add wg 0xa-mgmt secrets
This commit is contained in:
parent
34b05a2c8c
commit
46d43562ad
8 changed files with 112 additions and 4 deletions
|
|
@ -3,5 +3,6 @@
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./networking.nix
|
./networking.nix
|
||||||
|
./secrets.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
11
hosts/cloud/secrets.nix
Normal file
11
hosts/cloud/secrets.nix
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
sops.defaultSopsFile = ../../secrets/cloud/secrets.yaml;
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
|
sops.secrets = {
|
||||||
|
"wg/0xa-mgmt" = {
|
||||||
|
owner = config.users.users.systemd-network.name;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
./secrets.nix
|
||||||
./zfs.nix
|
./zfs.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
11
hosts/minime/secrets.nix
Normal file
11
hosts/minime/secrets.nix
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
sops.defaultSopsFile = ../../secrets/minime/secrets.yaml;
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
|
||||||
|
sops.secrets = {
|
||||||
|
"wg/0xa-mgmt" = {
|
||||||
|
owner = config.users.users.systemd-network.name;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -13,7 +13,7 @@
|
||||||
"wg/mullvad" = {
|
"wg/mullvad" = {
|
||||||
owner = config.users.users.systemd-network.name;
|
owner = config.users.users.systemd-network.name;
|
||||||
};
|
};
|
||||||
"wg/oxalab" = {
|
"wg/0xa-mgmt" = {
|
||||||
owner = config.users.users.systemd-network.name;
|
owner = config.users.users.systemd-network.name;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
42
secrets/cloud/secrets.yaml
Normal file
42
secrets/cloud/secrets.yaml
Normal file
|
|
@ -0,0 +1,42 @@
|
||||||
|
wg:
|
||||||
|
0xa-mgmt: ENC[AES256_GCM,data:Xbeo+c8F+0JcTEE/LICWH4tEiqyGwCJ7JJZhkWxNFgKC9hVD6t3sPDWcJ2U=,iv:B0cbrPHdr+eA6FebKL/UrJpE06yOi+nUeyZ7x+Y65go=,tag:yTgVkzSKVhYyNPauVdNZxg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1j3xpuuqaph5z885er90mftfsu6g3hw4q469k37a3veqktwntzdpqgue4z5
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTStCSnBiakNsbHFmaEFU
|
||||||
|
dEJYVjdMZ0NlSkcvQWNha2VPLzdjYmxETG13CitSUis4U0h2eWNnRGJBWlJkZkVm
|
||||||
|
OUJLdWI3K0txNFJHSER1NjZDdFQ4L0EKLS0tIEtmMytkeFRmeWtKd0RCaEprREVy
|
||||||
|
aC9tSTVrY0RFcys0LzZONXhhczNjckEK+3E6zeUkyikrZUD8WFkwWgldVfOez51y
|
||||||
|
EgDsxxynkRx7nX8ASne7pdP6e26hooVsrS2oWW45JXpuKkn0ELv7Xg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-01-11T01:27:03Z"
|
||||||
|
mac: ENC[AES256_GCM,data:Uhi21S5zPjX4+qUR/2hgWj+07TsKKFhNh4fcFBL+EObZAxh02Wry1ktGnXafEhp8xVSgOGxon6DMvM7iZxQXe7NPv2aC2UeOjOzPTOTqHUe810xY6R/NhVOqOTqg8IhgvLiSihUXtBLU2Mynx/mfFfXNsLCWLmGiwg9pZHub9YU=,iv:ztZ8q/woGI9ZYsPc8c0QgpFda0AC9R8vHOtxc2i7Hmk=,tag:1f7AHxKKuPTuhiM5cfjClQ==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2025-01-11T01:25:31Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA7zUOKwzpAE7AQ/9Ew7Ubwz4AQ4S/a3fD6jscD3bDFgTM7UbaIyIb9iNf4MI
|
||||||
|
j1IJtNVEVbLf7gg/CVeRZaD1OzRB8LYWkkVwco7JPsSygtRA4ntVBUTpZfpCKD5R
|
||||||
|
Z2CvamM1Lzkap4Yk1oYWAbOtKp/8mZsjlKv9+Xaf/XuHXg06ZumThtQBxGBVOMSX
|
||||||
|
v+ClGxUY7nYSOf+jrqcfyq/zCCyD19AmMw/DfpqJ9w4x6mQ2T4yiQz+FugXDVqHI
|
||||||
|
LCaiyCvg96Jk/5zega0ePtXOKFaBPgSi+0sWuvoLIbCTbLJKGOliWfyQhMLit/XB
|
||||||
|
BjV7McHIgNpwQ9E+TX20GEVCukQDmL8LiB5DVPaOxiFzT7ZVWUU60BrM04RBZA5f
|
||||||
|
DYm9a9njaZ76L67VGyS1WiHmfKMIYWQanLattsMpBs3kH6YoRVLDEN44LXVHq3gJ
|
||||||
|
gcQj6piT+GyKdrmCP0J5KznvK7UGUF1L/blEZMl4x47K2La+ehlBT7V1AAMf0Pjp
|
||||||
|
VlstcqFVJAaYl/Y/+jiHvgTgazSuWQWlhjfjMn/gbvEKfnVf154AHGbM6xsytTya
|
||||||
|
hgBgrU+Dtow0IIgcHEofDuAYgQG33w/WQwOG3aeCIG3gRr5nt8rfEd8kYxaRgsLN
|
||||||
|
PzCIB2h7Nz4BVoPxIYqajA4D0XYRtZt0/akqXk+sbEwdY92Qrt9nJ5pBUMTpYSHS
|
||||||
|
XAGflfE1sdOQvDiKsftF+3V1MBzrm3qhoz9XIP/X0x1CktgJHK41lz7nEzXWu5Fg
|
||||||
|
G+OhkAN27nNOgyaHq5AGVkE+XpsXqUNzV/gH/cmyqd2MJ2KCzb5+MqGPNsv6
|
||||||
|
=x2MX
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.2
|
||||||
42
secrets/minime/secrets.yaml
Normal file
42
secrets/minime/secrets.yaml
Normal file
|
|
@ -0,0 +1,42 @@
|
||||||
|
wg:
|
||||||
|
0xa-mgmt: ENC[AES256_GCM,data:ki7/S+BA3vXtv9FcHcfLvcLW7Gm8/88RiIeHUryrJHdRo3MeGAa/sFGSPp8=,iv:bsfjP2Le69u4MMA3ZzWJL0chmg9OD0hjSLRgdse1aJo=,tag:l6NNLzdpaKeX1/R52phaGw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1chq5k0t38882rtyljez8cwmvtcstu4tafzvveuhjrujvsqk72f9s9guc06
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKUTdwRzk4anJPTTMvOFk3
|
||||||
|
MXBTQTdLTTVXcklPL1VHeERrTTZTQUVNeTB3ClFWWmt1dy84VUhaSWlOcnBDZ1VU
|
||||||
|
STNKbVZTRVcrWC94WWtrV0ppL2ZDSVkKLS0tIDRxT0twSHUxN1dvcUJPb1F2aXBv
|
||||||
|
Y1hHaWlQVzdnbjlHeEgxTjdMNkpSM2sK41qX3+ggD5PSm4lR8kka3roYmiLco/55
|
||||||
|
HIHxHZhw1K+FaHGy2DxeGmXi8gnVSA5oyihqvAn7PDPi/L3sB0dLuQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-01-11T01:29:33Z"
|
||||||
|
mac: ENC[AES256_GCM,data:h7PY7X5uIykwnnocTU/cUQrZB0cRUgjY0cG6XeQelwZXPcPUDalptT0uim/E9xs9cUV2OepMYu+Wf1+YoRNHjsl5GZ6SgY8KxlJM6P37VY5h0L5a6HXTIJnr1Z5KeMZgh0c8kXBQNsn0YTWGI0OcFlpLlWsDNtJlupqlVbK82qo=,iv:P8TDZOJnVNK7ETD1pbJMrtGnDfSH52o9/dUVRIV/Yzc=,tag:lGD0h7am7rumn3PvRoWhdA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2025-01-11T01:27:13Z"
|
||||||
|
enc: |-
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMA7zUOKwzpAE7AQ/8CuvFPV+eO0SG3zNZLsy/DNeqLDnMRJen/qOwXspjCSzI
|
||||||
|
mwl3Npdp1d9sX1MJYUvMZDby/EArrIs2MSkk9iAKLPTHf14ZxJfYTYbhRUn/SNuK
|
||||||
|
JJBj/hEL4GoOFNkEjUC53ywSpplP6TO+q7k48kYzPXuCA2EMBz2MHRbeiTdztRJv
|
||||||
|
r1dhpwNGwvcAWNLbEeqOgceYpQ6F3ou+FDI8W7873LMoUAXinN6I3f7XKP8ew/N4
|
||||||
|
8OOgvhfZOQqAaTqAaaz3ILQzrMTUzPM7cvYbtYL87OKYeezxgOmZhBmg6d62q4fD
|
||||||
|
lTc28GpMx0Xxycir8CImpcHL43J8b3WuYehk934tInaWH68TxvRAgvS9ZuMa1KhX
|
||||||
|
cVFFCwZAxnJZF0gbcE9OZCgI2VSH8u7Iys8mPwsEvUJtbDN4Qb+TpBaD+xxg6xBk
|
||||||
|
HGqxDeT9Lybzsn2wTxjUUfiwFZyDeYRlcU+UyGJzLQcPNvSaHWcwWKfRtBE4VNE0
|
||||||
|
8jwopfWE7pVYvABXC8hGLhYKT8OwIPzRWuXoDhw61XiMDnkN71afZLbpExi77lE6
|
||||||
|
39Wizb3KhRLbPdwPquwS2QLNIY/3gjGW1Ml4Hy0WC6S4MeCo9gOsdLJ+j7GeEA9Z
|
||||||
|
wtiy5LPHhYZuw81gzmDWsBvLAsPEWLHBdHsSZucaOPozMeS2VCglL6EH6liECkXS
|
||||||
|
XgGPtg8IY+YtmkX9maGKOz+GUsEVaQV7RhQfPxJSZrEyRb2SwEKHmuBROQFXgNdd
|
||||||
|
obcZeQQWizccZZO00ojD8K38MFf4m9WKePcNoV5iMvDzq2xISgFe8LW2osTf2BI=
|
||||||
|
=QTzx
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.2
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
wg:
|
wg:
|
||||||
mullvad: ENC[AES256_GCM,data:P9acMXooRll8i81RIBVb0OxFdzx2WsGgVKqX+BoV7cvPGWJK5FRIF8KAcqg=,iv:kq+3guPx2+reDqmfHuhWEvUsKNynG+t7LYRNp5kFLoQ=,tag:Aj0P7IrrTdRK59aBMjPx5Q==,type:str]
|
mullvad: ENC[AES256_GCM,data:P9acMXooRll8i81RIBVb0OxFdzx2WsGgVKqX+BoV7cvPGWJK5FRIF8KAcqg=,iv:kq+3guPx2+reDqmfHuhWEvUsKNynG+t7LYRNp5kFLoQ=,tag:Aj0P7IrrTdRK59aBMjPx5Q==,type:str]
|
||||||
zw: ENC[AES256_GCM,data:CXrLvV+b9DUfmr+CwH8dBTHvDHtgVmiF9g+QpzFqMcc91yQDzQqT1d4AQSk=,iv:Wdj11qlGWGm2XSieFZ4csqdIyR0epzPCkeWyUUmjJbk=,tag:UO07WUwr138B5TtMGujvew==,type:str]
|
zw: ENC[AES256_GCM,data:CXrLvV+b9DUfmr+CwH8dBTHvDHtgVmiF9g+QpzFqMcc91yQDzQqT1d4AQSk=,iv:Wdj11qlGWGm2XSieFZ4csqdIyR0epzPCkeWyUUmjJbk=,tag:UO07WUwr138B5TtMGujvew==,type:str]
|
||||||
oxalab: ENC[AES256_GCM,data:YRN3fSzukqgDK3Bf5O7I8U3QmJAINCsjSseOZfzM/4xGXfGbBNeH3UmD0PI=,iv:U3kXH1HdT4OWcFZ+40a5W+jQ1hdS4UYYXxxyy+SqHEU=,tag:w65VyfylSKnM7c50BRCVgQ==,type:str]
|
0xa-mgmt: ENC[AES256_GCM,data:THKgWJs4bxNYwnl1FQzXSC0xIuv1r0jSByQgwoKau34sddgTzztRHbSztGs=,iv:wn08l8hlSORlyD8XpF6pk6F3HTsT345xp8XxkJVUKcY=,tag:oP+5+cunkQ5KVf6PB5Rirw==,type:str]
|
||||||
dvb: ENC[AES256_GCM,data:1+IM6ORPtlIroeekaJSkOwYArh0fN6ycJNaXo680pE2Xv4DUBrIlh8q3V2A=,iv:btf3IpM4Wntkf3RYPwUdhH+4WUUqZp0zYp0aj2sdGM0=,tag:MDvS4CWYQLdp2YGs3/5Htw==,type:str]
|
dvb: ENC[AES256_GCM,data:1+IM6ORPtlIroeekaJSkOwYArh0fN6ycJNaXo680pE2Xv4DUBrIlh8q3V2A=,iv:btf3IpM4Wntkf3RYPwUdhH+4WUUqZp0zYp0aj2sdGM0=,tag:MDvS4CWYQLdp2YGs3/5Htw==,type:str]
|
||||||
mail:
|
mail:
|
||||||
oxapentane.com: ENC[AES256_GCM,data:HW1xcclr5CiUFVF8As79ZZH1c14sl4T0l18=,iv:leAVYaQkMuJewkCZc3fTUUNzZ9BDjV5CuT84bzvhrrs=,tag:Mm8OB8gLbmUwKSLugTR6GA==,type:str]
|
oxapentane.com: ENC[AES256_GCM,data:HW1xcclr5CiUFVF8As79ZZH1c14sl4T0l18=,iv:leAVYaQkMuJewkCZc3fTUUNzZ9BDjV5CuT84bzvhrrs=,tag:Mm8OB8gLbmUwKSLugTR6GA==,type:str]
|
||||||
|
|
@ -23,8 +23,8 @@ sops:
|
||||||
bDRBWjJJSDl3bDkxenR1S2NMZW91dW8Kzhc/6HeEJfLGDaKdRSbpaMdR7XaBxdQI
|
bDRBWjJJSDl3bDkxenR1S2NMZW91dW8Kzhc/6HeEJfLGDaKdRSbpaMdR7XaBxdQI
|
||||||
jnAySJCGsXxCPebRtCIdDnoLjdqdzEggEhRh27JOpeOiEukLmakPMA==
|
jnAySJCGsXxCPebRtCIdDnoLjdqdzEggEhRh27JOpeOiEukLmakPMA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-01-03T16:03:33Z"
|
lastmodified: "2025-01-11T01:25:11Z"
|
||||||
mac: ENC[AES256_GCM,data:+Dxu5qh09OJ9KDnzl4IkX4ZjB0wkn6o2tzV+OsvKwOH1p51ezWxf7LIpjLumk9tbNm+0gRD/ZPlufxIA+jHydWxBty/JvnjZjYaaaBh2LeUpqM24PnRn9jReSVki5yRGoonXxZ7OjUpgX26wKSff7iQh2DjMVGdL6E4OhBJL6iM=,iv:kUDVXycpcyfiPgMe9u1KCrxIvUEEtIZr/z6h5rdCY4c=,tag:xTsdPaxtlIVUrHjcU2uerg==,type:str]
|
mac: ENC[AES256_GCM,data:Y11oSAhVwjYkuONxlWFKRTswaCMsj6/61HQgEZ9tKOxHK0mfx6CiJGqNKud7XDAebmqB3uIYNJ8zYKvM2D0+vLBp5Kk+bQX0tNXf1HXVJPYzE1GA+Wg5ZKYM5HZ339XiEEBZEbTU+ptMw2YO9mhDxYA6UnPPQ2IHNPgB/yrgfxM=,iv:iHERfH1sf35DgFYr6FkwxRxnF+qppWOqw1XJ/rJi3DU=,tag:L09jwVXKzSnACp2TSpEV2w==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2025-01-02T22:57:16Z"
|
- created_at: "2025-01-02T22:57:16Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue