From 6b3eed1fb50552189e945cc11b14d8588bcad1ef Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Thu, 17 Feb 2022 12:33:37 +0300 Subject: feat(ops/secrets): Add journaldriver key This changes the structure of secrets.nix a bit to split between secrets for whitby, and secrets for all TVL machines. Change-Id: I791f0ce42a16b33051e24a7a6c5b153761ed9eb3 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5300 Reviewed-by: sterni Tested-by: BuildkiteCI Autosubmit: tazjin --- ops/secrets/journaldriver.age | Bin 0 -> 3014 bytes ops/secrets/secrets.nix | 43 ++++++++++++++++++++++-------------------- 2 files changed, 23 insertions(+), 20 deletions(-) create mode 100644 ops/secrets/journaldriver.age diff --git a/ops/secrets/journaldriver.age b/ops/secrets/journaldriver.age new file mode 100644 index 000000000000..e9c182b7af5f Binary files /dev/null and b/ops/secrets/journaldriver.age differ diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix index 2c08bb1aee5d..392abecde71b 100644 --- a/ops/secrets/secrets.nix +++ b/ops/secrets/secrets.nix @@ -12,28 +12,31 @@ let "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJk+KvgvI2oJTppMASNUfMcMkA2G5ZNt+HnWDzaXKLlo" ]; + sanduny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOag0XhylaTVhmT6HB8EN2Fv5Ymrc4ZfypOXONUkykTX"; whitby = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I"; - default.publicKeys = tazjin ++ grfn ++ sterni ++ [ whitby ]; + whitbyDefault.publicKeys = tazjin ++ grfn ++ sterni ++ [ whitby ]; + allDefault.publicKeys = tazjin ++ grfn ++ sterni ++ [ sanduny whitby ]; in { - "besadii.age" = default; - "buildkite-agent-token.age" = default; - "buildkite-graphql-token.age" = default; - "clbot-ssh.age" = default; - "clbot.age" = default; - "gerrit-queue.age" = default; - "gerrit-secrets.age" = default; - "grafana.age" = default; - "irccat.age" = default; - "keycloak-db.age" = default; - "nix-cache-priv.age" = default; - "nix-cache-pub.age" = default; - "oauth2_proxy.age" = default; - "owothia.age" = default; - "panettone.age" = default; - "smtprelay.age" = default; - "tf-glesys.age" = default; - "tf-keycloak.age" = default; - "tvl-alerts-bot-telegram-token.age" = default; + "besadii.age" = whitbyDefault; + "buildkite-agent-token.age" = whitbyDefault; + "buildkite-graphql-token.age" = whitbyDefault; + "clbot-ssh.age" = whitbyDefault; + "clbot.age" = whitbyDefault; + "gerrit-queue.age" = whitbyDefault; + "gerrit-secrets.age" = whitbyDefault; + "grafana.age" = whitbyDefault; + "irccat.age" = whitbyDefault; + "journaldriver.age" = allDefault; + "keycloak-db.age" = whitbyDefault; + "nix-cache-priv.age" = whitbyDefault; + "nix-cache-pub.age" = whitbyDefault; + "oauth2_proxy.age" = whitbyDefault; + "owothia.age" = whitbyDefault; + "panettone.age" = whitbyDefault; + "smtprelay.age" = whitbyDefault; + "tf-glesys.age" = whitbyDefault; + "tf-keycloak.age" = whitbyDefault; + "tvl-alerts-bot-telegram-token.age" = whitbyDefault; } -- cgit 1.4.1