2025-09-13 02:38:36 -04:00
|
|
|
# This file is NOT imported into the nix configuration, it is just for the agenix CLI
|
|
|
|
|
let
|
|
|
|
|
# System public ssh keys (/etc/ssh/)
|
|
|
|
|
vanta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaDVBJdMDFL8r9NQCbaLe+DPHGhGzRv2N7+7m1/U8DP";
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
# Tailscale auth key need to be up to date with a valid auth key in the tailscale
|
|
|
|
|
# dashboard. Single-use keys expire after a single machine connects, and even
|
|
|
|
|
# reusable keys expire after 90 days.
|
|
|
|
|
# Update tailscale-auth.age with `agenix -e tailscale-auth.age -i /path/to/private-ssh-key`
|
|
|
|
|
# Note: Only devices with the below public keys are allowed to edit tailscale-auth.age
|
|
|
|
|
"tailscale-auth.age".publicKeys = [ vanta ]; # Devices allowed to join the tailnet;
|
2025-10-14 14:50:25 -04:00
|
|
|
|
2025-09-13 02:38:36 -04:00
|
|
|
# Devices that can connect to EclypseCloud with the eclypse user.
|
|
|
|
|
"eclypsecloud-eclypse.age".publicKeys = [ vanta ];
|
|
|
|
|
|
|
|
|
|
# Devices that have the eclypse user
|
|
|
|
|
"eclypse-password.age".publicKeys = [ vanta ];
|
|
|
|
|
}
|
