Add pala key and clean up secrets.nix

2025-07-29 02:57:44 +00:00 · 2024-05-23 14:52:44 +03:00 · 2024-05-23 14:52:44 +03:00 · 3707930e63
commit 3707930e63
parent ce10c34b1d
21 changed files with 107 additions and 91 deletions
--- a/secrets.nix
+++ b/secrets.nix
@ -2,39 +2,42 @@ let
  keys = import ./keys.nix;

  all = builtins.attrValues keys;
+
+  admins     = with keys; [ enka pala ];
+  withAdmins = key: [ key ] ++ admins;
 in with keys; {
  # cube
-  "hosts/cube/id.age".publicKeys           = [ cube enka ];
-  "hosts/cube/password.rgb.age".publicKeys = [ cube enka ];
+  "hosts/cube/id.age".publicKeys           = withAdmins cube;
+  "hosts/cube/password.rgb.age".publicKeys = withAdmins cube;

  "hosts/cube/acme/environment.age".publicKeys = all;

-  "hosts/cube/forgejo/password.runner.age".publicKeys = [ cube enka ];
+  "hosts/cube/forgejo/password.runner.age".publicKeys = withAdmins cube;

-  "hosts/cube/grafana/password.age".publicKeys      = [ cube enka ];
+  "hosts/cube/grafana/password.age".publicKeys      = withAdmins cube;

-  "hosts/cube/matrix/password.secret.age".publicKeys = [ cube enka ];
-  "hosts/cube/matrix/password.sync.age".publicKeys   = [ cube enka ];
+  "hosts/cube/matrix/password.secret.age".publicKeys = withAdmins cube;
+  "hosts/cube/matrix/password.sync.age".publicKeys   = withAdmins cube;

-  "hosts/cube/nextcloud/password.age".publicKeys  = [ cube enka ];
+  "hosts/cube/nextcloud/password.age".publicKeys  = withAdmins cube;

-  "hosts/cube/restic/password.age".publicKeys = [ cube enka ];
+  "hosts/cube/restic/password.age".publicKeys = withAdmins cube;

  # disk
-  "hosts/disk/id.age".publicKeys              = [ disk enka ];
-  "hosts/disk/password.floppy.age".publicKeys = [ disk enka ];
+  "hosts/disk/id.age".publicKeys              = withAdmins disk;
+  "hosts/disk/password.floppy.age".publicKeys = withAdmins disk;

  "hosts/disk/mail/password.plain.age".publicKeys = all;
-  "hosts/disk/mail/password.hash.age".publicKeys  = [ disk enka ];
+  "hosts/disk/mail/password.hash.age".publicKeys  = withAdmins disk;

  # enka
-  "hosts/enka/id.age".publicKeys             = [ enka ];
-  "hosts/enka/password.orhan.age".publicKeys = [ enka ];
-  "hosts/enka/password.said.age".publicKeys  = [ enka ];
+  "hosts/enka/id.age".publicKeys             = admins;
+  "hosts/enka/password.orhan.age".publicKeys = admins;
+  "hosts/enka/password.said.age".publicKeys  = admins;

  # tard
-  "hosts/tard/id.age".publicKeys            = [ tard enka ];
-  "hosts/tard/password.tail.age".publicKeys = [ tard enka ];
+  "hosts/tard/id.age".publicKeys            = withAdmins tard;
+  "hosts/tard/password.tail.age".publicKeys = withAdmins tard;

  # shared
  "modules/ssh/config.age".publicKeys  = all;