marc/samfelag
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
bb7b073fe9aa37a41bb5a77ecc0e4cc11eb796a0
samfelag/secrets/secrets.nix
marc a59c52a2a3 Added quinto secrets and deploy-ssh keys
2024-12-22 16:05:01 +01:00

38 lines
1.5 KiB
Nix
Raw Blame History

let
id-reykjavik = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwwpKfxNmUyBoPZqz1jYc6arCdHPvJrEsBN49m/P3By";
id-hvannadal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICy1ocZywBvFHpIj+FvaC7QspRWuLXjy6fwakq9t+0Ev";
id-thingvellir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7";
id-quinto = " ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxgIT2+aoP+ZLMPupV8M0UwCLX6A3s+H6z3BJPCjJc0";
# --- Host lists ---
# Since we want to be able to manage/edit all secrets from reykjavik, we create helper lists that
# always contain reykjavik
reykjavik = [id-reykjavik];
thingvellir = [id-reykjavik id-thingvellir];
quinto = [id-reykjavik id-quinto];
samfelag-hosts = [
id-reykjavik
id-hvannadal
id-thingvellir
];
in
{
# -- Consul -------------------------------
"consul.d/gossip.json.age".publicKeys = samfelag-hosts;
"consul.d/consul-agent-ca.pem.age".publicKeys = samfelag-hosts;
"consul.d/consul-agent-ca-key.pem.age".publicKeys = reykjavik;
# Server certificates
"consul.d/samfelag-server-thingvellir-key.pem.age".publicKeys = thingvellir;
"consul.d/samfelag-server-thingvellir.pem.age".publicKeys = thingvellir;
# Agent tokens
"consul.d/agent-token-reykjavik.json.age".publicKeys = reykjavik;
"consul.d/agent-token-thingvellir.json.age".publicKeys = thingvellir;
# -- Nomad -------------------------------
"nomad.d/consul-token-client.json.age".publicKeys = samfelag-hosts;
"nomad.d/consul-token-server.json.age".publicKeys = thingvellir;
}
Reference in New Issue View Git Blame Copy Permalink