Rodrigo Arias Mallo
1f0cb4ae76
It routes traffic from fox, apex and the compute nodes so that we can reach the git servers and tent. Reviewed-by: Aleix Boné <abonerib@bsc.es>
35 lines
1.2 KiB
Nix
35 lines
1.2 KiB
Nix
let
|
|
keys = import ../keys.nix;
|
|
adminsKeys = builtins.attrValues keys.admins;
|
|
hut = [ keys.hosts.hut ] ++ adminsKeys;
|
|
fox = [ keys.hosts.fox ] ++ adminsKeys;
|
|
apex = [ keys.hosts.apex ] ++ adminsKeys;
|
|
raccoon = [ keys.hosts.raccoon ] ++ adminsKeys;
|
|
mon = [ keys.hosts.hut keys.hosts.tent ] ++ adminsKeys;
|
|
tent = [ keys.hosts.tent ] ++ adminsKeys;
|
|
# Only expose ceph keys to safe nodes and admins
|
|
safe = keys.hostGroup.safe ++ adminsKeys;
|
|
in
|
|
{
|
|
"gitea-runner-token.age".publicKeys = hut;
|
|
"gitlab-runner-docker-token.age".publicKeys = hut;
|
|
"gitlab-runner-shell-token.age".publicKeys = hut;
|
|
"gitlab-bsc-docker-token.age".publicKeys = hut;
|
|
"nix-serve.age".publicKeys = mon;
|
|
"jungle-robot-password.age".publicKeys = mon;
|
|
"ipmi.yml.age".publicKeys = mon;
|
|
|
|
"tent-gitlab-runner-pm-docker-token.age".publicKeys = tent;
|
|
"tent-gitlab-runner-pm-shell-token.age".publicKeys = tent;
|
|
"tent-gitlab-runner-bsc-docker-token.age".publicKeys = tent;
|
|
"vpn-dac-login.age".publicKeys = tent;
|
|
"vpn-dac-client-key.age".publicKeys = tent;
|
|
|
|
"ceph-user.age".publicKeys = safe;
|
|
"munge-key.age".publicKeys = safe;
|
|
|
|
"wg-fox.age".publicKeys = fox;
|
|
"wg-apex.age".publicKeys = apex;
|
|
"wg-raccoon.age".publicKeys = raccoon;
|
|
}
|