Update ca host config
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
This commit is contained in:
parent
1da20471a8
commit
7db9efc94b
@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
"data": "ENC[AES256_GCM,data:S/dDpfZyvnGJ3mbDWS5rQZN1EwIQCQuj2WxKnMFirP/tYTsZTROte3KBE/k+7gwzDr6vayawbJr87zWv2ZV7iXiFZ6UK2wPD5Kj1HTY6D+0QtYrJ4Er0MrrFoxEAj+HRVhdXWwTchoC8Hio+8QOKFWW7mgyxh67UDRQJjAYaPoQ2ol19Zg/k5PSZZN9Qn+Bn9Hd5Hq0b2UBPXIWRbQ7u0JeyQXHY6dAzDoruhhrBcZIbX/PRghdAvIPQUo5LbCn5VrmnunktJnTgt9Dtv67ihTa1iBPdUjpkEV/FhDlDPrWAztBurv3IoZZ4hjAYbc/WeFlOkai83th7ggIJ3Njjrvh2JKdg6GDAerOUVtxmt2SECYZcih0ouNecRl/4UYlCi1QsBFJecJDcHh1zWDNiBGIBywkhfY7NUPBoWlfhBRL58JGsnPFthRT7lqF1MIuM2/q1dgCRaVJUsJ0c0WLbpFNUaLIE/TuaI33yVNlmV0yokCa/Q2fKHmkWCN9GkxkIDVxaB2KGusM8op5fDPaTr4kbnGklu+dqha1dZDfVw+GuFzUf5et/oOHZtpCUUwUk6O6IiwDyd6VRjxSYpyrBaNXrStsaUy0uIybCf/whUFiZ/cDuI72i8RGa4Ix/2zDcmdK77bMU3/dTFMh70gWXtHshrCsb043gmZzmkWlXYhPmFnPDX9AATRoEb5/ajfnUskajHN718MW/e5eYwRxBYDwjPCx8aQYr0f5UkNoBbgujsf3n/RsGYMxB7OZlFImnB+SN9hyqN1WsAykL693EqlXtK8+xrcWBnAVuiN3yxGFL1Gz4XlcBJiLjKWVkshuoqr/XdFuDXDs9eEHSpKg4lEOU4vP7hLMl/DhM1ncd/wENnrE0jxgNkX6HqbOQEaiJU6cBs+2M48UzEWDc/+AQpGBpOrd2gzo3o2behW4BQWzhyOZym2DxP+y97mQ8FUxfHW6BFeKTmohQb0wukPw5/ReJNysU+SLmMd8vuGGBHZeY6AMz9zMXE/v1p0+Y1lvCdelAGI1EA72wl7DmtlCCRMnXYdxMfAsH55tuD9+W4dDut67se5Oig3lDYrL/+ubtK8F4iFz7EcJdmIsykeLfK+PbNjPPd24ul0aJPKWgXKNtAtD0QJOuv/b3C/ie3D1hgjajv+X19midWyJGVDvYL/et3ZyypTYH7Q1yqyX6+cH//jZAtmCm5gUNpsFgTZJVzZ94P4iRl6WCgt9D7u8omNA7ov1qbawMxmLlSGq4QcPQXS3giXQItX1CGzJUDoh1v2g+8CWVOfejWerF/qawkNHPaO1Tq5OpDIqha3AGNRGXgqiJfCqD6wo84QKnOjS8Dt1VYaf0gZZmr0XhLfF7bkMxC/M/SmCdJV9Z1XDMMA9aVKVC5GPVJIyx56TZKD4VoliMrVS3u71lMit9XG4v/bqN07hmGJq+An2oBGGqDPJgzysqHvZ1ugmmNwSTAi3Sp5MiOGAx9veagzTnx1W5djb0G+KaSO6UFpgL1NAGHDTztCEPbFcgjHAG0SB+vWfV2go8IM4MLlRsDj1yZMIlvV1b6qAJPfbI070HjIDOfK+J5O7RedsMQlEAHFVSbJ4cX9/OmHs+4pfmu8ToaRkGWQzclyjajqX9p8AT4fHq7upaL3F8Vxry7rCDDlcyIFBL2bv/LAA7N3SgUjljUjf+miIgTy/VyK10HqW2eNlsxWmYXWptpymkqE4kIpCI+g0kPbslbqLFIFeY/7uRBqaoO+brFfXO2CYdfTbbCi16obG0Lov9ucntrfp8opbmZOgefOy9iB+z7Pw48n0PkfDkpXBxdwtFpEz5se/d8EYnZOSUfGqO47KRXeA9SGluCg7e9Z1wiXLjo5JHYqlliscmlVedeRpNevpnWx/z5sV1z7/4WtV7PEjuw5bhE6m/O6LaHtYX7kY8XjvRrr1pfcpTd/knFLK2ClFdGZvnYFdQCKEEqTINO+1x3C8CDF0c0YIPXUiWNubZMNSOJ+uZu7bnhacJMOAowylUwA2nQZn5dkVjw1Zf25pPzvzBA5m+6bTd32+kAd2KeGQqbmXfQN+Iez7tC/DZJ0Yi1lvoUntG7dqA+soIx8I1GjPlCiEtxUao7RR0dwOobmq9gGvu70qmSgnSV9Z+SA5ZnCuBIWjLA0WMuOxwUpv6gKzvNqyPYhAmks7Z4lUAreAvMcuvBmAd4/RhXZkJ6fQWc/eHTkdXLAzfppvl2cNhkfOcOsZaBD70mcISeYK6j2Ug88Bs4eybFUNXs50NpwOab5FsZJfzQEVh5tVzuE2tSGIZphy0DSARWJEzX8DIfFaSqd8gSeoy+Q6MgtzZSKg9VauuEZ92bezMoEYeMSGn7lZbiGgtM3S0oGel9lzCP6L00u+CpEDKm+toGtDGDKKCdMVETyRIA9/gktvszwVDmPmO01tiemyCS67hzN3MmcwzcT2POxxmhFqprA0GPyCK4yzo+xNJxD1riShRbeaVIb80gjyzoaEC02OXTuTbp+LpBeZ+JuLQapF+V9VwTz2qedsyA1ZU9L/qybfNjPmodzSZnARS9UJw6EecdMVjumAKnONqv5IJ7TFdIyNd5oT1X1mD3AP2ujQpYiTdnbpTukQZr6BMnmLPEH3ySg40y/pl04VmdqSKGMUI69qdlkDsD+K/jUYyQ3BqyVev9ZJEsbZSHh0oBpYEcYWlo+ugxhlig1Ou+J5a/J7R1/6yQlnKtjI1WNxI4uSUib/78GXPCA==,iv:VHGFl9flRW4qYxEzqVmRKLDVTeZNEeW6E2OnqB3rB3g=,tag:8PnIUH9vOlbJINDPU+pulw==,type:str]",
|
"data": "ENC[AES256_GCM,data:TgGIuklFPUSCBosD86NFnkAtRvYijQNQP4vvTkKu3dRAOjdDa2li5djZDUS4NEEPEihpOcMXqHBb+ABk3LmoU5nLmsKCeylUp7+DhcGi9f3xw2h1zbHV37mt40OVLTF3cYufRdydIkCGQA3td3q1ue/wCna2ewe73xwGg5j6ZVJCZAtW4VCNZM+rcG+YxPUC0gmBH59+O0VSrZrkvSnifbr+K0dGwg4i17KwAukI4Ac7YMkQoeuAPXq38+ZftlRx4tq9xBUko6wpPY9zOaFzeagWYMF0n1UYqDt+/3XZI/mukPhJc9tzbWneqgkQBOx3OiDwrNglCHvEpnb+bZePIRLOnNHd1ShETgBqhsHGp9OAwwbAt4tO+HFpCQtVz7s2LWQFLbWiN0SCGzYUkFGCgoXae5H58lxFav8=,iv:UzaWlJ+M+VQx3CcPSGbFZh5/rGbKpS2Rq2XVZAIDFiQ=,tag:F3waoAMuEKTvN2xANReSww==,type:str]",
|
||||||
"sops": {
|
"sops": {
|
||||||
"kms": null,
|
"kms": null,
|
||||||
"gcp_kms": null,
|
"gcp_kms": null,
|
||||||
@ -8,15 +8,15 @@
|
|||||||
"age": [
|
"age": [
|
||||||
{
|
{
|
||||||
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMUhCOUVVTVpTUk1Pdkly\nK0pINEdVaEo1NFF1YnFPT1l5RE5JcTZieTNjClNxL2laTUdMU1M3bjc5OFE3ZVh4\nN1cwUmlpbXhiM2tlak5ZN1ZxV1FjMjQKLS0tIDA4UmlrSStGKzVsVFlZL2g0cnQr\nWWh4Z1lRRWtJR0Rudmhobjh0bWxuaHcKbGpnkqhKtjCjhtjKi5wl+0tFCEt//FkP\nfLBTUimlLTTINh/29fhd/5P+lgwKXCYTG7GZVY5zLVlhy9eR9fkS8w==\n-----END AGE ENCRYPTED FILE-----\n"
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpRGZSVHRSMGlyazAwQU5j\nd1o1L0Y1ckhQMkh4MVZiRmZlR2ozcmdsUW1vCk4xZ1ZibDBrUWZhYmxVVjBUczRn\nYlJtUWF3Y1lHWG56NkhmK2JOUHVGajQKLS0tIDN2S2doQURpTis2U3lWV0NxdWEz\ncjNZaEl1dEQwOXhsNE9xbHhYUzNTV3cKVmVIe05JwgXKSku7AJmrujYXrbBSbpBJ\nnqCuDIhok1w/fiff+XXn8udbgPVq5bC2SOhHbtVxImgBCFzrj5hQ0A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYityQThnWGF3REpUSjhR\nbGMzaTkxaTVwVFJoZlFyUitYMTZFVnc1ZUQ0Cmh3bzdhcitWMXF3Z2t6SjF2Rzlk\nK0xvMGsxa0RBdzV0TzBUM0FMMlozeW8KLS0tIDdOb0JYNEVuT3hEakpIYmRpQlBO\nbFM5b0RDbEhDYTlFNG4wMnZqM2hIcWMKrpZjbcjJ5PE52/5CoYBsDUngYEOVvrAB\nQ1BI/fgs4U6YHApUbLGJT2GGy+JXvBKc8bqc8YxLFhONqT3RKzCHJg==\n-----END AGE ENCRYPTED FILE-----\n"
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4V3NaUEdvMmJvakQ0L1F0\nUnkvQ2F5dEVlZ2pMdlBZcjJac0tERnF5ZWljCmFrdU1NZ29jMkJ1a1ZLdURmVWI0\ncm1vNytFVzZjbVY2aVd2N3laMWNRNFEKLS0tIGgzOTFZY0lxc0JyVmd5cFBlNkRr\nVDBWc0t4c3pVV3RhSTB1UUVpNHd6NUkKNn6Sxb5oxP7iWqTF1+X9nOiYum3U+Rzk\nkryxVnf9EvQIVIFKDaTb+yAEO8otjqj+C4mHA9fannnNEJduOiPWOg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"lastmodified": "2024-10-21T09:28:49Z",
|
"lastmodified": "2024-11-30T13:18:08Z",
|
||||||
"mac": "ENC[AES256_GCM,data:0YA9KHUFsh3zERG8kbr8TbklTib9aOdrzdlk5aPZ8UyFkbmP0HKk+lXPQ3RwRVbhMmK3VhGU0IxA0J/QUw7SQu22zSBkl1DF5PzqoKkNgt9T5hZJI2HqWRE3/38/5AU6L5mX7ul28Y47L3lcgr4PNLxlg5qyvxUKoM9riw474I0=,iv:G40/HLd1ftXclEcX8FMQjoce91o83dA2KWeO6VaIqLQ=,tag:7KU2Rz89AiggOuumKNfSjg==,type:str]",
|
"mac": "ENC[AES256_GCM,data:9R9RJzPMr9Bv8aeCDxhExTfbr+R2hjap6FGSk5QxBdbNpOcNS78ica0CLEmkAYVAfjmx/X2jC5ZnsAueSPUK7nAgNX2gJXbUTpY0F+oKt35GJziLrFLl3u/ahpF9lQ50EL9OqqgS+igDqtodJhKme5DXH5/GXQHhz++O3VZkR78=,iv:XgN3PiowiEosi2DmrjP82HhJMvnwaV530tsBE8GQfjs=,tag:U243BrtH7H/DU9LcjN/MMg==,type:str]",
|
||||||
"pgp": null,
|
"pgp": null,
|
||||||
"unencrypted_suffix": "_unencrypted",
|
"unencrypted_suffix": "_unencrypted",
|
||||||
"version": "3.9.1"
|
"version": "3.9.1"
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
"data": "ENC[AES256_GCM,data:OTpEO78zXv66cH1oKwqmFzNPnnkTH3I66J3emqzYEFtii7EJ3d9POquapJhSRWGZs3kvQevFbMTsdtIvWrrwGNcbmBlSLeNOKrOWjXix1uemsBsA4tt79L7dms9tFMXm7nBqy71wo0MsYjzXEYBTy7n91IIKwkg4o+n9MCQivDXVN3rAy8o25HjuS8fSJRRTuQ92Nnc7WjIbPQbyqHPBlp7hxO9xC6/JdOWZ3Zo/X6AyZuzcoF6Nd5A08hImPtbNZ1/MiBurdLSqGkYx9m5KsGmFKinRqWwYWnsQidXl+2xQcqCZNvdCNMe1OwybAxAEiQDksCTpYOQISIzCsXoT3Wfr4ZpZAlLCzw+ga7nnvF2CPiUeRWXyB655vg0vXgqUHYIaN3l1A1P8OWHRDz/tPd7pWbwAj4BZvDY=,iv:oI+1jK2+4vCW67PbM9VxoViBqUOh9BYP8xZHCaAJloQ=,tag:QX/nFv4NB4ERCP5zB8Mqdw==,type:str]",
|
"data": "ENC[AES256_GCM,data:5AePh5uXcUseYBGWvlztgmg8mGBGy3ngKRa6+QxOaT0/fzSB1pKkaMtZJo76tV9wwjdL6/b6VVUI7GIaCBD5kgdZuA8RdBTXguHyjjdxAlI9xcrQaWWdATd8JJt+eQp/m2Y+0dioyXKaDV2ukI3GtHYjp/ixMoHHWEocnEEb40wG6c3CZcvsLWJvKTkFc2OvcjcU2RTfuNlYtEETidiD9iC/dtCakNQHmLP1UFYgcn0ebXBKmlqD6+x2o7BVT1SLwVCyGNvH3eKA2AWvddZChnhaNCUIXcRwBFCgS8lPs4iXhAhly+nwuj7ssFpuu3sjm5pq196tRS8WQl2iNUEJ2tzoOpceg1kZZ7KHX3wCbdBlCRqhy9Q4JMvWPDssO+zz2aU21+BDEySDTCnTYX9Hu2/iFvZejt++mKY=,iv:u/Ukye0BAj2ka++AA72W8WfXJAZZ/YJ3RC/aydxdoUc=,tag:ihTP5bCCigWEPcLFaYOhMA==,type:str]",
|
||||||
"sops": {
|
"sops": {
|
||||||
"kms": null,
|
"kms": null,
|
||||||
"gcp_kms": null,
|
"gcp_kms": null,
|
||||||
@ -8,15 +8,15 @@
|
|||||||
"age": [
|
"age": [
|
||||||
{
|
{
|
||||||
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZVHE5aUNjS3F5VFYzMW1j\nbGJkK0VPRmJ2Nk1HSnNXUk1rK0tzaHMzcFZBCjRzTkVZT3hsakRsTHJPSXpGNHdw\nODNTWGhNZWhhdHplYUpBVFp4eE0zLzAKLS0tIGJ4RDkyZ1hTYTBnUHlxRWR6bEpZ\najBvNjdsK3NieEhoVkZkL3ZJWWRxK2MKKKmoz+U/TIAeE1nJop0FtxoOfAR2iP/Y\n5cdTsbXUgDSVginxJbnDaEM9v+OYJXO6ugQNBnkAaHbWn4ADnA8UCA==\n-----END AGE ENCRYPTED FILE-----\n"
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VElDNHArZXlXa2JRQjd0\nQmVIbGpPWk43NDdiTkFtcEd1bDhRdXJWOUY0CndITHdKTFNJQXFOVFdyUGNtQ09k\nN2hnQmFYR0ZORWtxcUN0ZFhsM0U3N2cKLS0tIFh1TTBpMjFIZ2NYM1QxeDRjYlJx\nYkdrUDZmMUpGbjk3REJCVVRpeFk5Z28KJcia0Bk+3ZoifZnRLwqAko526ODPnkSS\nzymtOj/QYTA0++NP3B1aScIyhWITMEZX1iSoWDmgHj8ZQoNMdkM7AQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdW1ZQkxUaFdtekR5eGh5\nYWdTbWVtemtteFIwNlZVVSthZElnZUp4QjN3ClFsOW9rZVhZckZ5MWdiTjNQbFN4\nNHZaSVEvR085b093dlM3SHl6c01yVWcKLS0tIE10L3lZZDVkQ2I5TEduYkU3V21a\nZ0k5cTcvYmdJMU5QUDV3QWtuYkRUWHcKNgfl9S2V7kuobwgc0mMR+O/quq06y+5q\ncipmOM7DIkyFDq5Cl0e//MZywoOfBTsYlCncA6Hb4hW+Y2Tn+/C4tA==\n-----END AGE ENCRYPTED FILE-----\n"
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNlNHRWNEcUZGNXNBMDFR\nTzE5RnNMQUMvU1k2OS9XMlpvUktMRzQ5RmxvCnlCS3lzRVpGUHJLRGZ6SWZ2ZktR\na3l0TVN2NUlRVEQwRHByYkNEMDQyWUkKLS0tIEh3RjBWT3c5K2RWeDRjWFpsU1lP\ncStqY2xta3RSNkR6Vkt5YXhYUTZmbDgKvVKmZc8S/RwurJGsGiJ5LhM4waLO9B9k\n2cawxHmcYM3KfXDFwp9UZWhIwF7SRkG56ZE4OjGI3sOL+74ixnePxA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"lastmodified": "2024-10-21T09:28:49Z",
|
"lastmodified": "2024-11-30T13:18:16Z",
|
||||||
"mac": "ENC[AES256_GCM,data:UAJ61bLXP9j7/uyppVMvvRLhO12XQXhCLEtfqdeOi7STUqTaCu1NsbNxf+ErA5eVn2DjGMJuyNvxamD1rxzc+VjELOit1pY9Wg4f15nRyryTt9r+iUrYttcwvUXq2knw8bDtJOqz/nYvg4R1qyXwjdSHLrKn6LmKsO0KwTB1nAQ=,iv:jHSYSYfuow0cM8ECzbQ2jM4J3Q5MQTBQ80u/eglfU9g=,tag:tQxMsKppD8xOcGKcBFXm2Q==,type:str]",
|
"mac": "ENC[AES256_GCM,data:JwjbQ129cYCBNA5Fb8lN9rW7/y4wuVOqLeajIMcYyCzlBcjzCZAV1DKN5n75xMamb/hb1AUkmtp/K82PKM0Vg5X4/lpWTUZXZOzn/TrwHx+yqlJjL9mUdGuHnSY5DwME38Dde3UxdtUa0CVgQOxvMIycW27w8+8NNfO2zxGxkzc=,iv:ZMZASOsqXZOb0NkBqG3GGaqqKgQdjZLiku2yU5QonB8=,tag:/lb/HMxsYOV5XX/5kWnFHA==,type:str]",
|
||||||
"pgp": null,
|
"pgp": null,
|
||||||
"unencrypted_suffix": "_unencrypted",
|
"unencrypted_suffix": "_unencrypted",
|
||||||
"version": "3.9.1"
|
"version": "3.9.1"
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
"data": "ENC[AES256_GCM,data:1ntjhGcHOtOcYBsEskgm/pBmQh2xVu0owTmPgfIzKimrSGS3XG0YUGztakb1jW3IgjRs1hssQpJKxkabSuPVNg4q1Nw7tX3aEfH2K6f2xnV3a7bp8yS30O9+7gDMB6wcTodMfou3Ypm3l2v6YXtVbh/4Gq/7FNUlHxa2wPux4pqoDyMjV1zjJT1exFl1JkUPzzT+02gGSEFacC47I7t85XfPxmn1hdpvpUlGA9CMHrQqTXf4moxePMyLK1oAgXtGLGXpQXl/RWiqNQMEmmBXfynjby6ojq/+psgGgbt89BI5Gi7tb131WXeg/xQSZeGkfbjWyl6/fy60GGPJ004VY0RKN8pB6/duggwWZPa/oEN1V8/DVNcTaq2YKrD4GBoPqeDegnRgMubeyb+talqegEr9AHAhdLtEKio=,iv:eb1VwHeESCREOv4lftxMIDjSFxCiagm0HRzzCURDgMw=,tag:6YhDt3kR+rs+fE14W5Sk5A==,type:str]",
|
"data": "ENC[AES256_GCM,data:vqQ3HwSmuDlI4UwraLWvwkBSj9zTFeNEWI1xzhVrO/gpx8+WBZOt2F0J7/LSTGAWsWW/9Gov+XXXAOtfnKfjYVzizyT/jE8EQwMuItWiFEVA6hohgwtsk7YKJjXdJIxmiv+WKs73gWb0uFVGh1ArMzsVkGPj1W1AKMFAneDPgsfSCy9aVOMuF8zQwypFC8eaxqOQhLpiN2ncRm8e7khwGurSgYfHDgFghaDr8torgUrZTOPNFk+LEdxB3WcC17+4a8ZyuBapmYdRTrP73czTAuxOF8lMwddJhO99SF7nWuOYVF1FOKLGtK04oKci5/xRIzvWo3I0pGajkxtuF5CyWbd1KblcPfBALIU/J5hU/puGJ7M2sE/qsg/4kaTFxnhq32rPZj291jFb4evDdOhVodfC1axOQUbzAC0=,iv:yOeQ384ikqgDqfthl7GIVSIMNA/n0BYTSIqFN3T9MAY=,tag:Y6nhOCrkWx7MnVpEeKN0Jg==,type:str]",
|
||||||
"sops": {
|
"sops": {
|
||||||
"kms": null,
|
"kms": null,
|
||||||
"gcp_kms": null,
|
"gcp_kms": null,
|
||||||
@ -8,15 +8,15 @@
|
|||||||
"age": [
|
"age": [
|
||||||
{
|
{
|
||||||
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoYzB4UGJwZmFmdXEzT0Vy\nV2ZkMzk5UXd4S1RKeUJmNTNGbHhvUnkzY3cwCkNMQS83dTFQaWJ5YzIwYXZNM0FB\ncTBLWVlWMXJNSlRjRUhDSEV1NFRLQ3MKLS0tIGlkRlZYZ0R6dXJORVBpMkpWWE1l\nWlprQ3kwcXkzMUdVWXpidmgxby9wRVEK3ItRAZMfAtOzjN5r7GHU8KT1upW+xvIA\nqXxIXZBdkkxKOJWQXn5i/xC8YoNek4fdqGeWUGOF9FguU5Zj2tO+ZA==\n-----END AGE ENCRYPTED FILE-----\n"
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFTjRMWlNtYVQ2WnJEaGFN\nVFU2TXRTK2FHREpqREhOWHBKemxNc2U4WW44CnV4OWlBdXlFUWhJYi9jTTRuUWJV\nOWFPV2I4UytDRFo3blN3bUtFQ1NGU0kKLS0tIGp2VHlDc1JMMUdDUjlNNDFwUUxj\nVnhHbCtrNVNpZXo0K2dDVU5YTVJJUEkKk9mVTbzQVGZo3RKDLPDwtENknh+in1Q5\njf4DA1cGDDNzcEIWOOYyS+1mzT9WY8gU0hWqihX/bAx7CVsNUallZw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQZ2JPWmIxSXg4YnNwMnNw\nMUJSTWlHWDFoNU9ZcmdPb0VBUHQ3SU5qcENnCmhRWkhKWUwxeEh2VDZxUFdrMExa\nWTdLVVV5NHJMTE51ZEhPRHdaSTRTRkEKLS0tIHJ1Z0NibWQ5SitUekhKOXVGd3FH\nQ3dKNE16bnJNczhtRHBCcUxNajZRUWcKhnvYPFTkw73QPs7qDA7C3cX8RPF68sTk\n2MQORHyqN1jyBUVtvezeejL89Mdw1wghh0Q+VXW9b1ozXkFsH7IcXg==\n-----END AGE ENCRYPTED FILE-----\n"
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrVFNwUGpkOUhkUXFWWERq\nMVdueC9VSE9KbGZkenBVK3NRMjRNVXVmcVRRCjNLa0QzbWVCQks3ZmV3eFVjcEp0\nRmxDSlZIZU1IbEdnbE83WlkxV3VZV1EKLS0tICtsRXArajQ4Um9mNEV5OWZBdS85\nVGFSU2wwODZ3Zm44M3pWcTdDV1dxejQKM2BK5Axb1cF344ea89gkzCLzEX6j4amK\nzxf+boBK7JUX7F6QaPB0sRU8J4Cei9mALz96C8xNHjX00KcD3O2QOA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"lastmodified": "2024-10-21T09:28:49Z",
|
"lastmodified": "2024-11-30T13:18:20Z",
|
||||||
"mac": "ENC[AES256_GCM,data:xB5qV2aFpvTJxCbOgTaaErBez+pkSz1KEWw0c+NoglcjPkGNx+0MuoSjeuPJ0KiHcS/gol2vo+mmVEEcDSVa/S/ksI/sIqcWoQeZ+XNBcffF+5UPfsyRFBNRJwWsg88ERVwgYjKauCV5MZBvJYf/uL3uUa8chHZNFF+f3QVq464=,iv:R0Gh5SITWXGphccBfI+DbNdnBeC98qDforE1Ffb805M=,tag:L2jqUwSlv1ngPiMQith9Mw==,type:str]",
|
"mac": "ENC[AES256_GCM,data:AllgcWxHnr3igPi/JbfJCbEa6hKtmILnAjiaMojRZNO4p6zYSoF0s8lo9XX05/vIrFUo+YaCtsuacv+kfz9f6vQafPn7Vulbh6PeH1VlAmzyVfJOTmHP3YX8ic3uM56A4+III1jOERCFOIcc/CKsnRLFhLCRQRMgtgT0hTl5aPw=,iv:60dOYhoUTu1HIHzY36eJeRZ66/v6JmRRpIW99W2D+CI=,tag:F7nLSFm933K5M+JE4IvNYw==,type:str]",
|
||||||
"pgp": null,
|
"pgp": null,
|
||||||
"unencrypted_suffix": "_unencrypted",
|
"unencrypted_suffix": "_unencrypted",
|
||||||
"version": "3.9.1"
|
"version": "3.9.1"
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
"data": "ENC[AES256_GCM,data:v+ugz+pjgkY2IqW+wNM09Z7OYJoxaPxPwf/THyt+Q3N1SswU6Q3AhzqGoIeMAa+8tIRMdQ++HBsnDtCPZYHV0vNQ7GWE1w1jQ7FHa7hXaWLnqfuKbr5x5bnPzDZYxCt41a8A0fxbrN1ysBE1cMgbHe1tnBWKl1D4tay5RtMoua+vYxS1gwzZSIHY3Tq7GJkyBuJqOZA2oyDgZ9ETTwXwNaDZx35uxi9XbEBHdwIscWGFW50s1NXKavgdmeEEWyOlnIlBm4yhjnLIBW3HjSPWBsCp36+m1VUq/TwK+AH0q3sqovVFXwjduRI59RnJoZ6gMJHYFpXHUfnKZbkC8GVzczUGyLSPD9xhxrSYxGjT1T0pbQsXCls6TugVNOVsRMIN5P05uEo5URBlMkIZisnzqdgBw3gR/roboi4=,iv:NV9jvDY5teQaACPn84G/izLd4CXkZNPGGNRQG3xvw2Q=,tag:qCV+lsrYAgDbi2nMx3HmGg==,type:str]",
|
"data": "ENC[AES256_GCM,data:YRdPrTLQH0xdWiIzOyjfEGpvfmuj6me6GzZZcauh9bUUywyA1ranDnWqbJYgawQQxIXsq9dhXD0uco+7mmXq2598kF1NI9jh6uLf3k0H494zZOalRBv/k8u9oJDLIiVAkg9eNNLbGX0PMZr/Yue/qdkuXx2Hg9E7bQJwpU/NXF+jKKs+3NmKT5NBlegwAzUs530D4DUoaq5AhvVvdC6a1UcE+KJzQ8pRiz1GjFIxAB7qX+GVwa3yNdLgo2tlAbOzjGtaDfJnhZIHSNEq+4TEhjlF9lCmFCGFDUVupvMOWs0kBywJEzIrDmxmvGHlPj3FfyytPb7qhlsOXDDDS67IoiwluKOnw+sALAG0Iv9LMrDZ3z8MXeEGvRWu0VDMuGXN905/9kGx/A40mPjcfnZvI+qSRIKjER5R8aU=,iv:qiP2Ml59AnK24MBbs7N/HqJIylf+fXGqJAo2N8iFNB0=,tag:0Dj5fVs6OB07kvV4qzuvfw==,type:str]",
|
||||||
"sops": {
|
"sops": {
|
||||||
"kms": null,
|
"kms": null,
|
||||||
"gcp_kms": null,
|
"gcp_kms": null,
|
||||||
@ -8,15 +8,15 @@
|
|||||||
"age": [
|
"age": [
|
||||||
{
|
{
|
||||||
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNExxOGViUUMwaGpjYld0\ncUdTVnA0QmlPT2kxNjRjbmw0SFhyS284ajJrCnFGK2ZqR2JpTEYwdHdPZ245SkV1\nSjVzMFMvbWNma0RnbTd3ZEpTd0F2THcKLS0tICtITFJGNmhjbStMc29XaDV0dElm\nRTN2QkJhamw4RHo5bXgzSHd5TDNLUFkKJtO9aMmFE43hxRsSa0lnqGo8FVzKxysJ\nOgJMTIftSU7bEvsEok+HlBgX1kyj8v9rgzXLwTrGk42+kVw4Fm2Xkw==\n-----END AGE ENCRYPTED FILE-----\n"
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBUFlvNmRNYUlJSHZYUkpJ\nMEloQXFSdENIWGJVVDNIOVY5MS9SYWRoL0FrCnRJc05wZUZBSDRvMHNUUEhNRXQ4\nTWhYOUp6YUNGZFNWUFRrSmlJM1c4aWcKLS0tIFc1b3NlSEo2eFJhdDgwejRqcHlT\nZE5wN01uaE04cTlIbVJMVWQvQ1pXajgKQ1n6UmP7LEBsnIBXVc0BceOqvwCqQzBP\ncI8C5Io4ILgMjY4dr6sd0SeJG6mfDdiMA+k7c6jqoyZCW/Pkd3LANQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
||||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLenZoS0phekRTSW5aN3Jw\nZFJsNHJRSnR3dXBiMG5aQ2lyS0Y0Sm1nTEJVCjJ5cUJMSDk4NzBCdnNLd05rSnRi\nSEdnaGl1S1hKbFFwZjluUEkzUmR3MTAKLS0tIG9PMng3MFlUOE1wUXJ2S1cxRllx\nTi9nUm5nVWRXdk9hdWFCc1o2bHNObVEKrz7ROqTXaINk5LNpG4ibLqjCoPH0fzO3\nUgZp5PUC1+VPxYymqstK3kV5WorM2GVVfWcjLv2eofKdgpO90iKp/g==\n-----END AGE ENCRYPTED FILE-----\n"
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtM2lyeXVzdE9nL1k5L3dC\nTkl2MjhMb1FKMFdCeXFPSmNST0pvOTRUaEVvCmdwMnhjSFFHVFhidmIySS9jMEJu\nNTJpRjdFOWpZZ3ZuZFJwZUUrRFU5NnMKLS0tIDJ1UjdVQkpMNm5Pd01JRnZNOEtr\nb1lpMlBkVHpiT2lYdWtZaUQrRW1HUDgKq/JVMf5gdu6lNEmqY6zU2SymbT+jklem\nnUQ9yieJGF+PanutNW6BCJH8jb/fH+Y6AeJ9S+kKCB4Yi75i4d+oHg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"lastmodified": "2024-10-21T09:28:49Z",
|
"lastmodified": "2024-11-30T13:18:24Z",
|
||||||
"mac": "ENC[AES256_GCM,data:huZ3fDBV8bOtHW2eNxgTc9e5RmAIsvRhMFGwlVGbpDvftJKNy57CqMal/W0E0pqmvltaGMHGh/f8yzakpYphhbs1/Kro4u34QMu/jV6QvKEyDHtyAGYy6DzjCDRu216DV8uHpDaKoz+7zhjwlPSd60RlXUpfhis+DC8lmdktI2A=,iv:hCUwgkm6fCdWrAqszwzRBh5W7Z/0LXvl1dGiteJkkL0=,tag:0uDeZoG5TCc80Kzgl5U2TA==,type:str]",
|
"mac": "ENC[AES256_GCM,data:6FJTKEdIpCm+Dz7Ua8dZOMZQFaGU0oU/HRP6ly5mWbXCv81LRbZXRBd+5RDY3z9g9nb0PXZrOMNps63F6SKxK52VfzLIOap3UGeMNQn5P4/yyFj7JQHQ5Gjcf2l2z2VZ7NhUdNoSCV/6lwjValbKtids48Q5c3sFX997ZiqIUnY=,iv:nUeyJd/v8d9v7QsLLckziD9K5qjOZKK4vOQJw/ymi18=,tag:6n5EE3oklWdVcedvB2J/zA==,type:str]",
|
||||||
"pgp": null,
|
"pgp": null,
|
||||||
"unencrypted_suffix": "_unencrypted",
|
"unencrypted_suffix": "_unencrypted",
|
||||||
"version": "3.9.1"
|
"version": "3.9.1"
|
||||||
|
@ -1,118 +0,0 @@
|
|||||||
{
|
|
||||||
"root": "/var/lib/step-ca/certs/root_ca.crt",
|
|
||||||
"federatedRoots": null,
|
|
||||||
"crt": "/var/lib/step-ca/certs/intermediate_ca.crt",
|
|
||||||
"key": "/var/lib/step-ca/secrets/intermediate_ca_key",
|
|
||||||
"address": ":443",
|
|
||||||
"insecureAddress": "",
|
|
||||||
"dnsNames": [
|
|
||||||
"10.69.13.12"
|
|
||||||
],
|
|
||||||
"ssh": {
|
|
||||||
"hostKey": "/var/lib/step-ca/secrets/ssh_host_ca_key",
|
|
||||||
"userKey": "/var/lib/step-ca/secrets/ssh_user_ca_key"
|
|
||||||
},
|
|
||||||
"logger": {
|
|
||||||
"format": "text"
|
|
||||||
},
|
|
||||||
"db": {
|
|
||||||
"type": "badgerv2",
|
|
||||||
"dataSource": "/var/lib/step-ca/db",
|
|
||||||
"badgerFileLoadingMode": ""
|
|
||||||
},
|
|
||||||
"authority": {
|
|
||||||
"provisioners": [
|
|
||||||
{
|
|
||||||
"type": "JWK",
|
|
||||||
"name": "ca@home.2rjus.net",
|
|
||||||
"key": {
|
|
||||||
"use": "sig",
|
|
||||||
"kty": "EC",
|
|
||||||
"kid": "CIjtIe7FNhsNQe1qKGD9Rpj-lrf2ExyTYCXAOd3YDjE",
|
|
||||||
"crv": "P-256",
|
|
||||||
"alg": "ES256",
|
|
||||||
"x": "XRMX-BeobZ-R5-xb-E9YlaRjJUfd7JQxpscaF1NMgFo",
|
|
||||||
"y": "bF9xLp5-jywRD-MugMaOGbpbniPituWSLMlXRJnUUl0"
|
|
||||||
},
|
|
||||||
"encryptedKey": "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjYwMDAwMCwicDJzIjoiY1lWOFJPb3lteXFLMWpzcS1WM1ZXQSJ9.WS8tPK-Q4gtnSsw7MhpTzYT_oi-SQx-CsRLh7KwdZnpACtd4YbcOYg.zeyDkmKRx8BIp-eB.OQ8c-KDW07gqJFtEMqHacRBkttrbJRRz0sYR47vQWDCoWhodaXsxM_Bj2pGvUrR26ij1t7irDeypnJoh6WXvUg3n_JaIUL4HgTwKSBrXZKTscXmY7YVmRMionhAb6oS9Jgus9K4QcFDHacC9_WgtGI7dnu3m0G7c-9Ur9dcDfROfyrnAByJp1rSZMzvriQr4t9bNYjDa8E8yu9zq6aAQqF0Xg_AxwiqYqesT-sdcfrxKS61appApRgPlAhW-uuzyY0wlWtsiyLaGlWM7WMfKdHsq-VqcVrI7Gi2i77vi7OqPEberqSt8D04tIri9S_sArKqWEDnBJsL07CC41IY.CqtYfbSa_wlmIsKgNj5u7g",
|
|
||||||
"claims": {
|
|
||||||
"enableSSHCA": true
|
|
||||||
}
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "ACME",
|
|
||||||
"name": "acme"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"type": "SSHPOP",
|
|
||||||
"name": "sshpop",
|
|
||||||
"claims": {
|
|
||||||
"enableSSHCA": true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"tls": {
|
|
||||||
"cipherSuites": [
|
|
||||||
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
|
|
||||||
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
|
|
||||||
],
|
|
||||||
"minVersion": 1.2,
|
|
||||||
"maxVersion": 1.3,
|
|
||||||
"renegotiation": false
|
|
||||||
},
|
|
||||||
"templates": {
|
|
||||||
"ssh": {
|
|
||||||
"user": [
|
|
||||||
{
|
|
||||||
"name": "config.tpl",
|
|
||||||
"type": "snippet",
|
|
||||||
"template": "templates/ssh/config.tpl",
|
|
||||||
"path": "~/.ssh/config",
|
|
||||||
"comment": "#"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "step_includes.tpl",
|
|
||||||
"type": "prepend-line",
|
|
||||||
"template": "templates/ssh/step_includes.tpl",
|
|
||||||
"path": "${STEPPATH}/ssh/includes",
|
|
||||||
"comment": "#"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "step_config.tpl",
|
|
||||||
"type": "file",
|
|
||||||
"template": "templates/ssh/step_config.tpl",
|
|
||||||
"path": "ssh/config",
|
|
||||||
"comment": "#"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "known_hosts.tpl",
|
|
||||||
"type": "file",
|
|
||||||
"template": "templates/ssh/known_hosts.tpl",
|
|
||||||
"path": "ssh/known_hosts",
|
|
||||||
"comment": "#"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"host": [
|
|
||||||
{
|
|
||||||
"name": "sshd_config.tpl",
|
|
||||||
"type": "snippet",
|
|
||||||
"template": "templates/ssh/sshd_config.tpl",
|
|
||||||
"path": "/etc/ssh/sshd_config",
|
|
||||||
"comment": "#",
|
|
||||||
"requires": [
|
|
||||||
"Certificate",
|
|
||||||
"Key"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "ca.tpl",
|
|
||||||
"type": "snippet",
|
|
||||||
"template": "templates/ssh/ca.tpl",
|
|
||||||
"path": "/etc/ssh/ca.pub",
|
|
||||||
"comment": "#"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
@ -2,32 +2,157 @@
|
|||||||
{
|
{
|
||||||
sops.secrets."ca_root_pw" = {
|
sops.secrets."ca_root_pw" = {
|
||||||
sopsFile = ../../secrets/ca/secrets.yaml;
|
sopsFile = ../../secrets/ca/secrets.yaml;
|
||||||
|
owner = "step-ca";
|
||||||
path = "/var/lib/step-ca/secrets/ca_root_pw";
|
path = "/var/lib/step-ca/secrets/ca_root_pw";
|
||||||
};
|
};
|
||||||
sops.secrets."intermediate_ca_key" = {
|
sops.secrets."intermediate_ca_key" = {
|
||||||
sopsFile = ../../secrets/ca/keys/intermediate_ca_key;
|
sopsFile = ../../secrets/ca/keys/intermediate_ca_key;
|
||||||
format = "binary";
|
format = "binary";
|
||||||
|
owner = "step-ca";
|
||||||
path = "/var/lib/step-ca/secrets/intermediate_ca_key";
|
path = "/var/lib/step-ca/secrets/intermediate_ca_key";
|
||||||
};
|
};
|
||||||
sops.secrets."root_ca_key" = {
|
sops.secrets."root_ca_key" = {
|
||||||
sopsFile = ../../secrets/ca/keys/root_ca_key;
|
sopsFile = ../../secrets/ca/keys/root_ca_key;
|
||||||
format = "binary";
|
format = "binary";
|
||||||
|
owner = "step-ca";
|
||||||
path = "/var/lib/step-ca/secrets/root_ca_key";
|
path = "/var/lib/step-ca/secrets/root_ca_key";
|
||||||
};
|
};
|
||||||
sops.secrets."ssh_host_ca_key" = {
|
sops.secrets."ssh_host_ca_key" = {
|
||||||
sopsFile = ../../secrets/ca/keys/ssh_host_ca_key;
|
sopsFile = ../../secrets/ca/keys/ssh_host_ca_key;
|
||||||
format = "binary";
|
format = "binary";
|
||||||
|
owner = "step-ca";
|
||||||
path = "/var/lib/step-ca/secrets/ssh_host_ca_key";
|
path = "/var/lib/step-ca/secrets/ssh_host_ca_key";
|
||||||
};
|
};
|
||||||
sops.secrets."ssh_user_ca_key" = {
|
sops.secrets."ssh_user_ca_key" = {
|
||||||
sopsFile = ../../secrets/ca/keys/ssh_user_ca_key;
|
sopsFile = ../../secrets/ca/keys/ssh_user_ca_key;
|
||||||
format = "binary";
|
format = "binary";
|
||||||
|
owner = "step-ca";
|
||||||
path = "/var/lib/step-ca/secrets/ssh_user_ca_key";
|
path = "/var/lib/step-ca/secrets/ssh_user_ca_key";
|
||||||
};
|
};
|
||||||
|
|
||||||
#services.step-ca = {
|
services.step-ca = {
|
||||||
# enable = true;
|
enable = true;
|
||||||
# package = unstable.step-ca;
|
package = pkgs.step-ca;
|
||||||
# settings = builtins.fromJSON ./ca.json;
|
intermediatePasswordFile = "/var/lib/step-ca/secrets/ca_root_pw";
|
||||||
#};
|
address = "0.0.0.0";
|
||||||
|
port = 443;
|
||||||
|
settings = {
|
||||||
|
authority = {
|
||||||
|
provisioners = [
|
||||||
|
{
|
||||||
|
claims = {
|
||||||
|
enableSSHCA = true;
|
||||||
|
};
|
||||||
|
encryptedKey = "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjYwMDAwMCwicDJzIjoiY1lWOFJPb3lteXFLMWpzcS1WM1ZXQSJ9.WS8tPK-Q4gtnSsw7MhpTzYT_oi-SQx-CsRLh7KwdZnpACtd4YbcOYg.zeyDkmKRx8BIp-eB.OQ8c-KDW07gqJFtEMqHacRBkttrbJRRz0sYR47vQWDCoWhodaXsxM_Bj2pGvUrR26ij1t7irDeypnJoh6WXvUg3n_JaIUL4HgTwKSBrXZKTscXmY7YVmRMionhAb6oS9Jgus9K4QcFDHacC9_WgtGI7dnu3m0G7c-9Ur9dcDfROfyrnAByJp1rSZMzvriQr4t9bNYjDa8E8yu9zq6aAQqF0Xg_AxwiqYqesT-sdcfrxKS61appApRgPlAhW-uuzyY0wlWtsiyLaGlWM7WMfKdHsq-VqcVrI7Gi2i77vi7OqPEberqSt8D04tIri9S_sArKqWEDnBJsL07CC41IY.CqtYfbSa_wlmIsKgNj5u7g";
|
||||||
|
key = {
|
||||||
|
alg = "ES256";
|
||||||
|
crv = "P-256";
|
||||||
|
kid = "CIjtIe7FNhsNQe1qKGD9Rpj-lrf2ExyTYCXAOd3YDjE";
|
||||||
|
kty = "EC";
|
||||||
|
use = "sig";
|
||||||
|
x = "XRMX-BeobZ-R5-xb-E9YlaRjJUfd7JQxpscaF1NMgFo";
|
||||||
|
y = "bF9xLp5-jywRD-MugMaOGbpbniPituWSLMlXRJnUUl0";
|
||||||
|
};
|
||||||
|
name = "ca@home.2rjus.net";
|
||||||
|
type = "JWK";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "acme";
|
||||||
|
type = "ACME";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
claims = {
|
||||||
|
enableSSHCA = true;
|
||||||
|
};
|
||||||
|
name = "sshpop";
|
||||||
|
type = "SSHPOP";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
crt = "/var/lib/step-ca/certs/intermediate_ca.crt";
|
||||||
|
db = {
|
||||||
|
badgerFileLoadingMode = "";
|
||||||
|
dataSource = "/var/lib/step-ca/db";
|
||||||
|
type = "badgerv2";
|
||||||
|
};
|
||||||
|
dnsNames = [
|
||||||
|
"ca.home.2rjus.net"
|
||||||
|
"10.69.13.12"
|
||||||
|
];
|
||||||
|
federatedRoots = null;
|
||||||
|
insecureAddress = "";
|
||||||
|
key = "/var/lib/step-ca/secrets/intermediate_ca_key";
|
||||||
|
logger = {
|
||||||
|
format = "text";
|
||||||
|
};
|
||||||
|
root = "/var/lib/step-ca/certs/root_ca.crt";
|
||||||
|
ssh = {
|
||||||
|
hostKey = "/var/lib/step-ca/secrets/ssh_host_ca_key";
|
||||||
|
userKey = "/var/lib/step-ca/secrets/ssh_user_ca_key";
|
||||||
|
};
|
||||||
|
templates = {
|
||||||
|
ssh = {
|
||||||
|
host = [
|
||||||
|
{
|
||||||
|
comment = "#";
|
||||||
|
name = "sshd_config.tpl";
|
||||||
|
path = "/etc/ssh/sshd_config";
|
||||||
|
requires = [
|
||||||
|
"Certificate"
|
||||||
|
"Key"
|
||||||
|
];
|
||||||
|
template = ./templates/ssh/sshd_config.tpl;
|
||||||
|
type = "snippet";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
comment = "#";
|
||||||
|
name = "ca.tpl";
|
||||||
|
path = "/etc/ssh/ca.pub";
|
||||||
|
template = ./templates/ssh/ca.tpl;
|
||||||
|
type = "snippet";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
user = [
|
||||||
|
{
|
||||||
|
comment = "#";
|
||||||
|
name = "config.tpl";
|
||||||
|
path = "~/.ssh/config";
|
||||||
|
template = ./templates/ssh/config.tpl;
|
||||||
|
type = "snippet";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
comment = "#";
|
||||||
|
name = "step_includes.tpl";
|
||||||
|
path = "\${STEPPATH}/ssh/includes";
|
||||||
|
template = ./templates/ssh/step_includes.tpl;
|
||||||
|
type = "prepend-line";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
comment = "#";
|
||||||
|
name = "step_config.tpl";
|
||||||
|
path = "ssh/config";
|
||||||
|
template = ./templates/ssh/step_config.tpl;
|
||||||
|
type = "file";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
comment = "#";
|
||||||
|
name = "known_hosts.tpl";
|
||||||
|
path = "ssh/known_hosts";
|
||||||
|
template = ./templates/ssh/known_hosts.tpl;
|
||||||
|
type = "file";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
tls = {
|
||||||
|
cipherSuites = [
|
||||||
|
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
|
||||||
|
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
|
||||||
|
];
|
||||||
|
maxVersion = 1.3;
|
||||||
|
minVersion = 1.2;
|
||||||
|
renegotiation = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
BIN
services/ca/templates/ssh/ca.tpl
Normal file
BIN
services/ca/templates/ssh/ca.tpl
Normal file
Binary file not shown.
14
services/ca/templates/ssh/config.tpl
Normal file
14
services/ca/templates/ssh/config.tpl
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
Host *
|
||||||
|
{{- if or .User.GOOS "none" | eq "windows" }}
|
||||||
|
{{- if .User.StepBasePath }}
|
||||||
|
Include "{{ .User.StepBasePath | replace "\\" "/" | trimPrefix "C:" }}/ssh/includes"
|
||||||
|
{{- else }}
|
||||||
|
Include "{{ .User.StepPath | replace "\\" "/" | trimPrefix "C:" }}/ssh/includes"
|
||||||
|
{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
{{- if .User.StepBasePath }}
|
||||||
|
Include "{{.User.StepBasePath}}/ssh/includes"
|
||||||
|
{{- else }}
|
||||||
|
Include "{{.User.StepPath}}/ssh/includes"
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
4
services/ca/templates/ssh/known_hosts.tpl
Normal file
4
services/ca/templates/ssh/known_hosts.tpl
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}
|
||||||
|
{{- range .Step.SSH.HostFederatedKeys}}
|
||||||
|
@cert-authority * {{.Type}} {{.Marshal | toString | b64enc}}
|
||||||
|
{{- end }}
|
4
services/ca/templates/ssh/sshd_config.tpl
Normal file
4
services/ca/templates/ssh/sshd_config.tpl
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
Match all
|
||||||
|
TrustedUserCAKeys /etc/ssh/ca.pub
|
||||||
|
HostCertificate /etc/ssh/{{.User.Certificate}}
|
||||||
|
HostKey /etc/ssh/{{.User.Key}}
|
11
services/ca/templates/ssh/step_config.tpl
Normal file
11
services/ca/templates/ssh/step_config.tpl
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
Match exec "step ssh check-host{{- if .User.Context }} --context {{ .User.Context }}{{- end }} %h"
|
||||||
|
{{- if .User.User }}
|
||||||
|
User {{.User.User}}
|
||||||
|
{{- end }}
|
||||||
|
{{- if or .User.GOOS "none" | eq "windows" }}
|
||||||
|
UserKnownHostsFile "{{.User.StepPath}}\ssh\known_hosts"
|
||||||
|
ProxyCommand C:\Windows\System32\cmd.exe /c step ssh proxycommand{{- if .User.Context }} --context {{ .User.Context }}{{- end }}{{- if .User.Provisioner }} --provisioner {{ .User.Provisioner }}{{- end }} %r %h %p
|
||||||
|
{{- else }}
|
||||||
|
UserKnownHostsFile "{{.User.StepPath}}/ssh/known_hosts"
|
||||||
|
ProxyCommand step ssh proxycommand{{- if .User.Context }} --context {{ .User.Context }}{{- end }}{{- if .User.Provisioner }} --provisioner {{ .User.Provisioner }}{{- end }} %r %h %p
|
||||||
|
{{- end }}
|
1
services/ca/templates/ssh/step_includes.tpl
Normal file
1
services/ca/templates/ssh/step_includes.tpl
Normal file
@ -0,0 +1 @@
|
|||||||
|
{{- if or .User.GOOS "none" | eq "windows" }}Include "{{ .User.StepPath | replace "\\" "/" | trimPrefix "C:" }}/ssh/config"{{- else }}Include "{{.User.StepPath}}/ssh/config"{{- end }}
|
Loading…
Reference in New Issue
Block a user