First commit

secrets/eclypse-password.age

@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 7p4RPw wZdiee1a8rqdaNA8EVLUJIEue1ldgrk3HgVGhmHpnTQ
+8VLt5rSvqN+HAHS9JL6hYSj7xVrTtZAcrn5C12it+Fw
+--- 9oiyRlMDS7PrUyP4SmkgcMZz+/BENDBn9XN+3216OXY
+…%òv*|úM¾3‹gŠg£%;F"s´›¶ ù7¨Ujì_H“£’£DÆ^*B–nK'
+v²¯~¬`·

secrets/eclypsecloud-eclypse.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 7p4RPw dVTohhNu/jjHSNyhw7irzffqzJJFvW0TbkhSmKKrhS8
+zTc4HaFO3hSYVLM35KwEGUcu2R+JGHIN758FpKKxL5U
+--- EhTyT6CYdKjAC9yN0kCxx5yW4o27DJteu8YCbVF2Ln4
+‡Ü¬ü¿Ûô}ÑPÉìl¿à'àˆ,QL×’5PàSMs °<₼–³z¡¥•¸ÚyQŸo¶ t[a0ˆøU­Ðz?R<>"&ߨC‰ë•l³

secrets/secrets.nix

@@ -0,0 +1,19 @@
+# This file is NOT imported into the nix configuration, it is just for the agenix CLI
+let
+  # System public ssh keys (/etc/ssh/)
+  vanta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaDVBJdMDFL8r9NQCbaLe+DPHGhGzRv2N7+7m1/U8DP";
+in
+{
+  # Tailscale auth key need to be up to date with a valid auth key in the tailscale
+  # dashboard. Single-use keys expire after a single machine connects, and even
+  # reusable keys expire after 90 days.
+  # Update tailscale-auth.age with `agenix -e tailscale-auth.age -i /path/to/private-ssh-key`
+  # Note: Only devices with the below public keys are allowed to edit tailscale-auth.age
+  "tailscale-auth.age".publicKeys = [ vanta ]; # Devices allowed to join the tailnet;
+  
+  # Devices that can connect to EclypseCloud with the eclypse user.
+  "eclypsecloud-eclypse.age".publicKeys = [ vanta ];
+
+  # Devices that have the eclypse user
+  "eclypse-password.age".publicKeys = [ vanta ];
+}

secrets/tailscale-auth.age

@@ -0,0 +1,6 @@
+age-encryption.org/v1
+-> ssh-ed25519 7p4RPw 7GuZj43+NoyPXf//ZLM99vossbJXOpDQSkBi3w51Wl8
+FTMjlyml+T87LQffffY2AJL5IhTAJF2QlfFvhvZpvOs
+--- iONf8B3bUxXtCiv0EAv5QO0ZyhE5A6YfRbcxUr/awFg
+•‚±âTwï¬J`°~B
+”Ù;ùlOhä·{2Ô?¦ýP˜µF>@m¯
o·éc‰õ~Xª3š@.gÉÚ¾æeKÌÀV7zphS‰øد6ù™.WÉûO@F