server-configs/secrets/secrets.nix

let
  user_eyjhb = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPuma8g+U8Wh+4mLvZoV9V+ngPqxjuIG4zhsbaTeXq65 eyjhb@chronos"
    # BREAK IN CASE OF EMERGENCY (secret key for age below) hQIMA5HKM7J/GmnvARAAjjoDyDr3mSfrM+jmrIaXj40U/IaDJzNyFI0pnqurjR9MlmSmm0gMm/nbqZWDt3HKP6YsbMb+YvDGA2kNf7SJ7EWK/dldmXkfWojlJvGUwDtNam3rqoyTdyoscG7E43PukTC8us5LY4izLJxESKy0b6hUAY6vocD4zRKqY+EaKjgIa1AUpwOD/qMIosh1m2irUV9+li0RsxCPUt/e59Tdo/mj7gGZ7iXnxwLFM59d+rKTuh3r4cm2VDgm1zF0wnusCtkMNtJEnOE0Nu6TOK7YQ0EX7AHy3Wr2cItAskFzcZY2IFxaO3TXEYj08dvtIgCuyhtxxFGihw2HzTZMlsByT2lbVpPDthgNAAnMGtqKRwkPzem/S6vITwlP2J1/iIu0olbs1lDHixym2kXua46q93M3CFP6ZKPo6o0C12Tx9Cj/nHv9gfd2TsFPucqlwvZsWzT/WVRpzYRBgWXMB1/z62fK4JuGPOtppNbcVzUH86HDcZ9CiYh6NTGJmP8OWg832GT3L1VrcY3e63FOUEgusyBsUeHE54TRfg6MPxUPmkVuVB6+r/ika9HdM8d4/jve/Yu0OUmQFpSfBodGmxtE8Wmqd9heQ6n4CPopR5U2aFayC3ES/5/82qHZDlFvB7U5HPlH8gn0AJR+KmP7qnsqz+NI/f4/yIYXC52wIkeFHxDSwDkBudK/7gJFsmfEBNzzN+F9LwdA69CwDVDV9zCSrzsEHsAkTxJ/unkDvij3Dv4MqTFKWvqC+smlsR1/i/p7+tB1PZRUe9B9spBP76fygnpF3HqRmXkT2C+qEJ5nlGr3pK46oXP8d85nyTO3e5X97mM2hxmhKzpiX+aFjHN9LYLUQAmzHTPz0Lktnj7STf1ve8LZCvppvQzAuqTcbpaer9Qx4moNWr7NtJuPM0vT+adc6AbrY6bgdewisSP1QD34tVvNcUVLdICUSoTUI0eEfmQop5ba0ayFDsotTFZXNtl3Qmb/OpUit7f88wL98EjbK+904dtAOUs/9FE=
    "age1xnll9l56j0clh9e9r7ha9sy7sjdcxnhtaxljz2p96ectktq33vgsvteua6"

  ];
  
  user_rendal = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGee4uz+HDOj4Y4ANOhWJhoc4mMLP1gz6rpKoMueQF2J rendal@popper" ];
  users = user_eyjhb ++ user_rendal;


  system_gerd = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJosDVq8j4V50/z6nj2OMBPhqda95HOS1hKLGvo8viLQ";
  systems = [ system_gerd ];

  defaultAccess = users ++ systems;
in
{
  # authelia
  "authelia/jwt.age".publicKeys = defaultAccess;
  "authelia/storage.age".publicKeys = defaultAccess;
  "authelia/session.age".publicKeys = defaultAccess;
  "authelia/oidc-issuer-privatekey-pem.age".publicKeys = defaultAccess;
  "authelia/oidc-issuer-privatekey-crt.age".publicKeys = defaultAccess;
  "authelia/smtp-password.age".publicKeys = defaultAccess;

  # lldap
  "lldap/admin-user-pass.age".publicKeys = defaultAccess;
  "lldap/bind-user-pass.age".publicKeys = defaultAccess;
  "lldap/bind-user-pass-hedgedoc-env.age".publicKeys = defaultAccess;

  # mumble
  "murmur/env.age".publicKeys = defaultAccess;
  "murmur/superpassword.age".publicKeys = defaultAccess;

  # forgejo
  "forgejo/authelia-secret.age".publicKeys = defaultAccess;

  # teeworlds
  "teeworlds/env.age".publicKeys = defaultAccess;

  # nextcloud
  "nextcloud/admin-pass.age".publicKeys = defaultAccess;
  "nextcloud/secrets.age".publicKeys = defaultAccess;

  # mailserver/stalwart
  "stalwart/admin-fallback-password.age".publicKeys = defaultAccess;

  # matrix-synapse
  "matrix-synapse/config-authelia-secret.age".publicKeys = defaultAccess;
}
add agenix support for secrets 2024-08-09 19:34:46 +00:00			`let`
rekeyed secrets 2024-09-01 18:06:41 +00:00			`user_eyjhb = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPuma8g+U8Wh+4mLvZoV9V+ngPqxjuIG4zhsbaTeXq65 eyjhb@chronos"`
rekeyed + added age backup key 2024-09-15 11:19:36 +00:00			# BREAK IN CASE OF EMERGENCY (secret key for age below) hQIMA5HKM7J/GmnvARAAjjoDyDr3mSfrM+jmrIaXj40U/IaDJzNyFI0pnqurjR9MlmSmm0gMm/nbqZWDt3HKP6YsbMb+YvDGA2kNf7SJ7EWK/dldmXkfWojlJvGUwDtNam3rqoyTdyoscG7E43PukTC8us5LY4izLJxESKy0b6hUAY6vocD4zRKqY+EaKjgIa1AUpwOD/qMIosh1m2irUV9+li0RsxCPUt/e59Tdo/mj7gGZ7iXnxwLFM59d+rKTuh3r4cm2VDgm1zF0wnusCtkMNtJEnOE0Nu6TOK7YQ0EX7AHy3Wr2cItAskFzcZY2IFxaO3TXEYj08dvtIgCuyhtxxFGihw2HzTZMlsByT2lbVpPDthgNAAnMGtqKRwkPzem/S6vITwlP2J1/iIu0olbs1lDHixym2kXua46q93M3CFP6ZKPo6o0C12Tx9Cj/nHv9gfd2TsFPucqlwvZsWzT/WVRpzYRBgWXMB1/z62fK4JuGPOtppNbcVzUH86HDcZ9CiYh6NTGJmP8OWg832GT3L1VrcY3e63FOUEgusyBsUeHE54TRfg6MPxUPmkVuVB6+r/ika9HdM8d4/jve/Yu0OUmQFpSfBodGmxtE8Wmqd9heQ6n4CPopR5U2aFayC3ES/5/82qHZDlFvB7U5HPlH8gn0AJR+KmP7qnsqz+NI/f4/yIYXC52wIkeFHxDSwDkBudK/7gJFsmfEBNzzN+F9LwdA69CwDVDV9zCSrzsEHsAkTxJ/unkDvij3Dv4MqTFKWvqC+smlsR1/i/p7+tB1PZRUe9B9spBP76fygnpF3HqRmXkT2C+qEJ5nlGr3pK46oXP8d85nyTO3e5X97mM2hxmhKzpiX+aFjHN9LYLUQAmzHTPz0Lktnj7STf1ve8LZCvppvQzAuqTcbpaer9Qx4moNWr7NtJuPM0vT+adc6AbrY6bgdewisSP1QD34tVvNcUVLdICUSoTUI0eEfmQop5ba0ayFDsotTFZXNtl3Qmb/OpUit7f88wL98EjbK+904dtAOUs/9FE=
			`"age1xnll9l56j0clh9e9r7ha9sy7sjdcxnhtaxljz2p96ectktq33vgsvteua6"`

rekeyed secrets 2024-09-01 18:06:41 +00:00			`];`

			`user_rendal = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGee4uz+HDOj4Y4ANOhWJhoc4mMLP1gz6rpKoMueQF2J rendal@popper" ];`
			`users = user_eyjhb ++ user_rendal;`
add agenix support for secrets 2024-08-09 19:34:46 +00:00

			`system_gerd = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJosDVq8j4V50/z6nj2OMBPhqda95HOS1hKLGvo8viLQ";`
			`systems = [ system_gerd ];`

			`defaultAccess = users ++ systems;`
			`in`
			`{`
gerd.murmur: adds murmur server 2024-08-09 20:45:15 +00:00			`# authelia`
gerd.authelia: add initial authelia configuration It is one big mess, and I'm unsure what is and what isn't needed. 2024-08-09 19:38:40 +00:00			`"authelia/jwt.age".publicKeys = defaultAccess;`
			`"authelia/storage.age".publicKeys = defaultAccess;`
			`"authelia/session.age".publicKeys = defaultAccess;`
			`"authelia/oidc-issuer-privatekey-pem.age".publicKeys = defaultAccess;`
			`"authelia/oidc-issuer-privatekey-crt.age".publicKeys = defaultAccess;`
gerd.authelia: adds smtp support w/ stalwart 2024-08-21 11:21:20 +00:00			`"authelia/smtp-password.age".publicKeys = defaultAccess;`
gerd.authelia: add initial authelia configuration It is one big mess, and I'm unsure what is and what isn't needed. 2024-08-09 19:38:40 +00:00
gerd.murmur: adds murmur server 2024-08-09 20:45:15 +00:00			`# lldap`
gerd.lldap: renamed user-pass to admin-user-pass and added bind-user-pass 2024-08-10 17:23:17 +00:00			`"lldap/admin-user-pass.age".publicKeys = defaultAccess;`
			`"lldap/bind-user-pass.age".publicKeys = defaultAccess;`
gerd.hedgedoc: added hedgedoc with ldap support 2024-08-11 11:39:24 +00:00			`"lldap/bind-user-pass-hedgedoc-env.age".publicKeys = defaultAccess;`
gerd.murmur: adds murmur server 2024-08-09 20:45:15 +00:00
			`# mumble`
			`"murmur/env.age".publicKeys = defaultAccess;`
gerd.murmur: set superpassword on boot 2024-08-09 21:07:51 +00:00			`"murmur/superpassword.age".publicKeys = defaultAccess;`
gerd.forgejo: now uses authelia for authentication + patches for signin 2024-08-12 11:56:34 +00:00
			`# forgejo`
			`"forgejo/authelia-secret.age".publicKeys = defaultAccess;`
gerd.teeworlds: add secrets patch + secrets 2024-08-14 10:24:04 +00:00
			`# teeworlds`
			`"teeworlds/env.age".publicKeys = defaultAccess;`
gerd.nextcloud: added nextcloud! ldap, authelia, encryption! 2024-08-14 19:29:57 +00:00
			`# nextcloud`
			`"nextcloud/admin-pass.age".publicKeys = defaultAccess;`
			`"nextcloud/secrets.age".publicKeys = defaultAccess;`
gerd.stalward: added stalwart mailserver 2024-08-21 11:20:54 +00:00
			`# mailserver/stalwart`
			`"stalwart/admin-fallback-password.age".publicKeys = defaultAccess;`
gerd.matrix-synapse: initial add 2024-08-24 13:02:21 +00:00
			`# matrix-synapse`
			`"matrix-synapse/config-authelia-secret.age".publicKeys = defaultAccess;`
add agenix support for secrets 2024-08-09 19:34:46 +00:00			`}`