Move secret management to agenix

- https://nixos.wiki/wiki/Agenix
- https://github.com/ryantm/agenix
- https://jonascarpay.com/posts/2021-07-27-agenix.html

2 files changed, 29 insertions, 0 deletions

diff --git a/secrets/cloudflare-ddns-token.age b/secrets/cloudflare-ddns-token.age
new file mode 100644
index 0000000..280ae85
--- /dev/null
+++ b/secrets/cloudflare-ddns-token.age
@@ -0,0 +1,19 @@
+age-encryption.org/v1
+-> ssh-ed25519 mPg9Wg gHYl+dLO8N5gCWv2x5qtuEvTrrL4XlLcT2Q6Zngb5WM
+BBoS++7s6L4JCZWDkIyyNdf5QDMB1zGUghOOFWo2EC4
+-> ssh-rsa 5MROTA
+QxtsUXR+3Flq0iZFtLsJTGM3nq5770pzOFUpLxVjhxg1gzEhRclgjYpn7m3TSAjp
+J+AUwRN8KlrFecggllmpoY9wyKYUjgvu6a8hh9TCFOytRDoIKtBQasSRH2eM6VrF
+wTlJ3MPoP8GJ6iNyHE5hlFHHc3P9HxqNK+qZfRB9zCN4zY8NQi+QmAexE9gPuVRL
+c7sOxAH/Ov4zQ9WMnGdAW7wPHyET5b3woW3ju9fJr08UtuavMyEMgHk6gKtsBkM6
+bK5fraFrbkWv3lW3SS6GRqT0sN14/zIP9CfaHu8GWG4TOdDV/d6HlJ5U+BvGQp3z
+lU54v2JfmPDtbPefzmG3+8GXb9ITCMUrGIfnHXaw4hoe8/WzSz46ZWufnPnzlWvn
+p7WDouB9lRH7/aMyIdPbKAfPIzeg1yKs3n6BXA/4ENa/msQ7MqKZpHJGinx6Yfde
+EErwThHTJXo/F8wCQRIHpAMOcHnpZHPV8rGR411A9wlZrWp00otkukSBAw4/teX6
+MfmXM14kFlYlg3uW4NO0TpelNFrBHHBFNzmIjadResQe1TW4rJ/X2aznw3jXbzii
+/rWGQIiSc4xpZbao9ZQktPtErCtU1vjJmc41qmSJgwUb81XSA8tLK5+T54KEOxM4
+eycpp8TiNE2vUnP4bVu+o8svwYDAzsxoD07RCTYFoSM
+-> dw-grease
+NVGg1adhRcMDrvPKNfly
+--- KcSrc4BXUEzO72Kl/qCJ+Ild9FjCMDyTwZl1Lpjj8LQ
+9N�?��!}l�r�/�_�-�T���dTy�J��_I���ED@Z�nI��
��9��Hf�ěr�n�a�O���᮷���c�O���'�LxՎN���3
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..0f349a8
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,10 @@
+# This file conatins configuration for the agenix CLI. It is not actually
+# imported into the system cofniguration.
+
+let
+  metadata = builtins.fromTOML (builtins.readFile ../metadata.toml);
+  publicKeys = map (builtins.getAttr "sshPubKey") (builtins.attrValues metadata.hosts);
+in
+{
+  "cloudflare-ddns-token.age".publicKeys = publicKeys;
+}