about summary refs log tree commit diff
path: root/ops/secrets
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2022-02-17T09·33+0300
committertazjin <tazjin@tvl.su>2022-02-17T18·11+0000
commit6b3eed1fb50552189e945cc11b14d8588bcad1ef (patch)
tree5685ddbef1556438fdef18dd47d23943095c616e /ops/secrets
parente1353ff2cfc8fddec215453ce3c40e15cf5a4793 (diff)
feat(ops/secrets): Add journaldriver key r/3841
This changes the structure of secrets.nix a bit to split between
secrets for whitby, and secrets for all TVL machines.

Change-Id: I791f0ce42a16b33051e24a7a6c5b153761ed9eb3
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5300
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Autosubmit: tazjin <tazjin@tvl.su>
Diffstat (limited to 'ops/secrets')
-rw-r--r--ops/secrets/journaldriver.agebin0 -> 3014 bytes
-rw-r--r--ops/secrets/secrets.nix43
2 files changed, 23 insertions, 20 deletions
diff --git a/ops/secrets/journaldriver.age b/ops/secrets/journaldriver.age
new file mode 100644
index 0000000000..e9c182b7af
--- /dev/null
+++ b/ops/secrets/journaldriver.age
Binary files differdiff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
index 2c08bb1aee..392abecde7 100644
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@@ -12,28 +12,31 @@ let
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJk+KvgvI2oJTppMASNUfMcMkA2G5ZNt+HnWDzaXKLlo"
   ];
 
+  sanduny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOag0XhylaTVhmT6HB8EN2Fv5Ymrc4ZfypOXONUkykTX";
   whitby = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I";
 
-  default.publicKeys = tazjin ++ grfn ++ sterni ++ [ whitby ];
+  whitbyDefault.publicKeys = tazjin ++ grfn ++ sterni ++ [ whitby ];
+  allDefault.publicKeys = tazjin ++ grfn ++ sterni ++ [ sanduny whitby ];
 in
 {
-  "besadii.age" = default;
-  "buildkite-agent-token.age" = default;
-  "buildkite-graphql-token.age" = default;
-  "clbot-ssh.age" = default;
-  "clbot.age" = default;
-  "gerrit-queue.age" = default;
-  "gerrit-secrets.age" = default;
-  "grafana.age" = default;
-  "irccat.age" = default;
-  "keycloak-db.age" = default;
-  "nix-cache-priv.age" = default;
-  "nix-cache-pub.age" = default;
-  "oauth2_proxy.age" = default;
-  "owothia.age" = default;
-  "panettone.age" = default;
-  "smtprelay.age" = default;
-  "tf-glesys.age" = default;
-  "tf-keycloak.age" = default;
-  "tvl-alerts-bot-telegram-token.age" = default;
+  "besadii.age" = whitbyDefault;
+  "buildkite-agent-token.age" = whitbyDefault;
+  "buildkite-graphql-token.age" = whitbyDefault;
+  "clbot-ssh.age" = whitbyDefault;
+  "clbot.age" = whitbyDefault;
+  "gerrit-queue.age" = whitbyDefault;
+  "gerrit-secrets.age" = whitbyDefault;
+  "grafana.age" = whitbyDefault;
+  "irccat.age" = whitbyDefault;
+  "journaldriver.age" = allDefault;
+  "keycloak-db.age" = whitbyDefault;
+  "nix-cache-priv.age" = whitbyDefault;
+  "nix-cache-pub.age" = whitbyDefault;
+  "oauth2_proxy.age" = whitbyDefault;
+  "owothia.age" = whitbyDefault;
+  "panettone.age" = whitbyDefault;
+  "smtprelay.age" = whitbyDefault;
+  "tf-glesys.age" = whitbyDefault;
+  "tf-keycloak.age" = whitbyDefault;
+  "tvl-alerts-bot-telegram-token.age" = whitbyDefault;
 }
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-05-03T08·53+0000