From f1e1f71883f07ca88428e597a3ee21b217841254 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Fri, 3 Dec 2021 17:12:45 +0300 Subject: feat(ops/secrets): Bootstrap agenix secrets folder Sets up the key set and adds an initial secret (besadii config with tokens) to be deployed to whitby. Change-Id: Ic07fd5e66b9e7a533013e04c35e052c2aa11f77d --- ops/secrets/.skip-subtree | 2 ++ ops/secrets/README.md | 1 + ops/secrets/besadii.age | Bin 0 -> 850 bytes ops/secrets/secrets.nix | 12 ++++++++++++ 4 files changed, 15 insertions(+) create mode 100644 ops/secrets/.skip-subtree create mode 100644 ops/secrets/README.md create mode 100644 ops/secrets/besadii.age create mode 100644 ops/secrets/secrets.nix diff --git a/ops/secrets/.skip-subtree b/ops/secrets/.skip-subtree new file mode 100644 index 0000000000..80f63816f5 --- /dev/null +++ b/ops/secrets/.skip-subtree @@ -0,0 +1,2 @@ +The Nix configuration in here is read by agenix and not compatible +with readTree. diff --git a/ops/secrets/README.md b/ops/secrets/README.md new file mode 100644 index 0000000000..e59b865413 --- /dev/null +++ b/ops/secrets/README.md @@ -0,0 +1 @@ +TVL's deployment secrets, encrypted with [agenix](https://github.com/ryantm/agenix/commits/main) diff --git a/ops/secrets/besadii.age b/ops/secrets/besadii.age new file mode 100644 index 0000000000..b8a3a9b56f Binary files /dev/null and b/ops/secrets/besadii.age differ diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix new file mode 100644 index 0000000000..1cf2b5e44a --- /dev/null +++ b/ops/secrets/secrets.nix @@ -0,0 +1,12 @@ +let + tazjin = [ + # tverskoy + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1fGWz/gsq+ZeZXjvUrV+pBlanw1c3zJ9kLTax9FWQy" + ]; + + whitby = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I"; + + default.publicKeys = tazjin ++ [ whitby ]; +in { + "besadii.age" = default; +} -- cgit 1.4.1