nixos-hypervisor/secrets.nix

let
  tbarnouin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos";
  users = [tbarnouin];

  grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";
  redis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAbU7uRlNmFIazfJVnibUnwq5OvtV8wb3PYFFYJfZc4 root@redis";
  onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBiLdVqDxawg/1Som1hp1sOa52tQ3FZkhMxmkbORQY6 root@onlyoffice";
  postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW7qA7j1sICuu1RAfs9ifR9dmOlHq45tKu1ga7CKaob root@pgsql";
  forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo";
  nginx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX2wkS9bpMy1+ITPtQclRkthOwksWBZOLa3bT9oLAe1 root@nixos-nginx";
  jellyfin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiJb+U6LQ3KglTJqdUzwCVkKWqYoBuJXZ8BXXgCMqN5 root@jellyfin";
  qbittorrent-vpn = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILliMLQejGa5BK/pjRAjzD03i3Rc3izdXFlH/gwReLMh root@qbittorrent-vpn";
  nixarr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbGn92P4OxaGWiQDrAbE8NhFp8UCtkfSzX2fkEv+ckk root@arr-box";
  vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOX6wvwwh9JZZiLfZJU7TXSKV+NRk+Qid5CAfhk5J6z5 root@vaultwarden";

  systems = [
    grafana
    onlyoffice
    postgresql
    forgejo
    nginx
    jellyfin
    qbittorrent-vpn
    nixarr
    vaultwarden
  ];
in {
  "secrets/initialPassword.age".publicKeys = users ++ systems;

  "services/grafana/secrets/grafana-db.age".publicKeys = [tbarnouin grafana];
  "services/grafana/secrets/grafana-oauth_secret.age".publicKeys = [tbarnouin grafana];
  "services/grafana/secrets/kuma-token.age".publicKeys = [tbarnouin grafana];
  "secrets/grafana-lapi-key.age".publicKeys = [tbarnouin grafana];

  "services/onlyoffice/secrets/office-dbpass.age".publicKeys = [tbarnouin onlyoffice];
  "services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [tbarnouin onlyoffice];

  "services/forgejo/secrets/forgejoDBPass.age".publicKeys = [tbarnouin forgejo];
  "secrets/forgejo-lapi-key.age".publicKeys = [tbarnouin forgejo];

  "services/postgresql/secrets/nextcloudDBPass.age".publicKeys = [tbarnouin postgresql];
  "services/postgresql/secrets/giteaDBPass.age".publicKeys = [tbarnouin postgresql];
  "services/postgresql/secrets/authentikDBPass.age".publicKeys = [tbarnouin postgresql];
  "services/postgresql/secrets/grafanaDBPass.age".publicKeys = [tbarnouin postgresql];
  "services/postgresql/secrets/netboxDBPass.age".publicKeys = [tbarnouin postgresql];
  "services/postgresql/secrets/onlyofficeDBPass.age".publicKeys = [tbarnouin postgresql];
  "services/postgresql/secrets/vaultwardenDBPass.age".publicKeys = [tbarnouin postgresql];
  "secrets/postgresql-lapi-key.age".publicKeys = [tbarnouin postgresql];

  "services/nginx/secrets/cs-lapi-key.age".publicKeys = [tbarnouin nginx];
  "services/nginx/secrets/cs-capi-key.age".publicKeys = [tbarnouin nginx];
  "services/minimalConfig/secrets/cs-lapi-key.age".publicKeys = users ++ systems;
  "secrets/cs-lapi-key.age".publicKeys = users ++ systems;

  "secrets/jellyfin-lapi-key.age".publicKeys = [tbarnouin jellyfin];

  "secrets/redis-lapi-key.age".publicKeys = [tbarnouin redis];

  "services/vaultwarden/secrets/env-file.age".publicKeys = [tbarnouin vaultwarden];
  "secrets/vaultwarden-lapi-key.age".publicKeys = [tbarnouin vaultwarden];

  "services/qbittorrent-vpn/secrets/docker-gluetun-env.age".publicKeys = [tbarnouin qbittorrent-vpn];
  "services/qbittorrent-vpn/secrets/docker-qbittorrent-env.age".publicKeys = [tbarnouin qbittorrent-vpn];
  "secrets/docker-lapi-key.age".publicKeys = [tbarnouin qbittorrent-vpn];

  "secrets/nixarr-lapi-key.age".publicKeys = [tbarnouin nixarr];
  "secrets/nixarr-radarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr];
  "secrets/nixarr-prowlarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr];
  "secrets/nixarr-sonarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr];
  "secrets/nixarr-bazarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr];
}