Compare commits
4 Commits
a19161ca69
...
8b5a2825df
Author | SHA1 | Date | |
---|---|---|---|
8b5a2825df | |||
9db005b1ea | |||
9615d98e3f | |||
d7a6e09ce3 |
12
.sops.yaml
12
.sops.yaml
@ -8,6 +8,7 @@ keys:
|
||||
- &server_nixos-test1 age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju
|
||||
- &server_inc1 age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8
|
||||
- &server_http-proxy age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m
|
||||
- &server_ca age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk
|
||||
creation_rules:
|
||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)
|
||||
key_groups:
|
||||
@ -21,8 +22,19 @@ creation_rules:
|
||||
- *server_nixos-test1
|
||||
- *server_inc1
|
||||
- *server_http-proxy
|
||||
- *server_ca
|
||||
- path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini)
|
||||
key_groups:
|
||||
- age:
|
||||
- *admin_torjus
|
||||
- *server_ns3
|
||||
- path_regex: secrets/ca/[^/]+\.(yaml|json|env|ini|)
|
||||
key_groups:
|
||||
- age:
|
||||
- *admin_torjus
|
||||
- *server_ca
|
||||
- path_regex: secrets/ca/keys/.+
|
||||
key_groups:
|
||||
- age:
|
||||
- *admin_torjus
|
||||
- *server_ca
|
||||
|
16
flake.nix
16
flake.nix
@ -200,6 +200,22 @@
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
};
|
||||
ca = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = {
|
||||
inherit inputs self sops-nix;
|
||||
};
|
||||
modules = [
|
||||
(
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
nixpkgs.overlays = [ overlay-unstable ];
|
||||
}
|
||||
)
|
||||
./hosts/ca
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
62
hosts/ca/configuration.nix
Normal file
62
hosts/ca/configuration.nix
Normal file
@ -0,0 +1,62 @@
|
||||
{
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
imports = [
|
||||
../template/hardware-configuration.nix
|
||||
|
||||
../../system
|
||||
];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
# Use the systemd-boot EFI boot loader.
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
device = "/dev/sda";
|
||||
configurationLimit = 3;
|
||||
};
|
||||
|
||||
networking.hostName = "ca";
|
||||
networking.domain = "home.2rjus.net";
|
||||
networking.useNetworkd = true;
|
||||
networking.useDHCP = false;
|
||||
services.resolved.enable = true;
|
||||
networking.nameservers = [
|
||||
"10.69.13.5"
|
||||
"10.69.13.6"
|
||||
];
|
||||
|
||||
systemd.network.enable = true;
|
||||
systemd.network.networks."ens18" = {
|
||||
matchConfig.Name = "ens18";
|
||||
address = [
|
||||
"10.69.13.12/24"
|
||||
];
|
||||
routes = [
|
||||
{ routeConfig.Gateway = "10.69.13.1"; }
|
||||
];
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
};
|
||||
time.timeZone = "Europe/Oslo";
|
||||
|
||||
nix.settings.experimental-features = [
|
||||
"nix-command"
|
||||
"flakes"
|
||||
];
|
||||
nix.settings.tarball-ttl = 0;
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
wget
|
||||
git
|
||||
];
|
||||
|
||||
# Open ports in the firewall.
|
||||
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
networking.firewall.enable = false;
|
||||
|
||||
system.stateVersion = "23.11"; # Did you read the comment?
|
||||
}
|
7
hosts/ca/default.nix
Normal file
7
hosts/ca/default.nix
Normal file
@ -0,0 +1,7 @@
|
||||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./configuration.nix
|
||||
../../services/ca
|
||||
];
|
||||
}
|
24
secrets/ca/keys/intermediate_ca_key
Normal file
24
secrets/ca/keys/intermediate_ca_key
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:S/dDpfZyvnGJ3mbDWS5rQZN1EwIQCQuj2WxKnMFirP/tYTsZTROte3KBE/k+7gwzDr6vayawbJr87zWv2ZV7iXiFZ6UK2wPD5Kj1HTY6D+0QtYrJ4Er0MrrFoxEAj+HRVhdXWwTchoC8Hio+8QOKFWW7mgyxh67UDRQJjAYaPoQ2ol19Zg/k5PSZZN9Qn+Bn9Hd5Hq0b2UBPXIWRbQ7u0JeyQXHY6dAzDoruhhrBcZIbX/PRghdAvIPQUo5LbCn5VrmnunktJnTgt9Dtv67ihTa1iBPdUjpkEV/FhDlDPrWAztBurv3IoZZ4hjAYbc/WeFlOkai83th7ggIJ3Njjrvh2JKdg6GDAerOUVtxmt2SECYZcih0ouNecRl/4UYlCi1QsBFJecJDcHh1zWDNiBGIBywkhfY7NUPBoWlfhBRL58JGsnPFthRT7lqF1MIuM2/q1dgCRaVJUsJ0c0WLbpFNUaLIE/TuaI33yVNlmV0yokCa/Q2fKHmkWCN9GkxkIDVxaB2KGusM8op5fDPaTr4kbnGklu+dqha1dZDfVw+GuFzUf5et/oOHZtpCUUwUk6O6IiwDyd6VRjxSYpyrBaNXrStsaUy0uIybCf/whUFiZ/cDuI72i8RGa4Ix/2zDcmdK77bMU3/dTFMh70gWXtHshrCsb043gmZzmkWlXYhPmFnPDX9AATRoEb5/ajfnUskajHN718MW/e5eYwRxBYDwjPCx8aQYr0f5UkNoBbgujsf3n/RsGYMxB7OZlFImnB+SN9hyqN1WsAykL693EqlXtK8+xrcWBnAVuiN3yxGFL1Gz4XlcBJiLjKWVkshuoqr/XdFuDXDs9eEHSpKg4lEOU4vP7hLMl/DhM1ncd/wENnrE0jxgNkX6HqbOQEaiJU6cBs+2M48UzEWDc/+AQpGBpOrd2gzo3o2behW4BQWzhyOZym2DxP+y97mQ8FUxfHW6BFeKTmohQb0wukPw5/ReJNysU+SLmMd8vuGGBHZeY6AMz9zMXE/v1p0+Y1lvCdelAGI1EA72wl7DmtlCCRMnXYdxMfAsH55tuD9+W4dDut67se5Oig3lDYrL/+ubtK8F4iFz7EcJdmIsykeLfK+PbNjPPd24ul0aJPKWgXKNtAtD0QJOuv/b3C/ie3D1hgjajv+X19midWyJGVDvYL/et3ZyypTYH7Q1yqyX6+cH//jZAtmCm5gUNpsFgTZJVzZ94P4iRl6WCgt9D7u8omNA7ov1qbawMxmLlSGq4QcPQXS3giXQItX1CGzJUDoh1v2g+8CWVOfejWerF/qawkNHPaO1Tq5OpDIqha3AGNRGXgqiJfCqD6wo84QKnOjS8Dt1VYaf0gZZmr0XhLfF7bkMxC/M/SmCdJV9Z1XDMMA9aVKVC5GPVJIyx56TZKD4VoliMrVS3u71lMit9XG4v/bqN07hmGJq+An2oBGGqDPJgzysqHvZ1ugmmNwSTAi3Sp5MiOGAx9veagzTnx1W5djb0G+KaSO6UFpgL1NAGHDTztCEPbFcgjHAG0SB+vWfV2go8IM4MLlRsDj1yZMIlvV1b6qAJPfbI070HjIDOfK+J5O7RedsMQlEAHFVSbJ4cX9/OmHs+4pfmu8ToaRkGWQzclyjajqX9p8AT4fHq7upaL3F8Vxry7rCDDlcyIFBL2bv/LAA7N3SgUjljUjf+miIgTy/VyK10HqW2eNlsxWmYXWptpymkqE4kIpCI+g0kPbslbqLFIFeY/7uRBqaoO+brFfXO2CYdfTbbCi16obG0Lov9ucntrfp8opbmZOgefOy9iB+z7Pw48n0PkfDkpXBxdwtFpEz5se/d8EYnZOSUfGqO47KRXeA9SGluCg7e9Z1wiXLjo5JHYqlliscmlVedeRpNevpnWx/z5sV1z7/4WtV7PEjuw5bhE6m/O6LaHtYX7kY8XjvRrr1pfcpTd/knFLK2ClFdGZvnYFdQCKEEqTINO+1x3C8CDF0c0YIPXUiWNubZMNSOJ+uZu7bnhacJMOAowylUwA2nQZn5dkVjw1Zf25pPzvzBA5m+6bTd32+kAd2KeGQqbmXfQN+Iez7tC/DZJ0Yi1lvoUntG7dqA+soIx8I1GjPlCiEtxUao7RR0dwOobmq9gGvu70qmSgnSV9Z+SA5ZnCuBIWjLA0WMuOxwUpv6gKzvNqyPYhAmks7Z4lUAreAvMcuvBmAd4/RhXZkJ6fQWc/eHTkdXLAzfppvl2cNhkfOcOsZaBD70mcISeYK6j2Ug88Bs4eybFUNXs50NpwOab5FsZJfzQEVh5tVzuE2tSGIZphy0DSARWJEzX8DIfFaSqd8gSeoy+Q6MgtzZSKg9VauuEZ92bezMoEYeMSGn7lZbiGgtM3S0oGel9lzCP6L00u+CpEDKm+toGtDGDKKCdMVETyRIA9/gktvszwVDmPmO01tiemyCS67hzN3MmcwzcT2POxxmhFqprA0GPyCK4yzo+xNJxD1riShRbeaVIb80gjyzoaEC02OXTuTbp+LpBeZ+JuLQapF+V9VwTz2qedsyA1ZU9L/qybfNjPmodzSZnARS9UJw6EecdMVjumAKnONqv5IJ7TFdIyNd5oT1X1mD3AP2ujQpYiTdnbpTukQZr6BMnmLPEH3ySg40y/pl04VmdqSKGMUI69qdlkDsD+K/jUYyQ3BqyVev9ZJEsbZSHh0oBpYEcYWlo+ugxhlig1Ou+J5a/J7R1/6yQlnKtjI1WNxI4uSUib/78GXPCA==,iv:VHGFl9flRW4qYxEzqVmRKLDVTeZNEeW6E2OnqB3rB3g=,tag:8PnIUH9vOlbJINDPU+pulw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMUhCOUVVTVpTUk1Pdkly\nK0pINEdVaEo1NFF1YnFPT1l5RE5JcTZieTNjClNxL2laTUdMU1M3bjc5OFE3ZVh4\nN1cwUmlpbXhiM2tlak5ZN1ZxV1FjMjQKLS0tIDA4UmlrSStGKzVsVFlZL2g0cnQr\nWWh4Z1lRRWtJR0Rudmhobjh0bWxuaHcKbGpnkqhKtjCjhtjKi5wl+0tFCEt//FkP\nfLBTUimlLTTINh/29fhd/5P+lgwKXCYTG7GZVY5zLVlhy9eR9fkS8w==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIYityQThnWGF3REpUSjhR\nbGMzaTkxaTVwVFJoZlFyUitYMTZFVnc1ZUQ0Cmh3bzdhcitWMXF3Z2t6SjF2Rzlk\nK0xvMGsxa0RBdzV0TzBUM0FMMlozeW8KLS0tIDdOb0JYNEVuT3hEakpIYmRpQlBO\nbFM5b0RDbEhDYTlFNG4wMnZqM2hIcWMKrpZjbcjJ5PE52/5CoYBsDUngYEOVvrAB\nQ1BI/fgs4U6YHApUbLGJT2GGy+JXvBKc8bqc8YxLFhONqT3RKzCHJg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-10-21T09:28:49Z",
|
||||
"mac": "ENC[AES256_GCM,data:0YA9KHUFsh3zERG8kbr8TbklTib9aOdrzdlk5aPZ8UyFkbmP0HKk+lXPQ3RwRVbhMmK3VhGU0IxA0J/QUw7SQu22zSBkl1DF5PzqoKkNgt9T5hZJI2HqWRE3/38/5AU6L5mX7ul28Y47L3lcgr4PNLxlg5qyvxUKoM9riw474I0=,iv:G40/HLd1ftXclEcX8FMQjoce91o83dA2KWeO6VaIqLQ=,tag:7KU2Rz89AiggOuumKNfSjg==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.1"
|
||||
}
|
||||
}
|
24
secrets/ca/keys/root_ca_key
Normal file
24
secrets/ca/keys/root_ca_key
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:OTpEO78zXv66cH1oKwqmFzNPnnkTH3I66J3emqzYEFtii7EJ3d9POquapJhSRWGZs3kvQevFbMTsdtIvWrrwGNcbmBlSLeNOKrOWjXix1uemsBsA4tt79L7dms9tFMXm7nBqy71wo0MsYjzXEYBTy7n91IIKwkg4o+n9MCQivDXVN3rAy8o25HjuS8fSJRRTuQ92Nnc7WjIbPQbyqHPBlp7hxO9xC6/JdOWZ3Zo/X6AyZuzcoF6Nd5A08hImPtbNZ1/MiBurdLSqGkYx9m5KsGmFKinRqWwYWnsQidXl+2xQcqCZNvdCNMe1OwybAxAEiQDksCTpYOQISIzCsXoT3Wfr4ZpZAlLCzw+ga7nnvF2CPiUeRWXyB655vg0vXgqUHYIaN3l1A1P8OWHRDz/tPd7pWbwAj4BZvDY=,iv:oI+1jK2+4vCW67PbM9VxoViBqUOh9BYP8xZHCaAJloQ=,tag:QX/nFv4NB4ERCP5zB8Mqdw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZVHE5aUNjS3F5VFYzMW1j\nbGJkK0VPRmJ2Nk1HSnNXUk1rK0tzaHMzcFZBCjRzTkVZT3hsakRsTHJPSXpGNHdw\nODNTWGhNZWhhdHplYUpBVFp4eE0zLzAKLS0tIGJ4RDkyZ1hTYTBnUHlxRWR6bEpZ\najBvNjdsK3NieEhoVkZkL3ZJWWRxK2MKKKmoz+U/TIAeE1nJop0FtxoOfAR2iP/Y\n5cdTsbXUgDSVginxJbnDaEM9v+OYJXO6ugQNBnkAaHbWn4ADnA8UCA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdW1ZQkxUaFdtekR5eGh5\nYWdTbWVtemtteFIwNlZVVSthZElnZUp4QjN3ClFsOW9rZVhZckZ5MWdiTjNQbFN4\nNHZaSVEvR085b093dlM3SHl6c01yVWcKLS0tIE10L3lZZDVkQ2I5TEduYkU3V21a\nZ0k5cTcvYmdJMU5QUDV3QWtuYkRUWHcKNgfl9S2V7kuobwgc0mMR+O/quq06y+5q\ncipmOM7DIkyFDq5Cl0e//MZywoOfBTsYlCncA6Hb4hW+Y2Tn+/C4tA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-10-21T09:28:49Z",
|
||||
"mac": "ENC[AES256_GCM,data:UAJ61bLXP9j7/uyppVMvvRLhO12XQXhCLEtfqdeOi7STUqTaCu1NsbNxf+ErA5eVn2DjGMJuyNvxamD1rxzc+VjELOit1pY9Wg4f15nRyryTt9r+iUrYttcwvUXq2knw8bDtJOqz/nYvg4R1qyXwjdSHLrKn6LmKsO0KwTB1nAQ=,iv:jHSYSYfuow0cM8ECzbQ2jM4J3Q5MQTBQ80u/eglfU9g=,tag:tQxMsKppD8xOcGKcBFXm2Q==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.1"
|
||||
}
|
||||
}
|
24
secrets/ca/keys/ssh_host_ca_key
Normal file
24
secrets/ca/keys/ssh_host_ca_key
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:1ntjhGcHOtOcYBsEskgm/pBmQh2xVu0owTmPgfIzKimrSGS3XG0YUGztakb1jW3IgjRs1hssQpJKxkabSuPVNg4q1Nw7tX3aEfH2K6f2xnV3a7bp8yS30O9+7gDMB6wcTodMfou3Ypm3l2v6YXtVbh/4Gq/7FNUlHxa2wPux4pqoDyMjV1zjJT1exFl1JkUPzzT+02gGSEFacC47I7t85XfPxmn1hdpvpUlGA9CMHrQqTXf4moxePMyLK1oAgXtGLGXpQXl/RWiqNQMEmmBXfynjby6ojq/+psgGgbt89BI5Gi7tb131WXeg/xQSZeGkfbjWyl6/fy60GGPJ004VY0RKN8pB6/duggwWZPa/oEN1V8/DVNcTaq2YKrD4GBoPqeDegnRgMubeyb+talqegEr9AHAhdLtEKio=,iv:eb1VwHeESCREOv4lftxMIDjSFxCiagm0HRzzCURDgMw=,tag:6YhDt3kR+rs+fE14W5Sk5A==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoYzB4UGJwZmFmdXEzT0Vy\nV2ZkMzk5UXd4S1RKeUJmNTNGbHhvUnkzY3cwCkNMQS83dTFQaWJ5YzIwYXZNM0FB\ncTBLWVlWMXJNSlRjRUhDSEV1NFRLQ3MKLS0tIGlkRlZYZ0R6dXJORVBpMkpWWE1l\nWlprQ3kwcXkzMUdVWXpidmgxby9wRVEK3ItRAZMfAtOzjN5r7GHU8KT1upW+xvIA\nqXxIXZBdkkxKOJWQXn5i/xC8YoNek4fdqGeWUGOF9FguU5Zj2tO+ZA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQZ2JPWmIxSXg4YnNwMnNw\nMUJSTWlHWDFoNU9ZcmdPb0VBUHQ3SU5qcENnCmhRWkhKWUwxeEh2VDZxUFdrMExa\nWTdLVVV5NHJMTE51ZEhPRHdaSTRTRkEKLS0tIHJ1Z0NibWQ5SitUekhKOXVGd3FH\nQ3dKNE16bnJNczhtRHBCcUxNajZRUWcKhnvYPFTkw73QPs7qDA7C3cX8RPF68sTk\n2MQORHyqN1jyBUVtvezeejL89Mdw1wghh0Q+VXW9b1ozXkFsH7IcXg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-10-21T09:28:49Z",
|
||||
"mac": "ENC[AES256_GCM,data:xB5qV2aFpvTJxCbOgTaaErBez+pkSz1KEWw0c+NoglcjPkGNx+0MuoSjeuPJ0KiHcS/gol2vo+mmVEEcDSVa/S/ksI/sIqcWoQeZ+XNBcffF+5UPfsyRFBNRJwWsg88ERVwgYjKauCV5MZBvJYf/uL3uUa8chHZNFF+f3QVq464=,iv:R0Gh5SITWXGphccBfI+DbNdnBeC98qDforE1Ffb805M=,tag:L2jqUwSlv1ngPiMQith9Mw==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.1"
|
||||
}
|
||||
}
|
24
secrets/ca/keys/ssh_user_ca_key
Normal file
24
secrets/ca/keys/ssh_user_ca_key
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:v+ugz+pjgkY2IqW+wNM09Z7OYJoxaPxPwf/THyt+Q3N1SswU6Q3AhzqGoIeMAa+8tIRMdQ++HBsnDtCPZYHV0vNQ7GWE1w1jQ7FHa7hXaWLnqfuKbr5x5bnPzDZYxCt41a8A0fxbrN1ysBE1cMgbHe1tnBWKl1D4tay5RtMoua+vYxS1gwzZSIHY3Tq7GJkyBuJqOZA2oyDgZ9ETTwXwNaDZx35uxi9XbEBHdwIscWGFW50s1NXKavgdmeEEWyOlnIlBm4yhjnLIBW3HjSPWBsCp36+m1VUq/TwK+AH0q3sqovVFXwjduRI59RnJoZ6gMJHYFpXHUfnKZbkC8GVzczUGyLSPD9xhxrSYxGjT1T0pbQsXCls6TugVNOVsRMIN5P05uEo5URBlMkIZisnzqdgBw3gR/roboi4=,iv:NV9jvDY5teQaACPn84G/izLd4CXkZNPGGNRQG3xvw2Q=,tag:qCV+lsrYAgDbi2nMx3HmGg==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNExxOGViUUMwaGpjYld0\ncUdTVnA0QmlPT2kxNjRjbmw0SFhyS284ajJrCnFGK2ZqR2JpTEYwdHdPZ245SkV1\nSjVzMFMvbWNma0RnbTd3ZEpTd0F2THcKLS0tICtITFJGNmhjbStMc29XaDV0dElm\nRTN2QkJhamw4RHo5bXgzSHd5TDNLUFkKJtO9aMmFE43hxRsSa0lnqGo8FVzKxysJ\nOgJMTIftSU7bEvsEok+HlBgX1kyj8v9rgzXLwTrGk42+kVw4Fm2Xkw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLenZoS0phekRTSW5aN3Jw\nZFJsNHJRSnR3dXBiMG5aQ2lyS0Y0Sm1nTEJVCjJ5cUJMSDk4NzBCdnNLd05rSnRi\nSEdnaGl1S1hKbFFwZjluUEkzUmR3MTAKLS0tIG9PMng3MFlUOE1wUXJ2S1cxRllx\nTi9nUm5nVWRXdk9hdWFCc1o2bHNObVEKrz7ROqTXaINk5LNpG4ibLqjCoPH0fzO3\nUgZp5PUC1+VPxYymqstK3kV5WorM2GVVfWcjLv2eofKdgpO90iKp/g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-10-21T09:28:49Z",
|
||||
"mac": "ENC[AES256_GCM,data:huZ3fDBV8bOtHW2eNxgTc9e5RmAIsvRhMFGwlVGbpDvftJKNy57CqMal/W0E0pqmvltaGMHGh/f8yzakpYphhbs1/Kro4u34QMu/jV6QvKEyDHtyAGYy6DzjCDRu216DV8uHpDaKoz+7zhjwlPSd60RlXUpfhis+DC8lmdktI2A=,iv:hCUwgkm6fCdWrAqszwzRBh5W7Z/0LXvl1dGiteJkkL0=,tag:0uDeZoG5TCc80Kzgl5U2TA==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.1"
|
||||
}
|
||||
}
|
30
secrets/ca/secrets.yaml
Normal file
30
secrets/ca/secrets.yaml
Normal file
@ -0,0 +1,30 @@
|
||||
ca_root_pw: ENC[AES256_GCM,data:jS5BHS9i/pOykus5aGsW+w==,iv:aQIU7uXnNKaeNXv1UjRpBoSYcRpHo8RjnvCaIw4yCqc=,tag:lkjGm5/Ve93nizqGDQ0ByA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5anlORWxJalhRWkJPeGIy
|
||||
OStyVG8vMFRTTEZOWHR3Q3N1UWJQbFlxV3pBCmVKQVM1SlJ2L0JOb3U3cTh3YkZ4
|
||||
WHAxSUpTT1dyRHJHYVd1Qkh1ZWxwYW8KLS0tIEhXeklsSmlGaFlaaWF5L0Nodk5a
|
||||
clZ4M3hFSlFqaEZ0UWREdHpTQ29GVUEKAxj5P05Ilpwis2oKFe54mJX+1LfTwfUv
|
||||
2XRFOrEQbFNcK5WFu46p1mc/AAjKTeHWuvb2Yq43CO+sh1+kqKz0XA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaS0dqQ1p4MEE2d2JaeFRx
|
||||
UnB4ejhrS3hLekpqeWJhcEJGdnpzMTZDelVRCmFjVGswd3VtRUloWG1WbWY5N0s3
|
||||
cG9aV2hGU3lFZkkvcUJNWE1rWUIwMmMKLS0tIG1KdlhoQzREWDhPbXVSZVBUQkdE
|
||||
N1hmcEwxWXBIWkQ3a3BrdGhvUFoxbzgKX6hLoz7o/Du6ymrYwmGDkXp2XT+0+7QE
|
||||
YhD5qQzGLVQSh3XM/wWExj2Ue5/gw/NqNziHezOh2r9gQljbHjG2/g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-10-21T09:12:26Z"
|
||||
mac: ENC[AES256_GCM,data:hfPRIXt/kZJa6lsj7rz+5xGlrWhR/LX895S2d8auP/4t3V//80YE/ofIsHeAY9M7eSFsW9ce2Vp0C/WiCQefVWNaNN7nVAwskCfQ6vTWzs23oYz4NYIeCtZggBG3uGgJxb7ZnAFUJWmLwCxkKTQyoVVnn8i/rUDIBrkilbeLWNI=,iv:lm1HVbWtAifHjqKP0D3sxRadsE9+82ugbA2x54yRBTo=,tag:averxmPLa131lJtFrNxcEA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
@ -10,83 +10,92 @@ sops:
|
||||
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTG8vUFZpeXpoSHFTZjlN
|
||||
d1Jub1F6WnhZQ2FoOVEvMWxyMzhvKzRoaUc4Cittd05yYm00VUFTOUZSNFpPaE9i
|
||||
NmVKVmhreG5hVFJtSm5ZR3RjbmFsNk0KLS0tIDNTSmxjQncybTRtamlqL0g0eExk
|
||||
aG5hbjZzOXRIZVE5QUtXZXgwTmtXZ2sKxc9ueZ4k6LweCtSITa/piXMNEgtJ4Rgh
|
||||
XqanVNqrmuPaNyrSbf8vDuwJbaXNTSU5nySjEkkfpUtBVVD5E4ivTQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxQTVka2k2dGpvekhJeWU5
|
||||
M2VFOWh0S3RsbzBqQ2lhL1VQQVVvKzA5QldzCllVZk56SndDQjMyRzljUVdiQ1Bw
|
||||
eWx3bnZ5NWg0RTZ3aGtFbHp5RGQvNHcKLS0tIGxFVFA4R3NQcnNnZzR4a0pQdnFs
|
||||
dERsUjgzaFQrY0VTZFRDbVhISEwwelEKE4LcpxhwEaPOkO7uHqI6DpYNGTNjoRtw
|
||||
6IeDTOLlx07CMHQ/9hWbUwKyr51FMJGJ7Q5rgBKaCFgCfKBF1ssGVg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRNG9qT0RCbVFwY3Fyd0VB
|
||||
TzBvTG1ENEM2SFRUOXVUczdJQis3ai9JaXdZCkV5cVp4elBEVm1rYS93dkJtaW5X
|
||||
RWxRbzMzRmtwK1ZXa0ZHdkdrSyt3ZVUKLS0tIEFwcGt1ZWh1RHBUTXJZT0NTN0t6
|
||||
eEtaUDRxYmR6YUJJR01HNW0reUthdzgKgtKA14llO5cuyLg/Fpoe2BQv4QquDaNW
|
||||
RuFefJ5VAacdg43FLZ8z8xaQWpWFxGWHsvhgzJlG6Dd8t9qxyzDg1Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPcitIbE95dVo2SHBVNEp5
|
||||
UlVpL21peTRRZWxTcThxaWZQdmdlRmloUHdnCndFQmFTWHdqa1NmZm1vVVRVSWk0
|
||||
QVJIanlPSUc5WTZqYVN2ditZVFpLL1kKLS0tIERvTmQwYUdSMWlpWkdtSWhtbVJD
|
||||
LzV1VEdObXRHYnVBaGYrUDhPU0FXU2sK5wPshVZNc+KdOfEv449VSOn81u7MNLZT
|
||||
xKtBEwe2H6FOxyauLrpfrTo5dAWnRhSsIHiIR2e6WjXajTjVPOpWcg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXYUV5eDBaSFNrM20xVzVD
|
||||
UWtDUXN6cVpRUmw2ZFI0UE02K091K3RlR1hvCmQ5S1BFN1c2SnhHWEFGNlBxV0VQ
|
||||
YXZITEY3bDZVQTZGYlNRN2RsVzdjczAKLS0tIDYxdS9lTS82dW5VOGJwY1h5TzBG
|
||||
c1JMbkpKbFhyRkd3blVyKzNnNzhxckUKSZQxrLFzRzrEWBviCfj1HO0o415RPw04
|
||||
wiUtxO1FJBk5QDEIKuBlXAElwpzaREcjMQAvPp8V24whUe6ryvd+IA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxR3FmRnhzZUd0eEoxbmRo
|
||||
YzVaakl0eXA1dy9uRlhyc2RyeUlvT2VkYTFVCm9CcEI1a3FQL2piWHo1NWRvK0Yz
|
||||
NGM4SFRtQnZRNHVrZm1Cemw2SWxJNTQKLS0tIHFKYWMwdVltbzhKVTUvOEdXTE9T
|
||||
aStOZndTL3hITmVZaU5qMlhsLzl4dDgKWm2cGdCeIKjggE/udnuor4xhGVNcb6vk
|
||||
yKNXwD/tWMI+fykp3S+G8Aqt8vWXRbQbx4ITg8iVVZudi2SIf50rGQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxVGV1bC9rMXk0UitRRll0
|
||||
OC9HeUFqYmZGa3dPOGVHRnNHeVZqRGczVnhzCjB2M1UxdHNEZzRodlg4dkwzcmsw
|
||||
L0plRjh1UE4zZEVjRGR3eGFyY3BaVDgKLS0tIFJmeWhDK2JCbUZZKy9IMjloT1Fa
|
||||
Rmg4QXpSeWxFd1FSWUJPYVlXR2JQVzgKfBO4bCsC7z7y6z/l9w+Inyg7mtXoyH0O
|
||||
Jc863UQrUkEJ48GmTnN2C7sswTPBhh85dbx3Xo8LPmQgOSGwhavcBA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMM0dabXVDVUFJZld5RmxT
|
||||
MFJLMm53VW05YVJ5RFk3YkxFUE5aS2UxVndJCmVLMkw4UnBwK205cTJVN3laTmN0
|
||||
YnRqSlpzL3JaUEFWWnR6SmxKa2lHNHMKLS0tIEtsMGR5Y01PRk5RNGVyMWZUc3dW
|
||||
ZXVPRFI1eFJLYkJyN0YrU28yenJhNG8KBmM0oIoMMmT9tBmfvaoxumCwwM/X9khd
|
||||
XkSdNax6HfovIylzoChJ6srIZ5BmTtA2ioKMna/kif57PD5nDU7Kmg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzaFh5VHJyalRpczRZMUh1
|
||||
QVdNU2ZtemtBaUxUNzNHU051UjVXemExTlM4ClU1QnJHZ3RhRDJodDF6eHRLTWla
|
||||
c0pmQ1lNazltbzNRVFR3UXM5TFdpMFUKLS0tIFhVQWRzb08vajhhaS9YbHhDTnZJ
|
||||
MVZwc05CSmFvTDF2RmxPY3hMNWlrWmsK3Wg7ksOhLqoL0OwHcqWHwSWaossr8gZV
|
||||
jjkk4v7KP2/dIw9AqHiibQUIenHZvenejYdPKR7T0nMU+FT0G+36PA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SzVlS2pBZWZGUzIvZ0U3
|
||||
VDkrcmRESHh6MG8yNUZBRlEvam9SeUJseXpFCkVMSTFiTmsyMWEwNVg4TmdaeEdo
|
||||
K09GdTdkR1g3bUJ6dFpZaGZKTjY3aW8KLS0tIGcxalhyVGlCM2hGdGhCL2dXTDk2
|
||||
N1gxdGZJSDVGUXFwTStoTFpXQkdUT3MKQ8c3oZfGxloS/eJByG2i25Cg3Gg9I65P
|
||||
eqA+Jx5SWaM+DyYIxe7HseoPA0jwK5hUEJfcK+HK4N6ErbnG7n8byg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjSHFwZlNnUTVzWmdTSDJz
|
||||
TzY1Q1p5RXBQbk1kTm9OZWtnUzhKUitHaVJNCnBXY2R6eUd4UzcvLzJuWWFOZWFT
|
||||
cTUzMVltWFZKaHJ2b040VVhhY25XQmMKLS0tIFNIM2RqbnNGWCtBbWlwdWpCUFZh
|
||||
Y3lySUZEa29HVFRlVTJ3RlMzeUtkNjQK3b4xf7bpHVEptl9288mKiI7lT3UHSTsp
|
||||
oCmKjXFNKk8g3IWsGOWjZvZKGafAtmzMWUeTyXGGjs7fKoVvsQeUdA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZGt4ci9WcEE5dnN5R3NB
|
||||
UC9pZG5iaE5yR0R3dXN5SlFpaHhwclFBVWc0CmFjUnB3QU9neVV6S3haRml4MTJC
|
||||
QVpBYWZnQW0rZUcyWStIUk40SXZpZFUKLS0tIDczeEpMRDdDV25OaXV4aDhoTHFH
|
||||
NVNyVEFqc2kyMjFtcEUrdjNMdjkrS2cKGOkOhsy/RPlzQJz3vVt934rtg9sFiM1S
|
||||
3w9YN1VjzNW7RYG7Ro+Jtoli7/2j1So1uHiATS8JBcpTjO1BWEiSMg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdDdqQ3d3WUJRKytVK0p3
|
||||
QXVOUUZpMUtDMlptMVJIVy9WejJBRU43Y3gwCmZhYStWNWcwZDUzQXlJUUVLUVRH
|
||||
R1Izck15VlpNUENJQjZGUTlQUG51MzAKLS0tIEFYS2pBak55MCtObUI2NlB4dUsx
|
||||
TE00d2o5V3JBUTlRUFZXdTk2OEFNSmMK0iXL//00N0nHaSBpSMzdT8rOclX8M0l6
|
||||
8NC0/ZM8CUCT0nkp6rOWov1mpzrIAhUBFI1eorL/VmJoOBFxLTLa2Q==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQjNEWVR5UlVZZ1NMcTEv
|
||||
ZnUvM3ZaeUNsTGxwVjQwL0kvSTRyUnhhMXgwClpTV2ZwLzRVVlhOTTN5V1VTS2pG
|
||||
bHpCZlZ2SU1wTTJiZWQ3eHd2SFE5QmMKLS0tIG0wZFBvNXZlTTVwZHNRRXhEV1Ft
|
||||
VXhjM1VESWhzcHVDY09kUUdvWE9QbU0KH2sUKQNQg4w9/Te85YfRMM5Cx83I4tEV
|
||||
Am4FMHpf3b9cVyhI+gNds5ROrhvox7VYW1rtLE43ApAnj9Jtj7qcMA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ZHdQallzQitNK1k5WUhD
|
||||
d3laTTFXOVdMUzhXWWxCL0QyNG9oVXlZYnlZCkNObWtKOGlnNWVPSDJGUlVaOE1W
|
||||
SXFmY0xraHN6NVFGWDJCSEwzLy94bTgKLS0tIFkrWkxhSVkyQWVRNzBuMi9vN0Yw
|
||||
OWN2R3N1NTNMbDN6azlGM2NrYkxHamMKfE9rxusaV3S/KJFBL43Bx39IZAJruAGV
|
||||
8g7BMk1F3UD1Iw8AUHGmcRSnhQaCMgUMfD78PcMXvJNYDOU+3n3HJA==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTc1RhaHdDa0lreklQNXBv
|
||||
cFk4OUxqcENMOW5nMWxtQ2pNeEpYK2ZWczJrCmJzL0NOL2FXa2RyS21oTzZyVTNK
|
||||
eExiUktRc3U4YU9hNnFQdko5ZmdMY1kKLS0tIHQwcDFxbjNoSXdWSjdQd281YTJC
|
||||
LzN0UFVYTXdrU0pPZDFXODgyMkl4WjAKE0B30QO2gVITg3C8AG2/nW3jZHnEsL02
|
||||
pnlhQSpN4L1awQL6xcKk96d3n57pa+Hz2ah3fNkDGLw9vm8pNwVmiA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvNjFMWUpzVkN1dHluOVRL
|
||||
OG0yaUNJTFRGU2NNQzdSSjJlck4zeHZuSFYwCitWSGxLT2kzLy9pU1o0dHBYbGhE
|
||||
cTdiVVdsNGxOdHJGd0RTS2d3YWFRQWsKLS0tIHIxSXh2M3FUcXRWUWdLeUN4TFRS
|
||||
U3RIeVZlQlBCN3grNFFTVkZDZ0hLdHMKx6pzx7knV5eTNr/5sF0i6/z+k+l70cjo
|
||||
2xUEgAXjLvi58lq3fHoomXoz9n1MaN5wpSWiUW/MohJr6/8NHuE5xQ==
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiNUx4UDEwdGRUaVdQc2xp
|
||||
cjM4c1ZEcElOdk1uS0ZwRDFCZDBZQ2oyV1djCm1rU3JLcVJHR0VPV0h0OEFML3Mz
|
||||
YkFJZUpvcXA0c0owUGlBcFJYNW1abDAKLS0tIHlUQ283anpwWTI1SklGUDAwVGFZ
|
||||
QVdTd0lhZklUVC92QnJmU09sd2xybVEKXJ6fb3zFZntL1/WxtHYvamywN08kUplo
|
||||
kIiSRv+mJgRu5h35gih47q9vymcs8FEIdgDotztGS7qr+vV7ULP7KA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdFBScjZNTnNPZWhHblFm
|
||||
YkdlSW4yOFFsUkZZaE5hdE0zcXJmNkV1L0ZjCkJTVk1VQzByUnBGbTZFQkdCdktV
|
||||
VS92WkZkMy82ZCt0bVV1Mjhjekp0MlUKLS0tIFFyZjFvVVhUTnBVUVcveUNzVUpJ
|
||||
K3J6UDYvajZzeEhFb3M5eFh5OExqOEkK1AjfgMEImokKS7ei9ASMyTNzdhvUznI5
|
||||
soMhl7O9P++xyRSzPW+vEMyJ7Nr6YvzjbS3pyQa0eoAibVvUXmFM8w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-02T22:09:06Z"
|
||||
mac: ENC[AES256_GCM,data:cxJq4EMEMVEw0IUXNwtyQj4MaYIJ/Xo4OaY+3VLgIhYw6oBO9CmJxgLuXcSnGnr23oNE5OQF6ALv+vxF46D1pI0V1zhqKL6zMIs0DzPBwo7Arg166w5kGAT274jK7YWymeJ7fafWXYubLlGUthyVJS1BkvlqIhoe2BlTZ3bPyBs=,iv:Z2Uh9Oo4q/ce6DDLShs7JAX3XFNAVOGBmBPvRbGxaaU=,tag:6qZhZ4+tgtXl60b0Lx7Taw==,type:str]
|
||||
|
118
services/ca/ca.json
Normal file
118
services/ca/ca.json
Normal file
@ -0,0 +1,118 @@
|
||||
{
|
||||
"root": "/var/lib/step-ca/certs/root_ca.crt",
|
||||
"federatedRoots": null,
|
||||
"crt": "/var/lib/step-ca/certs/intermediate_ca.crt",
|
||||
"key": "/var/lib/step-ca/secrets/intermediate_ca_key",
|
||||
"address": ":443",
|
||||
"insecureAddress": "",
|
||||
"dnsNames": [
|
||||
"10.69.13.12"
|
||||
],
|
||||
"ssh": {
|
||||
"hostKey": "/var/lib/step-ca/secrets/ssh_host_ca_key",
|
||||
"userKey": "/var/lib/step-ca/secrets/ssh_user_ca_key"
|
||||
},
|
||||
"logger": {
|
||||
"format": "text"
|
||||
},
|
||||
"db": {
|
||||
"type": "badgerv2",
|
||||
"dataSource": "/var/lib/step-ca/db",
|
||||
"badgerFileLoadingMode": ""
|
||||
},
|
||||
"authority": {
|
||||
"provisioners": [
|
||||
{
|
||||
"type": "JWK",
|
||||
"name": "ca@home.2rjus.net",
|
||||
"key": {
|
||||
"use": "sig",
|
||||
"kty": "EC",
|
||||
"kid": "CIjtIe7FNhsNQe1qKGD9Rpj-lrf2ExyTYCXAOd3YDjE",
|
||||
"crv": "P-256",
|
||||
"alg": "ES256",
|
||||
"x": "XRMX-BeobZ-R5-xb-E9YlaRjJUfd7JQxpscaF1NMgFo",
|
||||
"y": "bF9xLp5-jywRD-MugMaOGbpbniPituWSLMlXRJnUUl0"
|
||||
},
|
||||
"encryptedKey": "eyJhbGciOiJQQkVTMi1IUzI1NitBMTI4S1ciLCJjdHkiOiJqd2sranNvbiIsImVuYyI6IkEyNTZHQ00iLCJwMmMiOjYwMDAwMCwicDJzIjoiY1lWOFJPb3lteXFLMWpzcS1WM1ZXQSJ9.WS8tPK-Q4gtnSsw7MhpTzYT_oi-SQx-CsRLh7KwdZnpACtd4YbcOYg.zeyDkmKRx8BIp-eB.OQ8c-KDW07gqJFtEMqHacRBkttrbJRRz0sYR47vQWDCoWhodaXsxM_Bj2pGvUrR26ij1t7irDeypnJoh6WXvUg3n_JaIUL4HgTwKSBrXZKTscXmY7YVmRMionhAb6oS9Jgus9K4QcFDHacC9_WgtGI7dnu3m0G7c-9Ur9dcDfROfyrnAByJp1rSZMzvriQr4t9bNYjDa8E8yu9zq6aAQqF0Xg_AxwiqYqesT-sdcfrxKS61appApRgPlAhW-uuzyY0wlWtsiyLaGlWM7WMfKdHsq-VqcVrI7Gi2i77vi7OqPEberqSt8D04tIri9S_sArKqWEDnBJsL07CC41IY.CqtYfbSa_wlmIsKgNj5u7g",
|
||||
"claims": {
|
||||
"enableSSHCA": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"type": "ACME",
|
||||
"name": "acme"
|
||||
},
|
||||
{
|
||||
"type": "SSHPOP",
|
||||
"name": "sshpop",
|
||||
"claims": {
|
||||
"enableSSHCA": true
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"tls": {
|
||||
"cipherSuites": [
|
||||
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
|
||||
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
|
||||
],
|
||||
"minVersion": 1.2,
|
||||
"maxVersion": 1.3,
|
||||
"renegotiation": false
|
||||
},
|
||||
"templates": {
|
||||
"ssh": {
|
||||
"user": [
|
||||
{
|
||||
"name": "config.tpl",
|
||||
"type": "snippet",
|
||||
"template": "templates/ssh/config.tpl",
|
||||
"path": "~/.ssh/config",
|
||||
"comment": "#"
|
||||
},
|
||||
{
|
||||
"name": "step_includes.tpl",
|
||||
"type": "prepend-line",
|
||||
"template": "templates/ssh/step_includes.tpl",
|
||||
"path": "${STEPPATH}/ssh/includes",
|
||||
"comment": "#"
|
||||
},
|
||||
{
|
||||
"name": "step_config.tpl",
|
||||
"type": "file",
|
||||
"template": "templates/ssh/step_config.tpl",
|
||||
"path": "ssh/config",
|
||||
"comment": "#"
|
||||
},
|
||||
{
|
||||
"name": "known_hosts.tpl",
|
||||
"type": "file",
|
||||
"template": "templates/ssh/known_hosts.tpl",
|
||||
"path": "ssh/known_hosts",
|
||||
"comment": "#"
|
||||
}
|
||||
],
|
||||
"host": [
|
||||
{
|
||||
"name": "sshd_config.tpl",
|
||||
"type": "snippet",
|
||||
"template": "templates/ssh/sshd_config.tpl",
|
||||
"path": "/etc/ssh/sshd_config",
|
||||
"comment": "#",
|
||||
"requires": [
|
||||
"Certificate",
|
||||
"Key"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "ca.tpl",
|
||||
"type": "snippet",
|
||||
"template": "templates/ssh/ca.tpl",
|
||||
"path": "/etc/ssh/ca.pub",
|
||||
"comment": "#"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
33
services/ca/default.nix
Normal file
33
services/ca/default.nix
Normal file
@ -0,0 +1,33 @@
|
||||
{ pkgs, unstable, ... }:
|
||||
{
|
||||
sops.secrets."ca_root_pw" = {
|
||||
sopsFile = ../../secrets/ca/secrets.yaml;
|
||||
path = "/var/lib/step-ca/secrets/ca_root_pw";
|
||||
};
|
||||
sops.secrets."intermediate_ca_key" = {
|
||||
sopsFile = ../../secrets/ca/keys/intermediate_ca_key;
|
||||
format = "binary";
|
||||
path = "/var/lib/step-ca/secrets/intermediate_ca_key";
|
||||
};
|
||||
sops.secrets."root_ca_key" = {
|
||||
sopsFile = ../../secrets/ca/keys/root_ca_key;
|
||||
format = "binary";
|
||||
path = "/var/lib/step-ca/secrets/root_ca_key";
|
||||
};
|
||||
sops.secrets."ssh_host_ca_key" = {
|
||||
sopsFile = ../../secrets/ca/keys/ssh_host_ca_key;
|
||||
format = "binary";
|
||||
path = "/var/lib/step-ca/secrets/ssh_host_ca_key";
|
||||
};
|
||||
sops.secrets."ssh_user_ca_key" = {
|
||||
sopsFile = ../../secrets/ca/keys/ssh_user_ca_key;
|
||||
format = "binary";
|
||||
path = "/var/lib/step-ca/secrets/ssh_user_ca_key";
|
||||
};
|
||||
|
||||
#services.step-ca = {
|
||||
# enable = true;
|
||||
# package = unstable.step-ca;
|
||||
# settings = builtins.fromJSON ./ca.json;
|
||||
#};
|
||||
}
|
@ -1,7 +1,7 @@
|
||||
$ORIGIN home.2rjus.net.
|
||||
$TTL 1800
|
||||
@ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. (
|
||||
2039 ; serial number
|
||||
2040 ; serial number
|
||||
3600 ; refresh
|
||||
900 ; retry
|
||||
1209600 ; expire
|
||||
@ -59,6 +59,7 @@ http-proxy IN A 10.69.13.11
|
||||
nzbget IN CNAME http-proxy
|
||||
radarr IN CNAME http-proxy
|
||||
sonarr IN CNAME http-proxy
|
||||
ca IN A 10.69.13.12
|
||||
|
||||
; 22_WLAN
|
||||
unifi-ctrl IN A 10.69.22.5
|
||||
|
Loading…
Reference in New Issue
Block a user