Compare commits
8 Commits
printer-mo
...
d00188f770
| Author | SHA1 | Date | |
|---|---|---|---|
|
d00188f770 | ||
|
|
556cc3d423 | ||
|
|
edc754ee7f | ||
|
|
ff673f0070 | ||
|
|
57c8e65917 | ||
|
|
e4be136b64 | ||
|
|
aedf5ca0bf | ||
|
|
923cbf4621 |
@@ -12,7 +12,7 @@ keys:
|
||||
- &machine_infradocs age1decc74l6tm5sjtnjyj8rkxysr9j49fxsc92r2dcfpmzdcjv5dews8f03se
|
||||
- &machine_overwatch age1psj6aeu03s2k4zdfcte89nj4fw95xgk4e7yr3e6k6u2evq84ng3s57p6f0
|
||||
- &machine_vpn age1v6uxwej4nlrpfanr9js7x6059mtvyg4fw50pzt0a2kt3ahk7edlslafeuh
|
||||
- &machine_fanny age136sz3lzhxf74ryruvq34d4tmmxnezkqkgu6zqa3dm582c22fgejqagrqxk
|
||||
- &machine_fanny age1u6ljjefkyy242xxtpm65v8dl908efnpt4txjkh0c9emvagdv8etqt22wll
|
||||
- &machine_nextcloud age1z0cfz7l4vakjrte220h46fc05503506fjcz440na92pzgztlspmqc8vt6k
|
||||
#this dummy key is used for testing.
|
||||
- &machine_dummy age18jn5mrfs4gqrnv0e2sxsgh3kq4sgxx39hwr8z7mz9kt7wlgaasjqlr88ng
|
||||
@@ -73,13 +73,6 @@ creation_rules:
|
||||
- *admin_kalipso_dsktp
|
||||
age:
|
||||
- *admin_atlan
|
||||
- path_regex: fanny/disk.key
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_kalipso
|
||||
- *admin_kalipso_dsktp
|
||||
age:
|
||||
- *admin_atlan
|
||||
- path_regex: bakunin/disk.key
|
||||
key_groups:
|
||||
- pgp:
|
||||
@@ -102,3 +95,10 @@ creation_rules:
|
||||
- *admin_kalipso_dsktp
|
||||
age:
|
||||
- *admin_atlan
|
||||
- path_regex: secrets/keys/itag/.*/.*
|
||||
key_groups:
|
||||
- pgp:
|
||||
- *admin_kalipso
|
||||
- *admin_kalipso_dsktp
|
||||
age:
|
||||
- *admin_atlan
|
||||
@@ -1,31 +0,0 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:1I8fN241VOaW4GaNUe/OVr+1HQKmtYL1GSuIfsE=,iv:aHdgEUj5QhusEavG9mVgtTQ4uqLJD2ozQ/kVVtFakYY=,tag:JJUbt4kgpa4hVD3HjLXGOg==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEUGpORk5zWXU1OVpqc2hT\nVW5PYlNLT3lKQVpTdCtMT1M3YlZ3Uno5bVJjCkJXR3I2Y3lDT0dJNThCcDN1NXYr\nK3VucjRKU0dac3BtQmV5ZFdrZXkrS1EKLS0tIGRGMGxDM0ZGbzVPTnJQK01GS3VW\nRHpJQWZLU1lrRS9ScXM0L0dyTjhGTGsKJEYq5vKxxYBAgkqUEkBwESur0reNIDPb\nK3rtflNi3dUYYZdLFNFV5rQX5q8aDnM6fO/zYPkzfBn7Ewq3jbBIIg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-01-05T19:35:48Z",
|
||||
"mac": "ENC[AES256_GCM,data:z7elJ0+3r0bWc/H6h4rI36xC7Uj0NS04VssjPDNVZM17LeN4ansSOfcOKPaUMziV/z5Aq8RVLROR+FImzxBZGaZm37frCoN1OP3WjeDnP6AsoY9dY+S/aYmErVEsQEIi8T4RAdQP2c3BUt1oKZ9Nki2pu3IBRabBlFhaTI0bspc=,iv:8Nn8r9ancHwBJOaJSsv8Vj3s+d0UvRmKIeCDNzx1qRg=,tag:BSO2yu70H2wjen3BCGC4Gw==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2025-01-05T19:32:11Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQGMA5HdvEwzh/H7AQv+JpNwP+BLJf4+0pSr17TToviCo0yWmcaP1dIUqClBSoDO\nI3ZzqHdImAj4QgExif2zsuzz1+WC+sjvFqEmX5pBKza/e30qCZirkelz9mzc0mhG\nLhTzfhqC6fLbV5f+pDp6N40ommu+LX1pIz6nViCUjqBdnAkCb+tqLU4eQJQqVmlz\n7BToLsvYomPK1nJ6f4rt1nTR9wkBI68AYM/K0SgCJXjwj1LpZ/+3yElkiCqZ9uZB\n1jrDKX+QPySlZ7OERL70UT7Eh8DTUNzFnozvliBnyxe00wwiiucCgrC94TmaKCmh\ni/FOdS6Izm3QwcWB0eMCX6GQBvlUWpjSz5xF4+YODJe9tGNz/sNxpk6B8xG5NuG2\n61nohMHoml6X3Z9dOwu/Svl+eS8SV/r278W/F9miE8YeayyLlPxHF3DXjd6WeDhZ\n20NExQUJYIRf6w/XQPQZ+E39NkIHxz8v+P29ncmSsRPWS6d2MK0Yj+UW0vT0u1vJ\n+lAs24xYofbu5tmBbnK10lgBrZMXDJM2nQbKMKSkVVjzbzmOe5jzMBxuWLX+ykeI\npaj32wQDWvfBqLPH1Kwvy5nqHvy375jPZ7RTzT7W0d4jKQf7xapbi4CEepHHfxCF\nD0HIEi8RUlXJ\n=KVUJ\n-----END PGP MESSAGE-----",
|
||||
"fp": "c4639370c41133a738f643a591ddbc4c3387f1fb"
|
||||
},
|
||||
{
|
||||
"created_at": "2025-01-05T19:32:11Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA98TrrsQEbXUARAAqowFMavIniFheNvt03EH1iEn64xNmExotYcDt2L0bR39\nXQdLvg7cJ/Jh7EuZ44mHTs21mpbYIlygMs6kimqQ8iO30vGTEcn5bt/eUEoGHciM\nYVHktWNR81ZgjvKCcmTUK3ld+DMKmg2BABr4auUOYLu4ToSnFb1fv+fvZG0D3iQs\nm6LJuafH+4utM16Vnkp9+ziY/ieMPYfbOFuSFq0UWxGK9P+koSYVGnYhH55Lksyf\nBb/esEGCY671/Jl/qHw8so4TELeRsW/v/xAcNqbE1Msdeas7WJy/B6WqXQgK/Y+J\nPsyZ2XHKhPRitN77/eDJXVBi0mKBTE/RCzDzMYxKA7IQm28v8+u+wpdCajewnyF4\ns2HACaYs/TWRpIUzqxRlznc0nMpk8xUaeVb0N7nrtSDEBF8ETOGOcPk1AmdKMR4M\nsy0vu+K2oJ9L7e/o1ntpejKHN7t2Lzq+CvszBYKmyw/KgxeqY0hx4cJTUDsdgLjI\nMTrs6bySVXDyRaw3rHo7OvA+5c8dLfnWJd1R78nZTx89CYCvjJeMo7PNvN6C9HxK\nJoCOCnZo6a3j4NqJvXD5GNqGSP6m1lqBRWYQUIhWaOfz8aTY1Z3EXX0/4tv5C+A/\nknhc694ujtmBXio4XgDIrSz3jr9G8+ZLvig88xV12HTJfsatypQdHVIZj08EeR/S\nWAG872Q/DVD/aDmhaOlq/o/QBoEyrnJdkRHT9NX8iBboQ81wezfJxWUWlWyHaXVq\n5YBLFQvQAZLz3h05EBkMOiS2dHUa8OnNImj8txnCePAlcUdv7LIVxHA=\n=9APA\n-----END PGP MESSAGE-----",
|
||||
"fp": "aef8d6c7e4761fc297cda833df13aebb1011b5d4"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.2"
|
||||
}
|
||||
}
|
||||
31
machines/secrets/keys/itag/fanny/disk.key
Normal file
31
machines/secrets/keys/itag/fanny/disk.key
Normal file
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:xmMPJyp3y9XI2QsWJniRM+Nds4Y5zoqb5QSJqZo=,iv:KRLS4JYN2OVmbbLe8DCD0xW8VVnbmYN/MfZNp7eOS2M=,tag:FV1Qm8Wr5fbpJ+ovAK+uaw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQ1EwOGcxazlIcy9mdmkr\nMzJCcWkxQXFEQ25sUU1HUFJqSEE1b2M2QmxVCm1hWWExbWtJdmxjMk1VUE43ZkNR\nNmRpdGNPNURwdjJkaXhxcjNxRFFiSWcKLS0tIHB5Y2NWM0pCbGdtTGRUV1hyVlVs\nZTRsUnZoUnN6cHNPTWF2SzhxUUJ0aVEKzchgMPjpDAX7NUTSxUYxoKLoOh7+X9GV\nxrarnXswpSV/bfR4w4x+DmoocG7TbdH+UvCTsg3LtdjWmfpjK/c8Kw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-02-22T11:49:56Z",
|
||||
"mac": "ENC[AES256_GCM,data:WKZIdINWSCn9ZOtsnLQ9dXCOdG49Ltf7/G91zEuj88+nvQC4+WTLCCXBGdhVBamV1PWHYnFvZbiXKJ/VFdN3EDZeW9r6cXuF2PEveOn6Bj1bYi0WrzFRfxxvt56AM9j/0D5E1hE9rp2yAWg5V4E3nIGT+rVsOczMk1+Yx4Q8NCc=,iv:DKD+E5yeFJrARfP5Qw6I1Cn9lvvHUHHok+3l8dyzVcE=,tag:lCBrrqfFxvtldBfbha99vQ==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2025-02-22T11:49:08Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQGMA5HdvEwzh/H7AQv/Xn1mh8ojou0/ntHLA+iNzYf6vsJVoWB6Cfh/WL9s/Vxn\nJWhvIzo+blJnoMJMsRPx4wiIuAjT2KkJko5v8Wr9pzzOAqOCghk+8YYnpC49PpCA\nhT8Yuu1v53Ycomwj1IdZj6GWeIkuLw2N4ZVqh1vZnvTT1tWltxmp9lhb/cWP+ze1\ngzIO7wqd9hisX9DVl4IVV/q8QVIfhWR2dMX+xgRcEssAjQu/nFGv88i6NJQsbIwm\nKOlUI3QJ49DEVFxH6Z36ZhUpdszHKi3IPg2IqtpfDicU807rQ3VihM9abkhp7cY6\ndvxW2rMijahy2IXuvGyTuwh9ow4bHXWBQgEkaFo8eKCx/KnR5shpR3/0CdegU45H\nGF/RhIq5wC4lMXy5/O3pgb5QPItcOB4ke+s48sGdxWWyXkp3MLXS1NblEZ6K9xTm\n/1GUcpCeoePWMeNmPgdeEcQL8jBxBol2wP5cXl4Ov86wegd0O56lVi6L2jqhgYiZ\n+SMhqmsMqZFVJWExkyX00lgBzFNsLWpT+KGuesodu9mtbYJ/s7Pz7+d+apgtzLI1\nGyjD9TDyZQUmM4El7SbZ/KNniRhR2Rnthg1r/cAcMYSyOnRbM/n5t5ynUc8vzr4y\nIPGXwW3pEoOh\n=48Pd\n-----END PGP MESSAGE-----",
|
||||
"fp": "c4639370c41133a738f643a591ddbc4c3387f1fb"
|
||||
},
|
||||
{
|
||||
"created_at": "2025-02-22T11:49:08Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA98TrrsQEbXUAQ//S41vk86ETjZa/AI9N5rS/RnPk3SuvGCiFxVkPl+ScY+j\nMOIqQFr55JpZm2Tb2nYA07yzW0b9q7jnVDt1dGp1MEC9QZZj1dEoZNGU+UjLhD3F\nDW9/NLeoJ2+D2rSxQmIwWdMqw3XehZDXvcicmKprtSK1MThV1cy5BITTStoX+qSQ\n4pFg7AVJij7+mtEK6pdV3S9BT1R27X9fanm4v785MEB+KERhe+5rQ7QR33Ohrotk\nqp6FqQJRAkc2ea+SFLRp8q4oIKK8lIoVv2mos/RUyBMf1HYPERohvqBjOF7oUjHt\ntOGGb+TLpVicPEsrAiNG5krfLCcI8vZeqkZQvu3YZx1zopYrW1mQuW1/kedFqtpc\nN6piYNz7KaYX0zpCJv1YQN8z1YOc+9LxTIemDUNt3zEYwrehi/DeXMt+Np+U0PKq\nSmfxRiMnbTT14la8mUa4Uov6KNUhzLgDVm8z/6XuM4qqEPw1ApG2UT+n5swZeqhN\nXBIAdSfybLW6vGhIOJduiI7LbQOADcEqlwiMDM4WMtG5acM/MLFQVQzP0DnQeIYj\nlNeGxT0m92ZfhwPupJG8PlC4dAANU3anBVGtMGn66aAEoVq/5RdOI9Iw8z8FIvnq\nN4Sef+5eqJuNeFdvxWG4IP6mrU1BmeWTXgI59aifSPUc0vrviYD6eRYCuI1NySLS\nWAHY6GESDXqeH6mlUryle6HSnJD43faFNkdlUaEBt0tH4ij2OvM5s8XTnr03hPnT\nYOHSVh6PVF2wwgV+JJuy7Nfj1+ylZCl2G61GO4QXtLexeWpPSzbo3Hw=\n=A2Pv\n-----END PGP MESSAGE-----",
|
||||
"fp": "aef8d6c7e4761fc297cda833df13aebb1011b5d4"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.2"
|
||||
}
|
||||
}
|
||||
31
machines/secrets/keys/itag/fanny/fanny
Normal file
31
machines/secrets/keys/itag/fanny/fanny
Normal file
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:HyKweXScDgvctgx168oBvB22fQcq6mCAs/Bsy0f1+UClAf313UynPJpBig41XVZdRFHOKkAMh/GmyIP04DtrXC/eAO9As+kaLkli/mBWiXSUA9l8pU8Wb3rC5YUu6/9ZraKWaC1ONAty2+d/v2EpWJhKMJWeeihiYfT8FMqRy2tjx0wmIz/Y6HgrR2pvHxyS2nGyrGhraaMnpm1WLsJ5b5yTbgkKVAoMwKNltnSIVA9AYvWmoNB8qIEPI5ppPvrSFSLOxYBG8zl/bBVtJ5ekM2bg733nCISRWhmelQLFVrUrN+3jsfpmE/nTe+xXClUmPC+7ePsCQuU2RKVWw5g99RewPdiszHdq/73Eo+7+ETLgRmo2vtLB/zFSiC8hmtJWh7WvVc4DXhGPDrqYPsh9GR87ZlSORgvadd5Mj/JuMzvmacWoFV9ERLnWjTTlIg+vSEBa0zB2vZHgAzBL+6R7WW3VgsBylRHQqsaJP5RIc4ktT6Qrt3REnArg/V/zJJGYBw+nQrqr5rrbbAmSA/57,iv:BdRM22/SMiHrq4SWVZTIpYPy/eHS1Kc/XxYj49Jf3H4=,tag:QdIwNFO7PnChvhWJAYNONw==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYVnRlb2x4SGdPbWltWVUy\nZEl5OC83UldXMjEwOUdTNTFWMytYejFVRkI0CldKN0F0MUp6U2hnRUJQaGZKbzJR\nZFByOHRwbWgxTlJndGh3NWZIR2FKbmsKLS0tIFNjNDVHWjZNYlRCY0tQRlVtTlQ2\nMTlUVFd4dEo4dythYVV1WEQ5dWlEQTgKYqoEes44TbflFTFBzNwEVP9DDHtkmhfn\ndCFBPhBTwuoFKai3kOOX/E9gEOwqY24HAqKdeyiO2VXrL8JKEazggg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-02-22T11:49:08Z",
|
||||
"mac": "ENC[AES256_GCM,data:V7B26cct1W4ihesyVxpAI8AvMXSy7dd0hWFdYqWtzKkCN73au2V3h1DilOiNn3gclFhL9Crw38iNUtnGeHscGLGrNbwkyCMDj1KXKl6wnSYdFkw9XD+PnRwYq7hMTTLIH19nqBg+K9tjaDEkK7y8WygUHfknxJj5D4bURgl/jow=,iv:/f3GXl6o2oxRJjIJEpYN5T5x9q4acxFqqakzBRG4hlg=,tag:G6F9hXdO9BoXZ2eXaEG43Q==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2025-02-22T11:49:08Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQGMA5HdvEwzh/H7AQwAk5+mzJ/KJX4bxyb5w8dUiLXilBMJQiBxQZWsC8Q+G5v6\n9LGMMWPrQeLuTHkNe9FpddIUixjuFox1TJxaph3t+DfamR3yPdUYDuRckc9iF+jZ\n4oa8txJ9oWoEYx5QlxCCricSxomC9LV4DcBKQ2gyXnAeX2Wwe5/3uw+S/KyHZM+y\n9flO7qIVQk8MkVzZOc2KVCyvUL1UnAwgXzR1OmznpGBiZpaipCmXBs/elncxViry\nrmgA/+Aob37ChXQk5mVQLyrV+E1M+u1PwigML7PbbE3WpBVgpbb+MH639nBC/rTV\n+B70BaayFdzvUln4OFonfvsvPQEynmE1rfJRUavvAQDORHHmmbOKdWWVaYHDlp4Z\nAgYI10mnnFBpm2Qd/EjBa2a1CWboaGCaz/KldTzjp+TxW0GVf6WQ5SKlqZj3MdGM\nVS+91ph2LaRCTB5WObTX4KKDiwwoRAB+0A4ewu5ttsmeuhTy3o/r1Liu/UBdaL6i\nA9t59cMopIL6YXRD1YwF0lgBHtGC/KGsnZjC4dscoU2eTfmJ4rFx9vmc8I/JaO+h\nNDoFnd0sk2FQhnMvAN16U8HurfAzbHiqf3utEcMOg0bPw43Q/8g8JgUAaxqkJIQn\nn4fqE2GFjBqJ\n=Eivh\n-----END PGP MESSAGE-----",
|
||||
"fp": "c4639370c41133a738f643a591ddbc4c3387f1fb"
|
||||
},
|
||||
{
|
||||
"created_at": "2025-02-22T11:49:08Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA98TrrsQEbXUAQ/9Hy7wKpuAeKotD/HBoM+aptxnKiExf7mphpdZZ1sr8fHE\nDDdVehwhFxsxLkcIwh+dj35KswHw6aMzyQGj4bYsxSmsFKscATknsklR1UATWfSw\np3hVjNFCZ+yd+uzSJnfTkldTcaJiN9MxPmaOMd4e7Ui5k7dcYo0/FD5AZQZMjKDO\nQYUsUASWLHWAoiS7nnFrbaFvXKAPS4wOsB2T263QsoZyEvpQIgWP6lb9kS7V4ftZ\nxetGJFIk2hanYfdGXZy3TiHaJO+fESpVYmp6YykDqeZqZkWB59aeWVL/7Cz7H/wj\n4RU9RWBMbXGjPz+5WMo7X7kLrJgLAWywch6bM2fktkadG9n2tAa/FISysR25qtmQ\nzJtwCY8j26ZZJdc/FEA6dYwIYeGZ0BwV91dPaEotAtgSVpSihdXI/DzE9T9OjWuQ\n1c2sCjVJ7Kw19uCHLaZg+Tvob0RQJu5mnKPnLqinpxDn6Vf/nxIU80gFsPPr4f2T\n627iBaQOaMxdxHLV8r16WrNzBRj28sPZDBlGQ0HouToO2dn3uN+onQGszRAAIadJ\nZMo8SoWCdx+xiDK0S5oxnoxfk2QMAW75qyFiR373axb6HgMMSpJSG8TE+vg9++oa\nE7dddc7nq6ZnuhRNDn9V6cam8hfkFvKwRCeul1Yg5qZn5qI9H0/glR+KisKZVK/S\nWAF/XJucPmK9gsScxB4FgfKmpZD0cJkKmwndB5Idc6waRrjHxFnLFTFxbUnUD2KC\n198dZo7Y4ftOIWKHCY1R4RWhsmIUX5XzxwEnYSzy0pta/uyaqwa6sWs=\n=wi7r\n-----END PGP MESSAGE-----",
|
||||
"fp": "aef8d6c7e4761fc297cda833df13aebb1011b5d4"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.2"
|
||||
}
|
||||
}
|
||||
31
machines/secrets/keys/itag/fanny/fanny-init
Normal file
31
machines/secrets/keys/itag/fanny/fanny-init
Normal file
@@ -0,0 +1,31 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:2RNOB8VVg+TGykuRU0h9fElGUhrje8gDkMdQyYQaF1U9P68oMJCEJYJno4qB0jEb5IPeTHrJamDjoQKv97OsGBkhPiamlImuBHjAUIxQq9a8xmFAhT60dZqCqIPqSuBs2OeVJE+wbHlo4pjGqe/PymMtz5M85SgOxvYSOktYRUZLmHIkZ9APy6PVit7AeUzRkf5H9Y58Xhg8gh4wCK0djorszPSY3Pf+G5PeV4EdNjIZ2FoL8MjWnYyEl8e/C11w1qdRA39J6l9LDTn8kNp3zHzYEWfY1G1sShc9M6kT83qmU4HMExERs4MlXEXkPd8EztAAgMKZIZWiwJ2Eu+9854V7KDb6T48sILCesjJwB94DWuXmdf/2CV1uGVat9baGOIE0ImGHTZYtGutxP1pBl1qZcU89LLRSPlmnRNWnTLcc3nnw0dgSsk132/7Qckrq5mUpD7F/fs1bYfG2LZGCqnXq6olnzh5jILe5iffvZprEH/Fm6jcDXBQN8WR4ADReSvHN7r0Vpvm1aZ01NtkJ,iv:6IIpVx4Dtrn+uahiH3kZHy6bmBj9ti1UiswKwAe2qZE=,tag:hGJkYXIarS+QEwJiHVmP/w==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1ljpdczmg5ctqyeezn739hv589fwhssjjnuqf7276fqun6kc62v3qmhkd0c",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMXJSeTFQdElLc2FKVFlG\nTjdlOGZHaUZkNjMzZDJTcXh1ZjF2bVpzRlU4CjdiS3NYeDZyNit1OCswSjFWbWJU\nT1BTNWFsRnpQWjZGbzJFV05tV1lNS2sKLS0tIEdrb3JOMUFRMkdIdFUwK0dHSXRQ\nbmtCVEJjRllnMHZFNkJ2UndBcXlaQkUK9bHFPsVaZovR4rGuQ6GfqAvZxNKqVhC5\nHybQWv1PCoaNOvQbtBgCxMlV8HOJfwe2EgysJErvriXeyVad5+zY2g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-02-22T11:49:08Z",
|
||||
"mac": "ENC[AES256_GCM,data:IFctz/f9I9vcWN82u3qta+o/oILTHpCScSezHwt0ifsENnUQLz+uAmpMs+ok1ZR5+20XpEq4C7f1s4n2h8dijxsPuE/IOQM7rvwjoVPsM/0XUglDK3Vc5u1oooGpLJg1PchwWGOAlKQHun3mh4j/bz5UMpD8AWC++NLPE1Hr0Jc=,iv:y0aD+4iLSKedGAjZP1SygyzzIE0/SHWcOUS/aghzrII=,tag:01dQZoLlz0w5dE3DePwjbA==,type:str]",
|
||||
"pgp": [
|
||||
{
|
||||
"created_at": "2025-02-22T11:49:08Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQGMA5HdvEwzh/H7AQv6A4kG9S33l07+BwNeUsDZVrzRTP2Gz5F679VKTBrr96t/\nTJaa+FlCWDU3DczaC18Y6yIyU22+97xqQ4WYnno0h7bF2uhjbyXjp3JV5na7BgGe\nn3V6p0yJcBM5XfrJRuKghEB3kHddQIcVR8JurWrynCKy1C4njR6pJDA3pqp9PReP\n0ubTiJqAwJfx5hGSAjSDWitQ2vpubowCXssqyh9S2P07H5u8HHbLRyJGgvl/LgTR\nEe2EUh7KrTMT6cCXBHAPSK2bZgwP667bhEOJzuCpknG4/Q7EtVQzjKaXGrDR0vMi\nIwA7knQ0UMeRCa/jSSPYUbscMJIb5+wh0rnPfWGGgtVshdd6YtuETBnqZsjUETXd\nsXdem+UoMEN6Co1ABzHEeSGT7y6D8OghoodofLBvgf5TduiX5Pqceo7SkfXPN/3G\n4fqg+e+VTT63Jwp7rk+ekRJYPkHNoB5w0VIrvsyBPlDUhEVywKWJTfzu8905hkVP\ntsQEoJxkpT27PFACoxZ80lgB/9kyQKvsRG9kl68osivg2gIB/13+4TjMdS+x3ycL\no5QnE0D/adRJHpDRwuPfzGyRwFWT8bHFEpw8qErLEWaXh27QMStOgr2By2PsOFTP\nAtJo/wheNGMb\n=qa04\n-----END PGP MESSAGE-----",
|
||||
"fp": "c4639370c41133a738f643a591ddbc4c3387f1fb"
|
||||
},
|
||||
{
|
||||
"created_at": "2025-02-22T11:49:08Z",
|
||||
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA98TrrsQEbXUAQ/9F41AW+ruudLanRh8Rn8rHJRfGpdhv1oFkFRIK+Z/2oGr\nMGMm+2EPhCHCMp2tFJRm0HwZruGJda31iFNbaFSqHmTlqWfEMoEj4ztcOhe1vFG/\nhqtp39DawyHb/1AXPHvsuwbucEf/DH9gflXgbnBrZQ0K+7FiOSnXNi34YByKipbI\nbGg+8PV1iYXw0vuLgERy5aP20zyvr+sg53jnr8RR98A2E7VWg2YNfxEOKxxQczxe\nlgblSVqLLmEKAJcE3JWY6c5HR5Xlt4Y02JrAYD11qD21hmtS8plEZ70kiz4elgMU\nkWxM1HSm9Tyq2I5c9v8uk8VOCfEYE+glASJKtyHtyzDJRJcKwvaE8SqStlfoGot6\nKiJ4flqGapTOkJtOvR7FczO7T3j19Ga62dUvoHrei9Q0FYcyG70/lvTWEJy4/jYg\nOk5QJyseRhrDhcLKg9nUbuSfYhXtJc9C/S8B1n/bwjO1O3vslkewFAnhBIqweh1D\nnHjrSHsssrpkeyefmjVh7NiQZtn122hnPnIz5B62is27MD+m8qWWoWghc5lzsw5S\nCGBRY8l+vvGca1TZFJX1JO/L6vhdN4qd/H4IWRmj1oSR8qtQ6SKbt1UmQtB2BtPg\ncqlRCn4x2ORpRgwAIZtD6GFUFUjUduz6LpaxG2tpnmZcQfPAF7YYjjpR07oPIg3S\nWAGomgQyyubfDCH/tM0RwuTlMX4hkMtlKyMDuOHuZVxWZqoh/utGazasBogGm6zK\nIz0nKh+z0w0nv9kGzalq9L+ek0A07ylIlakSaR/vxh2ZaKHojBEEPh8=\n=1EB6\n-----END PGP MESSAGE-----",
|
||||
"fp": "aef8d6c7e4761fc297cda833df13aebb1011b5d4"
|
||||
}
|
||||
],
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.2"
|
||||
}
|
||||
}
|
||||
1
machines/secrets/keys/itag/fanny/fanny-init.pub
Normal file
1
machines/secrets/keys/itag/fanny/fanny-init.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEY60NKfdjFiXNvl1r4mBcXKADHA80laxio+qN6izevN atlan@nixos
|
||||
1
machines/secrets/keys/itag/fanny/fanny.pub
Normal file
1
machines/secrets/keys/itag/fanny/fanny.pub
Normal file
@@ -0,0 +1 @@
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBiKzGgQVfvfSqhdWNqkhTWd8gfJCVoyYoe9zh1LATsC atlan@nixos
|
||||
@@ -39,6 +39,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
|
||||
pkgs.age
|
||||
pkgs.python310Packages.grip
|
||||
pkgs.mdbook
|
||||
pkgs.ssh-to-age
|
||||
microvmpkg.microvm
|
||||
];
|
||||
|
||||
@@ -49,6 +50,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
|
||||
legacyPackages = {
|
||||
scripts.remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh);
|
||||
scripts.boot-unlock = pkgs.writeShellScriptBin "boot-unlock" (builtins.readFile ./scripts/unlock-boot.sh);
|
||||
scripts.add-host-keys = pkgs.writeShellScriptBin "add-host-keys" (builtins.readFile ./scripts/add_new_host_keys.sh);
|
||||
scripts.run-vm = self.packages.${system}.run-vm;
|
||||
};
|
||||
|
||||
|
||||
48
scripts/add_new_host_keys.sh
Executable file
48
scripts/add_new_host_keys.sh
Executable file
@@ -0,0 +1,48 @@
|
||||
set -o errexit
|
||||
#set -o pipefail
|
||||
|
||||
if [ ! -e flake.nix ]
|
||||
then
|
||||
echo "flake.nix not found. Searching down."
|
||||
while [ ! -e flake.nix ]
|
||||
do
|
||||
if [ $PWD = "/" ]
|
||||
then
|
||||
echo "Found root. Aborting."
|
||||
exit 1
|
||||
else
|
||||
cd ..
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
pwpath="machines/secrets/keys/itag"
|
||||
read -p "Enter new host name: " host
|
||||
|
||||
if [ "$host" = "" ]; then exit 0
|
||||
fi
|
||||
|
||||
mkdir -p $pwpath/$host
|
||||
cd $pwpath/$host
|
||||
|
||||
# Generate SSH keys
|
||||
ssh-keygen -f "$host" -t ed25519 -N ""
|
||||
ssh-keygen -f "$host"-init -t ed25519 -N ""
|
||||
|
||||
#encrypt the private keys
|
||||
sops -e -i ./"$host"
|
||||
sops -e -i ./"$host"-init
|
||||
|
||||
#generate encryption key
|
||||
tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 20 > disk.key
|
||||
sops -e -i ./disk.key
|
||||
|
||||
# Info
|
||||
echo
|
||||
echo "Hier ist der age public key für sops etc:"
|
||||
echo "$(ssh-to-age -i ./$host.pub)"
|
||||
echo
|
||||
echo "Hier ist eine reproduzierbare mac-addresse:"
|
||||
echo "$host"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'
|
||||
|
||||
exit 0
|
||||
@@ -25,6 +25,7 @@ fi
|
||||
|
||||
hostname=$1
|
||||
ipaddress=$2
|
||||
pwpath="machines/secrets/keys/itag"
|
||||
|
||||
# Create a temporary directory
|
||||
temp=$(mktemp -d)
|
||||
@@ -39,12 +40,13 @@ trap cleanup EXIT
|
||||
install -d -m755 "$temp/etc/ssh/"
|
||||
install -d -m755 "$temp/root/"
|
||||
|
||||
diskKey=$(sops -d machines/$hostname/disk.key)
|
||||
diskKey=$(sops -d $pwpath/$hostname/disk.key)
|
||||
echo "$diskKey" > /tmp/secret.key
|
||||
echo "$diskKey" > $temp/root/secret.key
|
||||
|
||||
ssh-keygen -f $temp/etc/ssh/"$hostname" -t ed25519 -N ""
|
||||
ssh-keygen -f $temp/etc/ssh/initrd -t ed25519 -N ""
|
||||
sops -d "$pwpath/$hostname/$hostname" > "$temp/etc/ssh/$hostname"
|
||||
|
||||
sopd -d "$pwpath/$hostname/$hostname"-init > "$temp/etc/ssh/initrd"
|
||||
|
||||
# # Set the correct permissions so sshd will accept the key
|
||||
chmod 600 "$temp/etc/ssh/$hostname"
|
||||
|
||||
@@ -19,15 +19,15 @@ if [ ! -e flake.nix ]
|
||||
done
|
||||
fi
|
||||
|
||||
diskkey=$(sops -d machines/secrets/keys/itag/$HOSTNAME/disk.key)
|
||||
|
||||
echo
|
||||
if [ $# = 1 ]
|
||||
then
|
||||
diskkey=$(sops -d machines/$HOSTNAME/disk.key)
|
||||
echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #root
|
||||
|
||||
elif [ $# = 2 ]
|
||||
then
|
||||
diskkey=$(sops -d machines/$HOSTNAME/disk.key)
|
||||
IP=$2
|
||||
echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #root
|
||||
|
||||
|
||||
Reference in New Issue
Block a user