refactor(modules/secrets): Split into the modules, that need the secrets

Storing the secrets in the module that actually needs them, is a cleaner
solution.

1 files changed, 16 insertions, 0 deletions

diff --git a/secrets.nix b/secrets.nix
new file mode 100644
index 00000000..3e16473d
--- /dev/null
+++ b/secrets.nix
@@ -0,0 +1,16 @@
+let
+  soispha = "age1mshh4ynzhhzhff25tqwkg4j054g3xwrfznh98ycchludj9wjj48qn2uffn";
+
+  tiamat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMD87QQIUXdEv3TaNRrI9clD9VgpsuVLFg2CrNGa5lVB";
+  apzu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBivF5b6PyxsR/t+4Qg4IEDXHVXrjmZpslTUNXpvcVbO";
+in {
+  "modules/by-name/lf/lf/secrets/cd_paths.age".publicKeys = [soispha tiamat apzu];
+
+  "modules/by-name/se/serverphone/private_keys/ca.key".publicKeys = [soispha tiamat apzu];
+  "modules/by-name/se/serverphone/private_keys/server.key".publicKeys = [soispha tiamat apzu];
+
+  "modules/by-name/ta/taskwarrior/secrets/private.key".publicKeys = [soispha tiamat apzu];
+  "modules/by-name/ta/taskwarrior/secrets/public.cert".publicKeys = [soispha tiamat apzu];
+  "modules/by-name/ta/taskwarrior/secrets/ca.cert".publicKeys = [soispha tiamat apzu];
+  "modules/by-name/ta/taskwarrior/secrets/credentials".publicKeys = [soispha tiamat apzu];
+}