fedora-csb-system-manager
1let
2 #vincent-yubikey5a = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFT5Rx+4Wuvd8lMBkcHxb4oHdRhm/OTg+p5tvPzoIN9enSmgRw5Inm/SlS8ZzV87G1NESTgzDRi6hREvqDlKvxs=";
3 vincent-yubikey5c1 = "age1yubikey1q0g72w5n3zgt4qv64fkymcttqlpct0yh0rf29079h3696d6wkruakkst877"; # does this work ? Otherwise the ssh one.
4 # vincent-yubikey5c1 = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBFzxC16VqwTgWDQfw2YCiOw2JzpH3z9XgHtKoHhBdHi2i9m9XUc7fIUeEIIf7P8ARRNd8q5bjvl8JY7LtPkNCU=";
5 vincent-yubikey5c2 = "age1yubikey1qf2vcr22ugzj94dzfhdrz39h60ukr6gvk2687de2srg9407azd53kgsajvu";
6 users = [
7 vincent-yubikey5c1
8 vincent-yubikey5c2
9 ];
10
11 aomi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME"; # ssh-keyscan -q -t ed25519 aomi.sbr.pm
12 athena = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/4KRP1rzOwyA2zP1Nf1WlLRHqAGutLtOHYWfH732xh"; # ssh-keyscan -q -t ed25519 athena.sbr.pm
13 demeter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqQfEyHyjIGglayB9FtCqL7bnYfNSQlBXks2IuyCPmd"; # ssh-keyscan -q -t ed25519 demeter.sbr.pm
14 kerkouane = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJguVoQYObRLyNxELFc3ai2yDJ25+naiM3tKrBGuxwwA"; # ssh-keyscan -q -t ed25519 kerkouane.sbr.pm
15 rhea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFH3Lk4bRgNyFRK/Hzg1PvVbL/dpyI1SmLJFkb6VQDw"; # ssh-keyscan -q -t ed25519 rhea.sbr.pm
16 sakhalin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/PMBThi4DhgZR8VywbRDzzMVh2Qp3T6NJAcPubfXz6"; # ssh-keyscan -q -t ed25519 sakhalin.sbr.pm
17 shikoku = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH18c6kcorVbK2TwCgdewL6nQf29Cd5BVTeq8nRYUigm"; # ssh-keyscan -q -t ed25519 shikoku.sbr.pm
18 # wakasu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrAh07USjRnAdS3mMNGdKee1KumjYDLzgXaiZ5LYi2D"; # ssh-keyscan -q -t ed25519 wakasu.sbr.pm
19 kyushu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd795m+P54GlGJdMaGci9pQ9N942VUz8ri2F14+LWxg"; # ssh-keyscan -q -t ed25519 kyushu.sbr.pm
20 aion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAXDNi2KtoRU83y/V5OWnMbFWmxwBknPmrNWV4RChE7R"; # ssh-keyscan -q -t ed25519 aion.sbr.pm
21 aix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEoUicDySCGETPAgmI0P3UrgZEXXw3zNsyCIylUP0bML"; # ssh-keyscan -q -t ed25519 aix.sbr.pm
22 nagoya = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfep1SkMsAPHggXFLfEJNzZb7eoihtkqDeQruG+TbhF";
23 # TODO: kobe
24 desktops = [
25 kyushu
26 ];
27 servers = [
28 aion
29 aix
30 aomi
31 athena
32 demeter
33 kerkouane
34 nagoya
35 rhea
36 sakhalin
37 shikoku
38 ];
39 systems = servers ++ desktops;
40in
41{
42 # Mail passwords
43 "secrets/mails/icloud-vdemeester.age".publicKeys = users ++ [ athena ];
44
45 # Red Hat
46 "secrets/redhat/krb5.conf.age".publicKeys = users ++ [
47 aomi
48 kyushu
49 ];
50 "secrets/redhat/RHVPN.ovpn.age".publicKeys = users ++ [
51 aomi
52 kyushu
53 ];
54 "secrets/redhat/AMS2.ovpn.age".publicKeys = users ++ [
55 aomi
56 kyushu
57 ];
58 "secrets/redhat/RDU2.ovpn.age".publicKeys = users ++ [
59 aomi
60 kyushu
61 ];
62 "secrets/redhat/BBRQ.ovpn.age".publicKeys = users ++ [
63 aomi
64 kyushu
65 ];
66 "secrets/redhat/ipa.crt.age".publicKeys = users ++ [
67 aomi
68 kyushu
69 ];
70 "secrets/redhat/2022-RH-IT-Root-CA.pem.age".publicKeys = users ++ [
71 aomi
72 kyushu
73 ];
74 "secrets/redhat/Eng-CA.crt.age".publicKeys = users ++ [
75 aomi
76 kyushu
77 ];
78 "secrets/redhat/newca.crt.age".publicKeys = users ++ [
79 aomi
80 kyushu
81 ];
82 "secrets/redhat/oracle_ebs.crt.age".publicKeys = users ++ [
83 aomi
84 kyushu
85 ];
86 "secrets/redhat/pki-ca-chain.crt.age".publicKeys = users ++ [
87 aomi
88 kyushu
89 ];
90 "secrets/redhat/RH_ITW.crt.age".publicKeys = users ++ [
91 aomi
92 kyushu
93 ];
94 "secrets/redhat/win-intermediate-ca.cer.age".publicKeys = users ++ [
95 aomi
96 kyushu
97 ];
98 "secrets/redhat/redhat.pem.age".publicKeys = users ++ systems;
99 # Others
100 "secrets/minica.pem.age".publicKeys = users ++ systems;
101 "secrets/shikoku/aria2rpcsecret.age".publicKeys = users ++ [ shikoku ];
102 "secrets/rhea/gandi.env.age".publicKeys = users ++ [
103 rhea
104 aion # For XMPP ACME DNS-01 challenge
105 ];
106 "secrets/rhea/exportarr-sonarr-apikey.age".publicKeys = users ++ [
107 rhea
108 aion
109 ];
110 "secrets/rhea/exportarr-radarr-apikey.age".publicKeys = users ++ [
111 rhea
112 aion
113 ];
114 "secrets/rhea/exportarr-lidarr-apikey.age".publicKeys = users ++ [
115 rhea
116 aion
117 ];
118 "secrets/rhea/exportarr-prowlarr-apikey.age".publicKeys = users ++ [
119 rhea
120 aion
121 ];
122 "secrets/rhea/exportarr-readarr-apikey.age".publicKeys = users ++ [
123 rhea
124 aion
125 ];
126 "secrets/rhea/exportarr-bazarr-apikey.age".publicKeys = users ++ [
127 rhea
128 aion
129 ];
130 "secrets/rhea/jellyfin-auto-collections-api-key.age".publicKeys = users ++ [ rhea ];
131 "secrets/rhea/jellyfin-auto-collections-jellyseerr-password.age".publicKeys = users ++ [ rhea ];
132 "secrets/rhea/jellyfin-favorites-sync-api-key.age".publicKeys = users ++ [ rhea ];
133 "secrets/rhea/jellyfin-favorites-sync-ssh-key.age".publicKeys = users ++ [ rhea ];
134 "secrets/rhea/webdav-password.age".publicKeys = users ++ [ rhea ];
135 "secrets/sakhalin/grafana-admin-password.age".publicKeys = users ++ [ sakhalin ];
136 "secrets/sakhalin/ntfy-token.age".publicKeys = users ++ [
137 sakhalin
138 aion
139 aomi
140 rhea
141 kerkouane
142 ];
143 "secrets/sakhalin/homeassistant-prometheus-token.age".publicKeys = users ++ [ sakhalin ];
144 "secrets/demeter/mosquitto-homeassistant-password.age".publicKeys = users ++ [ demeter ];
145 "secrets/aion/restic-aix-password.age".publicKeys = users ++ [ aion ];
146 "secrets/aomi/xmpp-research-bot-password.age".publicKeys = users ++ [ aomi ];
147 "secrets/aomi/gemini-api-key.age".publicKeys = users ++ [ aomi ];
148 "secrets/rhea/restic-aix-password.age".publicKeys = users ++ [ rhea ];
149
150 # Harmonia binary cache signing keys
151 "secrets/harmonia/aomi-signing-key.age".publicKeys = users ++ [ aomi ];
152 "secrets/harmonia/aion-signing-key.age".publicKeys = users ++ [ aion ];
153}