feat(external/netbox): Add OIDC configuration

2023-12-17 17:16:53 +01:00 · 2023-12-17 17:16:53 +01:00 · 7007fece7a
commit 7007fece7a
parent e91b0c81f1
4 changed files with 84 additions and 35 deletions
--- a/external/netbox/secrets/default.nix
+++ b/external/netbox/secrets/default.nix
@ -1,14 +1,10 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}: {
+_: {
  age.secrets = {
    "netbox" = {
      file = ./netbox.age;
      group = "netbox";
      owner = "netbox";
    };
+    "netbox_env".file = ./netbox_env.age;
  };
 }
--- a/external/netbox/secrets/netbox_env.age
+++ b/external/netbox/secrets/netbox_env.age
@ -0,0 +1,31 @@
+age-encryption.org/v1
+-> ssh-ed25519 6J6ApA uOgCmOqPlLdETLFaMMPKIjbp6d41T0gtX0X0hGJDElA
+cBHPVEsfBpEEzHN7ryG7TF7VYt4ft0tO20UOfM1+J5E
+-> ssh-ed25519 JGx7Ng IEeY5TQO0glsTZSsrPS9TlMnz5f1okeWlut640ahAio
+AYVWLcPETYKJAYxlUpFpQcPSsIffDIX9+9seqONrCFc
+-> ssh-ed25519 Ih+Lhw UDpkkIBQKwPMKlby2KdPOauvW9fZdVzvpLy6PB55aCI
+YvuwrcEHiPVdg7qIzR+y86mSQSbMezbfXvWa8krucP0
+-> ssh-ed25519 jIXfPA j7tG5njdpep2XrlFieR/DxhDdzAixDG++erR3KC6fQI
+h4BM2WgwJ0CZG5/XM50V086YF4UGJcmBiOmxsIyf190
+-> ssh-ed25519 QlRB9Q vfE9b1Yo8zr+eUPGrWfl2T3rIlD2j0QweDXSI7wu1TU
+Uupo2QK0dbjE9UEt6A/6nxQViW1LvqhDU5lX+hOYX2o
+-> ssh-ed25519 r+nK/Q zj475ZsZBzPjfOzqyyylvpG0J00ZiE8NWL+rvhURRWk
+ZSpCLcgfm3X2+KIllRVUVZamn3JZrlUOR/Nahk5sBUA
+-> ssh-rsa krWCLQ
+Uij+BTfVAjkGIKQ3qSL+E5YGJfZ6nMB/Kw3IWwZD1QGih6CO3+oooGR1DOqAJv0O
+o2H9v3AbAr0qnaYjK0Gjw/2+6uSu5SDt75p1ocMvLu8gwM1Br+T/7uSuIw7wLgPz
+IinUGDPTFhjR7X7x16IxgXWGMowCa6K/285ztY8v0v9s22uNrrjNEGEiJ/qn41DX
+8hpOmRpxiq5xOG1fsWQYsSW+ZmobBWfJJXzM0iknQL+GniRZd/ySjWr84HcMjDns
+8CcTgeo6gVstQITekvMS3jkixmszJhFJR8WMS9b/bunDIGrxj3cUEObRAzlU48Jd
+dAzOQ+kjzqMwnXbNexq54w
+-> ssh-ed25519 /vwQcQ kYZUqgKfoKSAaaJal1bl521wUkrZXR/12+U9Fuff4m8
+4foVQpY3UGsUz1jQFQF+5Es3ui0+QsRVRFgxEmmcws4
+-> ssh-ed25519 0R97PA rW9FfcNNRzvCF7p8KOLjJnKZN0dOdJ1nANzaA1vEzw0
+yd1gOIEucTCXsciTtB3VPjdlJvrqv/SKuQwtNKVhGs0
+-> ssh-ed25519 JGx7Ng KdsKUOQ+6VcZyxT63RoPpJyK8qg1xkVz8NuPDJUauQs
+MSwBdYg/wGrvylPoIy+UVjiIyVfqbyuliIEVuk+B7cQ
+-> Ko+-grease
+xF0g4xMUtgeLzmHbpdZM/cKiQ1yXVpcgLXhpd4czuP4Mv0YDZPnE5//nFsh2N9M2
+ugEnZvPls1cMoKMh6DoM
+--- VzbmV+CoC0fLoX3FKJqQqbde/H5E77JhGDcedYKbk+g
+„ï+m|L™å¬åŽ<C3A5>¬.·H£±2”®_©R~uév]¢OmR`ÿ&é˜d-Á¨äHñ8“ˆOð s,ÒpRéeÓš¿ö	®Åh¹t¤Kx=Y¼ÖêÒ×è·Ìdâ`±FADñŒLÐqJo Ÿ›”¶Ð¯>ž:9`9|3cëÆ…’™<îGð$É)}©€?;-$öb•º<16>!Éþ.÷¦†—³{¶Cï¡´0¿ )äk&¹úr<šöâf¥³
--- a/external/netbox/secrets/secrets.nix
+++ b/external/netbox/secrets/secrets.nix
@ -4,12 +4,12 @@ let
  inherit ((import sources.nixpkgs { })) lib;
  nix-lib = import ../../../lib { };

-  groups = (import ../../../meta).members.groups;
+  inherit ((import ../../../meta).members) groups;
+
+  publicKeys = lib.splitString "\n"
+    (builtins.readFile (./maurice.keys)) # maurice servers' keys
+    ++ nix-lib.getAllKeys (groups.netbox ++ groups.root);
 in {
-  "netbox.age".publicKeys =
-    lib.splitString "\n" (builtins.readFile (./maurice.keys)) # maurice servers' keys
-    ++ nix-lib.getAllKeys (
-      groups.netbox ++
-      groups.root
-    );
+  "netbox.age" = { inherit publicKeys; };
+  "netbox_env.age" = { inherit publicKeys; };
 }