82 lines
4.4 KiB
Nix
82 lines
4.4 KiB
Nix
let
|
|
readKeyFile = keyFile: builtins.filter (x: x != [] && x != "") (builtins.split "\n" (builtins.readFile keyFile));
|
|
estragon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBS1xp/2n5q4u4kDerkXQClnD1xeS6qrj0regbJwjktB root@estragon";
|
|
wagon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJqBgXGbnPPmDHrn05Fr3X66cmgP6zvnMtPL21d4ebfh root@wagon";
|
|
lagon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN8fiqJw9RvVVQghG0OVKsXAkBcWox4JsozfxToLAiIK root@lagon";
|
|
klingon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/P58bPqi8yTl12jpP8oFcYG7S8j1WpfgqwZz+EuQqy root@kligon";
|
|
aragon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBUDEhYDtCLI4ypIXhimPjleiGUI3lOTv5LntzNEPM1p root@aragon";
|
|
pendragon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrJwgqLnGuUpUFacXLphiu8vUthVD4mA4a3Uytl5eSD root@pendragon";
|
|
perdrigon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChtLzQ2YhAzJWFhuq4rdenxMFCNGD00PTwmmyjE8PM0 root@perdrigon";
|
|
martagon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINX93idUkaicbyQMOS6EurPdzHpxeza1z7vP6n3+W+mK root@martagon";
|
|
vogon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN4ScFlg1WgXiSOwP0DZRuJ4/BwTsHapDTR1U7/+xQT7 root@vogon";
|
|
jargon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUv3EWs6ojOzl3JPviqB//o5rdfPQzeTYjx4TzxuNSi root@jargon";
|
|
niangon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQCIOv4Eb7ofeQgaABZXxDYXOWXRjSJPA9I+XlcqPrF root@niangon";
|
|
# Add yourself.
|
|
raito = readKeyFile ../pubkeys/raito.keys;
|
|
bensmrs = readKeyFile ../pubkeys/bensmrs.keys;
|
|
tomate = readKeyFile ../pubkeys/tomate.keys;
|
|
jeltz = readKeyFile ../pubkeys/jeltz.keys;
|
|
asyncnomi = readKeyFile ../pubkeys/asyncnomi.keys;
|
|
gamma = readKeyFile ../pubkeys/gamma.keys;
|
|
|
|
active-admins = raito ++ bensmrs ++ tomate ++ jeltz ++ asyncnomi ++ gamma;
|
|
|
|
matrix-admins = active-admins;
|
|
vaultwarden-admins = active-admins;
|
|
keycloak-admins = active-admins;
|
|
ldap-bind-admins = active-admins;
|
|
discourse-admins = active-admins;
|
|
wg-admins = active-admins;
|
|
indico-admins = active-admins;
|
|
grafana-admins = active-admins;
|
|
alertbot-admins = active-admins;
|
|
gitlab-admins = active-admins;
|
|
backups-admins = active-admins;
|
|
mail-admins = active-admins;
|
|
forgejo-admins = active-admins;
|
|
servers = [
|
|
estragon
|
|
wagon
|
|
lagon
|
|
klingon
|
|
aragon
|
|
pendragon
|
|
vogon
|
|
perdrigon
|
|
martagon
|
|
jargon
|
|
niangon
|
|
];
|
|
in
|
|
{
|
|
"matrix-shared-secret.age".publicKeys = [ estragon ] ++ matrix-admins;
|
|
"mautrix-telegram.age".publicKeys = [ estragon ] ++ matrix-admins;
|
|
"vaultwarden-secrets.age".publicKeys = [ wagon ] ++ vaultwarden-admins;
|
|
"keycloak-password-file.age".publicKeys = [ lagon ] ++ keycloak-admins;
|
|
"ldap-bind-password.age".publicKeys = servers ++ ldap-bind-admins;
|
|
"discourse-key-base.age".publicKeys = [ pendragon ] ++ discourse-admins;
|
|
"discourse-mail-password.age".publicKeys = [ pendragon ] ++ discourse-admins;
|
|
"indico-ldap-bind-password.age".publicKeys = [ perdrigon ] ++ indico-admins;
|
|
"indico-secret-key.age".publicKeys = [ perdrigon ] ++ indico-admins;
|
|
"indico-mail-password.age".publicKeys = [ perdrigon ] ++ indico-admins;
|
|
"grafana-admin-password.age".publicKeys = [ martagon ] ++ grafana-admins;
|
|
"grafana-secret-key.age".publicKeys = [ martagon ] ++ grafana-admins;
|
|
"vogon-wg-infra-key.age".publicKeys = [ vogon ] ++ wg-admins;
|
|
"grafana-ldap-bind-password.age".publicKeys = [ martagon ] ++ grafana-admins;
|
|
"alertbot-matrix-password.age".publicKeys = [ martagon ] ++ alertbot-admins;
|
|
"gitlab-secret.age".publicKeys = [ aragon ] ++ gitlab-admins;
|
|
"gitlab-otp-secret.age".publicKeys = [ aragon ] ++ gitlab-admins;
|
|
"gitlab-db-secret.age".publicKeys = [ aragon ] ++ gitlab-admins;
|
|
"gitlab-jws-secret.age".publicKeys = [ aragon ] ++ gitlab-admins;
|
|
"gitlab-arpk-secret.age".publicKeys = [ aragon ] ++ gitlab-admins;
|
|
"gitlab-ardk-secret.age".publicKeys = [ aragon ] ++ gitlab-admins;
|
|
"gitlab-ars-secret.age".publicKeys = [ aragon ] ++ gitlab-admins;
|
|
"gitlab-db-password.age".publicKeys = [ aragon ] ++ gitlab-admins;
|
|
"gitlab-initial-root-password.age".publicKeys = [ aragon ] ++ gitlab-admins;
|
|
"gitlab-ldap-password.age".publicKeys = [ aragon ] ++ gitlab-admins;
|
|
"borgmatic-passphrase.age".publicKeys = servers ++ backups-admins;
|
|
"acme-jargon.age".publicKeys = [ jargon ] ++ mail-admins;
|
|
"forgejo-db-pass.age".publicKeys = [ niangon ] ++ forgejo-admins;
|
|
"forgejo-wizard-user-pass.age".publicKeys = [ niangon ] ++ forgejo-admins;
|
|
"forgejo-mailbox-pass.age".publicKeys = [ niangon ] ++ forgejo-admins;
|
|
}
|