BUILD: Separate backend environment secrets for prod and next.

ToposInstitute · Feb 1, 2025 · 4455abf · 4455abf
1 parent 154a91e
commit 4455abf
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 19 deletions.
diff --git a/infrastructure/hosts/catcolab-next/backend.nix b/infrastructure/hosts/catcolab-next/backend.nix
@@ -95,7 +95,7 @@ let
 
 in {
     age.secrets.".env" = {
-        file = "${inputs.self}/secrets/.env.age";
+        file = "${inputs.self}/secrets/.env.next.age";
         mode = "400";
         owner = "catcolab";
     };

diff --git a/infrastructure/hosts/catcolab/backend.nix b/infrastructure/hosts/catcolab/backend.nix
@@ -101,7 +101,7 @@ let
 
 in {
     age.secrets.".env" = {
-        file = "${inputs.self}/secrets/.env.age";
+        file = "${inputs.self}/secrets/.env.prod.age";
         mode = "400";
         owner = "catcolab";
     };

diff --git a/infrastructure/secrets/.env.age b/infrastructure/secrets/.env.age
diff --git a/infrastructure/secrets/.env.next.age b/infrastructure/secrets/.env.next.age
@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 izCAfQ 22BV8JH4Q/14E5dBSS5CkpjQKF3gsmUs0y3/a/peshE
+SzaF9nwzYXXNIPZnjs6pKPEYqEv4GvUI86BQaL0SZ7M
+-> ssh-ed25519 +EkgOg at2lJYpqBfk99up+CEBN6aQgsl3JSfm1ve3DO10VNWM
+DKueVcw8h14JrMsJuUIE0+gzS4EV5MKhfhga0VWvyOg
+-> ssh-ed25519 d3XP2A sXqZoGDQajiUcC2OyHfky9n33ixvHLzYi58TvrJ0KHM
+Xt/PYWoeEvRCX5HZZQJyJxhCrjGes8Z39dc75tjc88w
+-> ssh-ed25519 Aos7ww rD7G37klzqdCeLAX+pdYyq9q0sVEjDEDRPaxjgVMnzE
+tUonVBgBetqV7vSoTHeTm0TCrgUQAtmrH2jSsuL6Ul8
+--- oME07EwRkWEUFgbb+53k43WCKo7p07Xvu+2t8M7xic8
+�VA�4�����l@Ɍ��2EpA,�O���n\�c��;�
+���,�D��琹�N��*���`u�2�]%g�Zp���_t��Y�E��j�O�&	;u��C�H�!�7U`z�r��N_I�0�G:�sS�b����y�4������
+3�_
diff --git a/infrastructure/secrets/.env.prod.age b/infrastructure/secrets/.env.prod.age
@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 2purlw xx1fQxEcfJO3uvGhoCA+NmUB5vC3RB7FJIbnyx/7tyo
+lcTCHQ6nVQzKw1dMketqmBzYSIQLBSgf8frZKVnw9ks
+-> ssh-ed25519 +EkgOg oXjGB74mYSBfD+D7/T8jjOwv5N+380mNAh3x/0Wm5Ro
+W8CtvbLVhbfcAP1uLkQOevnMP+sESzFZaZAs5Bb3hV0
+-> ssh-ed25519 d3XP2A x/404/vLIYCzF06RIbi8F3GOYDdRAp0ZL+haUn91O2I
+0hSCN/HuJES8hUUnn2Smc4nV7b6k2GL/5xy0EKVCKS4
+-> ssh-ed25519 Aos7ww X4prJI6wXxaTiZt9iKRZHAH/J35E7Uzd2HrsWUwt+2I
+E8bHVk8gI/jgKy3iCt9zedHxac7eRA+chKGDjv3b2Z4
+--- UMCQIeteYfQDfnZIi+dzg7LrgKuuD6INBUevy/kQslY
+z�^�'�n����f �����
+�(k�9��1���p�E����i�q0f.��
+iyr/qhr�������I�
+_2`��y��RCͻΤI�*��tn	��@w�Ԇ�����:�A ��P`�P�(�>��6~Y�~��	7�[��]���

diff --git a/infrastructure/secrets/secrets.nix b/infrastructure/secrets/secrets.nix
@@ -8,6 +8,7 @@ let
 in
 builtins.mapAttrs (_: publicKeys: {inherit publicKeys;})
   ({
-      ".env.age"           = [ catcolab catcolab-next owen epatters shaowei ];
-      "rclone.conf.age"    = [ catcolab owen epatters ];
+      ".env.next.age"   = [ catcolab-next owen epatters shaowei ];
+      ".env.prod.age"   = [ catcolab owen epatters shaowei ];
+      "rclone.conf.age" = [ catcolab owen epatters ];
   })