From 0d05eb3df6a2896a756f49df59f9a0639deef5ed Mon Sep 17 00:00:00 2001
From: Oliver Davies <oliver@oliverdavies.dev>
Date: Wed, 29 Jan 2025 01:15:42 +0000
Subject: [PATCH] t490: add Cloudflare secrets
---
nix/hosts/t490/configuration.nix | 1 +
nix/hosts/t490/secrets.nix | 5 ++++
nix/secrets.nix | 9 ++++---
nix/secrets/cloudflare.age | 43 ++++++++++++++++----------------
nix/secrets/tubearchivist.age | 36 +++++++++++++-------------
nix/users/opdavies/default.nix | 2 +-
6 files changed, 50 insertions(+), 46 deletions(-)
create mode 100644 nix/hosts/t490/secrets.nix
diff --git a/nix/hosts/t490/configuration.nix b/nix/hosts/t490/configuration.nix
index e8851882..bae0cc79 100644
--- a/nix/hosts/t490/configuration.nix
+++ b/nix/hosts/t490/configuration.nix
@@ -5,6 +5,7 @@
./hardware-configuration.nix
./hardware.nix
./programs.nix
+ ./secrets.nix
./services
./users.nix
diff --git a/nix/hosts/t490/secrets.nix b/nix/hosts/t490/secrets.nix
new file mode 100644
index 00000000..e2032222
--- /dev/null
+++ b/nix/hosts/t490/secrets.nix
@@ -0,0 +1,5 @@
+{
+ age.secrets = {
+ cloudflare.file = ../../secrets/cloudflare.age;
+ };
+}
diff --git a/nix/secrets.nix b/nix/secrets.nix
index c2553741..63c35bf3 100644
--- a/nix/secrets.nix
+++ b/nix/secrets.nix
@@ -2,20 +2,21 @@ let
hosts = {
hetznix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN/Lylteb1le173In/X94jls+CXFg9RGCyJPBOL90zDD";
lemp11 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZ+ljJKd6uqdAk+fqxwtObI4Stab2N9Bjo4QFHY/v8n";
+ mail = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDop//jfN3Hj5yRQLzPwy/A1StdJ2krxIbI8LUWPX7ht";
nixedo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage";
t490 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvtcGJnc94k6wCPfvK9oBvGey0WWVCR8IYSqg5vqage";
};
- users = {
- opdavies = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkkbYaCD9NUIQT0NnsmlyfepwjxBYeiJSBCotOpdPTyc5inFAd29DiVw98j4skfaHdzjcqWmMFmDQWM6tGkK7eg8n0WuaABmsjdEbzTtfjHwM0tRDCIh5AtoT4IvoLhwLjEI2jKM05BGCQ2m5lS//AYJK1DjiV4UH+IjXHz6oy/3eFzQwANjxWS+mbR565p21yuAu1DKEyaGeVzT1xDhgzlnZG7Cys/rFgUYpIvYDHMOFxG6hsDB8vqyHiTXniniti5tdvGGYHgRGQcynRTU12aerrqHTIOefrElXJdf3/PA8FIY/Pd3MmZocY/vvQe0EVHXWrNtnHOF3MFQ1tFyfubKO51Dcp9KmzHnyBvO4CtvGVr/upSVWfo0I/EqkIqvCvBbdSIPeH9V5hAcyWENGF4Wf0/Yqtc0dBhfXJmPVBsC2ghZp9oERK+h5Xs7DpzkT0vtkN+wjgA5weIuG8e2UVNO29LWASzlychVqb7BVa6kNn5CyGwauyIGsYvAFnUjkyJpK8qleNM3VO5x9aw26IhSKlnSE9PAdX8p7PpdoWfxWRekKTc4h6iAe7pFOENvuokAvCNsE5LolR4VrYKXjA0m3nupDNWYexAWfR3lSeSlKd9nD3OENS0biJKayZHs11iDUTxm5u5gm/U60b4z0zDXjh1H/DI/pSCG6jjaXDpw==";
- };
+ opdavies = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkkbYaCD9NUIQT0NnsmlyfepwjxBYeiJSBCotOpdPTyc5inFAd29DiVw98j4skfaHdzjcqWmMFmDQWM6tGkK7eg8n0WuaABmsjdEbzTtfjHwM0tRDCIh5AtoT4IvoLhwLjEI2jKM05BGCQ2m5lS//AYJK1DjiV4UH+IjXHz6oy/3eFzQwANjxWS+mbR565p21yuAu1DKEyaGeVzT1xDhgzlnZG7Cys/rFgUYpIvYDHMOFxG6hsDB8vqyHiTXniniti5tdvGGYHgRGQcynRTU12aerrqHTIOefrElXJdf3/PA8FIY/Pd3MmZocY/vvQe0EVHXWrNtnHOF3MFQ1tFyfubKO51Dcp9KmzHnyBvO4CtvGVr/upSVWfo0I/EqkIqvCvBbdSIPeH9V5hAcyWENGF4Wf0/Yqtc0dBhfXJmPVBsC2ghZp9oERK+h5Xs7DpzkT0vtkN+wjgA5weIuG8e2UVNO29LWASzlychVqb7BVa6kNn5CyGwauyIGsYvAFnUjkyJpK8qleNM3VO5x9aw26IhSKlnSE9PAdX8p7PpdoWfxWRekKTc4h6iAe7pFOENvuokAvCNsE5LolR4VrYKXjA0m3nupDNWYexAWfR3lSeSlKd9nD3OENS0biJKayZHs11iDUTxm5u5gm/U60b4z0zDXjh1H/DI/pSCG6jjaXDpw==";
+
+ users = [ opdavies ];
in
{
"secrets/cloudflare.age".publicKeys = [
hosts.hetznix
+ hosts.mail
hosts.nixedo
hosts.t490
- users.opdavies
] ++ users;
"secrets/tubearchivist.age".publicKeys = [
diff --git a/nix/secrets/cloudflare.age b/nix/secrets/cloudflare.age
index ba6fb04c..4c092f31 100644
--- a/nix/secrets/cloudflare.age
+++ b/nix/secrets/cloudflare.age
@@ -1,24 +1,23 @@
age-encryption.org/v1
--> ssh-ed25519 M7i4ow uAeMYG9c6ryN+5dT0niHXkwWXYuCPTlv6MVaaRxP6BQ
-7OdV+9doEFau6GjTONtREFSePR95/FEe3tTRaqU9ERQ
--> ssh-ed25519 IsVD3g LNDsu6aQk4VB47Au6sGfUFnvuFDYL1yxvT2xqmEoPXA
-T6O638N4ICQfoYmXSzwyJnn4ZgEYTVHBhaviG/L42xc
+-> ssh-ed25519 M7i4ow JbGsQZjXyc/TOA5Bc2J1F4dUPImFkb2sJstGTiwS0lw
+KhsNg7sOj7n2iOpKyKX8pfzFC16oYK+3GnE0PtwUres
+-> ssh-ed25519 e6k47Q 5u6J38BGCrhgUo9+JrWNXLTbY6GwiSRc7EyrCnMqIBQ
+rxCoxCxNcPIVhSXBItEnRyWi1lVRl0u7PH5EqydU4Bo
+-> ssh-ed25519 IsVD3g xy60nMsxrMEVVHse7cfmvTtnzYZMr/8bHQ77dwBVmxo
+wlJJVdek+bN6tzbxAl594FR9MBR93nQyvwqCLREp2Sw
+-> ssh-ed25519 IsVD3g ATYSZBSFln40HNRBvAPd85D4ax8TA4vWc4JsgqvXpxU
+YfUmlZLkQi9QFeuZ1kJdR3toWD/gkoTz+XAtBFx2qKY
-> ssh-rsa +vTWQw
-B6COgTlKAkSE2zCwt6gCDBl4fw6WgKD1u1/YYXMz/Fh2nXc8Qy1IrxSvn8nZr05G
-EdToyrGtkNC6i5OPKvNfy+DWLw2slD3f6rZGQQZb60bEj51mr3xTIh2ho449U9lp
-lFyodrxcQljBWdRI0mO2/SWTwKPLDqehGJdamj0DnitVh+tof4WdThZGIKekOG42
-WylPQUEt6U3tNLfTKfj1/HAKBiVdcOUezTzmcDqrD+Sb3qO+hEWWACIQoKnFS0Yl
-rDZ/Sif86EMPUi93wsF5tjR6jCJfb/isiucxCeR9nKHCKScXPRjCpP85yswUEABd
-wqJGodpuywoTaBF+GfPqXHF1BNp9wRHiMJC/wKsYTs7M5dpQyjl+/Nr4b/C/BdwE
-Ab2q9u+EDuOFOWYz0TBUNQTFd/HQVhpC2Jd+/XLP1QZvHjA9WpQU+Uf6QTeQFoH3
-3jm31f3qWbFqgHYoYMRN6Qwax7PYN86d8zUs2TDnzz2EpE7ybxmKvsv1XQpl7eoc
-RP6ynCP71nGXOHymzaZPYDdCsidw1EjuN2jtIbXU1+1ZgjPya8C5grVdDalwy/ds
-98g4kDgLMhfeiu24kJS9fDE5YDI8AWLaRLRgdEu7FbtAottaI9qgG5AZTaU0g8Po
-LHjrMnlz+gZ972sA7tM2sv+ZG4npWnyZOExyFQ/sD3U
--> ssh-ed25519 qqcYyA elZlBILHKKJosk7vsh2FKtouLS84AGFHg3H1g3t1JEU
-vywdvbLrzLSkLjrBkQ57Stp8gLLS+P63b7hBIRSEzCY
--> ssh-ed25519 RN94uQ UQZx1RtihT91/pw0pHFuW8Pvk7epPkRJjklyaMz7PjI
-4tbyHGkw86rfmB+CnWtz4ptNu2hI2yapGIwnzG+NAFA
---- xBHkdADymfBcQirr8/WV/Wuclk1PtivlHeNCdqXdUuw
-�3�#mBL�d��.��Z p$�2�k��D5
-���k��K�TF�Ȍ�����c�Y�MP��_`D��xJ2:���&�x�Ƣ��w��̂+���`��%�K��$���
\ No newline at end of file
+cohbs+XV518CcQvwPPn5uAPsMVbn8MFx5FKOQVXyBcxXsK88fdQtBcp+BcgUfHeE
++HJLB5KDs3lfHiEVDX7Z2BBVx1y9y+j0f8vi8GKNvTLSAAdMwp7LFS/aNcjboayf
+gn/+E+qtd4yiscSBBgsZvUBibkyRM+uVstXqACeX9S4j7TctsqpdEMvJKrbYJ0zQ
+7KsZyyT6QeIp7H9zMLQg2Gv7W2co5+ny3S1saL/5F51gy68LaReAIvB+GAs2TzCY
+AJVo1ANAG3JMRftGtUoNXgieyzXMKf/ucsC1OvwgUDlCDfqjHsiUlAaG64NWe1+K
+3DB1nnE/RkbkPj4gEcHxgiPX6/zC/ZS/sVYOBpktZeyb+ofsVhwQ/Xb0MJAwvknY
+WvETJ4DL4VQx4eC1v3yEYsgak1opnwOnRodeKbvR6pr+KeinFiKoF9dh9LQu9ByM
+ocqCBEHRfzkL1ZM2BYS1hlYo6ECSoSKiNQ8J+BF6wNMLM7WwG9G+LHCw8DMeAo1n
+DCpOMJXII2G1Mvgz/kUE63QB747uc7IImhYj5AQwTgYo/TUttVG6iEaJVGi5EFH0
+dwUPQU3wbYZiWTfKBYfBEX6+zyqSw20PpoQHbCouqOjKV37Ntwh3XhcyMOCBKB5L
+ugK55xOpNwbVxSh6zjyis4YLk0ON5UI9cyxqx44Z8kY
+--- ziQ837ro8cdUK22H13GWtnEVkq+QpSIwbwIYXU7t6H8
+L��Iː��vMĘ��l�Y��������Z�{C�����K�L��R�߂��Ĺ B��ya`�*�p3�mi��K��������=Ļ�j"L��Q0���8Ar�������������KBE����:X��ӜbW�ü*�6�N�����y��h����u�F��_��F��oh��c0
\ No newline at end of file
diff --git a/nix/secrets/tubearchivist.age b/nix/secrets/tubearchivist.age
index d5dce0b7..9af2769e 100644
--- a/nix/secrets/tubearchivist.age
+++ b/nix/secrets/tubearchivist.age
@@ -1,21 +1,19 @@
age-encryption.org/v1
--> ssh-ed25519 sHhprA glUkUuhPJRIeCUtuMh1KWri10reLmYTs/M+qIJt0yS8
-XjThuIggs/W/EUK83ZbIbbd4yLLSYQJUZIS99nHKQL8
--> ssh-ed25519 IsVD3g bAXxMhDdpNBYZJz98XEIPC6WpbeDFOldoB4w85UsRVw
-GUKmIo6AMrXGfsTjpL9aFMGd9F0brmjkSK1pRyAIInE
+-> ssh-ed25519 sHhprA uSQb27PjMYpj22KMcFkY8gk28CxWsA9fr0lP6hCjw3c
++JlfXYJcfaUMaijapKbQHU1Tndh4qy+vf29MMv8mQ4M
+-> ssh-ed25519 IsVD3g U9nD/8QuGhQU5+IFZRswgmzDcLoaKIr7ItG75PlQDkg
+CmlB0k7Bx7nXBA0ym1Gzh6lQrbNN7Kzy5WPmViGVuLY
-> ssh-rsa +vTWQw
-da55hhm3DwoVoDKTK4fexNWahYB3SYu8dJ44/V26RuKHS53r92nKbuJ4j2brMKD2
-9Wiv/9kaYNDWIxGz+SpeCmsv5rCsKCovo3TLQsmCT4JcQL8Ke+VJR0CzbvTO4jxC
-76PtflGahqms9F/BDWJztJJm7pcq9tUBRoyaOzJzri2064PkD8wiKyexOoU4eE+a
-kncCC1OmpjZT7flNrOwxwCqTIgrWsEZQpRERTVV6F7xqeV7gVe3FywFdT/Z2CXfq
-jgC8HA+YEbxmNGamWhpHxo3nf3tUSLXKoituEIOdGqK8pzdAKmTPzgpvjXhMCznu
-Hv4HgQzDXzjKgYv7G0LwwnU0R10mGPNaPuzAc2nR6X0HI094mWS34UfzdKbONgfi
-QPiRNGaCPQb8SBp64jn0CgZs6w466rEh4Rmwm+HXLFaESRqmHS9J0J01pnIltfXJ
-NbFQKiBUbhCIyXLLgTT9gwV8PRIrgnRNHGxKXJihVeWkSDd3cYkII6feBrhUZarq
-HgSiWdRYiSCZDZnD+if3cCB0NL5Q+fE8zo3xUfyenkDqPSwNAgXK4p+QZzwAbrZf
-w0S7IK9I4mwei6uIhKAByQM71CwGEwSNfKOJa9k+ABaWxP0Kugf/uLO63ZU3byNv
-DNQ2WdVbEsYdfU0jU9JqhgwpljzSN09wjA9ZG0j8JhA
--> ssh-ed25519 qqcYyA 9Q2jCyt+hp0WPGxFTndK95L6tb6TBbhi3xIJx3puCRk
-JMrVGBH5s5xisKhG7EME4CHHwngVzW3LlRXhMFHn6kM
---- mavTi4Poq4alvDGknFIgMI2rZFJoJfR09ZrFjlOywZw
-������a,����2PTC��1���A�x�5�b�s�c�lzz�ܮ�z8��Z���VC��蜱Ȅ�Ð���+LO�T�(���i9T���N�a5����i�&��J�D�S��5�b�~��Æ
\ No newline at end of file
+l8bvdvVV4b5OjkohdSWOea4YdIJ8xPRahajsJDpB6d9vr28nQEf6ruAmX1QeJkmP
+9NEVQmhL6OqulCz1G4awhf+OldnhIK/ift7GON2+cmKtp4W3R2k0dZqm5ML7OSpt
+/S2DcveCV7yyLHfkrEMI6UEka31xEJnXGnbgPbsQ1sS2kckVoLzW3etDZ/ta6FcW
+Zze5eiMVvKeaMOpTPts+lyiiPaSwIheJdvWhPBqdX+zJvaLaRS+VdC3ER25lw1IL
+Db/yiLRsw50GWfC5FTZMg/T+URVKo8JvdsebDxnGJVxMIjiazRDOkClYJGFSs8ud
+NcX7Bd26fOgggl8COmg87se3D0uSuABnHiJN5Hv/S3xwfK2RYSxZj0qjLCpbsa+K
+RgyarmsDiWSfsbha+uPjrTnW1U7elJJWvUbOEhZWEzUclLXy4z+nsA7BBVKa4LSm
+8Epd4qOE6korqkDDf/nDXg6X+AOeBF0JLWACZGR6qjovzTyQmepa4H03n/aid4xt
+5hhM9uzLSCYoY8T7hZSjrCiJeYUqCoVDjtCE7eDGScuoG/g3RfEa4BcFK/EcSpqT
+7CmnFU5Ay3vG5/6n/evzmzYvk82/I97KOs+LTotDW8FzRx/GmTCS2Bp8xiOw6XZS
+05sALEULfH5cCVKdJ2Mjj+NR4VEab/ykickH5fen0M4
+--- 7ihl6vnG31mlHLNdqzV2DA3pY0HOla8TE58j8B2wLfQ
+�����(R&Բ�5��Z;���U�����g��rN���2AW��������,��8���ϙ*��8ͦU��>�&��r�Z�۹��9��l����
,Zʁ��qI���PQ��?�)�-�kJЌ��
\ No newline at end of file
diff --git a/nix/users/opdavies/default.nix b/nix/users/opdavies/default.nix
index 117f9af1..df4437f1 100644
--- a/nix/users/opdavies/default.nix
+++ b/nix/users/opdavies/default.nix
@@ -33,6 +33,6 @@
};
age.identityPaths = [
- "/home/opdavies/.ssh/id_ed25519"
+ "/home/opdavies/.ssh/id_rsa"
];
}