parent
0d150b3236
commit
b189d061cb
11 changed files with 67 additions and 49 deletions
Binary file not shown.
Binary file not shown.
|
@ -1,6 +1,15 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 aqswPA BWfWJ0Detm+1l0tYnjR9n5rIUBfdHb/wTnZnGoYx6SU
|
-> ssh-ed25519 UwNSRQ Lr6HfHB1pQVAVESUkR1a1ie8o9cTtCa0LA4y20UvfRU
|
||||||
gp5vcIXtJpF6KJ0cHJ6GRpHQvxi7ij//1LH0afFoRuo
|
8X+VZUfk2oRrM+A4pZC/6yyexo2Kr8MO7isiXPsnOJk
|
||||||
--- exwOM8D5yMcDFp0uzRnbD6TWSgs12WmZo7sKlnHYOwY
|
-> ssh-ed25519 JJ7S4A fngT1OkV0pfig7UZ4vA8CWFDWc//xn2KWRsk1+EI0Ac
|
||||||
4Öš¾0
|
9J+I87tFasCug4rVaXJKNKzxr450YtZUypSTmwf/r7g
|
||||||
e(+×}²½f%Àã^‘ kÀbד{WèŒôVüPänדù:…Å6ý£s
|
-> ssh-ed25519 aqswPA I/RtBp+6CgMOPs41nbd8CqBgpgch8ixRGbzacXSDKRE
|
||||||
|
adBD/lskyXK/QU+v/OlQ1wQK7PkhALpdxgHUc1i+jcU
|
||||||
|
-> ssh-ed25519 LAPUww JtDnT4+NqLMBc+LpQSh0eQnSyXzJOHHbaZFNQmxIdC0
|
||||||
|
/DjWq9XUAH3xZvU1PlB7Q70LQ0x9SRMmaSYQ+DyQZEM
|
||||||
|
-> ssh-ed25519 vBZj5g 4YBFh5e32ZHr8byvd4vbZ9zljHO4FTrJGhsZiH//KVw
|
||||||
|
iA+foYHtgt2PjBG9yfBWNLeygiIbW3MsbUQdVWgyrno
|
||||||
|
-> ssh-ed25519 QP0PgA urlidySF5ZG9ILjdPuJPX6V/aDIAYzwBVd+XopDF5UA
|
||||||
|
NL/RxiKPRn+uZW37jJKLOHCaktuvzm0SIwcMmBgF5CY
|
||||||
|
--- aeaUWpBxSTjrcDDQa6Zk2dcdvhsdqs22JlvkduILpqE
|
||||||
|
â噧ňQú˛ŕˇ)Š„Ĺçäż7btˇíu+Ő<>=ĽŻMŁÁlěMúzsŐÚ8đ… a˙
|
|
@ -1,5 +1,15 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 aqswPA nsjKPakYuFVxfbJkPKnhqPytMz07KIT32xgJpiuaRD0
|
-> ssh-ed25519 UwNSRQ 4tVNE9qMbAvdgvUV/lllntSWjschSe3gY8nknp1DgQk
|
||||||
fv+HZdDb1Evy0LIA5sFMFx+KUbAF7jJojrQXMSSmNAo
|
8nQh/bM1tkSyPd0j5Tn9DeUT6V4p8Fdk3GiGZUwoBwk
|
||||||
--- zJOYXheC2OupvfQNtDfcUCkVMg3TqJQEFjTfAwyi/Pw
|
-> ssh-ed25519 JJ7S4A QHRi+zGVWfa6+l/gpUC1SyCSrDjMRk89MAYUVmdINWQ
|
||||||
‚¼¬Î°‡<EFBFBD>¨×¶†¡£‰¹maåJ^¤ˆ•€UZÂ>¬f±ââ÷@¨•¤‰÷òmÎG¨`ðrOY2‰#‡ÜŽ¼oΙþ‡= åSƒî_.ô¼MÅa3›HŸ–ŸL<C5B8>ÉÈüçcB·t§ÜËZ× Žç5 c•ä0Á=ŽLK¢¥‹ +!cu<63>t«Rƒà¥U2îŸ6½ßª½)<13>ƒ¯fPÚ³AU«‘¤
|
RstWCyCv2sSQCqgcFT6Djza7gkztlFf3af1EvNQTg6k
|
||||||
|
-> ssh-ed25519 aqswPA BSwMu/VwsKqpHaqWbP7TNVE3kNWeGV1xdj2AhIhJOQE
|
||||||
|
1QwREnDoFi5UTd20dAbJEVeA9lp3R6746PTAyF5KRqQ
|
||||||
|
-> ssh-ed25519 LAPUww zFWdRmb38deepDWtFIlQYFA205jKrM6T4iU6nURnBU4
|
||||||
|
gxA0pT9DKQMXMSJjQ+fFp7K6rhwHx90pXwFcBuc1ptI
|
||||||
|
-> ssh-ed25519 vBZj5g uYJyvL//qPFg1QXgvacb+0Z0+4NMTXCg5dddlVDJJDQ
|
||||||
|
2DqHQ6FIw8oCXbkZPl5fLmUVmXzBMLe9wFJsPSEDoZQ
|
||||||
|
-> ssh-ed25519 QP0PgA +CHjn/rPhNrsXSVMFgoyhSdhn8k6BWS58XSDwjipi0U
|
||||||
|
DGVkPVEMzPZDRPygjIxX4VWv9wbknmrMXFMAXnWVI1Q
|
||||||
|
--- GZXaTJpDKi0WIHeOzamI/MygV50iPVV94UFyqPMd1GA
|
||||||
|
%ƒXQcZŠXZâ÷´¥¦ƒÇÿö\â–iÏ#_¤Û{L<>¥fŠ×åOc¡EsæõÂ"ãG:ÂM D}£{\.äÛÙ†øÐû Ôý~Û6†,|C•v0ºŠ*Rr74ñ{Š–ußásÝZ=s}YH:æÀZ¤Þ…&(vR„<52>ËMkqãàÈî_PEKàMÆ"?kÌ\¨¶Ö—³êZ’¬P
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,44 +1,43 @@
|
||||||
# TODO: Just encrypt each file with all hosts' public keys (plus our personal public keys) and deploy when demanded.
|
|
||||||
let
|
let
|
||||||
pkgs = import <nixpkgs> { };
|
pkgs = import <nixpkgs> { };
|
||||||
lib = pkgs.lib;
|
lib = pkgs.lib;
|
||||||
secrets = {
|
|
||||||
jefke = {
|
publicKeyURLs = [
|
||||||
publicKeys = [
|
"https://github.com/pizzapim.keys"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJUSH2IQg8Y/CCcej7J6oe4co++6HlDo1MYDCR3gV3a pim@x260"
|
"https://github.com/pizzaniels.keys"
|
||||||
];
|
];
|
||||||
encryptedFiles = [
|
|
||||||
|
encryptedFileNames = [
|
||||||
"jefke_host_ed25519.age"
|
"jefke_host_ed25519.age"
|
||||||
"jefke_user_ed25519.age"
|
"jefke_user_ed25519.age"
|
||||||
"postgresql_server.key.age"
|
"postgresql_server.key.age"
|
||||||
];
|
|
||||||
};
|
|
||||||
atlas = {
|
|
||||||
publicKeys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 pim@x260"
|
|
||||||
];
|
|
||||||
encryptedFiles = [
|
|
||||||
"atlas_host_ed25519.age"
|
"atlas_host_ed25519.age"
|
||||||
"atlas_user_ed25519.age"
|
"atlas_user_ed25519.age"
|
||||||
];
|
|
||||||
};
|
|
||||||
lewis = {
|
|
||||||
publicKeys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5lZjsqS6C50WO8p08TY7Fg8rqQH04EkpDTxCRGtR7a pim@x260"
|
|
||||||
];
|
|
||||||
encryptedFiles = [
|
|
||||||
"lewis_host_ed25519.age"
|
"lewis_host_ed25519.age"
|
||||||
"lewis_user_ed25519.age"
|
"lewis_user_ed25519.age"
|
||||||
"database_passwords.env.age"
|
"database_passwords.env.age"
|
||||||
"borg_passphrase.age"
|
"borg_passphrase.age"
|
||||||
"ec2_borg_server.pem.age"
|
"ec2_borg_server.pem.age"
|
||||||
];
|
];
|
||||||
};
|
|
||||||
};
|
machinePublicKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIJUSH2IQg8Y/CCcej7J6oe4co++6HlDo1MYDCR3gV3a root@jefke.hyp"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKZ1OGe8jLyc+72SFUnW4FOKbpqHs7Mym85ESBN4HWV7 root@atlas.hyp"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5lZjsqS6C50WO8p08TY7Fg8rqQH04EkpDTxCRGtR7a root@lewis.hyp"
|
||||||
|
];
|
||||||
|
|
||||||
|
fetchPublicKeys = url:
|
||||||
|
let
|
||||||
|
publicKeysFile = builtins.fetchurl { inherit url; };
|
||||||
|
publicKeysFileContents = lib.strings.fileContents publicKeysFile;
|
||||||
in
|
in
|
||||||
lib.attrsets.mergeAttrsList (builtins.map
|
lib.strings.splitString "\n" publicKeysFileContents;
|
||||||
({ publicKeys, encryptedFiles }:
|
|
||||||
lib.attrsets.mergeAttrsList (builtins.map
|
adminPublicKeys = lib.flatten (builtins.map fetchPublicKeys publicKeyURLs);
|
||||||
(encryptedFile: { "${encryptedFile}" = { inherit publicKeys; }; })
|
|
||||||
encryptedFiles))
|
allPublicKeys = lib.flatten [ machinePublicKeys adminPublicKeys ];
|
||||||
(lib.attrsets.attrValues secrets))
|
|
||||||
|
publicKeysForEncryptedFileName = encryptedFileName:
|
||||||
|
{ "${encryptedFileName}".publicKeys = allPublicKeys; };
|
||||||
|
in
|
||||||
|
lib.attrsets.mergeAttrsList (builtins.map publicKeysForEncryptedFileName encryptedFileNames)
|
||||||
|
|
Loading…
Reference in a new issue