infra/secrets.nix

let
  vancouver = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC30kDkktiWJGaJEIrqgneQx1SmIYUEVPm7w1F9p//CB";
  monitoring = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDtzsbxKgZ/NBYlYO2EJQZhBy3nVBVERWebbsP9mLcy";
  machines = [vancouver monitoring];

  dnsmasq-cache = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpZvxrLo8kbbCVODAES8xfPbzHN6fx3cRfhYC+me0R9";
  dnsmasq-cache-floof = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAghUyhsM/pRXmKf6NjQGULxshwXP0l93yzFvqEdM9dC";

  dnsmasq = [dnsmasq-cache dnsmasq-cache-floof];

  proxmox-k3s-node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB1KEjdFl0UmuKfESJTMZdKR2H9a405z0SSlt75NKKht";
  seattle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9pTEqeVljLq0ctFgDn25Q76mCqpddkSNN9kd3IQXd1";
  glasgow = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgZSpfnx/4kfE4P1tFpq047IZkF2Q0UYahputnWxtEJ";
  k3s = [proxmox-k3s-node seattle glasgow];

  gsimmer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com";
  users = [gsimmer];
in {
  "secrets/vancouver-action-runner.age".publicKeys = [vancouver gsimmer];
  "secrets/vancouver-restic-b2.age".publicKeys = [vancouver gsimmer];
  "secrets/vancouver-restic-password.age".publicKeys = [vancouver gsimmer];
  "secrets/monitoring-healthchecks-secret.age".publicKeys = [monitoring gsimmer];
  "secrets/monitoring-healthchecks-ro.age".publicKeys = [monitoring gsimmer];
  "secrets/monitoring-prometheus-webconfig.age".publicKeys = [monitoring gsimmer];
  "secrets/monitoring-prometheus-password.age".publicKeys = [monitoring gsimmer];
  "secrets/healthchecks-ping.sh.age".publicKeys = machines ++ users;
  "secrets/fastmail-smtp.age".publicKeys = machines ++ users;
  "secrets/healthchecks-telegram.age".publicKeys = [monitoring gsimmer];
  "secrets/cloudflare-dns.age".publicKeys = machines ++ users;
  "secrets/monitoring-grafana-client-secret.age".publicKeys = [monitoring gsimmer];
  "secrets/k3s-token.age".publicKeys = k3s ++ users;

  "secrets/dnsmasq-nextdns-profile.age".publicKeys = dnsmasq ++ users;
}