From 44a4f7c6bac97a3381a2b7de8707cd9389f5460f Mon Sep 17 00:00:00 2001
From: Mel <einebeere@gmail.com>
Date: Sat, 7 Dec 2024 03:24:15 +0100
Subject: Move secrets and keys into agenix

Signed-off-by: Mel <einebeere@gmail.com>
---
 secrets/secrets.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 secrets/secrets.nix

(limited to 'secrets/secrets.nix')

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..22c7a91
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,18 @@
+let
+  keys = import ./keys.nix;
+
+  inherit (keys) allAdmins allSystems;
+  inherit (keys.system) renard lapin corsac;
+in
+{
+  "cloudflare-dns.age".publicKeys = [
+    lapin
+    corsac
+  ] ++ allAdmins;
+
+  "pds-secrets.age".publicKeys = [
+    lapin
+  ] ++ allAdmins;
+
+  "password.age".publicKeys = allSystems ++ allAdmins;
+}
-- 
cgit 1.4.1