Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

secrets: rekey and add gitea-runner

Browse Source
This commit is contained in:
Kabbone
2023-10-16 17:04:51 +02:00
parent 9cee80bed2
commit 82bfe68ae4
17 changed files with 73 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files
secrets/keys/nixremote.age
BIN
View File
Binary file not shown.
secrets/keys/nixservepriv.age
+21 -25
View File
@@ -1,27 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 Xp6AuQ 6zWeAuAxt6YI5JdPep5QqfWfTRWJi3T49vb75URi8SY -> ssh-ed25519 Xp6AuQ LgGsSor/ZbkyAv/ShGKifeiEdjL8dsQVgpJJEuOBgSY
IjcXC5MKPYGErpGhpeHMcgaugrVHyFg3z6TN0vhvGH8 YdMAQh0eWd4MNGV+5r5gsdID53Mcry0Ee3PpTYNH7/I
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
Ii3fw9b5i1T5fJL+3PXczo5EW1iE/Jp/pEQ8qpCUc+9dX6n/x6uz8IblSVYWNQnc RqBn6P+r+jtvEYTXclcDdKYFOqpZcZWQQv/zw9UzSPc9lO/0YPSUZOrfMP57pwXz
0TPAmvZlXN9zAL9yL9fIsZDK0ZF9GoSlHVYt+OM+NMeNBqqkpue8jgSLd6RFO5vH klkfO5DPV6ddWz/dtMvG+N/YhOh+tBHIhMT7wbIwtjB5gLZB6M9a5GL8PNP595tC
ReSO605+latKouNHS/g4qg0XPE5AZrRRGL/UFRS890ZrMFvQfyB5NARrWrtl6O9C W69GTL8BozDCV+8ulHfqB6OWmspCLBk5Gaa1ZLxfR8EWO8UQuzc4u52+BTPzBgO4
jugBjgVXRJvp62Ky1qfTYHSSs9C7Ckxl84DlMHfVMx4i00VA7JA8dg2wUJE00VZW w/R3MdCB+9zLPyKpWFeLuPzv6aI6iCFpD4tckjc/9GMbj+qQK60zqay87t4sxOOT
LmYNQ0EOfO+BBeBrY1rFg+phBmnpZKGoIV1GVio0dA5cOAVYslSwin+jeGAvsqz7 0nFkibHsMCsFezc0hB2d5cCLBWiMX2amAM7J4sUpcNgKnqKCdnFaAMQ+g8iipFo6
+7rJtSx/4IlRFfAy47jrT6tIaBW04iVAJN3UXqKcIR4ULUUL5295jNHzgUzzcBCC yXhnpCxuVgEMRuEvKO/uODYKdYnNYyNAWI2EznOQEUDcmfxFwTGNNQdNSgyXbDBh
q52pzFsT3VcTvzOfcHBMxkHIeWXznqWe06qrtPnzz2PknBJ4VSlw6kObX25VZqn6 KSVvWXF9b0oyZDtZOUZpPhkQ+vvWNJ3MU7CktKYuoUKiJuWFmIWjcLW3mNhG9mHa
tsKFB7qXON9zKH5iB80N1KkG7fc+8geMJP8ZG3rk/49Bj4gczVwUuMDaGKqAZ0rH E7jsjyu23OCd1o1wl6+NrWagVrp49IiiMnpYY3crIK1XxYunbF9D0G6aJ5DgwFbk
hGYTuQPxE0xS38maxMl+KH3hwYACJYWhpLqSEDFmNFhmK2QgMeCryZGn8+j+qmr6 27PqroEHMElmKtNXUlt9IZilzdsh3VywXEwDcGOWXFdF40ff1r5nZdeBqV3swgQf
TTuSFym1cSnlhA9e8B3WmLqoibkOl17N0dj6D/nUPdZQ9BHujDPnt9Ghjm1Y9Jg1 J3N2IWAcz44+Z0TCa69yGToCP0PWvqDL6le8+KF/VuYyVZXNjL9P3SGGaanYYq8/
yE4Fk6Jg8aS3+pwQMOLgEY9x3jTWdouco4Kgy+f7yoM LoV3GcsluEmGww3KEo8e3TyZ3Y4vUSmgsFYdTIRmzXc
-> piv-p256 grR75w A/5q4DtKLFiSs1sURKgDw9rnUetNPyjIKefB/VZN9tcD -> piv-p256 grR75w AgrW9qYP4a7P0f3X2NApXEeNycYzpPOMXOMR1ymNS7x3
xsd3JeqDR8GiH/dBe/zkobnhCQFZ5vxuRVf+fgWavt4 yIBqnjV0+5qz39Eayqydi7ele1+nYQreR2BKXOH+fDA
-> piv-p256 RQguQQ Au3E8BcyQy9WvSwo89K/y1mQNu1YR+aXa/om3rYzyYoe -> piv-p256 RQguQQ AtehYCJa7xyNSkv5wmAcwJM8qYRA5zYVV26IPBQNLvQc
ka0MIRZiyEwhEGlF4dRUyU/lUkz1yJLzi4gla+6T6i4 +TC+h2vToouW/1TyezynPeTAoUHJEQ6zpIcSEHlvzNc
-> 93`-grease uYKu~(\x b ,k k`N -> )VQ-grease o \HWt
eu7veI1qvOSizB6N8yf4G4YK1qwo8R4+j/JZrKK9EGndICKyJ0r7VX4jzfZuxPfz MMT5QK/bpCWUjwREPbOgteRojuNr9t5xwez78ZACr62bDxJWr0w
EIUoI5j1Ze6JGz4Sveq2+TARFXFjOiVyhNR0JXBJ60TEtjj7sddZgEluuJSQqODv --- 63K8UqiFb7TGh1crrISnw13s72DhKzmTUksaSriVEYw
î% m“–#Ä¢]C+ÁôQQð¶ Zœ½ÃÜŽçb„B~Øu|Fè?Ç
--- JbSd2VGwQKDJil/9g4vfQonVymxogwnOeKY6I/55RfE
ÈNx¡¤GÛ5_ùFÆ!§˜kFÍ×·Óá
QÿV(í¦ƒ‰nù[ñthI®Ä'% ΑœÞÔoSQÑë†]ô±DD'Zâ᯹/i1éø./'¹ámžüˆ
lÖÚ¾mY|”fÙ†OÃé݃šÎèq?̬¾“°Ãa¶äò€SCÿt^†™Ó•
secrets/secrets.nix
+7 -2
View File
@@ -18,12 +18,14 @@ let
yubia yubia
]; ];
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx"; server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmivVLbkJJ1anwQ8CeNT7rv0Qxinp1LIQIjVWZpnIE5";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
nas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfKbeexWFg8nFEQvZCcFycrwil24c4HJxZazDQpnVNs"; nas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfKbeexWFg8nFEQvZCcFycrwil24c4HJxZazDQpnVNs";
jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBQr9/TIeAd25h0gfOPjoHs6JMeye4V04LuFufbe1S/"; jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBQr9/TIeAd25h0gfOPjoHs6JMeye4V04LuFufbe1S/";
steamdeck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGV8tMIza5FOB3DQhiYaS3QG67n4J0e4okCrvoxPxneA"; steamdeck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGV8tMIza5FOB3DQhiYaS3QG67n4J0e4okCrvoxPxneA";
systems = [ systems = [
server
dmz dmz
hades hades
nas nas
@@ -31,6 +33,9 @@ let
steamdeck steamdeck
]; ];
servers = [ servers = [
server
];
dmzs = [
dmz dmz
]; ];
buildClients = [ buildClients = [
@@ -56,7 +61,7 @@ in
"services/nextcloud/dbpassFile.age".publicKeys = servers ++ users; "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users;
"services/gitea/databasePassword.age".publicKeys = servers ++ users; "services/gitea/databasePassword.age".publicKeys = servers ++ users;
"services/gitea/mailerPassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/woodpecker/environment.age".publicKeys = servers ++ users; "services/gitea/runner-token.age".publicKeys = dmzs ++ users;
"keys/nixremote.age".publicKeys = buildClients ++ users; "keys/nixremote.age".publicKeys = buildClients ++ users;
"keys/nixservepriv.age".publicKeys = buildServer ++ users; "keys/nixservepriv.age".publicKeys = buildServer ++ users;
} }
secrets/services/coturn/static-auth.age
BIN
View File
Binary file not shown.
secrets/services/gitea/databasePassword.age
BIN
View File
Binary file not shown.
secrets/services/gitea/mailerPassword.age
BIN
View File
Binary file not shown.
secrets/services/gitea/runner-token.age
+23
View File
@@ -0,0 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 jFEPfw 7GPgqr38ed2vzHtIwvpdKXlYIPtwiZN4+qjg2Nr24lA
wu6432gsbtyuAPboG8KIAcYY0PJ+eoBsLv4TVNaW46s
-> ssh-rsa VtjGpQ
TkypDCoqc5bJq+9frLQ7smGWkB2NhaX9d+5n9LD6nOxis6l9zcNxkfenV1uYSprN
mQFEpI3k6sOAhwbmj/E2cBdWOyycHbSj2twb0oC+7CWbZ1nnKdssXNk78F6WxqDc
ixeyvCX0iRD20zbx7Seu7fcWA/DyMp21i3+o6HgHm7xFXYHEY2TFietKcQ7k/AB5
uagAJqu9hDq0mt+FXUE8XF/2qCBjGrXe9MXJ2rRYgxTc5jpcOq7NGEWYlJRRoBU0
gxP/56VWwznOgC+OLM/bjHIsgwE72qAMepkNQfVTn9DW0QkTweUllgfkbGy2MWE7
mhhoj1qv7H/zba88Nqk8cBCIp5vqHYsylm4osxmGk0jDZp5YW4q4zzwEZTpFL7qO
UfKO3u6PSBqQXsR0rqyt9N6tlLPw5HfkbsrqsiLmIdd/uHGT7YzcgsBKSlOsz82a
/A1KpQk1t29uRZu3y1730m3JnSULp9J+u6v98JJYM45GOF7VD9W5fd3JXKbrzQU+
FA0o4NiKO3zRumFfKMQ6Abecjr4I7Bcb3aFKlm8TuoGaMokstEzzbudZ2UBpaWHV
VaSVRwecJy3F3b6dCoamlkUaVieMcQ0xZeanxNh5Loms7+c/3fUVPTZxI1nAZj37
POa6dQIa9BPjn37nKe2No85m1bOxPpqy6zbrY7FT+fg
-> piv-p256 grR75w A4VeO8R3wsQSfkbM9i4NESS/5p79EEibx+fTwkPuOPA7
NO85JgDG1TOv2skm9U1iFDo8xiSvTZAZczkQiL7xowI
-> piv-p256 RQguQQ ArSJyxYg05a15U9Gs3hLSt3Vpp5nnnc36ngsqJDXsH0D
CK+RirvNcHkWcZAhhOl2sfx0yVFt+TJg2LcqMyBTdpM
-> 'o!~-grease
hBkhbW9+6v5C07xTiZk9hcu3Dj2FI+tijs7w9Mqm4RzkLle/RK5GDg
--- 3dgDTPOnrGF0aaqSAiuwupTNrF49vbHY0JeSojlgZ10
÷“¸.ÚL'›Œ‡{MDµÙÂôÜôÛ@†¤d¸*úÊI|`Ïì*ù©¥)3u¢ƒªÔZ¿˜ib‹ï-šu±î΂;K¹
secrets/services/matrix/mautrix-signal.age
BIN
View File
Binary file not shown.
secrets/services/matrix/mautrix-telegram.age
BIN
View File
Binary file not shown.
secrets/services/matrix/mautrix-whatsapp.age
BIN
View File
Binary file not shown.
secrets/services/matrix/signal-registration.age
BIN
View File
Binary file not shown.
secrets/services/matrix/synapse.age
BIN
View File
Binary file not shown.
secrets/services/matrix/telegram-registration.age
BIN
View File
Binary file not shown.
secrets/services/matrix/whatsapp-registration.age
BIN
View File
Binary file not shown.
secrets/services/nextcloud/adminpassFile.age
BIN
View File
Binary file not shown.
secrets/services/nextcloud/dbpassFile.age
+21 -21
View File
@@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ eRTtVIiKoO9AZQ9yRD4q9T/lVGSbdfS6ZgA51Ml6qXc -> ssh-ed25519 neExcQ TnOqlJWKlTHYcjKkI93gX7pU1WzUbTnk0ZDlxQ/DQlw
w4f14e0CznYvbSUV9wH9WE4we2ZaThM1PwFrcG+6HkE 4Z51QfzVwEWZLRv6o3H5lf8oRbaEPtYokj/rzrUvX8s
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
mZxOedvPF5L7aw7JjqAAUNfvjcHrl6w/75qkOgCXzcZh3EzcG+IuIUE8kYwBt/I/ StqKhCul2zY2ktLQGjMzwZVp5vNajGoSfx/RFje3mgtL1NfInabAJ+dFveiEEq8H
GxCb3/97fPt1sJfvosytyD0tlv2+Jw+N+PHHroYaoWEGnYbG1YFDuvnRu4viJXyi uhXBvufZdBRdpU859MDirkLQjzh22Fc90L2OZQIdsyi+V+VrDmgLl2Qj0SKVZ5/Y
1DEVT50mn9SrBW3fKGRqajoSkeCMCn6QmVC07/ULB5GnxU2Pn8LspgV7CLOuCPOK kB+fXvgzDqeDzRqritxy7MxEL2dW8XGjRcb0td3Rg+/x6v2WM3ZmxJUrEJGboCSF
PtBYJFOmP/HqgX6YNo3hQ2YzQMeqXepRhD/ph/o53j5FdVBznR1LCcjKm7/XyyCp 6q51TO0bAvnwcEeKtcdbFjIqhQraIFPj8DaAorAmotp+NNi6tRhIzO7aR4Hdk7eH
VLp+J+7tjlIDoby/3OoDTEs5hq0+TXa/GbR4Lka80YJOeHcmR/YTD4ZZTo+Ia1cV Q12QRGOgBTPZJd9m6gQEV0rixhh6mQ5Whs2PfFlQVwnIjaGh1DDXHlbIqHGH9s4V
/DZU08WqvF22Cl3hIpeEH6pzmsQOrMhuKrAOHb0pZV5WdToL9BAHqMljSdVWRnjs Dx4Dv0XqLHxy8+HTvKIzE438gYC9C6PGpO20PHC8vE3FLU+cm/tA5enKKDnCOU/J
6w1eLs1zaFTMuW0p+1oWsENrnP3ZrmTZFgBt2Mh6caz8J8gIcVnwoHiNnb7YqHL+ A3e8lj7Fiko5m9k2GXPqMCtvIRNCxBUxntcDL2RhUTKK4uEALoaeA3Xw3htITFrJ
3eljflFx0RFuZT0ElRChleex4CpVaYMyJK4A48w7ZCyozZU5Bw3zB75zBhC175RU aqep3Of9XWfkuZtxTVzeTzf2T5g+Q4LjHBHgpINuprW5+nTU8YP3+HEzbNwSpGVf
mk+nYdgZk9N3RaGq1LPmvQyT+MlPm7mNm8i890waKAt5/aHRJWm93rR8U6pdDvoo N7XSz7L04uvPc98ZHqcuIo8B1QHI/d5M46HNrT/Z2zCPxCQ/eOEkkrwJkeY/voFY
m/Tvy2GUsijPKf0aslQbythORklVbd8oCdAEriVytTvMBgVVFILELZgfkC1Xshus c9OCyM2GRBD7CFhicWrasHSxSHRtDLznqyX6NKAUHwIuwjtLohPErbQTV0vh0G+F
fOshVaW6SzzjFo05bMag+Jy0xvssNsAtYXASNpppU1Y YL82v7QJeDnOZYoGzdQFrvWcKcJY0bWt7GOLx9oqu68
-> piv-p256 grR75w AplHuSHuZrF5Css3ni2ERR1BzgwXyRJvx6IYTfGlyqwN -> piv-p256 grR75w AyXIgGxLpkrcKe6PJwkxfchvTuT0w36Za++hSO4Zvy1A
cSdgdziCAqF0g+md3SccEYdXr2ToWjkgFsgELD1+9ok lCZ6j1xYTyBPRyOgmAv7uFMBTHRFrkVPcTXgoOW2FDY
-> piv-p256 RQguQQ ArMD6UvO+SpTynXaYhu0/R3wv9vr+H9ItjJ6745tCldl -> piv-p256 RQguQQ A3hwwpWy5jxYbBNaQ16DgZUjTvB8xVrfk1EYpIj/iQYG
V1+uCejnDgUA6Nul0Ep6p9ZfmxTWxPQI+FCAXpjvDoQ 8OLSxsrs2Q5dxtSjNj2RNpfjNvosB064UUW5oQ3veUw
-> )-grease -> ~y6!%p-grease lz07kqJH
GkM9VaOPQsWVdWXolVrlPay6CQ CXHrusViKg4
--- 73KeTR/c+AeTO+DQo7gjDD0QIen4hYCcnPG6b3hlUQg --- 2ZGjhpfYnZGZV7Q7nSIQEmiGZBg3bGzZG+UOs1RMN0U
WšuµeKpç”éŽ>•f©·Õ–âåÇMÒ iAZ”Õ£/¾:…â·Ï«Axm2¶ Òœ)²©S…B K§EÔD¨A„¿°‚ZqiSx²|¨05ZÏ€*K¨öt1¸›(ë†HWý—j,à×:,Áüàkw»æ
secrets/services/postgresql/initScript.age
BIN
View File
Binary file not shown.