nixos-hypervisor/secrets.nix

let
  tbarnouin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos";
  users = [tbarnouin];

  forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2NAam+nseSCzJV/1UTyO2LgMjx0xT7/vTOOi5EG9HV root@forgejo-runner";
  grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";
  onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbnzv2/Or4XdQXLDjIbr7oIDTQEvgSMTX4aiNCQk4tC root@onlyoffice";
  postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+Ol11EWgsAMB3OmwTWdBbhPBgtgWHR5h0lCAJDCgCX root@pgsql";

  systems = [forgejo grafana];
in {
  "secrets/initialPassword.age".publicKeys = users ++ systems;
  "services/grafana/secrets/grafana-db.age".publicKeys = [tbarnouin grafana];
  "services/grafana/secrets/grafana-oauth_secret.age".publicKeys = [tbarnouin grafana];
  "services/grafana/secrets/kuma-token.age".publicKeys = [tbarnouin grafana];
  "services/onlyoffice/secrets/office-dbpass.age".publicKeys = [tbarnouin onlyoffice];
  "services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [tbarnouin onlyoffice];
  "services/postgresql/secrets/nextcloudDBPass.age".publicKeys = [ tbarnouin postgresql ];
  "services/postgresql/secrets/giteaDBPass.age".publicKeys = [ tbarnouin postgresql ];
  "services/postgresql/secrets/authentikDBPass.age".publicKeys = [ tbarnouin postgresql ];
  "services/postgresql/secrets/grafanaDBPass.age".publicKeys = [ tbarnouin postgresql ];
}
Add agenix secrets management / test forgejo runner deployment 2024-10-23 12:14:11 +02:00			`let`
Format using alejandra 2025-01-23 14:13:19 +01:00			`tbarnouin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos";`
			`users = [tbarnouin];`
Add agenix secrets management / test forgejo runner deployment 2024-10-23 12:14:11 +02:00
Format using alejandra 2025-01-23 14:13:19 +01:00			`forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2NAam+nseSCzJV/1UTyO2LgMjx0xT7/vTOOi5EG9HV root@forgejo-runner";`
			`grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";`
Rekey secrets 2025-01-08 09:20:10 +01:00			`onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbnzv2/Or4XdQXLDjIbr7oIDTQEvgSMTX4aiNCQk4tC root@onlyoffice";`
Fix pgsql init script 2025-01-28 11:22:37 +01:00			`postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+Ol11EWgsAMB3OmwTWdBbhPBgtgWHR5h0lCAJDCgCX root@pgsql";`
Try grafana LXC + Agenix (forgejo-runner not working) 2024-10-23 15:52:13 +02:00
Format using alejandra 2025-01-23 14:13:19 +01:00			`systems = [forgejo grafana];`
			`in {`
Changes in secret management 2024-11-28 10:53:08 +01:00			`"secrets/initialPassword.age".publicKeys = users ++ systems;`
Format using alejandra 2025-01-23 14:13:19 +01:00			`"services/grafana/secrets/grafana-db.age".publicKeys = [tbarnouin grafana];`
			`"services/grafana/secrets/grafana-oauth_secret.age".publicKeys = [tbarnouin grafana];`
			`"services/grafana/secrets/kuma-token.age".publicKeys = [tbarnouin grafana];`
			`"services/onlyoffice/secrets/office-dbpass.age".publicKeys = [tbarnouin onlyoffice];`
			`"services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [tbarnouin onlyoffice];`
Fix pgsql init script 2025-01-28 11:22:37 +01:00			`"services/postgresql/secrets/nextcloudDBPass.age".publicKeys = [ tbarnouin postgresql ];`
			`"services/postgresql/secrets/giteaDBPass.age".publicKeys = [ tbarnouin postgresql ];`
			`"services/postgresql/secrets/authentikDBPass.age".publicKeys = [ tbarnouin postgresql ];`
			`"services/postgresql/secrets/grafanaDBPass.age".publicKeys = [ tbarnouin postgresql ];`
Add agenix secrets management / test forgejo runner deployment 2024-10-23 12:14:11 +02:00			`}`