Add agenix secrets management / test forgejo runner deployment

2024-10-23 12:14:11 +02:00 · 2024-10-23 12:14:11 +02:00 · 409c65a779
commit 409c65a779
parent fe5c92ae8c
6 changed files with 63 additions and 2 deletions
--- a/secrets/forgejo-runner-token.age
+++ b/secrets/forgejo-runner-token.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 OWkVXw bI57/Gf1aVjzstX647xlyqgUZo1XSymyFa7qxlKB4AQ
+cfBb0+pa5gi21UaAaFwsbxaluBrtm304NHuDTpitJ/4
+-> ssh-ed25519 okxVkA BiE2eWtweV/bYLz5leA+r+Qw8vQeQf2SG/4oFyfi0Q8
+CzjBC5foTUljAs5v1oNjvNyl4YjP4XXqUVEGLpZJwlg
+--- hB0dIZzpd6dNAoar3ATwj/pe6Dr/Z9OUBvo1GfsgBrI
+I1Z×UÌ<EFBFBD>É»úëGf6Ì‚šá>Hjý7MýA<C3BD>Rõ‹Û´l¡Q <â%’“òFkÂqèŠ^„»ÑõÚÛê:âü2ÑBs
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,14 @@
+let
+  tbarnouin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos";
+  users     = [ tbarnouin ];
+
+  laptop  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYomb5vtXsfYGZiVjSY7eOzWI+tp1YRLlPkpKDXIwGl root@nixos";
+
+  forgejo  = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2NAam+nseSCzJV/1UTyO2LgMjx0xT7/vTOOi5EG9HV root@forgejo-runner";
+  
+  systems = [ laptop forgejo ];
+in
+{
+  "forgejo-runner-token.age".publicKeys = [ tbarnouin forgejo ];
+}
+