infrastructure/machines/core-services-01/secrets/secrets.nix

let
  pkgs = import <nixpkgs> {};
  lib = pkgs.lib;
  readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../../pubkeys + "/${user}.keys")));
  superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd") ++ (readPubkeys "hubrecht") ++ (readPubkeys "mrf");
  core-services-01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrnZxP4OUGDzd1uykMghzFNLH0Fg42hH+0qxif6O6oU";
  systems = [ core-services-01 ];
in
  {
    "keycloakDatabasePasswordFile.age".publicKeys = superadmins ++ systems;
    "oauth2ProxyKeyFile.age".publicKeys = superadmins ++ systems;
    "droneKeyFile.age".publicKeys = superadmins ++ systems;
    "dexGiteaClientSecret.age".publicKeys = superadmins ++ systems;
    "matterbridge.age".publicKeys = superadmins ++ systems;
    "snipeItAppKey.age".publicKeys = superadmins ++ systems;
    "snipeItOidcClientSecret.age".publicKeys = superadmins ++ systems;
  }
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`let`
			`pkgs = import <nixpkgs> {};`
			`lib = pkgs.lib;`
Move pubkeys in ./machines This is required by the current krops setup. 2022-08-16 01:59:59 +02:00			`readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../../pubkeys + "/${user}.keys")));`
core-services-01: add hubrecht 2023-01-24 21:14:04 +01:00			`superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd") ++ (readPubkeys "hubrecht") ++ (readPubkeys "mrf");`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`core-services-01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrnZxP4OUGDzd1uykMghzFNLH0Fg42hH+0qxif6O6oU";`
			`systems = [ core-services-01 ];`
			`in`
			`{`
			`"keycloakDatabasePasswordFile.age".publicKeys = superadmins ++ systems;`
			`"oauth2ProxyKeyFile.age".publicKeys = superadmins ++ systems;`
core-services-01(services): add Drone Server CI/CD for initial experiments 2021-07-26 02:15:44 +02:00			`"droneKeyFile.age".publicKeys = superadmins ++ systems;`
Ryan tu me doit 10k 2022-01-26 00:59:59 +01:00			`"dexGiteaClientSecret.age".publicKeys = superadmins ++ systems;`
feat: Matterbridge je suis fatigué 2022-02-23 01:42:26 +01:00			`"matterbridge.age".publicKeys = superadmins ++ systems;`
feat(core01): add inventory.rz.ens.wtf → snipe-it instance 2022-09-06 01:06:39 +02:00			`"snipeItAppKey.age".publicKeys = superadmins ++ systems;`
			`"snipeItOidcClientSecret.age".publicKeys = superadmins ++ systems;`
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`}`