Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

secrets: rekey and add gitea-runner

Browse Source
This commit is contained in:
Kabbone
2023-10-16 17:04:51 +02:00
parent 9cee80bed2
commit 82bfe68ae4
17 changed files with 73 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files
secrets/keys/nixremote.age
BIN
View File
Binary file not shown.
secrets/keys/nixservepriv.age
+21 -25
View File
@@ -1,27 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 Xp6AuQ 6zWeAuAxt6YI5JdPep5QqfWfTRWJi3T49vb75URi8SY
IjcXC5MKPYGErpGhpeHMcgaugrVHyFg3z6TN0vhvGH8
-> ssh-ed25519 Xp6AuQ LgGsSor/ZbkyAv/ShGKifeiEdjL8dsQVgpJJEuOBgSY
YdMAQh0eWd4MNGV+5r5gsdID53Mcry0Ee3PpTYNH7/I
-> ssh-rsa VtjGpQ
Ii3fw9b5i1T5fJL+3PXczo5EW1iE/Jp/pEQ8qpCUc+9dX6n/x6uz8IblSVYWNQnc
0TPAmvZlXN9zAL9yL9fIsZDK0ZF9GoSlHVYt+OM+NMeNBqqkpue8jgSLd6RFO5vH
ReSO605+latKouNHS/g4qg0XPE5AZrRRGL/UFRS890ZrMFvQfyB5NARrWrtl6O9C
jugBjgVXRJvp62Ky1qfTYHSSs9C7Ckxl84DlMHfVMx4i00VA7JA8dg2wUJE00VZW
LmYNQ0EOfO+BBeBrY1rFg+phBmnpZKGoIV1GVio0dA5cOAVYslSwin+jeGAvsqz7
+7rJtSx/4IlRFfAy47jrT6tIaBW04iVAJN3UXqKcIR4ULUUL5295jNHzgUzzcBCC
q52pzFsT3VcTvzOfcHBMxkHIeWXznqWe06qrtPnzz2PknBJ4VSlw6kObX25VZqn6
tsKFB7qXON9zKH5iB80N1KkG7fc+8geMJP8ZG3rk/49Bj4gczVwUuMDaGKqAZ0rH
hGYTuQPxE0xS38maxMl+KH3hwYACJYWhpLqSEDFmNFhmK2QgMeCryZGn8+j+qmr6
TTuSFym1cSnlhA9e8B3WmLqoibkOl17N0dj6D/nUPdZQ9BHujDPnt9Ghjm1Y9Jg1
yE4Fk6Jg8aS3+pwQMOLgEY9x3jTWdouco4Kgy+f7yoM
-> piv-p256 grR75w A/5q4DtKLFiSs1sURKgDw9rnUetNPyjIKefB/VZN9tcD
xsd3JeqDR8GiH/dBe/zkobnhCQFZ5vxuRVf+fgWavt4
-> piv-p256 RQguQQ Au3E8BcyQy9WvSwo89K/y1mQNu1YR+aXa/om3rYzyYoe
ka0MIRZiyEwhEGlF4dRUyU/lUkz1yJLzi4gla+6T6i4
-> 93`-grease uYKu~(\x b ,k k`N
eu7veI1qvOSizB6N8yf4G4YK1qwo8R4+j/JZrKK9EGndICKyJ0r7VX4jzfZuxPfz
EIUoI5j1Ze6JGz4Sveq2+TARFXFjOiVyhNR0JXBJ60TEtjj7sddZgEluuJSQqODv
--- JbSd2VGwQKDJil/9g4vfQonVymxogwnOeKY6I/55RfE
ÈNx¡¤GÛ5_ùFÆ!§˜kFÍ×·Óá
QÿV(í¦ƒ‰nù[ñthI®Ä'% ΑœÞÔoSQÑë†]ô±DD'Zâ᯹/i1éø./'¹ámžüˆ
lÖÚ¾mY|”fÙ†OÃé݃šÎèq?̬¾“°Ãa¶äò€SCÿt^†™Ó•
RqBn6P+r+jtvEYTXclcDdKYFOqpZcZWQQv/zw9UzSPc9lO/0YPSUZOrfMP57pwXz
klkfO5DPV6ddWz/dtMvG+N/YhOh+tBHIhMT7wbIwtjB5gLZB6M9a5GL8PNP595tC
W69GTL8BozDCV+8ulHfqB6OWmspCLBk5Gaa1ZLxfR8EWO8UQuzc4u52+BTPzBgO4
w/R3MdCB+9zLPyKpWFeLuPzv6aI6iCFpD4tckjc/9GMbj+qQK60zqay87t4sxOOT
0nFkibHsMCsFezc0hB2d5cCLBWiMX2amAM7J4sUpcNgKnqKCdnFaAMQ+g8iipFo6
yXhnpCxuVgEMRuEvKO/uODYKdYnNYyNAWI2EznOQEUDcmfxFwTGNNQdNSgyXbDBh
KSVvWXF9b0oyZDtZOUZpPhkQ+vvWNJ3MU7CktKYuoUKiJuWFmIWjcLW3mNhG9mHa
E7jsjyu23OCd1o1wl6+NrWagVrp49IiiMnpYY3crIK1XxYunbF9D0G6aJ5DgwFbk
27PqroEHMElmKtNXUlt9IZilzdsh3VywXEwDcGOWXFdF40ff1r5nZdeBqV3swgQf
J3N2IWAcz44+Z0TCa69yGToCP0PWvqDL6le8+KF/VuYyVZXNjL9P3SGGaanYYq8/
LoV3GcsluEmGww3KEo8e3TyZ3Y4vUSmgsFYdTIRmzXc
-> piv-p256 grR75w AgrW9qYP4a7P0f3X2NApXEeNycYzpPOMXOMR1ymNS7x3
yIBqnjV0+5qz39Eayqydi7ele1+nYQreR2BKXOH+fDA
-> piv-p256 RQguQQ AtehYCJa7xyNSkv5wmAcwJM8qYRA5zYVV26IPBQNLvQc
+TC+h2vToouW/1TyezynPeTAoUHJEQ6zpIcSEHlvzNc
-> )VQ-grease o \HWt
MMT5QK/bpCWUjwREPbOgteRojuNr9t5xwez78ZACr62bDxJWr0w
--- 63K8UqiFb7TGh1crrISnw13s72DhKzmTUksaSriVEYw
î% m“–#Ä¢]C+ÁôQQð¶ Zœ½ÃÜŽçb„B~Øu|Fè?Ç
secrets/secrets.nix
+7 -2
View File
@@ -18,12 +18,14 @@ let
yubia
];
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmivVLbkJJ1anwQ8CeNT7rv0Qxinp1LIQIjVWZpnIE5";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
nas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfKbeexWFg8nFEQvZCcFycrwil24c4HJxZazDQpnVNs";
jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBQr9/TIeAd25h0gfOPjoHs6JMeye4V04LuFufbe1S/";
steamdeck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGV8tMIza5FOB3DQhiYaS3QG67n4J0e4okCrvoxPxneA";
systems = [
server
dmz
hades
nas
@@ -31,6 +33,9 @@ let
steamdeck
];
servers = [
server
];
dmzs = [
dmz
];
buildClients = [
@@ -56,7 +61,7 @@ in
"services/nextcloud/dbpassFile.age".publicKeys = servers ++ users;
"services/gitea/databasePassword.age".publicKeys = servers ++ users;
"services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/woodpecker/environment.age".publicKeys = servers ++ users;
"services/gitea/runner-token.age".publicKeys = dmzs ++ users;
"keys/nixremote.age".publicKeys = buildClients ++ users;
"keys/nixservepriv.age".publicKeys = buildServer ++ users;
}
secrets/services/coturn/static-auth.age
BIN
View File
Binary file not shown.
secrets/services/gitea/databasePassword.age
BIN
View File
Binary file not shown.
secrets/services/gitea/mailerPassword.age
BIN
View File
Binary file not shown.
secrets/services/gitea/runner-token.age
+23
View File
@@ -0,0 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 jFEPfw 7GPgqr38ed2vzHtIwvpdKXlYIPtwiZN4+qjg2Nr24lA
wu6432gsbtyuAPboG8KIAcYY0PJ+eoBsLv4TVNaW46s
-> ssh-rsa VtjGpQ
TkypDCoqc5bJq+9frLQ7smGWkB2NhaX9d+5n9LD6nOxis6l9zcNxkfenV1uYSprN
mQFEpI3k6sOAhwbmj/E2cBdWOyycHbSj2twb0oC+7CWbZ1nnKdssXNk78F6WxqDc
ixeyvCX0iRD20zbx7Seu7fcWA/DyMp21i3+o6HgHm7xFXYHEY2TFietKcQ7k/AB5
uagAJqu9hDq0mt+FXUE8XF/2qCBjGrXe9MXJ2rRYgxTc5jpcOq7NGEWYlJRRoBU0
gxP/56VWwznOgC+OLM/bjHIsgwE72qAMepkNQfVTn9DW0QkTweUllgfkbGy2MWE7
mhhoj1qv7H/zba88Nqk8cBCIp5vqHYsylm4osxmGk0jDZp5YW4q4zzwEZTpFL7qO
UfKO3u6PSBqQXsR0rqyt9N6tlLPw5HfkbsrqsiLmIdd/uHGT7YzcgsBKSlOsz82a
/A1KpQk1t29uRZu3y1730m3JnSULp9J+u6v98JJYM45GOF7VD9W5fd3JXKbrzQU+
FA0o4NiKO3zRumFfKMQ6Abecjr4I7Bcb3aFKlm8TuoGaMokstEzzbudZ2UBpaWHV
VaSVRwecJy3F3b6dCoamlkUaVieMcQ0xZeanxNh5Loms7+c/3fUVPTZxI1nAZj37
POa6dQIa9BPjn37nKe2No85m1bOxPpqy6zbrY7FT+fg
-> piv-p256 grR75w A4VeO8R3wsQSfkbM9i4NESS/5p79EEibx+fTwkPuOPA7
NO85JgDG1TOv2skm9U1iFDo8xiSvTZAZczkQiL7xowI
-> piv-p256 RQguQQ ArSJyxYg05a15U9Gs3hLSt3Vpp5nnnc36ngsqJDXsH0D
CK+RirvNcHkWcZAhhOl2sfx0yVFt+TJg2LcqMyBTdpM
-> 'o!~-grease
hBkhbW9+6v5C07xTiZk9hcu3Dj2FI+tijs7w9Mqm4RzkLle/RK5GDg
--- 3dgDTPOnrGF0aaqSAiuwupTNrF49vbHY0JeSojlgZ10
÷“¸.ÚL'›Œ‡{MDµÙÂôÜôÛ@†¤d¸*úÊI|`Ïì*ù©¥)3u¢ƒªÔZ¿˜ib‹ï-šu±î΂;K¹
secrets/services/matrix/mautrix-signal.age
BIN
View File
Binary file not shown.
secrets/services/matrix/mautrix-telegram.age
BIN
View File
Binary file not shown.
secrets/services/matrix/mautrix-whatsapp.age
BIN
View File
Binary file not shown.
secrets/services/matrix/signal-registration.age
BIN
View File
Binary file not shown.
secrets/services/matrix/synapse.age
BIN
View File
Binary file not shown.
secrets/services/matrix/telegram-registration.age
BIN
View File
Binary file not shown.
secrets/services/matrix/whatsapp-registration.age
BIN
View File
Binary file not shown.
secrets/services/nextcloud/adminpassFile.age
BIN
View File
Binary file not shown.
secrets/services/nextcloud/dbpassFile.age
+21 -21
View File
@@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ eRTtVIiKoO9AZQ9yRD4q9T/lVGSbdfS6ZgA51Ml6qXc
w4f14e0CznYvbSUV9wH9WE4we2ZaThM1PwFrcG+6HkE
-> ssh-ed25519 neExcQ TnOqlJWKlTHYcjKkI93gX7pU1WzUbTnk0ZDlxQ/DQlw
4Z51QfzVwEWZLRv6o3H5lf8oRbaEPtYokj/rzrUvX8s
-> ssh-rsa VtjGpQ
mZxOedvPF5L7aw7JjqAAUNfvjcHrl6w/75qkOgCXzcZh3EzcG+IuIUE8kYwBt/I/
GxCb3/97fPt1sJfvosytyD0tlv2+Jw+N+PHHroYaoWEGnYbG1YFDuvnRu4viJXyi
1DEVT50mn9SrBW3fKGRqajoSkeCMCn6QmVC07/ULB5GnxU2Pn8LspgV7CLOuCPOK
PtBYJFOmP/HqgX6YNo3hQ2YzQMeqXepRhD/ph/o53j5FdVBznR1LCcjKm7/XyyCp
VLp+J+7tjlIDoby/3OoDTEs5hq0+TXa/GbR4Lka80YJOeHcmR/YTD4ZZTo+Ia1cV
/DZU08WqvF22Cl3hIpeEH6pzmsQOrMhuKrAOHb0pZV5WdToL9BAHqMljSdVWRnjs
6w1eLs1zaFTMuW0p+1oWsENrnP3ZrmTZFgBt2Mh6caz8J8gIcVnwoHiNnb7YqHL+
3eljflFx0RFuZT0ElRChleex4CpVaYMyJK4A48w7ZCyozZU5Bw3zB75zBhC175RU
mk+nYdgZk9N3RaGq1LPmvQyT+MlPm7mNm8i890waKAt5/aHRJWm93rR8U6pdDvoo
m/Tvy2GUsijPKf0aslQbythORklVbd8oCdAEriVytTvMBgVVFILELZgfkC1Xshus
fOshVaW6SzzjFo05bMag+Jy0xvssNsAtYXASNpppU1Y
-> piv-p256 grR75w AplHuSHuZrF5Css3ni2ERR1BzgwXyRJvx6IYTfGlyqwN
cSdgdziCAqF0g+md3SccEYdXr2ToWjkgFsgELD1+9ok
-> piv-p256 RQguQQ ArMD6UvO+SpTynXaYhu0/R3wv9vr+H9ItjJ6745tCldl
V1+uCejnDgUA6Nul0Ep6p9ZfmxTWxPQI+FCAXpjvDoQ
-> )-grease
GkM9VaOPQsWVdWXolVrlPay6CQ
--- 73KeTR/c+AeTO+DQo7gjDD0QIen4hYCcnPG6b3hlUQg
WšuµeKpç”éŽ>•f©·Õ–âåÇMÒ iAZ”Õ£/¾:…â·Ï«Axm2¶ Òœ)²©S…B
StqKhCul2zY2ktLQGjMzwZVp5vNajGoSfx/RFje3mgtL1NfInabAJ+dFveiEEq8H
uhXBvufZdBRdpU859MDirkLQjzh22Fc90L2OZQIdsyi+V+VrDmgLl2Qj0SKVZ5/Y
kB+fXvgzDqeDzRqritxy7MxEL2dW8XGjRcb0td3Rg+/x6v2WM3ZmxJUrEJGboCSF
6q51TO0bAvnwcEeKtcdbFjIqhQraIFPj8DaAorAmotp+NNi6tRhIzO7aR4Hdk7eH
Q12QRGOgBTPZJd9m6gQEV0rixhh6mQ5Whs2PfFlQVwnIjaGh1DDXHlbIqHGH9s4V
Dx4Dv0XqLHxy8+HTvKIzE438gYC9C6PGpO20PHC8vE3FLU+cm/tA5enKKDnCOU/J
A3e8lj7Fiko5m9k2GXPqMCtvIRNCxBUxntcDL2RhUTKK4uEALoaeA3Xw3htITFrJ
aqep3Of9XWfkuZtxTVzeTzf2T5g+Q4LjHBHgpINuprW5+nTU8YP3+HEzbNwSpGVf
N7XSz7L04uvPc98ZHqcuIo8B1QHI/d5M46HNrT/Z2zCPxCQ/eOEkkrwJkeY/voFY
c9OCyM2GRBD7CFhicWrasHSxSHRtDLznqyX6NKAUHwIuwjtLohPErbQTV0vh0G+F
YL82v7QJeDnOZYoGzdQFrvWcKcJY0bWt7GOLx9oqu68
-> piv-p256 grR75w AyXIgGxLpkrcKe6PJwkxfchvTuT0w36Za++hSO4Zvy1A
lCZ6j1xYTyBPRyOgmAv7uFMBTHRFrkVPcTXgoOW2FDY
-> piv-p256 RQguQQ A3hwwpWy5jxYbBNaQ16DgZUjTvB8xVrfk1EYpIj/iQYG
8OLSxsrs2Q5dxtSjNj2RNpfjNvosB064UUW5oQ3veUw
-> ~y6!%p-grease lz07kqJH
CXHrusViKg4
--- 2ZGjhpfYnZGZV7Q7nSIQEmiGZBg3bGzZG+UOs1RMN0U
K§EÔD¨A„¿°‚ZqiSx²|¨05ZÏ€*K¨öt1¸›(ë†HWý—j,à×:,Áüàkw»æ
secrets/services/postgresql/initScript.age
BIN
View File
Binary file not shown.