forked from Fediversity/Fediversity
44 lines
1.3 KiB
Nix
44 lines
1.3 KiB
Nix
|
let
|
||
|
pkgs = import <nixpkgs> { system = builtins.currentSystem; };
|
||
|
inherit (pkgs.lib.attrsets) concatMapAttrs;
|
||
|
|
||
|
##############################################################################
|
||
|
## Contributor personal keys
|
||
|
##
|
||
|
## All the contributors in this list WILL be able to decrypt ALL the encrypted
|
||
|
## `.age` files.
|
||
|
|
||
|
contributors = [
|
||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEElREJN0AC7lbp+5X204pQ5r030IbgCllsIxyU3iiKY niols@wallace"
|
||
|
];
|
||
|
|
||
|
##############################################################################
|
||
|
## System host keys
|
||
|
##
|
||
|
## Machines in this list MAY be mentioned later on as able to decrypt some of
|
||
|
## the encrypted `.age` files.
|
||
|
|
||
|
vm02179 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAsOCOsJ0vNL9fGj0XC25ir8B+k2NlVJzsiVUx+0eWM";
|
||
|
vm02186 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII6mnBgEeyYE4tzHeFNHVNBV6KR+hAqh3PYSqlh0QViW";
|
||
|
|
||
|
##############################################################################
|
||
|
|
||
|
in
|
||
|
concatMapAttrs
|
||
|
(name: keys: {
|
||
|
"${name}.age".publicKeys = contributors ++ keys;
|
||
|
})
|
||
|
|
||
|
##############################################################################
|
||
|
## File name <-> system host keys mapping
|
||
|
##
|
||
|
## This attribute set defines precisely which secrets exist and which systems
|
||
|
## are able to decrypt them.
|
||
|
|
||
|
{
|
||
|
forgejo-runner-token = [
|
||
|
vm02179
|
||
|
vm02186
|
||
|
];
|
||
|
}
|