nixos-configs/secrets/secrets.nix

19 lines
856 B
Nix
Raw Normal View History

2023-10-14 17:08:02 +00:00
let
pkgs = import <nixpkgs> {};
2023-10-16 10:39:34 +00:00
publicKeysURL = "https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
publicKeys = pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents publicKeysFile);
2023-10-14 17:08:02 +00:00
in
{
"wg-quick-home-privkey.age".publicKeys = publicKeys;
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
"sue_ed25519.age".publicKeys = publicKeys;
"sue_azure_rsa.age".publicKeys = publicKeys;
"syncthing-key.pem.age".publicKeys = publicKeys;
"syncthing-cert.pem.age".publicKeys = publicKeys;
"common-pg-tfbackend.age".publicKeys = publicKeys;
2023-10-26 17:56:23 +00:00
"ansible-vault-secret.age".publicKeys = publicKeys;
2023-10-26 18:11:59 +00:00
"powerdns-api-key.json.age".publicKeys = publicKeys;
"keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file.
2023-10-14 17:08:02 +00:00
}