diff --git a/flake.lock b/flake.lock index ae36e2d..b282215 100644 --- a/flake.lock +++ b/flake.lock @@ -3,22 +3,19 @@ "agenix": { "inputs": { "darwin": "darwin", - "home-manager": [ - "home-manager" - ], + "home-manager": "home-manager_2", "nixpkgs": [ + "secrets", "nixpkgs" ], - "systems": [ - "systems" - ] + "systems": "systems" }, "locked": { - "lastModified": 1723293904, - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", + "lastModified": 1736955230, + "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "owner": "ryantm", "repo": "agenix", - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", + "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "type": "github" }, "original": { @@ -27,6 +24,28 @@ "type": "github" } }, + "agenix-rekey": { + "inputs": { + "devshell": "devshell", + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_4", + "pre-commit-hooks": "pre-commit-hooks_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1737124467, + "narHash": "sha256-askwM5GDYo4xy/UARNXUvn7lKERyNp31BcES/t4Ki2Y=", + "owner": "oddlama", + "repo": "agenix-rekey", + "rev": "27c5fc5b763321054832d0c96a9259d849b2f58a", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "agenix-rekey", + "type": "github" + } + }, "aquamarine": { "inputs": { "hyprutils": [ @@ -78,6 +97,7 @@ "darwin": { "inputs": { "nixpkgs": [ + "secrets", "agenix", "nixpkgs" ] @@ -97,6 +117,28 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "secrets", + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "firefox-addons": { "inputs": { "flake-utils": "flake-utils", @@ -136,6 +178,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -154,6 +212,28 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "secrets", + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1629284811, @@ -191,7 +271,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_2" + "systems": "systems_3" }, "locked": { "lastModified": 1731533236, @@ -229,6 +309,29 @@ "type": "github" } }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "secrets", + "agenix-rekey", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -249,6 +352,28 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "secrets", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, "hyprcursor": { "inputs": { "hyprlang": [ @@ -892,6 +1017,22 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1735471104, + "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nmd": { "flake": false, "locked": { @@ -2990,6 +3131,30 @@ "type": "github" } }, + "pre-commit-hooks_2": { + "inputs": { + "flake-compat": "flake-compat_2", + "gitignore": "gitignore_2", + "nixpkgs": [ + "secrets", + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735882644, + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "rnix-lsp": { "inputs": { "naersk": "naersk", @@ -3012,7 +3177,6 @@ }, "root": { "inputs": { - "agenix": "agenix", "firefox-addons": "firefox-addons", "flake-parts": "flake-parts", "flake-utils": "flake-utils_2", @@ -3027,7 +3191,7 @@ "nixpkgs": "nixpkgs_2", "nvf": "nvf", "secrets": "secrets", - "systems": "systems", + "systems": "systems_2", "zjstatus": "zjstatus" } }, @@ -3076,6 +3240,8 @@ }, "secrets": { "inputs": { + "agenix": "agenix", + "agenix-rekey": "agenix-rekey", "flake-parts": [ "flake-parts" ], @@ -3087,11 +3253,11 @@ ] }, "locked": { - "lastModified": 1737094724, - "narHash": "sha256-PeNJWuk+zNrqCsrSbElfFmMP+R5E0uFaAgW9tWG03ag=", + "lastModified": 1737363899, + "narHash": "sha256-9W7+5Mx2J60I/s6mgq6iRcxIV06nrBr6KWzN55GWnYE=", "ref": "refs/heads/master", - "rev": "dbbf390c798a14bb316681e62fe56355d9ea88f6", - "revCount": 4, + "rev": "ec8227f9dacaef659249df279d6fd98776ebaeb6", + "revCount": 25, "type": "git", "url": "ssh://git@github.com/ooks-io/kunzen" }, @@ -3101,6 +3267,21 @@ } }, "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -3115,7 +3296,7 @@ "type": "github" } }, - "systems_2": { + "systems_3": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -3130,6 +3311,28 @@ "type": "github" } }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "secrets", + "agenix-rekey", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735135567, + "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1656928814, diff --git a/flake.nix b/flake.nix index 0034cd4..176273c 100644 --- a/flake.nix +++ b/flake.nix @@ -26,15 +26,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - agenix = { - url = "github:ryantm/agenix"; - inputs = { - nixpkgs.follows = "nixpkgs"; - systems.follows = "systems"; - home-manager.follows = "home-manager"; - }; - }; - nix-index-db = { url = "github:nix-community/nix-index-database"; inputs.nixpkgs.follows = "nixpkgs"; diff --git a/modules/nixos/base/admin.nix b/modules/nixos/base/admin.nix index 4a4e122..f3c5a61 100644 --- a/modules/nixos/base/admin.nix +++ b/modules/nixos/base/admin.nix @@ -1,10 +1,10 @@ { config, pkgs, - keys, ... }: let inherit (config.ooknet.host) admin; + inherit (config.ooknet.secrets) keys; ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; in { diff --git a/modules/nixos/base/default.nix b/modules/nixos/base/default.nix index 018ada6..ca1e4eb 100644 --- a/modules/nixos/base/default.nix +++ b/modules/nixos/base/default.nix @@ -7,7 +7,6 @@ ./admin.nix ./locale.nix ./options.nix - ./secrets.nix ./openssh.nix ./tailscale.nix ./networking.nix diff --git a/modules/nixos/base/distributed-builds.nix b/modules/nixos/base/distributed-builds.nix index 7b469d4..b125c8f 100644 --- a/modules/nixos/base/distributed-builds.nix +++ b/modules/nixos/base/distributed-builds.nix @@ -1,5 +1,4 @@ { - keys, config, lib, ... @@ -7,6 +6,7 @@ inherit (lib) mkIf; inherit (config.ooknet.host) admin; inherit (config.networking) hostName; + inherit (config.ooknet.secrets) keys; mkBuilderMachine = { host, diff --git a/modules/nixos/base/nix.nix b/modules/nixos/base/nix.nix index e144164..e83f449 100644 --- a/modules/nixos/base/nix.nix +++ b/modules/nixos/base/nix.nix @@ -23,7 +23,6 @@ in { defaultPackages = []; systemPackages = attrValues { inherit (pkgs) git deadnix statix; - inherit (inputs'.agenix.packages) default; }; # location of the configuration flake diff --git a/modules/nixos/base/secrets.nix b/modules/nixos/base/secrets.nix deleted file mode 100644 index 8de6673..0000000 --- a/modules/nixos/base/secrets.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ - config, - lib, - self, - ... -}: let - inherit (lib) mkIf; - - inherit (config.ooknet) host; - inherit (host) admin; - inherit (config.services) tailscale transmission; -in { - age.identityPaths = [ - "/home/${admin.name}/.ssh/id_ed25519" - ]; - - age.secrets = { - tailscale-auth = mkIf tailscale.enable { - file = "${self}/secrets/tailscale-auth.age"; - mode = "444"; - }; - github_key = mkIf admin.homeManager { - file = "${self}/secrets/github_key.age"; - path = "/home/${admin.name}/.ssh/github_key"; - owner = "${admin.name}"; - group = "users"; - }; - ooknet_org = mkIf admin.homeManager { - file = "${self}/secrets/ooknet_org.age"; - path = "/home/${admin.name}/.ssh/ooknet_org"; - owner = "${admin.name}"; - group = "users"; - }; - spotify_key = mkIf admin.homeManager { - file = "${self}/secrets/spotify_key.age"; - owner = "${admin.name}"; - group = "users"; - }; - "mullvad_wg.conf" = mkIf transmission.enable { - file = "${self}/secrets/mullvad_wg.age"; - }; - }; -} diff --git a/modules/nixos/server/services/ookflix/lib.nix b/modules/nixos/server/services/ookflix/lib.nix index 77d0c2e..3cd0adb 100644 --- a/modules/nixos/server/services/ookflix/lib.nix +++ b/modules/nixos/server/services/ookflix/lib.nix @@ -132,14 +132,6 @@ }; }; - mkServiceSecret = name: service: { - ${name} = { - file = "${self}/secrets/containers/${name}.age"; - owner = cfg.services.${service}.user.name; - group = cfg.services.${service}.group.name; - }; - }; - mkNetworkService = name: _network: nameValuePair "podman-network-${name}" { description = "Podman network ${name} for ookflix"; @@ -151,5 +143,5 @@ }; }; in { - inherit mkServiceStateFile mkServiceSecret mkBasicServiceOptions mkServiceOptions mkServiceStateDir mkServiceUser mkUserOption mkPortOption mkGroupOption mkVolumeOption mkSubdomainOption mkNetworkService; + inherit mkServiceStateFile mkBasicServiceOptions mkServiceOptions mkServiceStateDir mkServiceUser mkUserOption mkPortOption mkGroupOption mkVolumeOption mkSubdomainOption mkNetworkService; } diff --git a/modules/nixos/server/services/ookflix/networking/gluetun.nix b/modules/nixos/server/services/ookflix/networking/gluetun.nix index 4131a93..91f500e 100644 --- a/modules/nixos/server/services/ookflix/networking/gluetun.nix +++ b/modules/nixos/server/services/ookflix/networking/gluetun.nix @@ -6,14 +6,13 @@ ... }: let ookflixLib = import ../lib.nix {inherit self lib config;}; - inherit (ookflixLib) mkServiceUser mkServiceSecret; + inherit (ookflixLib) mkServiceUser; inherit (lib) mkIf; inherit (ook.lib.container) mkContainerEnvironment; inherit (config.ooknet.server.ookflix.services) qbittorrent gluetun; in { config = mkIf gluetun.enable { users = mkServiceUser gluetun.user.name; - age.secrets = mkServiceSecret "vpn_env" "gluetun"; virtualisation.oci-containers.containers = { # vpn container gluetun = mkIf gluetun.enable { diff --git a/modules/nixos/server/services/ookflix/networking/traefik.nix b/modules/nixos/server/services/ookflix/networking/traefik.nix index 2adae8c..c976e7e 100644 --- a/modules/nixos/server/services/ookflix/networking/traefik.nix +++ b/modules/nixos/server/services/ookflix/networking/traefik.nix @@ -6,7 +6,7 @@ ... }: let ookflixLib = import ../lib.nix {inherit self lib config;}; - inherit (ookflixLib) mkServiceUser mkServiceSecret mkServiceStateDir mkServiceStateFile; + inherit (ookflixLib) mkServiceUser mkServiceStateDir mkServiceStateFile; inherit (lib) mkIf; inherit (ook.lib.container) mkContainerEnvironment mkContainerLabel mkContainerPort; inherit (config.ooknet) server; @@ -19,7 +19,6 @@ in { traefikStateDir = mkServiceStateDir "traefik"; traefikAcmeFile = mkServiceStateFile "traefik" "acme.json"; }; - age.secrets = mkServiceSecret "cf_creds" "traefik"; virtualisation.oci-containers.containers = { # vpn container traefik = mkIf traefik.enable { diff --git a/outputs/default.nix b/outputs/default.nix index 2a45066..8104347 100644 --- a/outputs/default.nix +++ b/outputs/default.nix @@ -4,7 +4,6 @@ ./lib ./hozen ./hosts - ./keys.nix ./pkgs ./images.nix ./devshells diff --git a/outputs/images.nix b/outputs/images.nix index 3b20e5e..8e15f51 100644 --- a/outputs/images.nix +++ b/outputs/images.nix @@ -1,8 +1,4 @@ -{ - ook, - self, - ... -}: { +{self, ...}: { flake.images = { ooknode = self.nixosConfigurations.ooknode.config.system.build.image; }; diff --git a/outputs/keys.nix b/outputs/keys.nix deleted file mode 100644 index 7c84285..0000000 --- a/outputs/keys.nix +++ /dev/null @@ -1,6 +0,0 @@ -let - keys = import ../secrets/keys.nix; -in { - perSystem._module.args.keys = keys; - flake.keys = keys; -} diff --git a/outputs/lib/builders.nix b/outputs/lib/builders.nix index ae85425..0c9677a 100644 --- a/outputs/lib/builders.nix +++ b/outputs/lib/builders.nix @@ -7,9 +7,9 @@ inherit (inputs) nixpkgs; inherit (lib) singleton recursiveUpdate mkDefault; inherit (builtins) concatLists; - inherit (self) hozen keys ook; + inherit (self) hozen ook; + inherit (inputs.secrets.nixosModules) secrets; hm = inputs.home-manager.nixosModules.home-manager; - agenix = inputs.agenix.nixosModules.default; nixosModules = "${self}/modules/nixos"; baseModules = nixosModules + "/base"; hardwareModules = nixosModules + "/hardware"; @@ -22,7 +22,7 @@ (baseModules + "/admin.nix") (baseModules + "/ssh.nix") ]; - core = [baseModules hardwareModules consoleModules appearanceModules hm agenix]; + core = [baseModules hardwareModules consoleModules appearanceModules hm secrets]; hostModules = "${self}/hosts"; mkNixos = nixpkgs.lib.nixosSystem; @@ -44,7 +44,7 @@ mkNixos { specialArgs = recursiveUpdate { - inherit hozen ook keys lib inputs self inputs' self'; + inherit hozen ook lib inputs self inputs' self'; } specialArgs; modules = concatLists [ @@ -123,7 +123,7 @@ ... }: mkNixos { - specialArgs = {inherit keys inputs lib self;}; + specialArgs = {inherit inputs lib self;}; modules = concatLists [ (singleton { networking.hostName = hostname; diff --git a/secrets/containers/cf_creds.age b/secrets/containers/cf_creds.age deleted file mode 100644 index 702af9d..0000000 --- a/secrets/containers/cf_creds.age +++ /dev/null @@ -1,19 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 xeHnUA orzYvtHssnqm5RxM5aa2/9C8WE+b71dDA2I2Xazhc2k -zkiBhnB7MdSIxrT/Sh14pHGU9ipGkBrrhNrHjW6lbJw --> ssh-ed25519 6HvatA tABXMcWyBkSJWrl3MM76eJGJSU0XKQTG6lmFWIS/qxs -ZZ3PYHKqbbdz0kDCTXhQBGCnWGsXLqZmdNjlWpT8SY4 --> ssh-ed25519 3DwG4w GUdLU60u2plRSDoFkAoNep5USX5Lj6jLrIQHzxYyPkI -5dnetJBkJeSe12iczuOMnJO8K0gkB5qhPL1UbGAslzI --> ssh-ed25519 Nn8WxA wnQzj5PqL1EoXisYGabcHzChGBZWvis+CSTE+6eCMEk -fw4XLdF7kIIWBVVDu3DBxtxdYxBSsXozpJQ7p0No8I4 --> ssh-ed25519 Gd+9pg TIdiOlNUhp4fkQPQi3PItzVBssM1TxoDYZNCB0GYryw -Ch+pJ6BEO/oUTeUn3t8qaiVuLaRgf9GUO4jpAgnJstY --> ssh-ed25519 eMj+Jg 83Cbf9k7T0DRcE7hFchQWEj/pR+qNGTLIdXDmbWMeT4 -PqOzucTkTSQg92Vd8ZMLX6cDKyESCE4v9VVHJlAfFyg --> ssh-ed25519 MQ/7Ew f4axkHyjiTOsbiYu90MAirHKoB9S70dK11JDtMKmSkc -Rb2+dIewpW0bL+qJtAxIgVAyWqTDZI9dcwMQR/0pg3s --> ssh-ed25519 3DwG4w FYRpJ1zJZmOil2/X+URrw03KXZk7qZoMO1/P+BJGCxo -SRBJ/FOUbisy7Dhd5tXd4fN8HWM95L6oDQOjzmM5St8 ---- /7SydLy/XxsnVqTD5ffym1MnyKzVyvvhIbazmf4oB18 -49aCrB"e5n9uF?ykbDB+͙DbHb^͝LӻV*^˖LϙJ8_6S$+K:$ \ No newline at end of file diff --git a/secrets/containers/vpn_env.age b/secrets/containers/vpn_env.age deleted file mode 100644 index 346dda6..0000000 Binary files a/secrets/containers/vpn_env.age and /dev/null differ diff --git a/secrets/github_key.age b/secrets/github_key.age deleted file mode 100644 index a5ce29f..0000000 Binary files a/secrets/github_key.age and /dev/null differ diff --git a/secrets/keys.nix b/secrets/keys.nix deleted file mode 100644 index 59036c6..0000000 --- a/secrets/keys.nix +++ /dev/null @@ -1,28 +0,0 @@ -let - users = { - ooks = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx2kNirkcFrNji+qz7KX+zdRxpgJyOwK0vyBrx9Ae3c"; - }; - - hosts = { - ooksdesk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBn3ff3HaZHIyH4K13k8Mwqu/o7jIABJ8rANK+r2PfJk"; - ooksmedia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7ttz1jTy+byfzi874vogy3ZPLW9+8W2o512tdsqUUV"; - ookst480s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWFZwTuHIITHa7s4Zp6KPF2suZIMXZbe085OiG0GRh5"; - ooksphone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINredx07UAk2l1wUPujYnmJci1+XEmcUuSX0DIYg6Vzz"; - ooksmicro = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUSu2iy3GvMXT5eEDAymIwSQe8UuVG5GH5FJ408JiG4"; - ooksx1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBR6Cyx64Qjth/4aS2x95scEkfiOnsCzufMZW5e41bfE"; - }; - - workstations = [ - hosts.ooksdesk - hosts.ooksmedia - hosts.ookst480s - hosts.ooksphone - hosts.ooksmicro - hosts.ooksx1 - ]; - servers = [ - hosts.ooksmedia - ]; -in { - inherit users servers hosts workstations; -} diff --git a/secrets/mullvad_wg.age b/secrets/mullvad_wg.age deleted file mode 100644 index 0c86499..0000000 Binary files a/secrets/mullvad_wg.age and /dev/null differ diff --git a/secrets/ooknet_org.age b/secrets/ooknet_org.age deleted file mode 100644 index e957cac..0000000 Binary files a/secrets/ooknet_org.age and /dev/null differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix deleted file mode 100644 index d48d549..0000000 --- a/secrets/secrets.nix +++ /dev/null @@ -1,12 +0,0 @@ -let - keys = import ./keys.nix; - inherit (keys) users workstations servers; -in { - "tailscale-auth.age".publicKeys = [users.ooks] ++ workstations; - "github_key.age".publicKeys = [users.ooks] ++ workstations; - "spotify_key.age".publicKeys = [users.ooks] ++ workstations; - "ooknet_org.age".publicKeys = [users.ooks] ++ workstations; - "mullvad_wg.age".publicKeys = [users.ooks] ++ workstations ++ servers; - "containers/vpn_env.age".publicKeys = [users.ooks] ++ workstations ++ servers; - "containers/cf_creds.age".publicKeys = [users.ooks] ++ workstations ++ servers; -} diff --git a/secrets/spotify_key.age b/secrets/spotify_key.age deleted file mode 100644 index 06f0b6b..0000000 --- a/secrets/spotify_key.age +++ /dev/null @@ -1,17 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 xeHnUA +isoneTG5GTQVZ2mkNWJMApJL0EbtlRg2lE7CFPVs0o -b0katAQ3DeRRTZZKzexJMM5JtcqY6pPpz1Z017ZmVBw --> ssh-ed25519 6HvatA Knq4A7wvjmXnWAikVSbv9BALW7f0lph2bQsiyUcilSo -SFHeWqjVO5jxnNW0cgE9qJrg0xG8SkEfZ87GpE77EZ8 --> ssh-ed25519 3DwG4w j7k+whyqKrKrkQCIMkOHl+EpCsIlJqtfqBShCc1ZGkk -vLwteoZ9DvjAecJJhPzcXvnMVsKWEDwHiL76fm2PTC0 --> ssh-ed25519 Nn8WxA ENSIpye6C7RaxwmUQP4fGD3NZ/mXh7Q0gyNsdvEGyxU -zhKepo7NqWe4NVTRcTcqKJavgZdHAXi5TK8nsHqRJNA --> ssh-ed25519 Gd+9pg wlz2TZrZVdNz9yBugvydWeUgc/430iOPpDP3+aJ0nDo -ST+uLYDvOg95qXN86vsvKmlr56sttg7Z7l4OAJfgytI --> ssh-ed25519 eMj+Jg XP+CWaVkKTzptg2lpmPcT0d+K3JoDTfmFjpyKouqwXk -WGrv56kthwxT88xXSyaPecLklfumxva9RxCoFNZwVTU --> ssh-ed25519 MQ/7Ew XgTs4XL6bGspzSFdT2IW4BW3MPjdP0YiLQqo0SDR+EI -18MBJWrgjk3J58EPZjwW/OwAo3bKG+jHztowqQeYG5M ---- nxPnfZNn24Q70LqqEO2Mo76xPcaBuZ7OEYXTO0Ac/wk -4V+_