flake-update-20260505
1let
2 #vincent-yubikey5a = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFT5Rx+4Wuvd8lMBkcHxb4oHdRhm/OTg+p5tvPzoIN9enSmgRw5Inm/SlS8ZzV87G1NESTgzDRi6hREvqDlKvxs=";
3 vincent-yubikey5c1 = "age1yubikey1q0g72w5n3zgt4qv64fkymcttqlpct0yh0rf29079h3696d6wkruakkst877"; # does this work ? Otherwise the ssh one.
4 # vincent-yubikey5c1 = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBFzxC16VqwTgWDQfw2YCiOw2JzpH3z9XgHtKoHhBdHi2i9m9XUc7fIUeEIIf7P8ARRNd8q5bjvl8JY7LtPkNCU=";
5 vincent-yubikey5c2 = "age1yubikey1qdj6ld6dlcumxq59xy2xrdl22yu6pc46zyu3mvxe6s9h6kesdm5kcm320qe";
6 users = [
7 vincent-yubikey5c1
8 vincent-yubikey5c2
9 ];
10
11 aomi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME"; # ssh-keyscan -q -t ed25519 aomi.sbr.pm
12 athena = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/4KRP1rzOwyA2zP1Nf1WlLRHqAGutLtOHYWfH732xh"; # ssh-keyscan -q -t ed25519 athena.sbr.pm
13 demeter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqQfEyHyjIGglayB9FtCqL7bnYfNSQlBXks2IuyCPmd"; # ssh-keyscan -q -t ed25519 demeter.sbr.pm
14 kerkouane = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJguVoQYObRLyNxELFc3ai2yDJ25+naiM3tKrBGuxwwA"; # ssh-keyscan -q -t ed25519 kerkouane.sbr.pm
15 rhea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFH3Lk4bRgNyFRK/Hzg1PvVbL/dpyI1SmLJFkb6VQDw"; # ssh-keyscan -q -t ed25519 rhea.sbr.pm
16 sakhalin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/PMBThi4DhgZR8VywbRDzzMVh2Qp3T6NJAcPubfXz6"; # ssh-keyscan -q -t ed25519 sakhalin.sbr.pm
17 shikoku = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH18c6kcorVbK2TwCgdewL6nQf29Cd5BVTeq8nRYUigm"; # ssh-keyscan -q -t ed25519 shikoku.sbr.pm
18 # wakasu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrAh07USjRnAdS3mMNGdKee1KumjYDLzgXaiZ5LYi2D"; # ssh-keyscan -q -t ed25519 wakasu.sbr.pm
19 kyushu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd795m+P54GlGJdMaGci9pQ9N942VUz8ri2F14+LWxg"; # ssh-keyscan -q -t ed25519 kyushu.sbr.pm
20 aion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAXDNi2KtoRU83y/V5OWnMbFWmxwBknPmrNWV4RChE7R"; # ssh-keyscan -q -t ed25519 aion.sbr.pm
21 aix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEoUicDySCGETPAgmI0P3UrgZEXXw3zNsyCIylUP0bML"; # ssh-keyscan -q -t ed25519 aix.sbr.pm
22 nagoya = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfep1SkMsAPHggXFLfEJNzZb7eoihtkqDeQruG+TbhF";
23 okinawa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8vCZ0h6geJZt6i5k6chEDZBggoyq91Z+oNSjvVeSfW"; # From globals.nix
24 carthage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHDurbEy1PiidOirbiPXz84ySdv3rwosPTAlCqacc73a"; # ssh-keyscan -q -t ed25519 carthage.sbr.pm
25 desktops = [
26 kyushu
27 okinawa
28 ];
29 servers = [
30 aion
31 aix
32 aomi
33 athena
34 carthage
35 demeter
36 kerkouane
37 nagoya
38 rhea
39 sakhalin
40 shikoku
41 ];
42 systems = servers ++ desktops;
43in
44{
45 # Mail passwords
46 "secrets/mails/icloud-vdemeester.age".publicKeys = users ++ [ athena ];
47
48 # Red Hat
49 "secrets/redhat/krb5.conf.age".publicKeys = users ++ [
50 aomi
51 kyushu
52 okinawa
53 ];
54 "secrets/redhat/RHVPN.ovpn.age".publicKeys = users ++ [
55 aomi
56 kyushu
57 okinawa
58 ];
59 "secrets/redhat/AMS2.ovpn.age".publicKeys = users ++ [
60 aomi
61 kyushu
62 okinawa
63 ];
64 "secrets/redhat/RDU2.ovpn.age".publicKeys = users ++ [
65 aomi
66 kyushu
67 okinawa
68 ];
69 "secrets/redhat/BBRQ.ovpn.age".publicKeys = users ++ [
70 aomi
71 kyushu
72 okinawa
73 ];
74 "secrets/redhat/ipa.crt.age".publicKeys = users ++ [
75 aomi
76 kyushu
77 okinawa
78 ];
79 "secrets/redhat/2022-RH-IT-Root-CA.pem.age".publicKeys = users ++ [
80 aomi
81 kyushu
82 okinawa
83 ];
84 "secrets/redhat/Eng-CA.crt.age".publicKeys = users ++ [
85 aomi
86 kyushu
87 okinawa
88 ];
89 "secrets/redhat/newca.crt.age".publicKeys = users ++ [
90 aomi
91 kyushu
92 okinawa
93 ];
94 "secrets/redhat/oracle_ebs.crt.age".publicKeys = users ++ [
95 aomi
96 kyushu
97 okinawa
98 ];
99 "secrets/redhat/pki-ca-chain.crt.age".publicKeys = users ++ [
100 aomi
101 kyushu
102 okinawa
103 ];
104 "secrets/redhat/RH_ITW.crt.age".publicKeys = users ++ [
105 aomi
106 kyushu
107 okinawa
108 ];
109 "secrets/redhat/win-intermediate-ca.cer.age".publicKeys = users ++ [
110 aomi
111 kyushu
112 okinawa
113 ];
114 "secrets/redhat/redhat.pem.age".publicKeys = users ++ systems;
115 # Others
116 "secrets/minica.pem.age".publicKeys = users ++ systems;
117 "secrets/shikoku/aria2rpcsecret.age".publicKeys = users ++ [ shikoku ];
118 "secrets/rhea/gandi.env.age".publicKeys = users ++ [
119 rhea
120 aion # For XMPP ACME DNS-01 challenge
121 ];
122 "secrets/rhea/exportarr-sonarr-apikey.age".publicKeys = users ++ [
123 rhea
124 aion
125 ];
126 "secrets/rhea/exportarr-radarr-apikey.age".publicKeys = users ++ [
127 rhea
128 aion
129 ];
130 "secrets/rhea/exportarr-lidarr-apikey.age".publicKeys = users ++ [
131 rhea
132 aion
133 ];
134 "secrets/rhea/exportarr-prowlarr-apikey.age".publicKeys = users ++ [
135 rhea
136 aion
137 ];
138 "secrets/rhea/exportarr-readarr-apikey.age".publicKeys = users ++ [
139 rhea
140 aion
141 ];
142 "secrets/rhea/exportarr-bazarr-apikey.age".publicKeys = users ++ [
143 rhea
144 aion
145 ];
146 "secrets/rhea/jellyfin-auto-collections-api-key.age".publicKeys = users ++ [ rhea ];
147 "secrets/rhea/jellyfin-auto-collections-jellyseerr-password.age".publicKeys = users ++ [ rhea ];
148 "secrets/rhea/jellyfin-favorites-sync-api-key.age".publicKeys = users ++ [ rhea ];
149 "secrets/rhea/jellyfin-favorites-sync-ssh-key.age".publicKeys = users ++ [ rhea ];
150 "secrets/rhea/webdav-password.age".publicKeys = users ++ [ rhea ];
151 "secrets/sakhalin/grafana-admin-password.age".publicKeys = users ++ [ sakhalin ];
152 "secrets/sakhalin/grafana-secret-key.age".publicKeys = users ++ [ sakhalin ];
153 "secrets/sakhalin/ntfy-token.age".publicKeys = users ++ [
154 sakhalin
155 aion
156 okinawa
157 rhea
158 kerkouane
159 carthage
160 ];
161 "secrets/sakhalin/homeassistant-prometheus-token.age".publicKeys = users ++ [ sakhalin ];
162 "secrets/demeter/mosquitto-homeassistant-password.age".publicKeys = users ++ [ demeter ];
163 "secrets/aion/restic-aix-password.age".publicKeys = users ++ [ aion ];
164 # OpenCode web on okinawa
165 "secrets/okinawa/opencode-password.age".publicKeys = users ++ [ okinawa ];
166 "secrets/okinawa/groq-api-key.age".publicKeys = users ++ [ okinawa ];
167 "secrets/okinawa/openrouter-api-key.age".publicKeys = users ++ [ okinawa ];
168 "secrets/okinawa/gemini-api-key.age".publicKeys = users ++ [ okinawa ];
169 # Daneel XMPP bot on okinawa
170 "secrets/okinawa/xmpp-research-bot-password.age".publicKeys = users ++ [ okinawa ];
171 "secrets/rhea/restic-aix-password.age".publicKeys = users ++ [ rhea ];
172
173 # Harmonia binary cache signing keys
174 "secrets/harmonia/aion-signing-key.age".publicKeys = users ++ [ aion ];
175 "secrets/harmonia/okinawa-signing-key.age".publicKeys = users ++ [ okinawa ];
176
177 # SearXNG on sakhalin
178 "secrets/sakhalin/searxng-secret-key.age".publicKeys = users ++ [ sakhalin ];
179
180 # Flux website generator on carthage
181 "secrets/carthage/flux-github-token.age".publicKeys = users ++ [ carthage ];
182}