torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Compare commits

base: torjus:048536ba70f9e32a3474b7a7a1f8a79d15a233fd
Branches Tags
torjus:master torjus:nrec-forgejo torjus:jellyfin-maintenance torjus:loki-monitoring02 torjus:pipe-to-loki torjus:kanidm-pam-client torjus:deploy-test-hosts torjus:homelab-deploy-metrics torjus:host-vault01
...
compare: torjus:9bdce0147299e74f69455c8041f542c604210e5b
Branches Tags
torjus:master torjus:nrec-forgejo torjus:jellyfin-maintenance torjus:loki-monitoring02 torjus:pipe-to-loki torjus:kanidm-pam-client torjus:deploy-test-hosts torjus:homelab-deploy-metrics torjus:host-vault01

2 Commits
048536ba70 ... 9bdce01472

Author SHA1 Message Date
Torjus Håkestad
9bdce01472 fixup! pki: add new vault root ca to pki
Some checks failed
Run nix flake check / flake-check (push) Failing after 36s
Details
2026-02-03 05:00:54 +01:00
Torjus Håkestad
225943c8a5 pki: add new vault root ca to pki 2026-02-03 04:56:22 +01:00
5 changed files with 18 additions and 3 deletions
Expand all files Collapse all files

2
system/default.nix
View File

@@ -7,7 +7,7 @@
./packages.nix ./packages.nix
./nix.nix ./nix.nix
./root-user.nix ./root-user.nix
./root-ca.nix ./pki/root-ca.nix
./sops.nix ./sops.nix
./sshd.nix ./sshd.nix
./vault-secrets.nix ./vault-secrets.nix

0
system/root-ca.crt → system/pki/root-ca.crt
View File

1
system/root-ca.nix → system/pki/root-ca.nix
View File

@@ -4,6 +4,7 @@
certificateFiles = [ certificateFiles = [
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
./root-ca.crt ./root-ca.crt
./root-ca-vault.crt
]; ];
}; };
} }

14
system/pki/vault-root-ca.crt Normal file
View File

@@ -0,0 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICIjCCAaigAwIBAgIUQ/Bd/4kNvkPjQjgGLUMynIVzGeAwCgYIKoZIzj0EAwMw
QDELMAkGA1UEBhMCTk8xEDAOBgNVBAoTB0hvbWVsYWIxHzAdBgNVBAMTFmhvbWUu
MnJqdXMubmV0IFJvb3QgQ0EwHhcNMjYwMjAxMjIxODA5WhcNMzYwMTMwMjIxODM5
WjBAMQswCQYDVQQGEwJOTzEQMA4GA1UEChMHSG9tZWxhYjEfMB0GA1UEAxMWaG9t
ZS4ycmp1cy5uZXQgUm9vdCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABH8xhIOl
Nd1Yb1OFhgIJQZM+OkwoFenOQiKfuQ4oPMxaF+fnXdKc77qPDVRjeDy61oGS38X3
CjPOZAzS9kjo7FmVbzdqlYK7ut/OylF+8MJkCT8mFO1xvuzIXhufnyAD4aNjMGEw
DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEimBeAg
3JVeF4BqdC9hMZ8MYKw2MB8GA1UdIwQYMBaAFEimBeAg3JVeF4BqdC9hMZ8MYKw2
MAoGCCqGSM49BAMDA2gAMGUCMQCvhRElHBra/XyT93SKcG6ZzIG+K+DH3J5jm6Xr
zaGj2VtdhBRVmEKaUcjU7htgSxcCMA9qHKYFcUH72W7By763M6sy8OOiGQNDSERY
VgnNv9rLCvCef1C8G2bYh/sKGZTPGQ==
-----END CERTIFICATE-----

4
terraform/vms.tf
View File

@@ -50,8 +50,8 @@ locals {
cpu_cores = 2 cpu_cores = 2
memory = 2048 memory = 2048
disk_size = "20G" disk_size = "20G"
flake_branch = "vault-bootstrap-integration" flake_branch = "pki-migration"
vault_wrapped_token = "s.HwNenAYvXBsPs8uICh4CbE11" vault_wrapped_token = "s.UCpQCOp7cOKDdtGGBvfRWwAt"
} }
} }