home/secrets.nix at system-manager-wakasu

system-manager-wakasu
 1let
 2  #vincent-yubikey5a = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFT5Rx+4Wuvd8lMBkcHxb4oHdRhm/OTg+p5tvPzoIN9enSmgRw5Inm/SlS8ZzV87G1NESTgzDRi6hREvqDlKvxs=";
 3  vincent-yubikey5c1 = "age1yubikey1q0g72w5n3zgt4qv64fkymcttqlpct0yh0rf29079h3696d6wkruakkst877"; # does this work ? Otherwise the ssh one.
 4  # vincent-yubikey5c1 = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBFzxC16VqwTgWDQfw2YCiOw2JzpH3z9XgHtKoHhBdHi2i9m9XUc7fIUeEIIf7P8ARRNd8q5bjvl8JY7LtPkNCU=";
 5  vincent-yubikey5c2 = "age1yubikey1qf2vcr22ugzj94dzfhdrz39h60ukr6gvk2687de2srg9407azd53kgsajvu";
 6  users = [
 7    vincent-yubikey5c1
 8    vincent-yubikey5c2
 9  ];
10
11  aomi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFQVlSrUKU0xlM9E+sJ8qgdgqCW6ePctEBD2Yf+OnyME"; # ssh-keyscan -q -t ed25519 aomi.sbr.pm
12  athena = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM/4KRP1rzOwyA2zP1Nf1WlLRHqAGutLtOHYWfH732xh"; # ssh-keyscan -q -t ed25519 athena.sbr.pm
13  demeter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqQfEyHyjIGglayB9FtCqL7bnYfNSQlBXks2IuyCPmd"; # ssh-keyscan -q -t ed25519 demeter.sbr.pm
14  kerkouane = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJguVoQYObRLyNxELFc3ai2yDJ25+naiM3tKrBGuxwwA"; # ssh-keyscan -q -t ed25519 kerkouane.sbr.pm
15  rhea = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFH3Lk4bRgNyFRK/Hzg1PvVbL/dpyI1SmLJFkb6VQDw"; # ssh-keyscan -q -t ed25519 rhea.sbr.pm
16  sakhalin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/PMBThi4DhgZR8VywbRDzzMVh2Qp3T6NJAcPubfXz6"; # ssh-keyscan -q -t ed25519 sakhalin.sbr.pm
17  shikoku = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH18c6kcorVbK2TwCgdewL6nQf29Cd5BVTeq8nRYUigm"; # ssh-keyscan -q -t ed25519 shikoku.sbr.pm
18  # wakasu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINrAh07USjRnAdS3mMNGdKee1KumjYDLzgXaiZ5LYi2D"; # ssh-keyscan -q -t ed25519 wakasu.sbr.pm
19  kyushu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINd795m+P54GlGJdMaGci9pQ9N942VUz8ri2F14+LWxg"; # ssh-keyscan -q -t ed25519 kyushu.sbr.pm
20  # TODO: kobe
21  # TODO: aion
22  # TODO: aix
23  desktops = [
24    kyushu
25  ];
26  servers = [
27    aomi
28    athena
29    demeter
30    kerkouane
31    rhea
32    sakhalin
33    shikoku
34  ];
35  systems = servers ++ desktops;
36in
37{
38  # Red Hat
39  "secrets/redhat/krb5.conf.age".publicKeys = users ++ [
40    aomi
41    kyushu
42  ];
43  "secrets/redhat/RHVPN.ovpn.age".publicKeys = users ++ [
44    aomi
45    kyushu
46  ];
47  "secrets/redhat/AMS2.ovpn.age".publicKeys = users ++ [
48    aomi
49    kyushu
50  ];
51  "secrets/redhat/RDU2.ovpn.age".publicKeys = users ++ [
52    aomi
53    kyushu
54  ];
55  "secrets/redhat/BBRQ.ovpn.age".publicKeys = users ++ [
56    aomi
57    kyushu
58  ];
59  "secrets/redhat/ipa.crt.age".publicKeys = users ++ [
60    aomi
61    kyushu
62  ];
63  "secrets/redhat/2022-RH-IT-Root-CA.pem.age".publicKeys = users ++ [
64    aomi
65    kyushu
66  ];
67  "secrets/redhat/Eng-CA.crt.age".publicKeys = users ++ [
68    aomi
69    kyushu
70  ];
71  "secrets/redhat/newca.crt.age".publicKeys = users ++ [
72    aomi
73    kyushu
74  ];
75  "secrets/redhat/oracle_ebs.crt.age".publicKeys = users ++ [
76    aomi
77    kyushu
78  ];
79  "secrets/redhat/pki-ca-chain.crt.age".publicKeys = users ++ [
80    aomi
81    kyushu
82  ];
83  "secrets/redhat/RH_ITW.crt.age".publicKeys = users ++ [
84    aomi
85    kyushu
86  ];
87  "secrets/redhat/win-intermediate-ca.cer.age".publicKeys = users ++ [
88    aomi
89    kyushu
90  ];
91  "secrets/redhat/redhat.pem.age".publicKeys = users ++ systems;
92  # Others
93  "secrets/minica.pem.age".publicKeys = users ++ systems;
94  "secrets/shikoku/aria2rpcsecret.age".publicKeys = users ++ [ shikoku ];
95  "secrets/rhea/gandi.env.age".publicKeys = users ++ [ rhea ];
96}