Refactor imports and secrets. Add per system properties and role based secret access.

Highlights - No need to update flake for every machine anymore, just add a properties.nix file. - Roles are automatically generated from all machine configurations. - Roles and their secrets automatically are grouped and show up in agenix secrets.nix - Machines and their service configs may now query the properties of all machines. - Machine configuration and secrets are now competely isolated into each machine's directory. - Safety checks to ensure no mixing of luks unlocking secrets and hosts with primary ones. - SSH pubkeys no longer centrally stored but instead per machine where the private key lies for better cleanup.
2023-04-20 22:01:21 -06:00
parent a02775a234
commit 71baa09bd2
42 changed files with 632 additions and 383 deletions
--- a/secrets/iodine.age
+++ b/secrets/iodine.age
@@ -1,23 +1,10 @@
 age-encryption.org/v1
-> ssh-ed25519 xoAm7w CP4pzePo50HW4IbP92NiCEhe4fz6q69c04nZzY97uls
-q0ZLpztMhRToqsr0yWpXJG2+7ExjDW2xQuW840gFG74
-> ssh-ed25519 mbw8xA L39AxT7TEaPo94c3SPwqsLk6fgvasrU+RPKQgXZXXnY
-6AvJRJ4dtkgCWd+f2y1hJ0nfNz2u8mydmZ9Ymq7ZLZw
-> ssh-ed25519 2a2Yhw tJFWqpzbukVDKXmaQvUA6dbdUzguxphaDiZq0+2jFDs
-DHT27/cLh2cBcQHOXuV9CyYV6+OEUIuJ5nBB0RYslXg
-> ssh-ed25519 dMQYog Fba2ll/kUWO+4KnFP/H7UUikcxU+KpBYvJ1YYbsrom8
-sew8S9ajmoB4uJkxRkLVJPvayYh0bz3IxK2gE8znfl0
-> ssh-ed25519 6AT2/g xsTbT+roSioaX4C7i2/PtmC3sXeIv41y62X+vBhmJ2A
-Ju57nxnIXuZTflJ8Aknc61vhiKPOiT34pDaeoGJsYgo
-> ssh-ed25519 fwBF+g V0DzCK8NAs2hSeILNos3Wafh2OfkzphGc/+UHxtqFBk
-dbExOeSn87sZD5dapKB0qoZjVK36SE0A3ww1S08qeio
-> ssh-ed25519 yHDAQw O3FaVzF4vvoRoUoF05Mr0yTIcDbJ2gdAVsIHKz4tFCk
-l1rYVVZyNlRfYXPri2jOwS9IUwIEI02lRSw8L4jjjeE
-> ssh-ed25519 VyYH/Q CHERKccp9OVM0zMn4EomXJkW2D65wvPOz9V5dshBGD8
-dyxEW+Yzrq+gn2dQEbdNejX6RKTCz0ENe1bWLBb/wEk
-> ssh-ed25519 hPp1nw wND54MJv1efUe5HkN4qRlnuX0+BQPYn69YYxPQExBF0
-zZB7mIDsgKmpTz2HtU8+p2UeG98a1cYD72gjoPraFIE
-> X6XuI-grease DM 71
-/87RWErV1DecX+zr2HLnmri/cQVoXYcdcg7oPeCmIcY/3g
--- KyKWk2cIfo7bc9RVzjYYfQ66omtJUJI4ite2z9eXa0k
-;<3B>‚±1ù¾^Dx‚Ã<ËF<C38B>ü‡ÿ³Z¶cP@<13>ZPÈ-^ˆ´b_ÙZû’*ø*ŽEUFtÐØ&Mby˜¡z
+-> ssh-ed25519 6AT2/g yTW46JmDIftcOqogIDjheXJf2sw/dG2WEJxfCXU/LDk
+0Co5/Rn22kmdcPr61ZOrmZJbPFHx2wJ8/YkbDjcjqKo
+-> ssh-ed25519 dMQYog RtZT0PwVL4kxUHilOhH2GBp8Z9WfyBkaxB62pjKpHA4
+muMlIt8VYQftMYacfdnQFeejfWpKTEG5gxbFNy97GTc
+-> 4|)`7yq-grease P#\5k8 +f
+jMegn6ATsj2Ai9B5Xmy+tay1nppwxvF1IGJH+hLNanYMsTIDZypM6UsNdzYQ/3mw
+VZ9ooy8TKUgAJ7jsd6IrKw
+--- tLaPQWJA0Hh5MrxfhaySURgY02K16IlzvsxKpOWGva0
+5?lﾇ'ｼ!ｹｺ<EFBDB9><EFBDBA>ﾜｷ匪Nxｽ+<2B>A9ﾟﾑﾘl/ｸﾞ諟ﾎ|旙<>Sｵ&ｺｻ､繃<>Q;_<>K