zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Refactor imports and secrets. Add per system properties and role based secret access.

Browse Source 
Highlights
- No need to update flake for every machine anymore, just add a properties.nix file.
- Roles are automatically generated from all machine configurations.
- Roles and their secrets automatically are grouped and show up in agenix secrets.nix
- Machines and their service configs may now query the properties of all machines.
- Machine configuration and secrets are now competely isolated into each machine's directory.
- Safety checks to ensure no mixing of luks unlocking secrets and hosts with primary ones.
- SSH pubkeys no longer centrally stored but instead per machine where the private key lies for better cleanup.
This commit is contained in:
Zuckerberg
2023-04-20 22:01:21 -06:00
parent a02775a234
commit 71baa09bd2
42 changed files with 632 additions and 383 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
secrets/nextcloud-pw.age
View File

@@ -1,24 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 xoAm7w nxbI6qoO7i4zsLRqt/7P1+sxrWy+iqI/+wpG2gAe6TA
Wt6xkwHMhfwsJ7rtH9PGjVhR45K0SF27S9uR/SJeIzw
-> ssh-ed25519 mbw8xA cRw8P7vAvbBzAT35551y4NodC4dgzRhSzXRmckfKCjg
aVVupspcV0jG8ycsXuoW+9lTN16MN7a5jTcLh12qBg4
-> ssh-ed25519 2a2Yhw E+kUd+Y6saJx52Eyy6MkIuH54h4zUMWRe2OwvIYsqC8
xogfXlNu17ttnxElUI2Ya3Rc8kH3Ajk4AVnBnQ/slfg
-> ssh-ed25519 dMQYog GsLYEBZmG9W+1bUPZjGyo1I55x7Xjp18z6D6EZEYZl4
7VE5glX6in2Wna5sBwP2B2gPewyQ56/yAdMkSsXthaU
-> ssh-ed25519 6AT2/g 2pHPOxQSwa7XNhPLpCo3b5VkD7ytu0qsfDE4PN3KQ0E
vEj6igHfl5sQtVUsHXmdNtK2VQin2dDb9XOrUFhyahY
-> ssh-ed25519 fwBF+g 6xUfafFpXs1v6PzSBR2q0KATyx1QB20oyZUghh2lOlY
Pzc+lgRzzG2nK59ofhsudsIZyfI2JCHxLjyZYGYcCFo
-> ssh-ed25519 yHDAQw bzxN6gY98TJjX0tUzT9fkp8FohD1PR17JQ4HsGSEEkU
Ws5f1wVhJgd7LhWW1TrUXrHiggX1J77It57EqTTBqWw
-> ssh-ed25519 VyYH/Q qLxrHDC+Hen/oSivOuRONDZbF/wwIdEYD2Ci3cn5XV0
qgqRuHSTb0gETpsZj5oJ3RmNEIlgRolmfVIO7hZ34IQ
-> ssh-ed25519 hPp1nw rXaGNPqhVQfwR7ZxX2yPI+LXmiJvhoIouFRwPAfUnR8
RRZCtJSlBGaK54l4tvJm2LT7UL/4yiEBE10adx0j3kU
-> qvCWm(-grease /[nA+Vkr d_!rw< 6 sgv)(
UZ9Y+nrSjym+veC9SbnQjkRZmDt3UTkSbtx90slbmrdGIAJ2zLZzRckhriF5z2Jr
9FPuX356sGdy0XGWoUzWCqvmzByL9KIftPY
--- huMR4jZ8uXzj3YnT9sG5EeUTsZyeTnfBWHs8U2CAWMU
ˆÑµJA ÎØ1ªÝÃð +S¸Åƒ¯ŒHaq<61>ÞT9"~Ûí•ÚºV`IðÅĘüKA}h[<5B>²Iu/QÚ¨ìÚ(*¥^HÃ3:H@ÎJJ
-> ssh-ed25519 6AT2/g hXS7zxzYhlu5GrUAEAnaO+CizpbifjDxIwoAK55cjV0
xU7Z52cjARU8tmd1AJ9v8+QTQzfL/mNxP/f/bJAzYvo
-> ssh-ed25519 dMQYog 8PEp5TmEOumhWUZvko42sOKpkqOCW9/zCrMqn+fJ2ws
wJo8x6+hyU8iJkTqGVecZ88hG661F3ZvEvVqpJzox5w
-> x-grease tdW'\ +(>9 da%@^H6
q04xwjRaNOBfNhAvik762vJHio/qTfR6qQW4QsD+wzEidRYRggNdQwTl+G4jkWAu
fx0xZeiI5qVm6WG8lg
--- pHx5BdqI3HubR9wAtPyfMaYbr8uqRwOS1qFJhtC4wuM
Èv°ºg9sÉÉ¡§6:`Nlëªø`.•ÓÍPebÅSNn<>å­Ä8C<<3C>¥a=-¨Gò.ªfHm<48>»æUëçPGpS}µxýùã#ÎT