feat: massive refactoring...

secrets/finances-app-key.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 jxhkLg aQoOlZUoNaXXxfkMlkGx9zJDKQh+zlLyYrXuX+LEcFw
+9c/dFd+LYdnb2TUm5+lxcPmFW8STMq6UALHlClL85jc
+-> ssh-ed25519 UJuwpQ hnsSFl7MIkaG0DmCzZKoUtDLj/ey+YZ7Af4gEiPNtkc
+2bmkqUGoh2kAW03X//iq/mlzOZeoS1PpmAmLWcAR48k
+--- yMItyu2jgirF9YB+u26yykPuqEVz7T46oi6EDZ8rXYs
+•û6v%aÇKFÛÞ1×49<$kHüC²bÄvÊ#dÜ¿$ë‰4
+õF5k*Ct¯±qUH%¶¶~ÇÓEíŒú³Å:e:÷d½¶èä<C3A8>·´k

secrets/power-password-file.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 jxhkLg +kc3WvRZu+M7FPObE9sUEBrRZUjaKQ3uDX01e30bvH4
+jp7GGPCdUHMFYAdZ6eHlb2Rpjbr7fgxO5i5A4JCuBFQ
+-> ssh-ed25519 DVDL4g u3KhmxBa+ycZKj6g9/p9VfdWJe3sXNIYWqvnxS0LOFk
++6czbSa2PsgCNrsWFYtFJpW6YRttVpC3tlJpvMyKVlo
+--- 6giEp6Qr8xXyII1KyBbEtT0a4qUkYtvby2NVshaHvK8
+©³˜Üú+&

secrets/secrets.nix

@@ -0,0 +1,36 @@
+let
+  config = (import ../config/_globals.nix { }).globals;
+  users = [
+    config.master.public_ssh_key
+  ];
+
+  keys = import ../config/_keys.nix;
+  common = builtins.attrValues (keys);
+in
+{
+  # TODO: Probably there would be a way to guess the default service key from the secret prefix
+  "auth-authentik-ldap-secrets.age".publicKeys = users ++ [
+    keys.auth
+  ];
+  "auth-authentik-proxy-secrets.age".publicKeys = users ++ [
+    keys.auth
+  ];
+  "auth-authentik-secrets.age".publicKeys = users ++ [
+    keys.auth
+  ];
+  "db-postgres-initscript.age".publicKeys = users ++ [
+    keys.db
+  ];
+  "finances-app-key.age".publicKeys = users ++ [
+    keys.finances
+  ];
+  "power-password-file.age".publicKeys = users ++ [
+    keys.power
+  ];
+  "proxy-dns-provider-config.age".publicKeys = users ++ [
+    keys.proxy
+  ];
+  "yarrr-env.age".publicKeys = users ++ [
+    keys.yarrr
+  ];
+}