zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Refactor imports and secrets. Add per system properties and role based secret access.

Browse Source 
Highlights
- No need to update flake for every machine anymore, just add a properties.nix file.
- Roles are automatically generated from all machine configurations.
- Roles and their secrets automatically are grouped and show up in agenix secrets.nix
- Machines and their service configs may now query the properties of all machines.
- Machine configuration and secrets are now competely isolated into each machine's directory.
- Safety checks to ensure no mixing of luks unlocking secrets and hosts with primary ones.
- SSH pubkeys no longer centrally stored but instead per machine where the private key lies for better cleanup.
This commit is contained in:
Zuckerberg
2023-04-20 22:01:21 -06:00
parent a02775a234
commit 71baa09bd2
42 changed files with 632 additions and 383 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
secrets/wolframalpha.age
View File

@@ -1,24 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 xoAm7w uiG2dFOijKdrdBXfdbO36C58tRkmz4MjBX8rEGfsl1Y
eIOekwe5iDZZUcVYEXie+j5qok84fIx1cF8Sna0GdZY
-> ssh-ed25519 mbw8xA IGrOTs8sVX3qZQ6l0160q/xYsAvFEj69kN1Dj7yKYi8
EnhYbIDhGyirnlsbUCk3GOVzE7QTMkncRFmpiRAOvs0
-> ssh-ed25519 2a2Yhw wl2vaJQ1gXLb46y/IXJMgCYUvhW3cgjJ10+fLhoS/Bw
EOwsKVzPjbYWXQ+c8KWVd4FadamJrn3+qDb5G4R6Moc
-> ssh-ed25519 dMQYog QAVPULFTcffOptY4nML8/DyYb95IqBOomztdNaRN1g0
qfSGtU3pl/7fMCjZM8syfLvgHhyd38AA/SICm3maHbI
-> ssh-ed25519 6AT2/g oaH9KRPHLkl1WXKIvtP7liWf8Apy1yEf41UHkFvdJjk
Rpfn7Gt6bORSI2qITHC7HAb1zlzOK4gDh3Ya7JwUUzk
-> ssh-ed25519 fwBF+g ilPZbir/rHhDv+drBmEsVEgjmIJHeISK9cZGltytClc
ODhQutW6IMHsFw+wQC4n6TOMCbydrPUWXlfwgQelpZs
-> ssh-ed25519 yHDAQw xbtvz5r0XfNY/cKWiIuUKO5tt+iGZMbc0d/PT4HhyGs
g/3IKnsKniQ3aB++htgM1JUmfsDzWWJ4lylAw5rBpyI
-> ssh-ed25519 VyYH/Q yhDle9FTAXot4gB23F7rOLNqJ1j3PMZmk7OMbKaGayE
j2XnSG589GUmvM4NunfgbcvdDBCpDJ6GubxI2UR3IE4
-> ssh-ed25519 hPp1nw I86wd3J4YZTlis1s/Q6SQP7j492NVe64DWu6Pe8ujFI
jgkh4YTEuBE1qCTooWPWZxQri8KSPYnWYkIhcEhIAIM
-> C+QwV1[-grease 7bFy^.lq Y) 5
Vw2f+pwTja8b9veFqdxVZSMGsgii+SMUfn9eAVqTjEAmWxawSQ
--- V75Y+46buomIjWtz/zwOBNkZ9ZAKcKV3NDy42NDjPU4
äìºöC<C3B6>rF<72>ϦA
„62-¾§Ì<C2A7>©©ŠD s&˜H
-> ssh-ed25519 6AT2/g xp04CsJvlYhBZS5W/MSDLWGiNCegAjg4XPv43wU5u0g
i6q0YgKOFGaHOKVYMppNtcvjCFfHHqOS9M+oh2mqc1M
-> ssh-ed25519 dMQYog Mk90WFb+fYCFV7afu3+VbuAtOlvRAgpJGFGqn4ZWGjE
wHeScgV248lHiL0B/QEraD4QOBudezhJPrppY50u7S8
-> G/9-grease
0hCyP7pGu5xkk4eWJTpLWy6f8Zuo8wmgBSNFK7bgzfYdW29mdOrO2Ey3Oa2Gvtji
rze9v27gMUFRXOqPHNmaSjAneCwtcqTMReV+LZr9q9FN6qZnzAE
--- /SN6cSyrvbDEHTiIvv4MdoVkIjz3yZkvtr2SVBE1rRk
=„ñ1fJ…XÍô~ÃÝÆD¬c¹aFâ¨@ݹc=89;¿sôv®Ï ú´‘