Add encrypted munge key with agenix

2023-09-08 19:01:57 +02:00
parent e3e6e7662d
commit 2a0254b684
3 changed files with 15 additions and 3 deletions
--- a/secrets/munge-key.age
+++ b/secrets/munge-key.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -3,11 +3,12 @@ let
  adminsKeys = builtins.attrValues keys.admins;
  hut = [ keys.hosts.hut ] ++ adminsKeys;
  # Only expose ceph keys to safe nodes and admins
-  ceph = keys.hostGroup.safe ++ adminsKeys;
+  safe = keys.hostGroup.safe ++ adminsKeys;
 in
 {
  "ovni-token.age".publicKeys = hut;
  "nosv-token.age".publicKeys = hut;

-  "ceph-user.age".publicKeys = ceph;
+  "ceph-user.age".publicKeys = safe;
+  "munge-key.age".publicKeys = safe;
 }