25 lines
837 B
Nix
25 lines
837 B
Nix
#
|
|
# Secret database for agenix.
|
|
#
|
|
# vim: et:ts=2:sw=2:
|
|
#
|
|
let
|
|
# Systems we want to target.
|
|
trailblazer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcJM0wcR6I53htsvN3A+2kcoln+N89z8bWt7g1PxjZk root@trailblazer";
|
|
|
|
rekey-users = [
|
|
"age1yubikey1qtgvszdcz3n9a707l3k2mhaql9mdm6sqe69mr2hypl8n0qxs5m52sgu9wdd" # Kate
|
|
"age1yubikey1qfmkkc57a34f6zd9wh0vm9f20tv85nqkmyh80ygyzwynpaq9nhgkw4wd3zz" # Kate
|
|
"age1yubikey1qt5cjhklyek73awwaducjgn0g7l93xeuvcnudnac23kdyem2k7v7zlmn6p0" # Kate
|
|
"age1yubikey1qgkz2s97uzquemxx694vvqp2dj6328zpf4l3rj3mqfcnguvuhxcguw8fgxy" # Kate
|
|
];
|
|
|
|
# Combined pubkeys for use below.
|
|
all-machine-pubkeys = [
|
|
trailblazer
|
|
] ++ rekey-users;
|
|
in
|
|
{
|
|
"nixos/configs/music-server/bandcamp.cfg.age".publicKeys = all-machine-pubkeys;
|
|
"nixos/configs/music-server/subsonic.cfg.age".publicKeys = all-machine-pubkeys;
|
|
}
|