forked from rarias/jungle
		
	Use agenix to store the credentials safely. Reviewed-by: Aleix Boné <abonerib@bsc.es>
		
			
				
	
	
		
			19 lines
		
	
	
		
			569 B
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			19 lines
		
	
	
		
			569 B
		
	
	
	
		
			Nix
		
	
	
	
	
	
| let
 | |
|   keys = import ../keys.nix;
 | |
|   adminsKeys = builtins.attrValues keys.admins;
 | |
|   hut = [ keys.hosts.hut ] ++ adminsKeys;
 | |
|   # Only expose ceph keys to safe nodes and admins
 | |
|   safe = keys.hostGroup.safe ++ adminsKeys;
 | |
| in
 | |
| {
 | |
|   "gitea-runner-token.age".publicKeys = hut;
 | |
|   "gitlab-runner-docker-token.age".publicKeys = hut;
 | |
|   "gitlab-runner-shell-token.age".publicKeys = hut;
 | |
|   "nix-serve.age".publicKeys = hut;
 | |
|   "jungle-robot-password.age".publicKeys = hut;
 | |
|   "ipmi.yml.age".publicKeys = hut;
 | |
| 
 | |
|   "ceph-user.age".publicKeys = safe;
 | |
|   "munge-key.age".publicKeys = safe;
 | |
| }
 |