diff --git a/flake.lock b/flake.lock index 9977877..35ebc13 100644 --- a/flake.lock +++ b/flake.lock @@ -14,17 +14,23 @@ }, "agenix": { "inputs": { - "darwin": "darwin", - "home-manager": "home-manager", - "nixpkgs": "nixpkgs", + "darwin": [ + "nix-darwin" + ], + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ], "systems": "systems" }, "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -60,7 +66,7 @@ "devshell": "devshell", "flake-parts": "flake-parts_3", "haskell-flake": "haskell-flake_2", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "treefmt-nix": "treefmt-nix" }, @@ -160,28 +166,6 @@ "type": "github" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751313918, - "narHash": "sha256-HsJM3XLa43WpG+665aGEh8iS8AfEwOIQWk3Mke3e7nk=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "e04a388232d9a6ba56967ce5b53a8a6f713cdfcf", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, "devour-flake": { "flake": false, "locked": { @@ -309,7 +293,7 @@ "heist-extra": "heist-extra", "lvar": "lvar", "nixos-unified": "nixos-unified", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs", "unionmount": "unionmount" }, "locked": { @@ -795,27 +779,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1752402455, - "narHash": "sha256-mCHfZhQKdTj2JhCFcqfOfa3uKZbwUkPQbd0/zPnhOE8=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "bf893ad4cbf46610dd1b620c974f824e266cd1df", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -914,7 +877,7 @@ "htmx-extensions": "htmx-extensions", "lvar": "lvar_2", "nixos-unified": "nixos-unified_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_3", "servant-event-stream": "servant-event-stream", "tabler-icons": "tabler-icons", "unionmount": "unionmount_2", @@ -1216,7 +1179,7 @@ "nixos-vscode-server": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1684517665, @@ -1234,16 +1197,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1751984180, - "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=", - "owner": "NixOS", + "lastModified": 1752900028, + "narHash": "sha256-dPALCtmik9Wr14MGqVXm+OQcv7vhPBXcWNIOThGnB/Q=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0", + "rev": "6b4955211758ba47fac850c040a27f23b9b4008f", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "nixos-unstable", + "owner": "nixos", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -1276,22 +1239,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1752900028, - "narHash": "sha256-dPALCtmik9Wr14MGqVXm+OQcv7vhPBXcWNIOThGnB/Q=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6b4955211758ba47fac850c040a27f23b9b4008f", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1738264807, "narHash": "sha256-6x6WLFwoLdR3w3FYtCnLye2Xe32SqsL7Zf0jpa5wJMM=", @@ -1307,7 +1254,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1758029226, "narHash": "sha256-TjqVmbpoCqWywY9xIZLTf6ANFvDCXdctCjoYuYPYdMI=", @@ -1323,7 +1270,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1682526928, "narHash": "sha256-2cKh4O6t1rQ8Ok+v16URynmb0rV7oZPEbXkU0owNLQs=", @@ -1336,7 +1283,7 @@ "type": "indirect" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1757014016, "narHash": "sha256-i+/3jrkW5j4BHWMuZ7+GP36bW6KltMdZipzWiYZO8HY=", @@ -1352,7 +1299,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1701436327, "narHash": "sha256-tRHbnoNI8SIM5O5xuxOmtSLnswEByzmnQcGGyNRjxsE=", @@ -1366,7 +1313,7 @@ "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1755577059, "narHash": "sha256-5hYhxIpco8xR+IpP3uU56+4+Bw7mf7EMyxS/HqUYHQY=", @@ -1382,7 +1329,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1760349414, "narHash": "sha256-W4Ri1ZwYuNcBzqQQa7NnWfrv0wHMo7rduTWjIeU9dZk=", @@ -1423,7 +1370,7 @@ }, "nuenv": { "inputs": { - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "rust-overlay": "rust-overlay" }, "locked": { @@ -1528,7 +1475,7 @@ "flake-parts": "flake-parts_2", "git-hooks": "git-hooks_2", "github-nix-ci": "github-nix-ci", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "imako": "imako", "jumphost-nix": "jumphost-nix", "landrun-nix": "landrun-nix", @@ -1539,7 +1486,7 @@ "nixos-hardware": "nixos-hardware", "nixos-unified": "nixos-unified_3", "nixos-vscode-server": "nixos-vscode-server", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "nixvim": "nixvim", "nuenv": "nuenv", "try": "try", @@ -1783,7 +1730,7 @@ "try": { "inputs": { "flake-parts": "flake-parts_6", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1756813707, @@ -1846,7 +1793,7 @@ "nix-serve-ng": "nix-serve-ng", "nix-systems": "nix-systems", "nixos-unified": "nixos-unified_4", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_8", "process-compose-flake": "process-compose-flake", "record-hasfield": "record-hasfield", "servant-event-stream": "servant-event-stream_2", diff --git a/flake.nix b/flake.nix index eeca151..4afbe9a 100644 --- a/flake.nix +++ b/flake.nix @@ -21,6 +21,11 @@ disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; agenix.url = "github:ryantm/agenix"; + agenix.inputs = { + darwin.follows = "nix-darwin"; + home-manager.follows = "home-manager"; + nixpkgs.follows = "nixpkgs"; + }; nuenv.url = "github:hallettj/nuenv/writeShellApplication"; # Software inputs diff --git a/modules/flake-parts/claude-sandboxed.nix b/modules/flake-parts/claude-sandboxed.nix index 122bc14..4dafd5b 100644 --- a/modules/flake-parts/claude-sandboxed.nix +++ b/modules/flake-parts/claude-sandboxed.nix @@ -30,8 +30,10 @@ in rwx = [ "." ]; env = [ "HOME" # Needed for gcloud and claude to resolve ~/ paths for config/state files - "CLAUDE_CODE_USE_VERTEX" + # See juspay.nix "ANTHROPIC_MODEL" + "ANTHROPIC_API_KEY" + "ANTHROPIC_BASE_URL" ]; }; }; diff --git a/modules/home/agenix.nix b/modules/home/agenix.nix new file mode 100644 index 0000000..c1b7abf --- /dev/null +++ b/modules/home/agenix.nix @@ -0,0 +1,19 @@ +# Debug agenix logs: +# cat ~/Library/Logs/agenix/stdout +# cat ~/Library/Logs/agenix/stderr +{ flake, config, ... }: +let + inherit (flake.inputs) agenix; +in +{ + imports = [ + agenix.homeManagerModules.default + ]; + + # We use a separate SSH key for agenix decryption to avoid exposing the main + # private key (which is in 1Password) to the filesystem. + # + # To provision this key once: + # ssh-keygen -t ed25519 -f ~/.ssh/agenix + age.identityPaths = [ "${config.home.homeDirectory}/.ssh/agenix" ]; +} diff --git a/modules/home/gui/1password.nix b/modules/home/gui/1password.nix index a44140c..c71e955 100644 --- a/modules/home/gui/1password.nix +++ b/modules/home/gui/1password.nix @@ -1,7 +1,7 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { - # home.packages = [ pkgs._1password-cli ]; - # Using native CLI ^ + home.packages = lib.mkIf pkgs.stdenv.isDarwin [ pkgs._1password-cli ]; + # Using native CLI on Pop OS ^ programs.ssh = { enable = true; diff --git a/modules/home/work/juspay.nix b/modules/home/work/juspay.nix index 20a1e6a..4154123 100644 --- a/modules/home/work/juspay.nix +++ b/modules/home/work/juspay.nix @@ -1,10 +1,16 @@ # Juspay-specific configuration using the work jump host module -{ flake, ... }: + + +{ flake, config, ... }: let + inherit (flake) self; inherit (flake.inputs) jumphost-nix; in { - imports = [ "${jumphost-nix}/module.nix" ]; + imports = [ + "${jumphost-nix}/module.nix" + ../agenix.nix + ]; # https://github.com/srid/jumphost-nix programs.jumphost = { @@ -25,26 +31,21 @@ in }; }; - # Mirroring configuration from https://github.com/juspay/vertex + # For Juspay LiteLLM AI configuration home.sessionVariables = { - # Enable Vertex AI integration - CLAUDE_CODE_USE_VERTEX = "1"; - CLOUD_ML_REGION = "us-east5"; - ANTHROPIC_VERTEX_PROJECT_ID = "dev-ai-gamma"; - - # Optional: Disable prompt caching if needed - DISABLE_PROMPT_CACHING = "1"; - - # Optional: Override regions for specific models - VERTEX_REGION_CLAUDE_3_5_HAIKU = "us-central1"; - VERTEX_REGION_CLAUDE_3_5_SONNET = "us-east5"; - VERTEX_REGION_CLAUDE_3_7_SONNET = "us-east5"; - VERTEX_REGION_CLAUDE_4_0_OPUS = "europe-west4"; - VERTEX_REGION_CLAUDE_4_0_SONNET = "us-east5"; - VERTEX_REGION_CLAUDE_4_5_SONNET = "us-east5"; - - # Model configuration + ANTHROPIC_BASE_URL = "https://grid.ai.juspay.net"; ANTHROPIC_MODEL = "claude-sonnet-4-5"; - ANTHROPIC_SMALL_FAST_MODEL = "claude-3-5-haiku"; + # ANTHROPIC_API_KEY set in initExtra via agenix (see below) }; + age = { + secrets = { + juspay-anthropic-api-key.file = self + /secrets/juspay-anthropic-api-key.age; + }; + }; + programs.zsh.initContent = '' + export ANTHROPIC_API_KEY="$(cat "${config.age.secrets.juspay-anthropic-api-key.path}")" + ''; + programs.bash.initExtra = '' + export ANTHROPIC_API_KEY="$(cat "${config.age.secrets.juspay-anthropic-api-key.path}")" + ''; } diff --git a/secrets/github-nix-ci/emaletter.token.age b/secrets/github-nix-ci/emaletter.token.age index 8746906..ed919e2 100644 Binary files a/secrets/github-nix-ci/emaletter.token.age and b/secrets/github-nix-ci/emaletter.token.age differ diff --git a/secrets/github-nix-ci/srid.token.age b/secrets/github-nix-ci/srid.token.age index 48757b6..27cbc8e 100644 --- a/secrets/github-nix-ci/srid.token.age +++ b/secrets/github-nix-ci/srid.token.age @@ -1,12 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 96IXNQ qxnWrc61w1kSBf3m7ofJWrTTdhrKSMmp9iW5y9RzdUU -epgghGOuuMctx4uyYWrvN33tu4dL91E8VNxlMuvxw/g --> ssh-ed25519 Ysxvmg ZjHA3/xCKFO+sk9RGRXkfGcxixk4arKP6PlRnLKRqi0 -CJITJ6M4KRM5lH23O5kWY8qjs+WEZLe5OooaIa7LInE --> ssh-ed25519 HQ+y9w MyD/org+yNN0HhLh3GLG9PbCxIjffsMOxcJaQAmeThI -jGFfuzJmA+AXgG9OI1c88TD4GHFA4C4GnzBPYlbvjQY --> ssh-ed25519 p0qplg dod6JyHjstJGo0LgxlG4z5zrca8qunco+UuFLYZUyxo -cWZElzFjbZESN2tlbna76yn77qm6e1og7OhoLzYsqVc ---- dD6aThNJBsJXoIS+6JbkIk1o3FJUbvjjjRwX6k3Riz0 - -tJ$ub|G #bж春+OM`B݈¡ o(!wt-v (&‚8ƴ*;_6}IuG`U?g :7L j \ No newline at end of file +-> ssh-ed25519 96IXNQ V6z62p+pW3kgBssNzyKXgeSkg1Wd8RL6G1UrumXTIWY +Ct4rp8A1Gg9ExzUyE63JgzgHD5aaeqakZ6ROAPm/XRE +-> ssh-ed25519 It7HZQ +Hfd+DFL1cxlRFHSfLC2iiEbQ52cir2KgsIAQsgWLj8 +pCD9VDE0GWsr23NRHRCmiZJDrdNN3zKJFY6zNTpzPqg +-> ssh-ed25519 Ysxvmg NzAhvPK21VdhfbEAD5Fk9VSqqeKjE8n5T9yurBeGohs +qRZzel60SENc1ewUbubi48zRyhxbpGK85Y2j871YPwY +--- R2HwRQqDwwfnDYltxQsw+s8fhBHhXVY+t93Uwh4PNYw +/ݹ{?b^i#W +as}ȭj +p$'DA@62O<0D2c@Ҧ) 7^?娨lV05Xe8 \ No newline at end of file diff --git a/secrets/gmail-app-password.age b/secrets/gmail-app-password.age index 3704366..1361e70 100644 --- a/secrets/gmail-app-password.age +++ b/secrets/gmail-app-password.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 96IXNQ AlPQKdJW4i7KiKFShOJiZS3jaU4rGHxfpTcbxFFhX0c -/T+E7XkiUOgWtdRVRz9T3ut/AKXLEZpIywdjgPSXetU --> ssh-ed25519 Ysxvmg ib7r93LrHHqg8Mpy2qjHDscc1j78xHYn+mSE0mgCVmI -FIcdml33o0867qmVXsfwCTouhNFdzUMcpI/RkD1Ydvk --> ssh-ed25519 HQ+y9w eqKQ865HffWRjvbj/I5Qoe/jxKEP0Fdjh3FxWppW3zc -4qtKAl3FFwfevlF0qFPe5brMRdll1cNDbOv/ynzrw94 --> ssh-ed25519 p0qplg QWiCH31vijXLdRi1ERrrsO9/wPnB5dVKmV+JQ7TxWig -bziVlyMK13NYneR0mmyipoKwTboEd8kQeOE2JS9evMw ---- vO0xh4UbUG45Wnq+c5oL6C4P42B87tYeZ2iKwBEKLa0 -{kUi{~eɤA#N7uB;J]Ht6}x=ia \ No newline at end of file +-> ssh-ed25519 96IXNQ T3RyKheawLaYNrlkDoCXS8pgRIwsNygCXKspcIgFqCo +atSHBU2ubK2vXRudE/WAd1bVaclb32bqr1DuCfuncD8 +-> ssh-ed25519 It7HZQ AiZwpmGEojWzGAGPOnL9OTF96OsNEskVXq7nzSmIuQw +qhv3adMWpgHRCSTixOuPOtC9GKPDf8igzEOhCqlZPug +-> ssh-ed25519 Ysxvmg STvgaNkoEEec339ils0g3H0D32RGph9uBk1socsLiBI +5pmdT4t49xbzQJy4XhZrCieDcYYr/HT826g55mnAfew +--- XYTAbK/8LHg4SlajLfSlqToRkAl+mAnXXNdvgMvzaj4 +Nt'8ҡuG_8QY,<');!v˦ \ No newline at end of file diff --git a/secrets/hackage-password.age b/secrets/hackage-password.age index 099c8bf..38baab8 100644 --- a/secrets/hackage-password.age +++ b/secrets/hackage-password.age @@ -1,11 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 96IXNQ fkw73hLDykfEcq/OvTGwfQKO8adwA1ojBuPCKO5hZyw -YNN1Vcg+30il/ccbcWMgR4uucLBMGSdFLk+6PwjKiKc --> ssh-ed25519 Ysxvmg RATkz1A0SNVm6Ynu2FhoTgc8yi6TwnK+I3LRpp32jAM -lUFyoIQSu1DCjkdAgWtDTDuM89GtqFSdbBsBzSZr4yg --> ssh-ed25519 HQ+y9w OZSJZi0YRfkpmc5d6cMALj+Uo/WFoPy9+ME5tScunn4 -+4W1K5A+p2IPtPzcIiO+z4sVhNotX4T9wqs0E1BRlSc --> ssh-ed25519 p0qplg Z2P1LtaIrYJujIQy9pIfgjc/tjvy5lWCKPDRUrr5LGs -Ve5d3aOfB9/GI45gapzVEtnTr0u6N4krZ+DoWj2lbN8 ---- CBkheL3TQ/W/4aVzTxuTUPh1UQMGT5AeWTXKCcVTVq8 -:w[-C7#u ssh-ed25519 96IXNQ nHWK3DGvD5svfKFD/QiyGUyE94MfiIAGvwtowQfB8CE +HKw+5SB99G+BVO1t6dggH+LFfjWSExUXaPA6TgbXkjo +-> ssh-ed25519 It7HZQ tN1niOfw1WOTti0NAg9IlBSnAkTGloTE5dZGJ3rdXR0 +xw9DqdaqI3o0JuXslaOWcHwN4eLqz4g/lzQPmqZIpLU +-> ssh-ed25519 Ysxvmg K7Taxefo/m7ObS0f62lowOnSNkN4kRO51A68N9tFmGM +sOEEjMpzH2CPwnmk7X5fbLKJ3Yw/Tr2P33UHM676y8A +--- FrVEGbyKNFknaLXq05sb5gD7cZqPv+UZUcuD+sj/SPA +cĊx=wj@[ +y}h8#M .N)D+ \ No newline at end of file diff --git a/secrets/hedgedoc.env.age b/secrets/hedgedoc.env.age index 122e6b8..a85ba60 100644 Binary files a/secrets/hedgedoc.env.age and b/secrets/hedgedoc.env.age differ diff --git a/secrets/juspay-anthropic-api-key.age b/secrets/juspay-anthropic-api-key.age new file mode 100644 index 0000000..bfc8888 --- /dev/null +++ b/secrets/juspay-anthropic-api-key.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 96IXNQ MqhWG7d6fRrIzIZDyu1/Sr8Kcc/0g6b09JxadmeWISM +qhSR1c/JfIh9xLR5Yb86D7E8M0X23wvmmBpHl6RiYuA +-> ssh-ed25519 It7HZQ E6XNqLnTEqg7PjMfQV+4Q2+PxgzwNqUTCIphK1ebWQQ +NdyhbsqlXpMqn/T9CJeKXP9APY/gMTf045iAyz9Niis +-> ssh-ed25519 Ysxvmg FDBhNnfef8Mgl0aAnwDcK6Y70LCnvFi74gfPqbYa7U4 +cNUdR58Go8ggcsbcHy288xHRo1wUL1MKiIvKvjcCLQo +--- FXrK+Jq0W+jvGa+yBaWfvU0th7bAYeU2lxQexsyAnSU +Η&NR_4`Y% KAxW[T"n*g~I"Sѱ-Vz%DI +D \ No newline at end of file diff --git a/secrets/justfile b/secrets/justfile new file mode 100644 index 0000000..f2f8933 --- /dev/null +++ b/secrets/justfile @@ -0,0 +1,12 @@ + +default: + @just --list + +# Run `agenix -e ` +edit FILE: + # bash -c 'agenix -e {{ FILE }} -i <(op read "op://Private/id_ed25519/private key")' + agenix -e {{ FILE }} -i ~/.ssh/agenix + +rekey: + # bash -c 'agenix -r -i <(op read "op://Private/id_ed25519/private key")' + agenix -r -i ~/.ssh/agenix \ No newline at end of file diff --git a/secrets/pureintent-basic-auth.age b/secrets/pureintent-basic-auth.age index 5cce440..8c4004e 100644 --- a/secrets/pureintent-basic-auth.age +++ b/secrets/pureintent-basic-auth.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 96IXNQ 0/NuV8hDzg51QcJGiwG0/baeBQc+W9h9q66AzEm+EnY -V1xUVHQQmXo6YN+BF+ZCn9Ew+bcUqP0975JmvaiSY4o --> ssh-ed25519 Ysxvmg DxRnKZodptsoekhgqYHvRTmuDoqwsvzZ+lsXA2wU8U8 -lJxE8eCxkBCd5uHUSrOMywBgy0HQEekU5HEn9k7v6xE --> ssh-ed25519 HQ+y9w sjoTiMATKONmXTmEfmUEsURXxKOEnYS8K3wcTP6OEWU -kmj2v92yAR8mo/5bL24GMJ9idN4DXPoBh41sGmJFu6U --> ssh-ed25519 p0qplg 1TuM1BqPK2U5prLL/zEel4nHLEtxud34aSslvCS1k1k -PvnOGEDrQ0Mek3Z/VeHAcvhdurAN1RZxACiLsali6WQ ---- 2AiI3tw705Kala8qEBWg0PIlXn+yOyeDns01nZ7YjGw -tu #`=U&Sp6CE:~v;b}ӛ.'T-x(;Þ|\S!RdWyD58qA}*ѱZS \ No newline at end of file +-> ssh-ed25519 96IXNQ 2fAb4UaMDzIvV6al6FJhaLubphtiSuCpVOaeN+HwGVo +bP/J1UYVBhjV2aquWSsTytU19R76+9Vlof5/V9CUBZU +-> ssh-ed25519 It7HZQ /UlpuPliwqF04HPG87ldFPCjxWim6EuCxUUax8h51TQ +rbQBDdCtd1N2IEuCSZeeusVtkogL3MOr0Mxue/Gwiso +-> ssh-ed25519 Ysxvmg A81MyiFDefSbX6u7p4bN9vCREgGcp/frzguX1uwXYVM +KiicSyou3NiK9znW2/MEJi3ElLfsqkCLfMuPbqTLoJs +--- ArMgx+hzGLdzksx0CEXhb7N//pSq+ovYS/SPS3mQBcs +bQ A[iz/%VAEx.bZMIsҨ1Teq̦S,Jӭ2S(T6FkD.QR[ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 720b3d4..3d35497 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,11 +1,15 @@ let config = import ../config.nix; - users = [ config.me.sshKey ]; + users = [ + config.me.sshKey + # zest: unique just for decrypting secrets + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYQQXPMHYBtRcPzSkjQ3oqyje8T4UlCpbr6XjrlzzlK srid@zest" + ]; pureintent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkY5feaNt4elPqRQimB9h3OFxtFAzp98p1H+JezBv92 root@nixos"; - infinitude-macos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjg6aknmaXdQ/arHcTD+USFwCTsUGyJv9R1dXnejdby"; - infinitude-nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhLuTee/YS04uBhg9Zri5OKfQySoeUXxVVpz6xVUtB5"; - systems = [ pureintent infinitude-macos infinitude-nixos ]; + systems = [ + pureintent + ]; in { "hedgedoc.env.age".publicKeys = users ++ systems; @@ -14,4 +18,5 @@ in "pureintent-basic-auth.age".publicKeys = users ++ systems; "gmail-app-password.age".publicKeys = users ++ systems; "hackage-password.age".publicKeys = users ++ systems; + "juspay-anthropic-api-key.age".publicKeys = users ++ systems; }