Move forge tailnet secrets to agenix

2026-03-31 16:38:02 -07:00 · 2026-03-31 16:38:02 -07:00 · 20964e8ed7
commit 20964e8ed7
parent 8aebf56d6d
9 changed files with 135 additions and 7 deletions
--- a/secrets.nix
+++ b/secrets.nix
@ -0,0 +1,14 @@
+let
+  contact = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO42guJ5QvNMw3k6YKWlQnjcTsc+X4XI9F2GBtl8aHOa";
+  agent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEN0+tRJy7Y2DW0uGYHb86N2t02WyU5lDNX6FaxBF/G8 agent@burrow.net";
+  burrowForgeHost = "age1quxf27gnun0xghlnxf3jrmqr3h3a3fzd8qxpallsaztd2u74pdfq9e7w9l";
+  burrowForgeRecipients = [
+    contact
+    agent
+    burrowForgeHost
+  ];
+in
+{
+  "secrets/infra/authentik.env.age".publicKeys = burrowForgeRecipients;
+  "secrets/infra/headscale-oidc-client-secret.age".publicKeys = burrowForgeRecipients;
+}