From f1e1f71883f07ca88428e597a3ee21b217841254 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Fri, 3 Dec 2021 17:12:45 +0300
Subject: [PATCH] feat(ops/secrets): Bootstrap agenix secrets folder

Sets up the key set and adds an initial secret (besadii config with
tokens) to be deployed to whitby.

Change-Id: Ic07fd5e66b9e7a533013e04c35e052c2aa11f77d
---
 ops/secrets/.skip-subtree |   2 ++
 ops/secrets/README.md     |   1 +
 ops/secrets/besadii.age   | Bin 0 -> 850 bytes
 ops/secrets/secrets.nix   |  12 ++++++++++++
 4 files changed, 15 insertions(+)
 create mode 100644 ops/secrets/.skip-subtree
 create mode 100644 ops/secrets/README.md
 create mode 100644 ops/secrets/besadii.age
 create mode 100644 ops/secrets/secrets.nix

diff --git a/ops/secrets/.skip-subtree b/ops/secrets/.skip-subtree
new file mode 100644
index 000000000..80f63816f
--- /dev/null
+++ b/ops/secrets/.skip-subtree
@@ -0,0 +1,2 @@
+The Nix configuration in here is read by agenix and not compatible
+with readTree.
diff --git a/ops/secrets/README.md b/ops/secrets/README.md
new file mode 100644
index 000000000..e59b86541
--- /dev/null
+++ b/ops/secrets/README.md
@@ -0,0 +1 @@
+TVL's deployment secrets, encrypted with [agenix](https://github.com/ryantm/agenix/commits/main)
diff --git a/ops/secrets/besadii.age b/ops/secrets/besadii.age
new file mode 100644
index 0000000000000000000000000000000000000000..b8a3a9b56f65b1d493673564f767bbd8c9b1c4b9
GIT binary patch
literal 850
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnNiI(GDOU*B_6iKC
z^z`-f&&_lRadj(B53bUV^bK^+_DwG`b2M@-G0HEBs4~pYO6ICCur%>?%?r@?^T`V`
zEh`R4Do)MFF0d?&aw)A$4=Fb+Fs}%4EDkF0azwYyKij>~CtV@A%GfzK+pWMU-z(B9
zu|VHFSwB6yEH^vTyC@>lz}YF^xT2sSIlMB;rJSq6Gb!1-+%r5d$H&~#JJZ7=FgdEK
zs3bqd(IvnnKh)pcyQ0cm-`usLJR4-2t8RKxYGQG!f@*1&U7oqB0atONi+82Dwo`Fg
zzE7e_SxHKnYm`};V`YhUNrgeFqfekmMVW_1khgDMguA<+zePZyvq6TDMM{`qV3BcZ
zaRrx?fp=+CdNG%-uC9W4mT_>VV^~&BscVw2Z&i6@Uam)^xuu1>r?;_1eo$F{uCafn
zd3tiWr6-rk@o!(kSRW~DUvZ54;E!Dbzx(w*JpTP;U5&^@9lagN#dov%PfgGlo-(uN
zm*HJ|woBQ!+GfwXHNmp}2mka5JNH~r?^Iy<KQD7l-pZ33<quzsU8kzH^ZkM4jPslx
zg*?q@FL}7@_@AGhH@;nwZdu^q!1n#ey1xq+P0Kn{q<yEoX!VkX0(tW%nyqy|{mONk
zh_<Kf()GEbHQu`ymq+mbwsqAr^GR!)yX4kGzsKP_uCA-|)V$JuXZ?$xS;}ID9^HJu
zwloP`X{`LK?zC;IjaBWQjt|T)i%K*?x9C=W&OJKeLfAuJ>u+BIr{*`@y5bXaw?}C8
z{vEsSFKw{VsZuy#{DIYE0-M_RaG~Jep_wTnn;%MV)(Ca0TbKP-EpmJ5ZoLqtWr7LO
zUBwzdejjZJx4x&*bpQN~IfXsdSu?NuO*r0tqxH?p+2<A&Nq+lr<>f+?GFe;C9m0G4
zId{tnu8U^rWqZufmY;n6-O1~VyLbF4l(H(=)Ecb*puXa-PQaW6HhoLmrfa`<C~_8*
z)@aV#`oc(E{))4gw>!sHzn-;ikNf1c=dV@TJo`n1;KXb7iySj6Hy7|OIlkiG=IuX1
lww}1?{#$-=MQ+gK?Iqn;?%Wc2sd)0}p2zDIU#~u41^^MLaftu`

literal 0
HcmV?d00001

diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
new file mode 100644
index 000000000..1cf2b5e44
--- /dev/null
+++ b/ops/secrets/secrets.nix
@@ -0,0 +1,12 @@
+let
+  tazjin = [
+    # tverskoy
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1fGWz/gsq+ZeZXjvUrV+pBlanw1c3zJ9kLTax9FWQy"
+  ];
+
+  whitby = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I";
+
+  default.publicKeys = tazjin ++ [ whitby ];
+in {
+  "besadii.age" = default;
+}