35 lines
1.2 KiB
Nix
35 lines
1.2 KiB
Nix
let
|
|
keys = import ./ssh-keys.nix;
|
|
|
|
secrets = with keys; {
|
|
tailscale-authKey = keys.tailscale-machine;
|
|
cloudflare-tegola-apiKey = [ machines.caddy ];
|
|
cloudflare-pasetto-apiKey = [ machines.caddy ];
|
|
ddclient = [ machines.caddy ];
|
|
prowlarr-apiKey = [ machines.metrics ];
|
|
radarr-apiKey = [ machines.metrics ];
|
|
sonarr-apiKey = [ machines.metrics ];
|
|
lidarr-apiKey = [ machines.metrics ];
|
|
readarr-apiKey = [ machines.metrics ];
|
|
bazarr-apiKey = [ machines.metrics ];
|
|
grafana-admin-pwd = [ machines.metrics ];
|
|
nextcloud-admin-pwd = [ machines.nextcloud ];
|
|
vaultwarden-admin-pwd = [ machines.vaultwarden ];
|
|
searx-secret = [ machines.caddy ];
|
|
searx-prometheus-secret = [
|
|
machines.caddy
|
|
machines.metrics
|
|
];
|
|
watchtower-secrets = [ machines.portainer ];
|
|
authentik-env = [ machines.auth ];
|
|
dns01-admin-password = [ machines.dns01 ];
|
|
dns02-admin-password = [ machines.dns02 ];
|
|
dns02-dhcp-failover = [ machines.dns02 ];
|
|
};
|
|
in
|
|
builtins.listToAttrs (
|
|
map (secretName: {
|
|
name = "secrets/${secretName}.age";
|
|
value.publicKeys = secrets."${secretName}" ++ keys.infra-core;
|
|
}) (builtins.attrNames secrets)
|
|
)
|