nixos-hypervisor/secrets.nix
2025-05-28 14:42:19 +02:00

56 lines
3.5 KiB
Nix

let
tbarnouin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos";
users = [tbarnouin];
grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";
redis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDAbU7uRlNmFIazfJVnibUnwq5OvtV8wb3PYFFYJfZc4 root@redis";
onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBiLdVqDxawg/1Som1hp1sOa52tQ3FZkhMxmkbORQY6 root@onlyoffice";
postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW7qA7j1sICuu1RAfs9ifR9dmOlHq45tKu1ga7CKaob root@pgsql";
forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo";
nginx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX2wkS9bpMy1+ITPtQclRkthOwksWBZOLa3bT9oLAe1 root@nixos-nginx";
jellyfin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiJb+U6LQ3KglTJqdUzwCVkKWqYoBuJXZ8BXXgCMqN5 root@jellyfin";
qbittorrent-vpn = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB2n8jioazInEa0vfXY5gGcntOH4+yBV9VkdxvwEKCqA root@docker";
nixarr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICbGn92P4OxaGWiQDrAbE8NhFp8UCtkfSzX2fkEv+ckk root@arr-box";
systems = [grafana onlyoffice postgresql forgejo nginx jellyfin];
in {
"secrets/initialPassword.age".publicKeys = users ++ systems;
"services/grafana/secrets/grafana-db.age".publicKeys = [tbarnouin grafana];
"services/grafana/secrets/grafana-oauth_secret.age".publicKeys = [tbarnouin grafana];
"services/grafana/secrets/kuma-token.age".publicKeys = [tbarnouin grafana];
"secrets/grafana-lapi-key.age".publicKeys = [tbarnouin grafana];
"services/onlyoffice/secrets/office-dbpass.age".publicKeys = [tbarnouin onlyoffice];
"services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [tbarnouin onlyoffice];
"services/forgejo/secrets/forgejoDBPass.age".publicKeys = [tbarnouin forgejo];
"secrets/forgejo-lapi-key.age".publicKeys = [tbarnouin forgejo];
"services/postgresql/secrets/nextcloudDBPass.age".publicKeys = [tbarnouin postgresql];
"services/postgresql/secrets/giteaDBPass.age".publicKeys = [tbarnouin postgresql];
"services/postgresql/secrets/authentikDBPass.age".publicKeys = [tbarnouin postgresql];
"services/postgresql/secrets/grafanaDBPass.age".publicKeys = [tbarnouin postgresql];
"services/postgresql/secrets/netboxDBPass.age".publicKeys = [tbarnouin postgresql];
"services/postgresql/secrets/onlyofficeDBPass.age".publicKeys = [tbarnouin postgresql];
"secrets/postgresql-lapi-key.age".publicKeys = [tbarnouin postgresql];
"services/nginx/secrets/cs-lapi-key.age".publicKeys = [tbarnouin nginx];
"services/nginx/secrets/cs-capi-key.age".publicKeys = [tbarnouin nginx];
"services/minimalConfig/secrets/cs-lapi-key.age".publicKeys = users ++ systems;
"secrets/cs-lapi-key.age".publicKeys = users ++ systems;
"secrets/jellyfin-lapi-key.age".publicKeys = [tbarnouin jellyfin];
"secrets/redis-lapi-key.age".publicKeys = [tbarnouin redis];
"services/qbittorrent_vpn/secrets/docker-gluetun-env.age".publicKeys = [tbarnouin qbittorrent-vpn];
"services/qbittorrent_vpn/secrets/docker-qbittorrent-env.age".publicKeys = [tbarnouin qbittorrent-vpn];
"secrets/docker-lapi-key.age".publicKeys = [tbarnouin qbittorrent-vpn];
"secrets/nixarr-lapi-key.age".publicKeys = [tbarnouin nixarr];
"secrets/nixarr-radarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr];
"secrets/nixarr-prowlarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr];
"secrets/nixarr-sonarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr];
"secrets/nixarr-bazarr-apiKeyFile.age".publicKeys = [tbarnouin nixarr];
}