# Host-specific secrets let keys = import ../../../../keys; all = [ # Host key keys.hosts.porthos # Allow me to modify the secrets anywhere keys.users.ambroisie ]; in { "acme/dns-key.age".publicKeys = all; "aria/rpc-token.age".publicKeys = all; "backup/password.age".publicKeys = all; "backup/credentials.age".publicKeys = all; "drone/gitea.age".publicKeys = all; "drone/secret.age".publicKeys = all; "drone/ssh/private-key.age".publicKeys = all; "forgejo/mail-password.age" = { owner = "git"; publicKeys = all; }; "gitea/mail-password.age" = { owner = "git"; publicKeys = all; }; "lohr/secret.age" = { owner = "lohr"; publicKeys = all; }; "lohr/ssh-key.age" = { owner = "lohr"; publicKeys = all; }; "matrix/mail.age" = { owner = "matrix-synapse"; publicKeys = all; }; "matrix/secret.age" = { owner = "matrix-synapse"; publicKeys = all; }; "mealie/mail.age" = { publicKeys = all; }; "miniflux/credentials.age".publicKeys = all; "monitoring/password.age" = { owner = "grafana"; publicKeys = all; }; "monitoring/secret-key.age" = { owner = "grafana"; publicKeys = all; }; "nextcloud/password.age" = { owner = "nextcloud"; publicKeys = all; }; "nix-cache/cache-key.age".publicKeys = all; "paperless/password.age".publicKeys = all; "paperless/secret-key.age".publicKeys = all; "pdf-edit/login.age".publicKeys = all; "podgrab/password.age".publicKeys = all; "pyload/credentials.age".publicKeys = all; "sso/auth-key.age" = { owner = "nginx-sso"; publicKeys = all; }; "sso/ambroisie/password-hash.age" = { owner = "nginx-sso"; publicKeys = all; }; "sso/ambroisie/totp-secret.age" = { owner = "nginx-sso"; publicKeys = all; }; "tandoor-recipes/secret-key.age".publicKeys = all; "transmission/credentials.age".publicKeys = all; "vikunja/mail.age".publicKeys = all; "wireguard/private-key.age".publicKeys = all; "woodpecker/gitea.age".publicKeys = all; "woodpecker/secret.age".publicKeys = all; "woodpecker/ssh/private-key.age".publicKeys = all; }