nixos-configs/secrets/secrets.nix
2023-11-05 18:49:51 +01:00

17 lines
854 B
Nix

let
pkgs = import <nixpkgs> {};
publicKeysURL = "https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
publicKeysFile = builtins.fetchurl {url = publicKeysURL;};
publicKeys = pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents publicKeysFile);
in {
"wg-quick-home-privkey.age".publicKeys = publicKeys;
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
"sue_ed25519.age".publicKeys = publicKeys;
"sue_azure_rsa.age".publicKeys = publicKeys;
"syncthing-key.pem.age".publicKeys = publicKeys;
"syncthing-cert.pem.age".publicKeys = publicKeys;
"common-pg-tfbackend.age".publicKeys = publicKeys;
"ansible-vault-secret.age".publicKeys = publicKeys;
"powerdns-api-key.json.age".publicKeys = publicKeys;
"keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file.
}