zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Refactor imports and secrets. Add per system properties and role based secret access.

Browse Source 
Highlights
- No need to update flake for every machine anymore, just add a properties.nix file.
- Roles are automatically generated from all machine configurations.
- Roles and their secrets automatically are grouped and show up in agenix secrets.nix
- Machines and their service configs may now query the properties of all machines.
- Machine configuration and secrets are now competely isolated into each machine's directory.
- Safety checks to ensure no mixing of luks unlocking secrets and hosts with primary ones.
- SSH pubkeys no longer centrally stored but instead per machine where the private key lies for better cleanup.
This commit is contained in:
Zuckerberg
2023-04-20 22:01:21 -06:00
parent a02775a234
commit 71baa09bd2
42 changed files with 632 additions and 383 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
secrets/hostapd-pw-CXNK00BF9176.age
View File

@@ -1,16 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 VyYH/Q 3383IYDpr6jhePY89sI7RO5KY6i5Wr/Miy4Tx1IeZEI
Z4nN390wcZiDQCEJvTBD+v5LetZpjdcVhF8uYIUSkNA
-> ssh-ed25519 xoAm7w vO5L5G+aDSXJvD5MLKHtdfo3Ypd//vl7uO644j0S+ig
LRIiQOSb4M9FItfqci10ELYgzkCXhOBaWv8iz2He6zA
-> ssh-ed25519 mbw8xA RxxUEOVUfKZyUM7KkUjMm9Z+Ts/et15dMxJm4XVKbzg
hKS82nZ2v88jqxGW1xprsPk67Czn+PLTxIuOrlgXkpw
-> ssh-ed25519 2a2Yhw FRSIexkNO39x9h4wLVKscOmBIE5I/rOlNGfX+MdUfGo
1OcV1pJ+/M3wtPnRMDxgcpnsyeFYBqBe5Gbj55dJiCY
-> ssh-ed25519 dMQYog lqtpfP3zAArnAF2M9MtUBhFymnG2S15X88YcW949PTI
2po8qHUuVbMIzrZ+q746cb9BQ06emGowJJcIGHdHeH8
-> aH,?XIq9-grease ]Y I]hNq dZyR2f@@ Xl"1A`
U/BZHrNalVSmBUEekZbQ1w95VrFtkskMOuI5lm9thRe2bvTe7Rue382uf0fcfvSE
Jq7+f/b257KiFaUg8Is1WNNMY55Rw0wrnv9yIBMESxCWmgo
--- rUwKbA9SH9XIRdEXLhDIRj+mEu7BV4w7EwkAd4wZPGI
ř@±ľ·¦ţµÉćS*ÚŘŔi(˙jW˛(WĆŇ-–€yFůů™ Î<7F><C38E>9 
-> ssh-ed25519 VyYH/Q X+fXLJz227KkBLu45rb9mUkkIpENSMtZeEJjl6qj5Xw
AFAFnvsiogoMMwsAJO0DDoaizL9lmCLsF4QHDjmubr0
-> ssh-ed25519 dMQYog P84+7TBcMFSALTn6FR/aXyqFE9DfOzp38ImkdWj7nE0
PqOn1OL9Zt0x1pBIYOSKkkS//mbk1OX5pnDGp+OLYeI
-> @?-grease
3JvpmcTxdTgvv6vPL8dXEwjR+g
--- aMYF1SbC+p01YWmg24+Ih78VPQcwzGU/P1cEfgRvXV8
Ÿ @$™sžQ¼z<15><>®xkÊNfÛuÕ;§¿ ÎvI0•ªÇÎ^4.?, 8…çî