17 lines
1.1 KiB
Nix
17 lines
1.1 KiB
Nix
let
|
|
# Founder SSH public key (recipient). Safe to commit.
|
|
founder = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJCBTSEEcBOhOkf3WF1e8xmblAZHvgTibFsqck2GY8D/";
|
|
# Forge automation SSH public key (recipient). Safe to commit.
|
|
forge = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFmKJt5+uilix5Ldiaaq1BhrYNjmV5lHcW7D/5inCCnO forge@every.channel";
|
|
# ecp-forge host SSH key (recipient) so NixOS can decrypt runtime secrets locally.
|
|
ecpForgeHost = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFtifu+ktG7rBZgI7wlAzsaSkaX/PtPy22SThB2wKw3A root@ecp-forge";
|
|
in
|
|
{
|
|
"secrets/cloudflare-api-token.age".publicKeys = [ founder forge ];
|
|
"secrets/forge-token.age".publicKeys = [ founder forge ];
|
|
"secrets/codeberg-token.age".publicKeys = [ founder forge ];
|
|
"secrets/forgejo-api-token.age".publicKeys = [ founder forge ecpForgeHost ];
|
|
"secrets/netboot-chain-token.age".publicKeys = [ founder forge ecpForgeHost ];
|
|
"secrets/op-stack-sepolia-private-key.age".publicKeys = [ founder forge ecpForgeHost ];
|
|
"secrets/op-stack-challenger-prestate.bin.gz.age".publicKeys = [ founder forge ecpForgeHost ];
|
|
}
|