From d2ad014c23d6b25b60176fbb777462e99d77bd60 Mon Sep 17 00:00:00 2001 From: ErrorNoInternet Date: Sun, 3 May 2026 18:28:35 -0400 Subject: [PATCH] agenix: import initial user dns keys --- .../dns/tuxcord.net/error.tuxcord.net.key.age | Bin 0 -> 442 bytes .../tuxcord.net/javalsai.tuxcord.net.key.age | 7 +++++ agenix/secrets.nix | 26 ++++++++++++------ 3 files changed, 24 insertions(+), 9 deletions(-) create mode 100644 agenix/dns/tuxcord.net/error.tuxcord.net.key.age create mode 100644 agenix/dns/tuxcord.net/javalsai.tuxcord.net.key.age diff --git a/agenix/dns/tuxcord.net/error.tuxcord.net.key.age b/agenix/dns/tuxcord.net/error.tuxcord.net.key.age new file mode 100644 index 0000000000000000000000000000000000000000..74971c12eed29fde061ec2fc78c44b4102915a73 GIT binary patch literal 442 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+&oN4Kaa0J@b~Y_F zb*(B446-OnPfYc<@bWP6&#x@@bI)_H2n(t54>qoF%qsLV3gyZvGblFmDhM}l3av=W z3-gX}@;6RRF$>TR%hk3>G%=2_Fg8fH)Xz1{FhRGi%Fo#%*ij+eBO}~AEiEV1T-z_t z%)mIp!?eQ0E6u0Uz#=`*v@*!wGb2pfD>19gEtxCDGR&YdP(L|8Dlt4i$1ym(%rY(6 z(akL+G{qvqAlES|Juf&V#W={wFOW-DS69K!J2})hH`g*U%h4j(#VbVLJuomM!zm-# zusFxkFCf`RJIK{P*f1)qqL?dQ_0`*njqXq1oJ?6V@rnC~U+=9?D$Yvq;SOkWdD>as zv+|XZ_rV1g%l22)Je(o+uKZ{ClkJ<7PqQp#KfFEsz>F30DzWbjmp&Abl9yeUrn%)x zbMy53kH7q4C~#3JyC1KA*Rkem;q?zLMz{a7-C5yNer#Wwv5?N!>G7M6Y6b7+`0}#y cc*yqO?AiWFQdR74XSe^#Is2+t^}&;Q0F7>|tpET3 literal 0 HcmV?d00001 diff --git a/agenix/dns/tuxcord.net/javalsai.tuxcord.net.key.age b/agenix/dns/tuxcord.net/javalsai.tuxcord.net.key.age new file mode 100644 index 0000000..f8b1d95 --- /dev/null +++ b/agenix/dns/tuxcord.net/javalsai.tuxcord.net.key.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 Wl2fDA 3CWPYLgoTMGb9gBbDzZIQxYJ9Gfm49g6lqQyqlegUDQ +ryhsPP5+Byus2e5GSXDJlKYX1o3HfQ87CLRv2htU4n4 +-> ssh-ed25519 EiAAKw B2uGdkeC3OZISN2iH2DR1J7L3/mbuFvebzqaTdAURCw +ze0X/MmHP78rRqAn0O3VBtnMJsiOXPk8RIe82tdQMeg +--- kLBxPuJdbPmJ1Lz3iBu8EPItdZtpNHIyV6pz1QzhcUY +3P>gh@AZz-6Rzڢ[Py?ɎUSN&#}R+o?.B&5]WOΉPuh=t5|דs׀&!-TSfՙ-j"#iwzjH \ No newline at end of file diff --git a/agenix/secrets.nix b/agenix/secrets.nix index eafb482..4361f54 100644 --- a/agenix/secrets.nix +++ b/agenix/secrets.nix @@ -1,17 +1,25 @@ let - users = import ../lib/ssh/keys.nix; + inherit (import ../lib) + users + adminSSHKeys + attrsToList + getSSHKeys + ; tuxcord-ca = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPxiko5Csyq9UODglYzLBvRfxkhQu9GXP7SH2BpC8G/7"; in { - "ntfy.age".publicKeys = [ tuxcord-ca ] ++ builtins.attrValues users; + "ntfy.age".publicKeys = [ tuxcord-ca ] ++ adminSSHKeys; # tsig-keygen etc.sub.domain.tld. - "dns/tuxcord.net/tuxcord.net.key.age".publicKeys = [ tuxcord-ca ] ++ [ users.error users.javalsai ]; - # "dns/tuxcord.net/XXX.tuxcord.net.key.age".publicKeys = [ tuxcord-ca ] ++ [ users.XXX ]; - - "dns/tuxcord.test/tuxcord.test.key.age".publicKeys = [ tuxcord-ca ] ++ builtins.attrValues users; - "dns/tuxcord.test/sub.tuxcord.test.key.age".publicKeys = [ tuxcord-ca ] ++ builtins.attrValues users; - - "dns/nix.tuxcord.net/nix.tuxcord.net.key.age".publicKeys = [ tuxcord-ca ] ++ builtins.attrValues users; + "dns/tuxcord.net/tuxcord.net.key.age".publicKeys = [ tuxcord-ca ] ++ adminSSHKeys; + "dns/nix.tuxcord.net/nix.tuxcord.net.key.age".publicKeys = [ tuxcord-ca ] ++ adminSSHKeys; + "dns/tuxcord.test/tuxcord.test.key.age".publicKeys = [ tuxcord-ca ] ++ adminSSHKeys; + "dns/tuxcord.test/sub.tuxcord.test.key.age".publicKeys = [ tuxcord-ca ] ++ adminSSHKeys; } +// builtins.listToAttrs ( + map (user: { + name = "dns/tuxcord.net/${user.name}.tuxcord.net.key.age"; + value.publicKeys = [ tuxcord-ca ] ++ getSSHKeys user.name; + }) (builtins.filter (user: user.value.options.ddns or false) (attrsToList users)) +)