core(secrets): adding mailjet secrets

2025-10-16 16:30:52 +02:00 · 2025-10-16 16:30:52 +02:00 · c0c7fd7be3
commit c0c7fd7be3
parent c1b3df9e32
3 changed files with 40 additions and 0 deletions
--- a/secrets/mailjet-pass.age
+++ b/secrets/mailjet-pass.age
--- a/secrets/mailjet-user.age
+++ b/secrets/mailjet-user.age
@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 eRdPLg 3zUwYgjU1S3y4WxY/jyJ7S0CkSqo2YyoUdxbhyMrPQg
+HatUZQuNQwLTytq1pJ3KWdM0UZCjB3zlBijIMvYtV1U
+-> ssh-ed25519 KUgDMA ko392JkVWy5RJSIs/R5eRcig3RYZ/HbwzpKr6yCIn0w
+lGJ5TR2CuEI9l1t4A2c1EHaKke48XzGoleRO462X8qE
+--- 2QGRp7nRAFgsHuSulufirXpgxm/WW5Rs563o4KzIY9Y
+‘Q)ÙÍ¨ÙRÔµêtÝwè±ÀE
³´Å‹@â¤‘w›Z €Û¶oñ	å<>šù_Òó,E–Û”(_ŠN<C5A0>2,2‘
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -0,0 +1,33 @@
+{ config, pkgs, inputs, ... }:
+let
+  main-server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFEEuBgdANmzr69bapLdSxu6gnsLHGUQUBatS2dQsdOU root@nixos";
+  systems = [
+    main-server
+  ];
+
+  root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKQRq2M+a40lucGpjiWsWnjeUfA0ihzdtqyDbKznawAg root@nixos-server";
+  users = [
+    root
+  ];
+in
+{
+  "mailjet-user.age".publicKeys = users ++ systems;
+  "mailjet-pass.age".publicKeys = users ++ systems;
+  imports = [ inputs.agenix.nixosModules.default ];
+
+  age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  age.secrets."mailjet-user" = {
+    file = ../../secrets/mailjet-user.age;
+    owner = "root";
+    group = "root";
+    mode  = "0400";
+  };
+
+  age.secrets."mailjet-pass" = {
+    file = ../../secrets/mailjet-pass.age;
+    owner = "root";
+    group = "root";
+    mode  = "0400";
+  };
+}