secrets/secrets.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

let
  pub-keys = (import ../pub-keys.nix).pub-keys;
  andromeda = pub-keys.ssh.andromeda;
  lenovo = pub-keys.ssh.lenovo;
  _109-199-104-83 = pub-keys.ssh._109-199-104-83;
in {
  # user passwords
  "andromeda-pw.age".publicKeys = [andromeda lenovo];
  "mtgmonkey-pw.age".publicKeys = [andromeda lenovo];

  # contains the following env
  # CONDUIT_JWT_SECRET
  # CONDUIT_TURN_SECRET
  "conduit-secretFile.age".publicKeys = [andromeda lenovo _109-199-104-83];

  # dkim private keys
  "dkim-galaxious.de.mail.key.age".publicKeys = [andromeda lenovo _109-199-104-83];

  # mail account passwords
  "mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
  "mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
  "mailserver-acc-zulip+admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];

  # zulip keys
  "zulip-avatarSaltKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
  "zulip-camoKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
  "zulip-rabbitmqPassword.age".publicKeys = [andromeda lenovo _109-199-104-83];
  "zulip-secretKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
  "zulip-sharedSecretKey.age".publicKeys = [andromeda lenovo _109-199-104-83];

  # zulip-secrets.conf values
  "zulip-extraSecrets-email_password.age".publicKeys = [andromeda lenovo _109-199-104-83];
}