From fd07ef9a84041d6577471e26518988af656a7a28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 30 Jul 2023 02:14:14 +0200 Subject: [PATCH] fix: add secrets to nougat-2 --- flake.nix | 5 ++++ hosts/nougat-2/acme.nix | 8 +++--- hosts/nougat-2/default.nix | 10 +++---- hosts/nougat-2/nougat-2.nix | 6 +++++ secrets/hosting.de-api-key.age | 21 +++++++++++++++ secrets/hosting.de-api.key | 20 ++++++++++++++ secrets/keycloak-database-password.age | 37 +++++++++++++------------- secrets/secrets.nix | 1 + 8 files changed, 79 insertions(+), 29 deletions(-) create mode 100644 secrets/hosting.de-api-key.age create mode 100644 secrets/hosting.de-api.key diff --git a/flake.nix b/flake.nix index 0fbba471..d239164f 100644 --- a/flake.nix +++ b/flake.nix @@ -188,11 +188,16 @@ path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.barkeeper; }; }; + nougat-2 = { sshUser = "yule"; hostname = "nougat-2.b12f.io"; fastConnect = true; profilesOrder = ["system" "direnv"]; + profiles.direnv = { + user = "barkeeper"; + path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.barkeeper; + }; }; #example = { # hostname = "example.com:22"; diff --git a/hosts/nougat-2/acme.nix b/hosts/nougat-2/acme.nix index e75a7bf9..cf224d3e 100644 --- a/hosts/nougat-2/acme.nix +++ b/hosts/nougat-2/acme.nix @@ -15,8 +15,8 @@ ''}"; }; in { - age.secrets."hosting.de-api.key" = { - file = "${self}/secrets/hosting.de-api.key"; + age.secrets."hosting.de-api-key.age" = { + file = "${self}/secrets/hosting.de-api-key.age"; mode = "440"; group = "acme"; }; @@ -43,8 +43,8 @@ in { isReadOnly = false; }; - "${config.age.secrets."hosting.de-api.key".path}" = { - hostPath = "${config.age.secrets."hosting.de-api.key".path}"; + "${config.age.secrets."hosting.de-api-key.age".path}" = { + hostPath = "${config.age.secrets."hosting.de-api-key.age".path}"; isReadOnly = true; }; }; diff --git a/hosts/nougat-2/default.nix b/hosts/nougat-2/default.nix index 2a45f0ed..26e74f8a 100644 --- a/hosts/nougat-2/default.nix +++ b/hosts/nougat-2/default.nix @@ -1,7 +1,5 @@ -{suites, ...}: { - imports = - [ - ./nougat-2.nix - ] - ++ suites.nougat-2; +{...}: { + imports = [ + ./nougat-2.nix + ]; } diff --git a/hosts/nougat-2/nougat-2.nix b/hosts/nougat-2/nougat-2.nix index f23982e6..0ed911d0 100644 --- a/hosts/nougat-2/nougat-2.nix +++ b/hosts/nougat-2/nougat-2.nix @@ -3,6 +3,7 @@ pkgs, lib, self, + profiles, fix-atomic-container-restartsModulesPath, ... }: @@ -13,6 +14,11 @@ in { imports = [ ./configuration.nix + profiles.base-user + profiles.users.root # make sure to configure ssh keys + profiles.users.barkeeper + + ./acme.nix ./caddy.nix ./keycloak.nix diff --git a/secrets/hosting.de-api-key.age b/secrets/hosting.de-api-key.age new file mode 100644 index 00000000..648b725c --- /dev/null +++ b/secrets/hosting.de-api-key.age @@ -0,0 +1,21 @@ +age-encryption.org/v1 +-> ssh-ed25519 Y0ZZaw mpeEJ0Pmd9BR/HQ6tcY4H38pCNrel+8L6WgnPj77ByQ +UdF11WoYedaNjDwLhGplUlHYtAW9wSTLrf6BMSQGXa8 +-> ssh-ed25519 BVsyTA V8CrvHHBOPuJE6xqdQlC+dLoc5CU625aysWOk8oS6Sw +jJtQYWFVhCwwBGpQph8WNKPNLWrXiJVJj05EY0PZFzw +-> ssh-rsa kFDS0A +QXSYUXN04FSQofXobqNcPEApTKsDcUJV6eXYpS+9HffRE1PDt5JKRXWMk+3RMw0Z +fBlWPBMmS4M/letqH3PHG1gFv6MFrGaddfJbZo4FYUzMNeT+Fh5ZWM2bQO6iczd9 +WUYYKonOzgRd8Nwg3DAHxJ8zXzocHp6F+cAqnw4y1ou50erVDMEIQ+wc16R8yT3t +OEKfz2Vr8FadAsCw2JBqouwyvdM6bd/+AjnJZbFrIq/gKlgIe0KuSZK1lr08v2aL +Nbk0bykb83N22kIG7kecYuY9Tz/Jh0geotkti7MIcsLez6OQW0+IC9bDZ/Swl/Cb +oXJdrjRCZipD1PKGdxzyb+bXZHmk778kc9WHB8NRas8ICFcOS0Pu0JMjhEfU2rER +QQoYAmk1mmJGDW1DVv90VUb2RokpF6QuzgIjfJUi7R7JLPcahBvfJRa8gytC33OP +Nr733zR5NP06b3LMdjjUyiYyf0cyZG9Qxra8aN2kAlT/mHZe+v9m4piHrJ1b+j73 +pyZPNa9w5AXl942fV5DbERRpXtP1kc3bO776All8X7ARy5GaHpHmvmEE1ooDhicS +iSvEm5c/BvgTBijXqsXk/SkIoFiLrGQ4wkTjNpeTsX25ghZc1W5gHrcDY7QtdDLz +RotNg5klu2XZR5mB7hFPUoXwGhwYc5l1mf05/2tEkVs +-> E>o)tKn-grease T9%P;\g +y6At0SwlBQ5jKI7Rj9ceRCqW3gH+b+7K0rLp0w +--- ABiFxl1ZHUSZJPkagpG0QNgvWeWrJsBtCvDImCQHULQ +a$ t/\hPD߸Ay]pF#HM%g3p)^c~]PK4:,cF5Ɖ \ No newline at end of file diff --git a/secrets/hosting.de-api.key b/secrets/hosting.de-api.key new file mode 100644 index 00000000..32c936ba --- /dev/null +++ b/secrets/hosting.de-api.key @@ -0,0 +1,20 @@ +age-encryption.org/v1 +-> ssh-rsa kFDS0A +MLbUT2OZ5uLq2uC4GdBNhQqrN8BjF3FibWT5NpfcL+ryr5wI1HfHnTINQR1SfcP6 +e7YF2+lJXiI+Clp+V3/eG5mDMXo358lr1usQPo3AJp0L/F+ZXuYgXIYgp/H6CpX7 +ztVM3BavlwvKibiFzpJVESIQW/aMp+fotTG5BBCzQ9P5ejpRCyBnw023VXG4bul6 +kSBbjaclmXAB/kErB/CBrQX8khYzy/sPWMeyKfNpQNRebwHfwifSKtwvl9CrII0S +6UAK6oKhi+5heqCtn0t2ToY+Jo9ccMjf1tKuQkUkT9gxJqalYakK9Z/Cn1YjteS1 +/QBE+pVNJYtqeND2kWoh7GDgHMN3RpSOZTTfLYWMatfwdZn78y5Qnri6GxKMMpcH +HJjFR3/u08sa5Z6QJN5ajMCze5QEVCfkbP7OUvdD77JagoR2TGphJXHWuHBBjNT0 +67GnaVjtjBSkPc2wHaB9jXCLcpkYtx2JwvcYIBmyzu+uw3dVXekT54dXMckW04B9 +2A+zH35yNX7cG1BdAaqXsj0q8XHLi+ZyyZBB/OSXFaz07JI8Uo7V17MU6N+yFCbn +UeIh82gingQU1+OBRSi1Qbee76RqRGOB9oJywxWYoj0tfCb5j+CW0UH18rKRCy1p +nbyIY2mp1pVMVnkv+UH5HDJZYTVt6H8HllKZcqy8tUQ +-> ssh-ed25519 cakP9w r7YM3I761Ly8mdPE5Aue4piOtU2WuBCX/ZkuODcC11E ++FGBvDNQiChuuYWGzo9lKiFGWtkGpd+h+zbi0fjR610 +-> f(eo)$--grease = zT ssh-ed25519 Y0ZZaw 6Ab765r1KhdPSNomPyArPOa9EpOK1gJH1O/2ImGovDE -AbIsUHJvTypKJbOE3LuLFXYkIzfTXxRmiLFy91HzaUE --> ssh-ed25519 BVsyTA tCs+TlkHQMbqgeN28U2aLo3luZNHRemLKbsqX8gOSWU -PU1JXT1JjKeSZ5cybTuq+WOipWWmqhHGLtEVHi1/8pg -> ssh-rsa kFDS0A -TQbtZUL6l+DJxir6AVNUWMNPXrzJ6Ns3xb2C9s+lXsvlTlm834H8nt/JxJBCeRoH -ymH0PcXKHCk54iPypW5KqFRIwoDYBTi3t3fSqjyLQk4eFNBjByGy+IVAaF6dcS5y -+pYwpZxgshv8u6iSEiRgLvqp0bIs/g/tPHowZ6ezlpyKOzh3+KRYK7e82dJFznwb -Q9V+PdWZJLqobbo4bmz7nT3qNlS75tpcVk2FAwsNB1pk3Q4ucbQb33eslSny93s9 -DjGCQFOMCkSZwKk98jV8aV01Liu4+tgMty5Sb6+Ei/tt+4TvjlX3t6hl9kvCVQNn -gXjc1y2FxfuwN7hTnFYM6QAwB4ETUPwsyqoOAzfFWzpQNpit+ZOtRMw42gcSkhA7 -RcyHeYGtQCeK+MKU9YaWZrDZjFjwpA7oxVkBGk6Xd6drVfw0tMurXpruuIzswo2Q -iwdSGNsyAmMAKIoAWrjyxuXodgAwii8JgLr93IfkEuOQ/izQQ5sJCFP4Q4pB/Svk -8yG62fflaJ6epTn2uEBD9EDqlNCGpDwNwdBnASdpcSCeooCqcqDIHpk0VJly+HiQ -VyxpD+3ZfaguUkiVC44oxAkQocitj8ypNmuGqphG+1ReN4ew8xi74f0WWq4lxkY4 -DieriNG+NG4JS7SgUTz5ZStYbOuIJJ/n82TcejWkJGM --> dqJ?-grease .CNJ%TkE -D6Hq2UnwetlWfmLWLcijubdNB2uJNjRRIw ---- +wyqgdU3ahUepcqy53z01275bJE6CadK4+yXH0bSvuI -򡈜ÿV-j^/uy{j7@h$pQ'kz#:,4v}1rjeV \ No newline at end of file +DWQcu9+8Tt6PbnhhtjaEh4JwKckPzGp8T886OitKmT36ONeX1xm4rxUV1BlZJESH +bBUorgCjlVeNadhrvMH6f79iq84Itz3wFsRn3wtXTHPjyOjXKq3mBFCZchkNQXrQ +kAlHVSU4KxArWdDgxZlSDDjqVKUO2otOax0jQIrATyoyXxydv3IrY+I/QJNXyMVV +TWWur2MjLfRtXf8pKhKHhZMGthOtnYRYJplR638hw4TQ0j4/7J34qcZZgNoo4pUY +FHO1xLqxdRzMiE5Kn7drhJ667QeEANZUr1sPjejXahMx/oYatpZ7YxDk2l8P4bcO +qAiQ5Z3h1wfhfhHJWLCXac9jBifZeMXXsi43lB7/A+8OCPPZbJam6ng9Nqi6q52S +nCwY54c50mDp1iS8b8coBnVqr4JPA+mipy31KGmbysxjKRV7SovYuPq6xzGzL9gO +nAxpvwGuPShuKQMQ373u0NL5Fx3gnSwBpDax9Q8ZIvkn/iGIjntQj8IaDDXUtOUg +6r3wQD8m8C54q8hdOeb8dvDTb8YkXJGumikOwx04KhhX/MJbIMpwSmhZGHdCY44v +qhTQcnudnPUskTZsenY4pw9LOdzuVeLqGL2359qvw8w8KTNtZfeif0xCpWBKMOw8 +F3wdYRaowGp0Hqi1wb+mKtiz4Tyx93crkflrpxs5hT8 +-> ssh-ed25519 cakP9w m4+f1g38ZLRWqO1eKOSnu/0wJ+ou4j/4VgR8IJhh9Bc +1MkqVLAk5hZyyvjVSU7ScIitGkIiQlCl7oxJCBw7xmE +-> Bp=k^MJA-grease +iP4iWQsV1F2QEiShf0j9AhCUq+SXOxQ +--- d1wE82sM45YxhJkxchil/8TFhZMjyDVSySvgS6BQCck +dVQrJ8rg( +if6O#Wj,d q