the-distro/infra
9
0
Fork 5
Code Issues 35 Pull requests 6 Packages Projects 1 Releases Wiki Activity
infra/secrets.nix

27 lines
914 B
Nix
Raw Normal View History

infra: add agenix, add s3 credentials
2024-06-24 16:03:07 +00:00
let
keys = import common/ssh-keys.nix;
ssh-keys: add raito to secrets set Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-09 22:59:17 +00:00
commonKeys = keys.users.delroth ++ keys.users.raito;
infra: add agenix, add s3 credentials
2024-06-24 16:03:07 +00:00
secrets = with keys; {
hydra-s3-credentials = [ machines.bagel-box ];
hydra: start signing paths
2024-07-10 15:34:57 +00:00
hydra-signing-priv = [ machines.bagel-box ];
hydra: provide S3 and SSH credentials (via agenix)
2024-06-24 18:59:19 +00:00
hydra-ssh-key-priv = [ machines.bagel-box ];
hotfix: hot bagel on secrets (netbox) Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-04 11:51:14 +00:00
netbox-environment = [ machines.meta01 ];
Add Grafana/Prometheus/Mimir minimal setup More later, Loki also later.
2024-07-05 11:25:27 +00:00
mimir-environment = [ machines.meta01 ];
grafana-oauth-secret = [ machines.meta01 ];
Add Loki + Promtail setup
2024-07-05 14:20:22 +00:00
loki-environment = [ machines.meta01 ];
secrets: add gerrit-prometheus-bearer-token
2024-07-13 18:10:29 +00:00
gerrit-prometheus-bearer-token = [ machines.gerrit01 machines.meta01 ];
Add Loki + Promtail setup
2024-07-05 14:20:22 +00:00
# These are the same password, but nginx wants it in htpasswd format
Metrics fixups - fix grafana-agent config format - rekey metrics-push-password for fodwatch
2024-07-08 07:01:25 +00:00
metrics-push-htpasswd = [ machines.meta01 ];
metrics-push-password = builtins.attrValues machines;
infra: add agenix, add s3 credentials
2024-06-24 16:03:07 +00:00
};
in
builtins.listToAttrs (
map (secretName: {
name = "secrets/${secretName}.age";
value.publicKeys = secrets."${secretName}" ++ commonKeys;
}) (builtins.attrNames secrets)
)
Reference in a new issue Copy permalink