marc/samfelag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added Thingvellir

Browse Source
This commit is contained in:
marc
2024-02-11 22:06:54 +01:00
parent e716f7cb7d
commit 5cce9461c1
13 changed files with 131 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
secrets/secrets.nix
View File

@@ -1,14 +1,28 @@
let
id-reykjavik = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwwpKfxNmUyBoPZqz1jYc6arCdHPvJrEsBN49m/P3By";
id-hvannadal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICy1ocZywBvFHpIj+FvaC7QspRWuLXjy6fwakq9t+0Ev";
id-thingvellir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7";
# --- Host lists ---
# Since we want to be able to manage/edit all secrets from reykjavik, we create helper lists that
# always contain reykjavik
reykjavik = [id-reykjavik];
thingvellir = [id-reykjavik id-thingvellir];
samfelag-hosts = [
id-reykjavik
id-hvannadal
id-thingvellir
];
in
{
# -- Consul -------------------------------
"consul.d/gossip.json.age".publicKeys = [id-reykjavik];
"consul.d/consul-agent-ca.pem.age".publicKeys = [id-reykjavik];
"consul.d/gossip.json.age".publicKeys = samfelag-hosts;
"consul.d/consul-agent-ca.pem.age".publicKeys = samfelag-hosts;
# Agent tokens
"consul.d/agent-token-reykjavik.json.age".publicKeys = [id-reykjavik];
"consul.d/agent-token-reykjavik.json.age".publicKeys = reykjavik;
"consul.d/agent-token-thingvellir.json.age".publicKeys = thingvellir;
# -- Nomad -------------------------------
"nomad.d/consul-token.json.age".publicKeys = [id-reykjavik];
"nomad.d/consul-token.json.age".publicKeys = samfelag-hosts;
}