summary refs log tree commit diff
path: root/secrets/keys.nix
blob: 6f3a57ddd58789b7ceb1eef60f445b7527d22d45 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22

let
  # machines and their host key that are included in this configuration,
  # in this case, just one.
  machines = {
    specimen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuIJFXse7iSMaOoBdr/WGqbNBwWLQTpFw6R8ram89gB";
  };

  # users that can sign secrets, with all of their keys.
  admins = {
    mel = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDujTul5wWyGnidLnNuJDRze0Up29l2cDpyKdmvW2Ls"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEK96G1n31aJsZOrux3BKM0ztzi/SFAVHn0MsGkPDdqY"
    ];
    philip = [ ];
  };
in
{
  inherit machines admins;

  allAdminKeys = with builtins; concatLists (attrValues admins);
  allMachineKeys = builtins.attrValues machines;
}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-26 16:21:34 +0000
class="ss">port: 80], cache_static_manifest: "priv/static/cache_manifest.json" # Do not print debug messages in production config :logger, level: :info # ## SSL Support # # To get SSL working, you will need to add the `https` key # to the previous section and set your `:url` port to 443: # # config :rook, RookWeb.Endpoint, # ... # url: [host: "example.com", port: 443], # https: [ # port: 443, # cipher_suite: :strong, # keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"), # certfile: System.get_env("SOME_APP_SSL_CERT_PATH"), # transport_options: [socket_opts: [:inet6]] # ] # # The `cipher_suite` is set to `:strong` to support only the # latest and more secure SSL ciphers. This means old browsers # and clients may not be supported. You can set it to # `:compatible` for wider support. # # `:keyfile` and `:certfile` expect an absolute path to the key # and cert in disk or a relative path inside priv, for example # "priv/ssl/server.key". For all supported SSL configuration # options, see https://hexdocs.pm/plug/Plug.SSL.html#configure/1 # # We also recommend setting `force_ssl` in your endpoint, ensuring # no data is ever sent via http, always redirecting to https: # # config :rook, RookWeb.Endpoint, # force_ssl: [hsts: true] # # Check `Plug.SSL` for all available options in `force_ssl`. # Finally import the config/prod.secret.exs which loads secrets # and configuration from environment variables. import_config "prod.secret.exs"
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-26 16:21:33 +0000