First commit

2025-09-13 02:38:36 -04:00
commit fec0c2a09f
32 changed files with 1321 additions and 0 deletions
--- a/secrets/eclypse-password.age
+++ b/secrets/eclypse-password.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 7p4RPw wZdiee1a8rqdaNA8EVLUJIEue1ldgrk3HgVGhmHpnTQ
+8VLt5rSvqN+HAHS9JL6hYSj7xVrTtZAcrn5C12it+Fw
+--- 9oiyRlMDS7PrUyP4SmkgcMZz+/BENDBn9XN+3216OXY
+<EFBFBD>%<25>v*|<7C>M<EFBFBD>3<EFBFBD>g<EFBFBD>g<EFBFBD>%;F"s<15><><0B> <20>7<EFBFBD>Uj<55>_H<5F><48><1F><>D<EFBFBD>^*B<>nK'
+v<EFBFBD><EFBFBD>~<7E>`<60>
--- a/secrets/eclypsecloud-eclypse.age
+++ b/secrets/eclypsecloud-eclypse.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 7p4RPw dVTohhNu/jjHSNyhw7irzffqzJJFvW0TbkhSmKKrhS8
+zTc4HaFO3hSYVLM35KwEGUcu2R+JGHIN758FpKKxL5U
+--- EhTyT6CYdKjAC9yN0kCxx5yW4o27DJteu8YCbVF2Ln4
+<EFBFBD>ܬ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>}<7D>P<EFBFBD><50>l<EFBFBD><6C>'<27><>,QLג5P<13>SMs<4D><0C><₼<><E282BC>z<EFBFBD><7A><EFBFBD><EFBFBD><EFBFBD>yQ<0C>o<EFBFBD> t[a0<0F><>U<EFBFBD><12>z?R<>"&ߨC<DFA8><43><EFBFBD>l<EFBFBD>
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -0,0 +1,19 @@
+# This file is NOT imported into the nix configuration, it is just for the agenix CLI
+let
+  # System public ssh keys (/etc/ssh/)
+  vanta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaDVBJdMDFL8r9NQCbaLe+DPHGhGzRv2N7+7m1/U8DP";
+in
+{
+  # Tailscale auth key need to be up to date with a valid auth key in the tailscale
+  # dashboard. Single-use keys expire after a single machine connects, and even
+  # reusable keys expire after 90 days.
+  # Update tailscale-auth.age with `agenix -e tailscale-auth.age -i /path/to/private-ssh-key`
+  # Note: Only devices with the below public keys are allowed to edit tailscale-auth.age
+  "tailscale-auth.age".publicKeys = [ vanta ]; # Devices allowed to join the tailnet;
+  
+  # Devices that can connect to EclypseCloud with the eclypse user.
+  "eclypsecloud-eclypse.age".publicKeys = [ vanta ];
+
+  # Devices that have the eclypse user
+  "eclypse-password.age".publicKeys = [ vanta ];
+}
--- a/secrets/tailscale-auth.age
+++ b/secrets/tailscale-auth.age
@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 7p4RPw 7GuZj43+NoyPXf//ZLM99vossbJXOpDQSkBi3w51Wl8
+FTMjlyml+T87LQffffY2AJL5IhTAJF2QlfFvhvZpvOs
+--- iONf8B3bUxXtCiv0EAv5QO0ZyhE5A6YfRbcxUr/awFg
+<EFBFBD><0E><><EFBFBD>Tw<54><77>J`<60>~B
+<EFBFBD><11>;<3B>lOh<4F><68>{2<>?<3F><>P<EFBFBD><50>F>@m<>o<><6F>c<EFBFBD><1C>~X<>3<EFBFBD>@.g<0E>ھ<EFBFBD>eK<65><18>V7zphS<68><53>د6<D8AF><36>.W<><57>O@F