feat(treewide): rekey secrets to allow multiple host setup

author: Silas Schöffel <sils@sils.li> 2025-01-20 15:59:29 +0100
committer: Silas Schöffel <sils@sils.li> 2025-01-20 15:59:29 +0100
commit: ad5592ad652c50537b3b815c09c3a18069daba88 (patch)
tree: e5aa9b2fe4428dd0e54171d6c02de0cf555cb328 /secrets.nix
parent: feat(hosts/server3): init (diff)
download: nixos-server-ad5592ad652c50537b3b815c09c3a18069daba88.zip
1 files changed, 28 insertions, 14 deletions
diff --git a/secrets.nix b/secrets.nix
index bd5630e..19f69a8 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -2,24 +2,38 @@ let
   soispha = "age1mshh4ynzhhzhff25tqwkg4j054g3xwrfznh98ycchludj9wjj48qn2uffn";
   sils = "age1vuhaey7kd9l76y6f9weeqmde3s4kjw38869ju6u3027yece2r3rqssjxst";
 
-  server1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnqsfIZjelH7rcvFvnLR5zUZuC8thsBupBlvjcMRBUm";
+  server1HostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnqsfIZjelH7rcvFvnLR5zUZuC8thsBupBlvjcMRBUm";
+  server2HostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL1TUFoCTplkqTVbXQ6qDCyeo2h8+C0vjrIlKu6vmq5f";
+  server3HostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP3s4FjGx7LEVf/GE3WeCl8TmCtPt8gW1J0mp0fUJBNm";
 
-  allSecrets = [
+  server1 = [
     soispha
     sils
-    server1
+    server1HostKey
+  ];
+
+  server2 = [
+    soispha
+    sils
+    server2HostKey
+  ];
+
+  server3 = [
+    soispha
+    sils
+    server3HostKey
   ];
 in {
-  "./modules/by-name/et/etesync/secret_file.age".publicKeys = allSecrets;
-  "./modules/by-name/pe/peertube/secrets/general.age".publicKeys = allSecrets;
-  "./modules/by-name/pe/peertube/secrets/smtp.age".publicKeys = allSecrets;
+  "./modules/by-name/et/etesync/secret_file.age".publicKeys = server1;
+  "./modules/by-name/pe/peertube/secrets/general.age".publicKeys = server1;
+  "./modules/by-name/pe/peertube/secrets/smtp.age".publicKeys = server1;
 
-  "./system/secrets/backup/backuppass.age".publicKeys = allSecrets;
-  "./system/secrets/backup/backupssh.age".publicKeys = allSecrets;
-  "./system/secrets/invidious/hmac.age".publicKeys = allSecrets;
-  "./system/secrets/mastodon/mail.age".publicKeys = allSecrets;
-  "./system/secrets/matrix-synapse/passwd.age".publicKeys = allSecrets;
-  "./system/secrets/miniflux/admin.age".publicKeys = allSecrets;
-  "./system/secrets/taskserver/ca.age".publicKeys = allSecrets;
-  "./system/secrets/taskserver/systemd_tmpfiles.age".publicKeys = allSecrets;
+  "./system/secrets/backup/backuppass.age".publicKeys = server1;
+  "./system/secrets/backup/backupssh.age".publicKeys = server1;
+  "./system/secrets/invidious/hmac.age".publicKeys = server1;
+  "./system/secrets/mastodon/mail.age".publicKeys = server1;
+  "./system/secrets/matrix-synapse/passwd.age".publicKeys = server1;
+  "./system/secrets/miniflux/admin.age".publicKeys = server1;
+  "./system/secrets/taskserver/ca.age".publicKeys = server1;
+  "./system/secrets/taskserver/systemd_tmpfiles.age".publicKeys = server1;
 }
author	Silas Schöffel <sils@sils.li>	2025-01-20 15:59:29 +0100
committer	Silas Schöffel <sils@sils.li>	2025-01-20 15:59:29 +0100
commit	ad5592ad652c50537b3b815c09c3a18069daba88 (patch)
tree	e5aa9b2fe4428dd0e54171d6c02de0cf555cb328 /secrets.nix
parent	feat(hosts/server3): init (diff)
download	nixos-server-ad5592ad652c50537b3b815c09c3a18069daba88.zip