nixos-config/secrets/secrets.nix

let
  # age-specific key in ~/.ssh/id_ed25519: `ssh-keygen -t ed25519`
  felschr =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbQpMo1JOGk59Rzl6pVoOcMHOoqezph+aIlEXZP4rBu";
  users = [ felschr ];

  # `ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key`
  home-pc =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFTQvIcSdhEKl/Kq+pcS/cPCyyZ1ygj+djfuaXzaRMx";
  home-server =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw/BoHY5LGtQblqwZA65/awp30lB/OQABd9dD7wc18n";
  systems = [ home-pc home-server ];
in {
  "restic/b2.age".publicKeys = [ felschr home-pc home-server ];
  "restic/password.age".publicKeys = [ felschr home-pc home-server ];
  "smtp.age".publicKeys = [ felschr home-pc home-server ];
  "samba.age".publicKeys = [ felschr home-pc home-server ];
  "mqtt/felix.age".publicKeys = [ felschr home-pc home-server ];
  "mqtt/birgit.age".publicKeys = [ felschr home-pc home-server ];
  "mqtt/hass.age".publicKeys = [ felschr home-pc home-server ];
  "mqtt/tasmota.age".publicKeys = [ felschr home-pc home-server ];
  "mqtt/owntracks.age".publicKeys = [ felschr home-pc home-server ];
  "mqtt/owntracks-plain.age".publicKeys = [ felschr home-pc home-server ];
  "cloudflare.age".publicKeys = [ felschr home-pc home-server ];
  "owntracks/htpasswd.age".publicKeys = [ felschr home-pc home-server ];
  "etebase-server.age".publicKeys = [ felschr home-pc home-server ];
  "miniflux.age".publicKeys = [ felschr home-pc home-server ];
  "paperless.age".publicKeys = [ felschr home-pc home-server ];
  "nextcloud/admin.age".publicKeys = [ felschr home-pc home-server ];

  # home-server
  "home-server/hostKey.age".publicKeys = [ felschr home-server ];
  "hass/secrets.age".publicKeys = [ felschr home-server ];
}
feat: set up agenix secrets management 2022-05-04 03:02:47 +02:00			`let`
			# age-specific key in ~/.ssh/id_ed25519: `ssh-keygen -t ed25519`
			`felschr =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbQpMo1JOGk59Rzl6pVoOcMHOoqezph+aIlEXZP4rBu";`
			`users = [ felschr ];`

			# `ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key`
			`home-pc =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFTQvIcSdhEKl/Kq+pcS/cPCyyZ1ygj+djfuaXzaRMx";`
			`home-server =`
fix(secrets): fix home-server key 2022-05-05 22:01:33 +02:00			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw/BoHY5LGtQblqwZA65/awp30lB/OQABd9dD7wc18n";`
feat: set up agenix secrets management 2022-05-04 03:02:47 +02:00			`systems = [ home-pc home-server ];`
			`in {`
			`"restic/b2.age".publicKeys = [ felschr home-pc home-server ];`
			`"restic/password.age".publicKeys = [ felschr home-pc home-server ];`
			`"smtp.age".publicKeys = [ felschr home-pc home-server ];`
			`"samba.age".publicKeys = [ felschr home-pc home-server ];`
			`"mqtt/felix.age".publicKeys = [ felschr home-pc home-server ];`
			`"mqtt/birgit.age".publicKeys = [ felschr home-pc home-server ];`
			`"mqtt/hass.age".publicKeys = [ felschr home-pc home-server ];`
			`"mqtt/tasmota.age".publicKeys = [ felschr home-pc home-server ];`
			`"mqtt/owntracks.age".publicKeys = [ felschr home-pc home-server ];`
			`"mqtt/owntracks-plain.age".publicKeys = [ felschr home-pc home-server ];`
fix(secrets): fix more permission issues 2022-05-06 15:48:57 +02:00			`"cloudflare.age".publicKeys = [ felschr home-pc home-server ];`
feat: set up agenix secrets management 2022-05-04 03:02:47 +02:00			`"owntracks/htpasswd.age".publicKeys = [ felschr home-pc home-server ];`
			`"etebase-server.age".publicKeys = [ felschr home-pc home-server ];`
			`"miniflux.age".publicKeys = [ felschr home-pc home-server ];`
			`"paperless.age".publicKeys = [ felschr home-pc home-server ];`
			`"nextcloud/admin.age".publicKeys = [ felschr home-pc home-server ];`

feat(hass): manage secrets.yaml via agenix 2022-05-06 03:43:06 +02:00			`# home-server`
feat: set up agenix secrets management 2022-05-04 03:02:47 +02:00			`"home-server/hostKey.age".publicKeys = [ felschr home-server ];`
feat(hass): manage secrets.yaml via agenix 2022-05-06 03:43:06 +02:00			`"hass/secrets.age".publicKeys = [ felschr home-server ];`
feat: set up agenix secrets management 2022-05-04 03:02:47 +02:00			`}`