parent
0d150b3236
commit
b189d061cb
11 changed files with 67 additions and 49 deletions
Binary file not shown.
Binary file not shown.
|
@ -1,6 +1,15 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 aqswPA BWfWJ0Detm+1l0tYnjR9n5rIUBfdHb/wTnZnGoYx6SU
|
||||
gp5vcIXtJpF6KJ0cHJ6GRpHQvxi7ij//1LH0afFoRuo
|
||||
--- exwOM8D5yMcDFp0uzRnbD6TWSgs12WmZo7sKlnHYOwY
|
||||
4Öš¾0
|
||||
e(+×}²½f%Àã^‘ kÀbד{WèŒôVüPänדù:…Å6ý£s
|
||||
-> ssh-ed25519 UwNSRQ Lr6HfHB1pQVAVESUkR1a1ie8o9cTtCa0LA4y20UvfRU
|
||||
8X+VZUfk2oRrM+A4pZC/6yyexo2Kr8MO7isiXPsnOJk
|
||||
-> ssh-ed25519 JJ7S4A fngT1OkV0pfig7UZ4vA8CWFDWc//xn2KWRsk1+EI0Ac
|
||||
9J+I87tFasCug4rVaXJKNKzxr450YtZUypSTmwf/r7g
|
||||
-> ssh-ed25519 aqswPA I/RtBp+6CgMOPs41nbd8CqBgpgch8ixRGbzacXSDKRE
|
||||
adBD/lskyXK/QU+v/OlQ1wQK7PkhALpdxgHUc1i+jcU
|
||||
-> ssh-ed25519 LAPUww JtDnT4+NqLMBc+LpQSh0eQnSyXzJOHHbaZFNQmxIdC0
|
||||
/DjWq9XUAH3xZvU1PlB7Q70LQ0x9SRMmaSYQ+DyQZEM
|
||||
-> ssh-ed25519 vBZj5g 4YBFh5e32ZHr8byvd4vbZ9zljHO4FTrJGhsZiH//KVw
|
||||
iA+foYHtgt2PjBG9yfBWNLeygiIbW3MsbUQdVWgyrno
|
||||
-> ssh-ed25519 QP0PgA urlidySF5ZG9ILjdPuJPX6V/aDIAYzwBVd+XopDF5UA
|
||||
NL/RxiKPRn+uZW37jJKLOHCaktuvzm0SIwcMmBgF5CY
|
||||
--- aeaUWpBxSTjrcDDQa6Zk2dcdvhsdqs22JlvkduILpqE
|
||||
â噧ňQú˛ŕˇ)Š„Ĺçäż7btˇíu+Ő<>=ĽŻMŁÁlěMúzsŐÚ8đ… a˙
|
|
@ -1,5 +1,15 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 aqswPA nsjKPakYuFVxfbJkPKnhqPytMz07KIT32xgJpiuaRD0
|
||||
fv+HZdDb1Evy0LIA5sFMFx+KUbAF7jJojrQXMSSmNAo
|
||||
--- zJOYXheC2OupvfQNtDfcUCkVMg3TqJQEFjTfAwyi/Pw
|
||||
‚¼¬Î°‡<EFBFBD>¨×¶†¡£‰¹maåJ^¤ˆ•€UZÂ>¬f±ââ÷@¨•¤‰÷òmÎG¨`ðrOY2‰#‡ÜŽ¼oΙþ‡= åSƒî_.ô¼MÅa3›HŸ–ŸL<C5B8>ÉÈüçcB·t§ÜËZ× Žç5 c•ä0Á=ŽLK¢¥‹ +!cu<63>t«Rƒà¥U2îŸ6½ßª½)<13>ƒ¯fPÚ³AU«‘¤
|
||||
-> ssh-ed25519 UwNSRQ 4tVNE9qMbAvdgvUV/lllntSWjschSe3gY8nknp1DgQk
|
||||
8nQh/bM1tkSyPd0j5Tn9DeUT6V4p8Fdk3GiGZUwoBwk
|
||||
-> ssh-ed25519 JJ7S4A QHRi+zGVWfa6+l/gpUC1SyCSrDjMRk89MAYUVmdINWQ
|
||||
RstWCyCv2sSQCqgcFT6Djza7gkztlFf3af1EvNQTg6k
|
||||
-> ssh-ed25519 aqswPA BSwMu/VwsKqpHaqWbP7TNVE3kNWeGV1xdj2AhIhJOQE
|
||||
1QwREnDoFi5UTd20dAbJEVeA9lp3R6746PTAyF5KRqQ
|
||||
-> ssh-ed25519 LAPUww zFWdRmb38deepDWtFIlQYFA205jKrM6T4iU6nURnBU4
|
||||
gxA0pT9DKQMXMSJjQ+fFp7K6rhwHx90pXwFcBuc1ptI
|
||||
-> ssh-ed25519 vBZj5g uYJyvL//qPFg1QXgvacb+0Z0+4NMTXCg5dddlVDJJDQ
|
||||
2DqHQ6FIw8oCXbkZPl5fLmUVmXzBMLe9wFJsPSEDoZQ
|
||||
-> ssh-ed25519 QP0PgA +CHjn/rPhNrsXSVMFgoyhSdhn8k6BWS58XSDwjipi0U
|
||||
DGVkPVEMzPZDRPygjIxX4VWv9wbknmrMXFMAXnWVI1Q
|
||||
--- GZXaTJpDKi0WIHeOzamI/MygV50iPVV94UFyqPMd1GA
|
||||
%ƒXQcZŠXZâ÷´¥¦ƒÇÿö\â–iÏ#_¤Û{L<>¥fŠ×åOc¡EsæõÂ"ãG:ÂM D}£{\.äÛÙ†øÐû Ôý~Û6†,|C•v0ºŠ*Rr74ñ{Š–ußásÝZ=s}YH:æÀZ¤Þ…&(vR„<52>ËMkqãàÈî_PEKàMÆ"?kÌ\¨¶Ö—³êZ’¬P
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,44 +1,43 @@
|
|||
# TODO: Just encrypt each file with all hosts' public keys (plus our personal public keys) and deploy when demanded.
|
||||
let
|
||||
pkgs = import <nixpkgs> { };
|
||||
lib = pkgs.lib;
|
||||
secrets = {
|
||||
jefke = {
|
||||
publicKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJUSH2IQg8Y/CCcej7J6oe4co++6HlDo1MYDCR3gV3a pim@x260"
|
||||
];
|
||||
encryptedFiles = [
|
||||
"jefke_host_ed25519.age"
|
||||
"jefke_user_ed25519.age"
|
||||
"postgresql_server.key.age"
|
||||
];
|
||||
};
|
||||
atlas = {
|
||||
publicKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 pim@x260"
|
||||
];
|
||||
encryptedFiles = [
|
||||
"atlas_host_ed25519.age"
|
||||
"atlas_user_ed25519.age"
|
||||
];
|
||||
};
|
||||
lewis = {
|
||||
publicKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5lZjsqS6C50WO8p08TY7Fg8rqQH04EkpDTxCRGtR7a pim@x260"
|
||||
];
|
||||
encryptedFiles = [
|
||||
"lewis_host_ed25519.age"
|
||||
"lewis_user_ed25519.age"
|
||||
"database_passwords.env.age"
|
||||
"borg_passphrase.age"
|
||||
"ec2_borg_server.pem.age"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
publicKeyURLs = [
|
||||
"https://github.com/pizzapim.keys"
|
||||
"https://github.com/pizzaniels.keys"
|
||||
];
|
||||
|
||||
encryptedFileNames = [
|
||||
"jefke_host_ed25519.age"
|
||||
"jefke_user_ed25519.age"
|
||||
"postgresql_server.key.age"
|
||||
"atlas_host_ed25519.age"
|
||||
"atlas_user_ed25519.age"
|
||||
"lewis_host_ed25519.age"
|
||||
"lewis_user_ed25519.age"
|
||||
"database_passwords.env.age"
|
||||
"borg_passphrase.age"
|
||||
"ec2_borg_server.pem.age"
|
||||
];
|
||||
|
||||
machinePublicKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJUSH2IQg8Y/CCcej7J6oe4co++6HlDo1MYDCR3gV3a root@jefke.hyp"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 root@atlas.hyp"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5lZjsqS6C50WO8p08TY7Fg8rqQH04EkpDTxCRGtR7a root@lewis.hyp"
|
||||
];
|
||||
|
||||
fetchPublicKeys = url:
|
||||
let
|
||||
publicKeysFile = builtins.fetchurl { inherit url; };
|
||||
publicKeysFileContents = lib.strings.fileContents publicKeysFile;
|
||||
in
|
||||
lib.strings.splitString "\n" publicKeysFileContents;
|
||||
|
||||
adminPublicKeys = lib.flatten (builtins.map fetchPublicKeys publicKeyURLs);
|
||||
|
||||
allPublicKeys = lib.flatten [ machinePublicKeys adminPublicKeys ];
|
||||
|
||||
publicKeysForEncryptedFileName = encryptedFileName:
|
||||
{ "${encryptedFileName}".publicKeys = allPublicKeys; };
|
||||
in
|
||||
lib.attrsets.mergeAttrsList (builtins.map
|
||||
({ publicKeys, encryptedFiles }:
|
||||
lib.attrsets.mergeAttrsList (builtins.map
|
||||
(encryptedFile: { "${encryptedFile}" = { inherit publicKeys; }; })
|
||||
encryptedFiles))
|
||||
(lib.attrsets.attrValues secrets))
|
||||
lib.attrsets.mergeAttrsList (builtins.map publicKeysForEncryptedFileName encryptedFileNames)
|
||||
|
|
Loading…
Reference in a new issue