From 2490ce968c73181d383b297c2e473605d8ac96c3 Mon Sep 17 00:00:00 2001
From: sterni <sternenseemann@systemli.org>
Date: Mon, 6 Jun 2022 12:37:11 +0200
Subject: feat(sterni/machines): add edwin

This adds edwin, the machine running sterni.lv, as well as my
idiosyncratic deployment solution. It is based on instantiating the
system configuration locally (where you'd work on the configuration),
copying the derivation files to the remote machine where the system
derivation is realised and deployed. Unfortunately, the first step tends
to be quite slow (despite gzip compression), so this may not be the
definite way despite its advantages.

Change-Id: I30f597692338df3981e01a1b7eee9cdad48f94cb
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7293
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
---
 users/sterni/secrets/default.nix          |   3 +++
 users/sterni/secrets/minecraft-rcon.age   |   9 +++++++++
 users/sterni/secrets/secrets.nix          |  15 +++++++++++++++
 users/sterni/secrets/warteraum-salt.age   | Bin 0 -> 530 bytes
 users/sterni/secrets/warteraum-tokens.age |  10 ++++++++++
 5 files changed, 37 insertions(+)
 create mode 100644 users/sterni/secrets/default.nix
 create mode 100644 users/sterni/secrets/minecraft-rcon.age
 create mode 100644 users/sterni/secrets/secrets.nix
 create mode 100644 users/sterni/secrets/warteraum-salt.age
 create mode 100644 users/sterni/secrets/warteraum-tokens.age

(limited to 'users/sterni/secrets')

diff --git a/users/sterni/secrets/default.nix b/users/sterni/secrets/default.nix
new file mode 100644
index 000000000000..5550103c5a66
--- /dev/null
+++ b/users/sterni/secrets/default.nix
@@ -0,0 +1,3 @@
+{ depot, ... }:
+
+depot.ops.secrets.mkSecrets ./. (import ./secrets.nix)
diff --git a/users/sterni/secrets/minecraft-rcon.age b/users/sterni/secrets/minecraft-rcon.age
new file mode 100644
index 000000000000..7c896861b9d8
--- /dev/null
+++ b/users/sterni/secrets/minecraft-rcon.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 aXKGcg VELHhE9AlsAUspZj8M9zzOcjaml3/KSuNAae73TOOEk
+0vpPVz2TFMK2MLxHzMVO3a9QvnU9MfYcNO+JpMRRhN8
+-> ssh-ed25519 34g70A 28ldud+S2mz83kcIkEGv5XWWOdXUN/vetsqho7kiCh4
+/P+hJqj9r3KEi0VD15yg0MHyy0XgYUU5/zpMRrLaysM
+-> .-grease }}M
+ennsvHEhRup8I8R23GPWlILkCIMZmAuMT2F22SQPdjU
+--- e6u1rsLXltysnQqp3x73HfHLhqzTfkIV3mXaCtW1cxE
+!NiA��O��4��P&�Ԏ�	��FF�����Rrz�����
\ No newline at end of file
diff --git a/users/sterni/secrets/secrets.nix b/users/sterni/secrets/secrets.nix
new file mode 100644
index 000000000000..d2f4860ff241
--- /dev/null
+++ b/users/sterni/secrets/secrets.nix
@@ -0,0 +1,15 @@
+let
+  nonremote = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJk+KvgvI2oJTppMASNUfMcMkA2G5ZNt+HnWDzaXKLlo"
+  ];
+
+  edwin = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+OZ8f++cnvd4E2kFyn9jEoVpxi7LfjRvyQwzE8a5Ll"
+  ];
+in
+
+{
+  "warteraum-salt.age".publicKeys = nonremote ++ edwin;
+  "warteraum-tokens.age".publicKeys = nonremote ++ edwin;
+  "minecraft-rcon.age".publicKeys = nonremote ++ edwin;
+}
diff --git a/users/sterni/secrets/warteraum-salt.age b/users/sterni/secrets/warteraum-salt.age
new file mode 100644
index 000000000000..f932a881cd43
Binary files /dev/null and b/users/sterni/secrets/warteraum-salt.age differ
diff --git a/users/sterni/secrets/warteraum-tokens.age b/users/sterni/secrets/warteraum-tokens.age
new file mode 100644
index 000000000000..37ab46981ecb
--- /dev/null
+++ b/users/sterni/secrets/warteraum-tokens.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 aXKGcg yHE1bla5BN1Kgows1tdeswamJQHfzGpv8fL3qZs04k0
+rR1O25EIQXctnyVsQCZO47bM44KFhmOZ7ePiecKrZ40
+-> ssh-ed25519 34g70A voVJDU9DIrT0z6X/mAi0tQqXthRZAyrzsPXOTIIzKUw
+yEiIaD9jblO44/RaoiPA0mjvRToNc4Ur9GcwfG9TSVo
+-> =UOH^-Z4-grease Do<;So
+l0F72v4UD8r5kbpNIT2i1IUT6ttXZhuPE91H2tucMc5TKRvGDvpdJNpQ+P+XmX2M
+661iYooyust5TGZsXJFHVYg
+--- To85A7ohH2Sjfy8js2+JzV0c86dmDO2JCH8TK7OtVtM
+��V�q�%n!�M#`3���;1
���wF��C��H'��Y������]�-���Q1������m
\ No newline at end of file
-- 
cgit 1.4.1