nftable-migration
1let
2 #vincent-yubikey5a = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFT5Rx+4Wuvd8lMBkcHxb4oHdRhm/OTg+p5tvPzoIN9enSmgRw5Inm/SlS8ZzV87G1NESTgzDRi6hREvqDlKvxs=";
3 vincent-yubikey5c1 = "age1yubikey1q0g72w5n3zgt4qv64fkymcttqlpct0yh0rf29079h3696d6wkruakkst877"; # does this work ? Otherwise the ssh one.
4 # vincent-yubikey5c1 = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBFzxC16VqwTgWDQfw2YCiOw2JzpH3z9XgHtKoHhBdHi2i9m9XUc7fIUeEIIf7P8ARRNd8q5bjvl8JY7LtPkNCU=";
5 vincent-yubikey5c2 = "age1yubikey1qf2vcr22ugzj94dzfhdrz39h60ukr6gvk2687de2srg9407azd53kgsajvu";
6 users = [
7 vincent-yubikey5c1
8 vincent-yubikey5c2
9 ];
10
11 aomi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME"; # ssh-keyscan -q -t ed25519 aomi.sbr.pm
12 athena = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/4KRP1rzOwyA2zP1Nf1WlLRHqAGutLtOHYWfH732xh"; # ssh-keyscan -q -t ed25519 athena.sbr.pm
13 demeter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqQfEyHyjIGglayB9FtCqL7bnYfNSQlBXks2IuyCPmd"; # ssh-keyscan -q -t ed25519 demeter.sbr.pm
14 kerkouane = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJguVoQYObRLyNxELFc3ai2yDJ25+naiM3tKrBGuxwwA"; # ssh-keyscan -q -t ed25519 kerkouane.sbr.pm
15 rhea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFH3Lk4bRgNyFRK/Hzg1PvVbL/dpyI1SmLJFkb6VQDw"; # ssh-keyscan -q -t ed25519 rhea.sbr.pm
16 sakhalin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/PMBThi4DhgZR8VywbRDzzMVh2Qp3T6NJAcPubfXz6"; # ssh-keyscan -q -t ed25519 sakhalin.sbr.pm
17 shikoku = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH18c6kcorVbK2TwCgdewL6nQf29Cd5BVTeq8nRYUigm"; # ssh-keyscan -q -t ed25519 shikoku.sbr.pm
18 # wakasu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrAh07USjRnAdS3mMNGdKee1KumjYDLzgXaiZ5LYi2D"; # ssh-keyscan -q -t ed25519 wakasu.sbr.pm
19 kyushu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd795m+P54GlGJdMaGci9pQ9N942VUz8ri2F14+LWxg"; # ssh-keyscan -q -t ed25519 kyushu.sbr.pm
20 # TODO: kobe
21 # TODO: aion
22 # TODO: aix
23 desktops = [
24 kyushu
25 ];
26 servers = [
27 aomi
28 athena
29 demeter
30 kerkouane
31 rhea
32 sakhalin
33 shikoku
34 ];
35 systems = servers ++ desktops;
36in
37{
38 # Red Hat
39 "secrets/redhat/krb5.conf.age".publicKeys = users ++ [
40 aomi
41 kyushu
42 ];
43 "secrets/redhat/RHVPN.ovpn.age".publicKeys = users ++ [
44 aomi
45 kyushu
46 ];
47 "secrets/redhat/AMS2.ovpn.age".publicKeys = users ++ [
48 aomi
49 kyushu
50 ];
51 "secrets/redhat/RDU2.ovpn.age".publicKeys = users ++ [
52 aomi
53 kyushu
54 ];
55 "secrets/redhat/BBRQ.ovpn.age".publicKeys = users ++ [
56 aomi
57 kyushu
58 ];
59 "secrets/redhat/ipa.crt.age".publicKeys = users ++ [
60 aomi
61 kyushu
62 ];
63 "secrets/redhat/2022-RH-IT-Root-CA.pem.age".publicKeys = users ++ [
64 aomi
65 kyushu
66 ];
67 "secrets/redhat/Eng-CA.crt.age".publicKeys = users ++ [
68 aomi
69 kyushu
70 ];
71 "secrets/redhat/newca.crt.age".publicKeys = users ++ [
72 aomi
73 kyushu
74 ];
75 "secrets/redhat/oracle_ebs.crt.age".publicKeys = users ++ [
76 aomi
77 kyushu
78 ];
79 "secrets/redhat/pki-ca-chain.crt.age".publicKeys = users ++ [
80 aomi
81 kyushu
82 ];
83 "secrets/redhat/RH_ITW.crt.age".publicKeys = users ++ [
84 aomi
85 kyushu
86 ];
87 "secrets/redhat/win-intermediate-ca.cer.age".publicKeys = users ++ [
88 aomi
89 kyushu
90 ];
91 "secrets/redhat/redhat.pem.age".publicKeys = users ++ systems;
92 # Others
93 "secrets/minica.pem.age".publicKeys = users ++ systems;
94 "secrets/shikoku/aria2rpcsecret.age".publicKeys = users ++ [ shikoku ];
95 "secrets/rhea/gandi.env.age".publicKeys = users ++ [ rhea ];
96 "secrets/rhea/exportarr-sonarr-apikey.age".publicKeys = users ++ [ rhea ];
97 "secrets/rhea/exportarr-radarr-apikey.age".publicKeys = users ++ [ rhea ];
98 "secrets/rhea/exportarr-lidarr-apikey.age".publicKeys = users ++ [ rhea ];
99 "secrets/rhea/exportarr-prowlarr-apikey.age".publicKeys = users ++ [ rhea ];
100 "secrets/rhea/exportarr-readarr-apikey.age".publicKeys = users ++ [ rhea ];
101 "secrets/rhea/exportarr-bazarr-apikey.age".publicKeys = users ++ [ rhea ];
102 "secrets/demeter/mosquitto-homeassistant-password.age".publicKeys = users ++ [ demeter ];
103}