about summary refs log tree commit diff
path: root/ops/secrets/secrets.nix
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2021-12-03T14·12+0300
committertazjin <mail@tazj.in>2021-12-08T18·22+0000
commitf1e1f71883f07ca88428e597a3ee21b217841254 (patch)
tree661fe2936f4991660ca8b64d6b375b2b2282a41f /ops/secrets/secrets.nix
parent2fa157ccd6e1aa8a0bdeda3a9b720bc6b8f5910e (diff)
feat(ops/secrets): Bootstrap agenix secrets folder r/3159
Sets up the key set and adds an initial secret (besadii config with
tokens) to be deployed to whitby.

Change-Id: Ic07fd5e66b9e7a533013e04c35e052c2aa11f77d
Diffstat (limited to 'ops/secrets/secrets.nix')
-rw-r--r--ops/secrets/secrets.nix12
1 files changed, 12 insertions, 0 deletions
diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
new file mode 100644
index 000000000000..1cf2b5e44a50
--- /dev/null
+++ b/ops/secrets/secrets.nix
@@ -0,0 +1,12 @@
+let
+  tazjin = [
+    # tverskoy
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1fGWz/gsq+ZeZXjvUrV+pBlanw1c3zJ9kLTax9FWQy"
+  ];
+
+  whitby = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I";
+
+  default.publicKeys = tazjin ++ [ whitby ];
+in {
+  "besadii.age" = default;
+}