about summary refs log tree commit diff
path: root/ops/secrets/secrets.nix
diff options
context:
space:
mode:
Diffstat (limited to 'ops/secrets/secrets.nix')
-rw-r--r--ops/secrets/secrets.nix22
1 files changed, 14 insertions, 8 deletions
diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
index e71ce00981..5cbf2bf612 100644
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@@ -1,4 +1,8 @@
 let
+  flokli = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTVTXOutUZZjXLB0lUSgeKcSY/8mxKkC0ingGK1whD2 flokli"
+  ];
+
   tazjin = [
     # tverskoy
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1fGWz/gsq+ZeZXjvUrV+pBlanw1c3zJ9kLTax9FWQy"
@@ -7,7 +11,7 @@ let
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBRXeb8EuecLHP0bW4zuebXp4KRnXgJTZfeVWXQ1n1R"
   ];
 
-  grfn = [
+  aspen = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMcBGBoWd5pPIIQQP52rcFOQN3wAY0J/+K2fuU6SffjA "
   ];
 
@@ -18,8 +22,10 @@ let
   sanduny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOag0XhylaTVhmT6HB8EN2Fv5Ymrc4ZfypOXONUkykTX";
   whitby = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I";
 
-  whitbyDefault.publicKeys = tazjin ++ grfn ++ sterni ++ [ whitby ];
-  allDefault.publicKeys = tazjin ++ grfn ++ sterni ++ [ sanduny whitby ];
+  terraform.publicKeys = tazjin ++ aspen ++ sterni ++ flokli;
+  whitbyDefault.publicKeys = tazjin ++ aspen ++ sterni ++ [ whitby ];
+  allDefault.publicKeys = tazjin ++ aspen ++ sterni ++ [ sanduny whitby ];
+  sandunyDefault.publicKeys = tazjin ++ aspen ++ sterni ++ [ sanduny ];
 in
 {
   "besadii.age" = whitbyDefault;
@@ -28,8 +34,9 @@ in
   "buildkite-ssh-private-key.age" = whitbyDefault;
   "clbot-ssh.age" = whitbyDefault;
   "clbot.age" = whitbyDefault;
+  "depot-inbox-imap.age" = sandunyDefault;
   "depot-replica-key.age" = whitbyDefault;
-  "gerrit-queue.age" = whitbyDefault;
+  "gerrit-autosubmit.age" = whitbyDefault;
   "gerrit-secrets.age" = whitbyDefault;
   "grafana.age" = whitbyDefault;
   "irccat.age" = whitbyDefault;
@@ -37,12 +44,11 @@ in
   "keycloak-db.age" = whitbyDefault;
   "nix-cache-priv.age" = whitbyDefault;
   "nix-cache-pub.age" = whitbyDefault;
-  "oauth2_proxy.age" = whitbyDefault;
   "owothia.age" = whitbyDefault;
   "panettone.age" = whitbyDefault;
   "smtprelay.age" = whitbyDefault;
-  "tf-buildkite.age" = whitbyDefault;
-  "tf-glesys.age" = whitbyDefault;
-  "tf-keycloak.age" = whitbyDefault;
+  "tf-buildkite.age" = terraform;
+  "tf-glesys.age" = terraform;
+  "tf-keycloak.age" = terraform;
   "tvl-alerts-bot-telegram-token.age" = whitbyDefault;
 }
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-05-04T11ยท46+0000