Fork: 0
Skyworks / skyworks-Nix-infra
Transfer to URL with SHA Find file
Newer
Older
skyworks-Nix-infra / secrets / secrets.nix
@Dixiao-L Dixiao-L 8 days ago 1 KB harden and fix: nftables input chain, sudo, agenix, ZFS, NAT priority
Raw Blame History 
let
  # Admin keys
  ldx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKMNHFTC5HMO3IsggHpA+eVSCyhZSmDZz7aV62IFt7sj";
  # TODO: ylw to provide ed25519 SSH public key (RSA keys cannot be used with age)
  # ylw = "ssh-ed25519 AAAA...";

  admins = [ ldx ];  # Add ylw here once key is provided

  # Host keys
  skydick = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnuvNClEXwMEP0IVNZ8GM1V93eU+QMmBqM5R8TM1Sx2";
  # xlab-gateway = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII+EKDpUPWahclzYF6o26AWfrRyZ3bW7D3l9oMo2J6Eg";
  xlab-gateway = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnbHZ/dHWqeWIzTjqYTI2uCEFnEJEu4aFfd0U3KT+C0";

in {
  "skydick-wg.age".publicKeys = admins ++ [ skydick ];
  "xlab-wg-skyworks.age".publicKeys = admins ++ [ xlab-gateway ];
  "xlab-wg-wgnet.age".publicKeys = admins ++ [ xlab-gateway ];
  "xlab-wg-wgnet-psk.age".publicKeys = admins ++ [ xlab-gateway ];
  "xlab-wg-warp.age".publicKeys = admins ++ [ xlab-gateway ];
  "influxdb-token.age".publicKeys = admins ++ [ skydick ];
  "skydick-ldap-bind.age".publicKeys = admins ++ [ skydick ];
  "skydick-samba-ldap-admin.age".publicKeys = admins ++ [ skydick ];
}

# 重装系统一定要备份原机器的 ssh ed25519 私钥
# 否则他妈的比bitlocker还傻逼