43 lines
1.5 KiB
Nix
43 lines
1.5 KiB
Nix
let
|
|
keys = import ./ssh-keys.nix;
|
|
|
|
secrets = with keys; {
|
|
tailscale-authKey = keys.tailscale-machine;
|
|
cloudflare-pasetto-apiKey = [ machines.caddy ];
|
|
arr-secrets = [ machines.arr ];
|
|
exportarr-secrets = [ machines.metrics ];
|
|
grafana-admin-pwd = [ machines.metrics ];
|
|
grafana-secret-auth = [ machines.metrics ];
|
|
nextcloud-admin-pwd = [ machines.nextcloud ];
|
|
nextcloud-secrets = [ machines.nextcloud ];
|
|
vaultwarden-admin-pwd = [ machines.vaultwarden ];
|
|
searx-secret = [ machines.caddy ];
|
|
searx-prometheus-secret = [
|
|
machines.caddy
|
|
machines.metrics
|
|
];
|
|
watchtower-secrets = [ machines.docker ];
|
|
authentik-env = [ machines.auth ];
|
|
dns01-admin-password = [ machines.dns01 ];
|
|
dns02-admin-password = [ machines.dns02 ];
|
|
shadowsocks-password = [ machines.shadowsocks ];
|
|
firefly-iii-app-key = [ machines.firefly-iii ];
|
|
paperless-admin = [ machines.paperless ];
|
|
paperless-oauth2-client-secret = [ machines.paperless ];
|
|
actual-openid-client-secret = [ machines.actual-budget ];
|
|
zigbee2mqtt-password = [ machines.zigbee2mqtt ];
|
|
mqtt-password = [ machines.zigbee2mqtt ];
|
|
scaleway-password = [
|
|
machines.forgejo
|
|
machines.firefly-iii
|
|
];
|
|
forgejo-runner-token = [ machines.forgejo-runner ];
|
|
snmpd-config = builtins.attrValues machines;
|
|
};
|
|
in
|
|
builtins.listToAttrs (
|
|
map (secretName: {
|
|
name = "secrets/${secretName}.age";
|
|
value.publicKeys = secrets."${secretName}" ++ keys.provisioning-machine;
|
|
}) (builtins.attrNames secrets)
|
|
)
|