27 lines
914 B
Nix
27 lines
914 B
Nix
let
|
|
keys = import common/ssh-keys.nix;
|
|
|
|
commonKeys = keys.users.delroth ++ keys.users.raito;
|
|
|
|
secrets = with keys; {
|
|
hydra-s3-credentials = [ machines.bagel-box ];
|
|
hydra-signing-priv = [ machines.bagel-box ];
|
|
hydra-ssh-key-priv = [ machines.bagel-box ];
|
|
netbox-environment = [ machines.meta01 ];
|
|
mimir-environment = [ machines.meta01 ];
|
|
grafana-oauth-secret = [ machines.meta01 ];
|
|
loki-environment = [ machines.meta01 ];
|
|
gerrit-prometheus-bearer-token = [ machines.gerrit01 machines.meta01 ];
|
|
|
|
# These are the same password, but nginx wants it in htpasswd format
|
|
metrics-push-htpasswd = [ machines.meta01 ];
|
|
metrics-push-password = builtins.attrValues machines;
|
|
};
|
|
in
|
|
builtins.listToAttrs (
|
|
map (secretName: {
|
|
name = "secrets/${secretName}.age";
|
|
value.publicKeys = secrets."${secretName}" ++ commonKeys;
|
|
}) (builtins.attrNames secrets)
|
|
)
|