25519.age"
        "database_passwords.env.age"
        "borg_passphrase.age"
        "ec2_borg_server.pem.age"
      ];
    };
  };
in
lib.attrsets.mergeAttrsList (builtins.map
  ({ publicKeys, encryptedFiles }:
  lib.attrsets.mergeAttrsList (builtins.map
    (encryptedFile: { "${encryptedFile}" = { inherit publicKeys; }; })
    encryptedFiles))
  (lib.attrsets.attrValues secrets))
encrypt borg repository also backup to AWS EC2 instance 2024-01-07 14:57:30 +00:00			`# TODO: Just encrypt each file with all hosts' public keys (plus our personal public keys) and deploy when demanded.`
remove ansible deploy ssh host and user keys using agenix deploy ssh certificates using ssh 2023-11-14 22:53:04 +00:00			`let`
			`pkgs = import <nixpkgs> { };`
			`lib = pkgs.lib;`
			`secrets = {`
			`jefke = {`
			`publicKeys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJUSH2IQg8Y/CCcej7J6oe4co++6HlDo1MYDCR3gV3a pim@x260"`
			`];`
working postgresql installation 2023-11-24 09:31:23 +00:00			`encryptedFiles = [`
			`"jefke_host_ed25519.age"`
			`"jefke_user_ed25519.age"`
			`"postgresql_server.key.age"`
			`];`
remove ansible deploy ssh host and user keys using agenix deploy ssh certificates using ssh 2023-11-14 22:53:04 +00:00			`};`
manage atlas 2023-11-29 16:21:18 +00:00			`atlas = {`
			`publicKeys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 pim@x260"`
			`];`
			`encryptedFiles = [`
			`"atlas_host_ed25519.age"`
			`"atlas_user_ed25519.age"`
			`];`
			`};`
manage lewis with nix move docker swarm ansible to this repo move thecloud ansible to this repo support data disks in terraform 2023-12-25 18:22:22 +00:00			`lewis = {`
			`publicKeys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5lZjsqS6C50WO8p08TY7Fg8rqQH04EkpDTxCRGtR7a pim@x260"`
			`];`
			`encryptedFiles = [`
			`"lewis_host_ed25519.age"`
			`"lewis_user_ed25519.age"`
backup nextcloud and hedgedoc database using borgmatic expose database passwords using agenix install lsof and parted 2024-01-06 19:17:45 +00:00			`"database_passwords.env.age"`
encrypt borg repository also backup to AWS EC2 instance 2024-01-07 14:57:30 +00:00			`"borg_passphrase.age"`
			`"ec2_borg_server.pem.age"`
manage lewis with nix move docker swarm ansible to this repo move thecloud ansible to this repo support data disks in terraform 2023-12-25 18:22:22 +00:00			`];`
			`};`
remove ansible deploy ssh host and user keys using agenix deploy ssh certificates using ssh 2023-11-14 22:53:04 +00:00			`};`
manage lewis with nix move docker swarm ansible to this repo move thecloud ansible to this repo support data disks in terraform 2023-12-25 18:22:22 +00:00			`in`
			`lib.attrsets.mergeAttrsList (builtins.map`
			`({ publicKeys, encryptedFiles }:`
remove ansible deploy ssh host and user keys using agenix deploy ssh certificates using ssh 2023-11-14 22:53:04 +00:00			`lib.attrsets.mergeAttrsList (builtins.map`
			`(encryptedFile: { "${encryptedFile}" = { inherit publicKeys; }; })`
manage lewis with nix move docker swarm ansible to this repo move thecloud ansible to this repo support data disks in terraform 2023-12-25 18:22:22 +00:00			`encryptedFiles))`
			`(lib.attrsets.attrValues secrets))`