feat(ops/secrets): Bootstrap agenix secrets folder
Sets up the key set and adds an initial secret (besadii config with tokens) to be deployed to whitby. Change-Id: Ic07fd5e66b9e7a533013e04c35e052c2aa11f77d
This commit is contained in:
Vincent Ambo
tazjin
parent
2fa157ccd6
commit
f1e1f71883
4 changed files with 15 additions and 0 deletions
2
ops/secrets/.skip-subtree
Normal file
2
ops/secrets/.skip-subtree
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
The Nix configuration in here is read by agenix and not compatible
|
||||
with readTree.
|
||||
1
ops/secrets/README.md
Normal file
1
ops/secrets/README.md
Normal file
|
|
@ -0,0 +1 @@
|
|||
TVL's deployment secrets, encrypted with [agenix](https://github.com/ryantm/agenix/commits/main)
|
||||
BIN
ops/secrets/besadii.age
Normal file
BIN
ops/secrets/besadii.age
Normal file
Binary file not shown.
12
ops/secrets/secrets.nix
Normal file
12
ops/secrets/secrets.nix
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
let
|
||||
tazjin = [
|
||||
# tverskoy
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1fGWz/gsq+ZeZXjvUrV+pBlanw1c3zJ9kLTax9FWQy"
|
||||
];
|
||||
|
||||
whitby = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I";
|
||||
|
||||
default.publicKeys = tazjin ++ [ whitby ];
|
||||
in {
|
||||
"besadii.age" = default;
|
||||
}
|
||||
Loading…
Reference in a new issue