From c520a64c343f1046ff9e44fc4c8fb65f04e4db31 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 22 Nov 2022 19:22:56 +0700 Subject: [PATCH] secrets: allow sugarcane to access acme_dns, and rekey (cherry picked from commit c34578dd0397e17153893dc9bc43cbfd2fa797cb) (cherry picked from commit 3b5f8350e3716f3e30113d713fb44e33f8dc486e) --- hosts/sugarcane/default.nix | 1 + secrets.nix | 2 +- secrets/acme_dns.age | Bin 411 -> 535 bytes secrets/passwd.age | 25 ++++++++++++------------- secrets/warden_admin.age | Bin 534 -> 554 bytes secrets/wg_blossom.age | 18 ++++++++---------- secrets/wg_caramel.age | Bin 479 -> 449 bytes secrets/wg_sugarcane.age | Bin 461 -> 495 bytes secrets/wpa_conf.age | Bin 567 -> 648 bytes 9 files changed, 22 insertions(+), 24 deletions(-) diff --git a/hosts/sugarcane/default.nix b/hosts/sugarcane/default.nix index d5ed5dd..d7f9570 100644 --- a/hosts/sugarcane/default.nix +++ b/hosts/sugarcane/default.nix @@ -4,6 +4,7 @@ time.timeZone = "Asia/Singapore"; age.secrets = { + acme_dns.file = ../../secrets/acme_dns.age; passwd.file = ../../secrets/passwd.age; wg_sugarcane.file = ../../secrets/wg_sugarcane.age; }; diff --git a/secrets.nix b/secrets.nix index a713b13..bf67798 100644 --- a/secrets.nix +++ b/secrets.nix @@ -8,7 +8,7 @@ in { "secrets/passwd.age".publicKeys = [ blossom caramel sugarcane rin ]; "secrets/wpa_conf.age".publicKeys = [ blossom caramel rin ]; - "secrets/acme_dns.age".publicKeys = [ caramel rin ]; + "secrets/acme_dns.age".publicKeys = [ caramel sugarcane rin ]; "secrets/warden_admin.age".publicKeys = [ caramel rin ]; "secrets/wg_blossom.age".publicKeys = [ blossom rin ]; "secrets/wg_caramel.age".publicKeys = [ caramel rin ]; diff --git a/secrets/acme_dns.age b/secrets/acme_dns.age index aae2a16c30dbebc861b988db329834755345eac4..79791745b02c7dd59733275da1058965cc16603f 100644 GIT binary patch delta 508 zcmbQuJe_5NYJGN5WNK-kLWaMAL9&-Yh>MqJu6}NAfuDD}iKS_>Wu~E-sgprka6p)k zM`T1*W`tormv?4rmU)S@OI~iWVYWeOrdxq&UTAPcVyR!IVUk5wMQK53nRB>VQnGP5 zm#&>cadC!jYKoDmsiCEUM}@I@a=Ai*Ux<%mibrO;Nxe^opR-G#flGRrS8lMog@1{E zMo@NCm8VH*rD1wnq-#ExetA)LMO2D~yG5o~u2D{jfuEOwXr9f&LL=04bkmDc6N^*1O2czPf(-IgJ@fst)5`s_1Kj+I!cq%DxO8=O6-p}1OFVK- z%6tMmQ%x-k!>aPqN?p^Fs-nD$d^00GN{!94-7|9Cd?U*Pi@9`eIduw6eAlHUsVr+) zc=Xej{nwXVz0q`ZnorQZ7mwx(GeofN;E~;DUi0kz_FadjPMd!)`rnj1S6c?Xs?8FU kUs|pcd?YHku=}a<-Peo1DEzZjXw-_5y{mJnZ|31J0Q(TOJ^%m! delta 383 zcmbQvGMjmVYJI4sTSQK}LW)aXgqy!fW@ve4MQUz^VR(RBRIsn1seYAtMTw((R#Zh% zrc+XJXi!i(S8179dP;!4k4tWpZ&azild)%bc%*ApT9CGfd5BkWka1MLMMh**Nk*V6 zm#&>cadC!jYKoDmsiCDpc2Q(%X`n)6zOh?Gl2L(6W_?yfnUPmTWSL)pv8S7Xi=#_r zdU%$nhiiUlPMUMMaaA%`Sx%)%u2Ds$ds?Yig;PLjszGkHWlDZZvPq<)t9N8bxKDY7 zWlmODMtCvEIvw5gqSVCVRIW0UfHHT3?A(fojI0cEuQV=QU0nsU%5;lT(?rXH3S+bU zV&B4w%rH-rsDQN8MD5DpEN>?Z_aOa{WM_B%sEAOm!p0EAA2qITm02G2^<5AuI?MBk zBk=8+5Efw`@j&05CntJF2r6%~N~_5Z&OA^YSGP3o+IjByODtc!r`9f4`rxVQKCRF5 cE?37z09Yr7_y7O^ diff --git a/secrets/passwd.age b/secrets/passwd.age index 0e7d693..e792792 100644 --- a/secrets/passwd.age +++ b/secrets/passwd.age @@ -1,14 +1,13 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg U5BvNdCURLw3Za/EFnyiwJWE+nR05pw6N/gyCCtejRg -UwW0knEEwdbsNIDF8pCIbwwf4X5hahwZ0Cx8w2+b6i0 --> ssh-ed25519 Hx37cw vO0M5kzkG7BtuNpC5+xtM663HKqj80KQ0qWh+wkSPxM -lbTCCCv+VNuGXPmpC7rzLeTlqZWqAXzc24eZ1gZShBI --> ssh-ed25519 krYeuQ DCsEUqV49Wg4BdWydxKmVQnFZrwxpFd6ZhJ1w9RyC3w -gio9eITeS3kjOW/jtm2ajmKqvBecj+rjlvAqLILuiW4 --> ssh-ed25519 CUCjXQ eGjsQfi+/Habc+KcQZRtVp2T+Vs/QK+VR6tmouxkzWw -y1aAwk8qJ4m0xmIGsQbMnT01+zawmp0B34tUX+mPkSw --> 4"nrU-grease hfIl x e)a -xyMmSA ---- ISCslqpC6CkOA7RcpPOtAC8JA68s3AhMdYdeDlJOW6M -\o$;|*,< -yC YSAuۈU2`DUw,f~S|B2;c+ձa)F$TܸrЫv^sAtdòXP \ No newline at end of file +-> ssh-ed25519 CUCjXQ ZrbLZXETJagm+HHfxYT0a8pyUngDlw6YKNG3xK5W9zQ +L8D/Hr/ir0BFnZrJKtCkfSQkX+/4OzHg0m26RzHCE9U +-> ssh-ed25519 krYeuQ 10ymP+C5ZeRwrnxtErKA9VKHuVPy8+bNHJObzX0Jp0U +OCquEuxRe3xt12IkmkP8RnY8pz9KcRKNVIQVWA52eIE +-> ssh-ed25519 Hx37cw v1nwWHdbSLdk8Wk0RF0nKBGIiANyXBxOEyU8jESA7Wc +an8NMIhDKgNhHBecOzEuXHKdcr3+aAQPXly88+791a0 +-> ssh-ed25519 U9FXlg L/9mBIcwWLDcEZWT32Oo0WzWeoRVoZN2Rah7oNt7Gio +akZ3AdYuKAEfXiNKZk3XHm4IrwSCjCPKe9yk9mfYmVI +-> +-grease Q{/ ++e/clwQ33SN111HEvsNUxjXJl0NRROAK +--- f0/c5YRQjnyZirMkYSA05W0meE1lOMXaDSh9xbwBiR4 +ͅИ_N@rċnv_y,]!nDx񯮴SXBnz~b79bȌeHA֮d!ΌOsJZ}P3W&S\w_gC" \ No newline at end of file diff --git a/secrets/warden_admin.age b/secrets/warden_admin.age index 972ef49f73da20460bb0b623b8ba3071683294b3..900de0aaaeff43fd677b33506f33a2c63ebc9379 100644 GIT binary patch delta 528 zcmbQnvWjJbYJGN5WNK-kLVi?apnhn+et2n6L~dbnWTanVa#5~-g`vA~Sw>Zwerkrh zn~{0Ce@VFsSBQC-Z&{VEVOdpjMQCzhh;eaYnTNkYewM$5t5Ld}zqeDaeqL%oXqb;L zm#&>cadC!jYKoDmsiCDpsHIy(PP&3|s%e#LMOAL1X??L%R=Q_KPGE#bnX{w2OQDHl zN|Z~bONpCjvYBH8k02kM6 z|Fn9y;Bu!z{fvNp2i-3&E z440BHE?r$+g|OTZ$6OybkErs9oWdOcFw^=_&!9;6TnlsaqGWSNwk0i%* zU#^vwFXN79Z7;2QvH9GuHrEdyr^Rlr*2_BY7H~8=`Tvtv-pp(_7Y_dJtLyc4X^QOM z-Lg%IiN`2HrRsoYZODz5z4G&CYj8;xvba4zv5DPXYJibjP*_D&Mz(Xheq~~2gsDNWxrs-x zZ*h)yReo?eS8!ofX<&&-Mv9rIvrAA;p|)9AVWmNqepIPnu5o#ybGms!Xo;n3VVH{n zm#&>cadC!jYKoDmsiCDpc2Q(%X`q5`>P-{cP{x3T-nVcV~~#sz}H5^vH-z3umLmjQpbPNUn&YNWZfDA}1GjgT&OT zOe6Q;%;a3hG?RkB?Cc_+3s!GQS-*WRX11?=%U4^XBoD4sMO5=Qe zFa4~*oMbGFkU-;%s4}C_B7@|jis0fB_tYpOi)5}{E*xI=t>sVV%ePso7MotJ z`g4MPZFc{nOJ93B9A_JcD(wz4J{R4SnJ0MaX|KWeoj2Jh?a!VxSl diff --git a/secrets/wg_blossom.age b/secrets/wg_blossom.age index 6b5df62..2d3fdad 100644 --- a/secrets/wg_blossom.age +++ b/secrets/wg_blossom.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 U9FXlg Y/Q29duiKdP+fV11ellTIMtHFyi9saczXfbcnq7iB0s -D9P8MAHlFOLR7P8Ux90CjljnhExARGnuSuw24AXOr5c --> ssh-ed25519 CUCjXQ eGpAJd5fydYBlC7o34CP7091jg4O4NsuLji1/rYtQVg -9/rgYCpe9wcCrLM7fTYI92oa+3+SAEK6ZgJNmBeOtnM --> A-grease xTj~+6%4 aF]RZn tj](JCp -5iDN8bexrr7eNqyFwBNCUefrOqAIS10KppbrdDJH1+fD0TkUifEOjcM2uV/+3tH2 -dYX5eM94zkmwxw ---- QKnJmu6ICTTfadXCKLKii03FXVTBqAFvbAZVHGzGLzE - ssh-ed25519 CUCjXQ Fp3Mrgaw4yRKvdabJJ3dNcnKXJUqRuZP4QO8f3wN3SY +IkH7jnotoXzo8HE42s2pT3MR4JckFbdBWajnsOBJZl8 +-> ssh-ed25519 U9FXlg 89PWDDxlJs2wAx0MpHQ4/nQOYBhDOW3IHbT8ZMNrW1U +5SqO0LRGbnPSaT4Wyskn+TjLROkBlXZj4CZpUdprASw +-> 7.-grease "7|kya +h1PiRYdaZsbG0yfAlNY/jSFOwcKxWi5DhZqn20c8iQ +--- Z76EcD46quTH32YiSgnqhHpDdRcZJu5Q/+jtOutFl6c +xCrwbkgcަqnբͲߒ֜d'ts֝>\nݟTo/~4|֖ \ No newline at end of file diff --git a/secrets/wg_caramel.age b/secrets/wg_caramel.age index 2a18202bcd6cea702c270ac871e992141510fdfb..57604cf7ed37f9c0761cd0ae8ab2c2a5515580c5 100644 GIT binary patch delta 422 zcmcc5e2{s9YJGN5WNK-kf<=UZb5(g}ZlJMyqOo~IRcL8uU{0!Onqgp8NU&LjiFbH* zScp%cnOm?4m${)^d3L&cpm}0>m9}3cadC!jYKoDmsiCDpsHIy(PP&3+pi_Qfo=;wYe!Wwwey~?rX_|4Uwo6EgTZCJg zOI}`SnMr<;WuAv;QdKrrq=9#_PpN64fm=wZzFC@gm}jVKL2_wPcA36*a!OuVfsbjB zv2j*%nM*RrIz!#`qSVCVR4&Vu0E4t-%ZN00|6(WOETeSOLQ9{(T$7-{tmMk<UCN~bC}$Mk^UAmc1Q*Yb4Ftf0aaXH#dcVvBSWE?r$+h4iGNOy5#x^9WPl z#Jo`F^0Z=oNAr?&SHHZXtTZRr(p+z!lJKG`{Y3M8u75vLTr*C-dm8#?otW%N#f2e< zxgB;N5O14qJ$drZx!Z!CE!VnNb^hOqkcGRgItt`-%7Rt5w=X;6G~@avY3~m9@2{?3 Rz3`_qeJ%T`!aHl{0RVqMnxy~$ delta 452 zcmX@ee4lxOYJI4sTSQK}LSA99hq0%Aj%SfeN>!$7ildojrg@Tqf22{OWv0KWL1ku+ zrMIhTNp5g5msv@PS%!OZq(!BXqhGeKmy3UZfqA8|yQ^Q4p=*k-t9y`RdS$kMcD{!z zm#&>cadC!jYKoDmsiCDpc2Q(%X`n(_T10T6iLskUL48QLNtAxLzhAngPlaKYNm03L zRep$Jh((~YZ=zd9dU`omaEPl}e!g*9T1IZVSwWhAgtvcMXp);(PElD@TCty3h)<cgJ4JJG%xM&$_g%BU0nr>!VH7Ts-P@S*Ssi8mnai`=ipS!?0}MRW9RaS)RF+7 zl+1`qGyg(;uTZYqJdbH^Z*&Y|!!|98xxiCpTlwqt>=j{)8SdQr&3Vo6@b72o&1`&U t)e_1~!qz)ISs(i~EkV)pXyfUIc^OL>EvEbyNtyUw;cw=Xg=szB8v!4lpZ@>= diff --git a/secrets/wg_sugarcane.age b/secrets/wg_sugarcane.age index 9c967393313c9e4c43911e6fbf0fedf56b3adbd9..208c84696f0e2a1e06d37c24c9301ea27821a9e9 100644 GIT binary patch delta 468 zcmX@h{GNG&YQ0B=v3YX2f`Px8k#=y9QKfTkX-cadC!jYKoDmsiCDpsHIy(PP#&odz81YvvX#JQN4v>QA$v$VPH{iy1QqTiC1QB zuwP2qSVCVRE4U!>j9eFsfaIe5%nFlI*Q$(?veMuJpG2-4!y-#}OQ%9d zPm|Kh>~Oz)gRlU%s@&`-6UU02FxLp5&@e-%U{@|(U0nt5)S!x-3T^ZBq@rvir^2F0 zBVW(Viol#w%RGz13M0>SU*Gbw&`2+fauY7!eRk>>#6pUy=Us91e;vE&Gmq>?C*F>x zX%fGh*KW=UE|aKV^<#a!r_7%d6SthqIkiM1P4R5r%JO%q_QBa5@iqJRT%Yvx-R5=k KC*>Y~RtW(7pQ+~n delta 434 zcmaFQe3p5FYJI4sTSQK}f^R@}a*2MFM^u=TS-4YyQ+ZK_Nq~M@X@)_fXNr4@e~Q0> zZ@FoHj-Q7km$|n`RkD|}XHHUXkcnSFuv3YlUv{CdYp{1(hGAq@s=leQp<7m7M7pH` zm#&>cadC!jYKoDmsiCEUM}@I@a=AjOYhsycWLl)QM}2BWWroF4aJsp#NnVnNzGJXY<`k7UQl$ZU&%l5*qRFw-oj68$7+H^0nsuGVh9Nh@Zl zirSoH1pSCr7eD)iW^L`&TR;mU^<*RDFyHIAd bSB^KX;97rXtH5mDHJ;bJ8BTnelkW}yRMwWu diff --git a/secrets/wpa_conf.age b/secrets/wpa_conf.age index 60be4dbaa21a3f34ff8a9cc41e0c90ccf1fa59b0..bec6ef19c8d7121ec9eccaa7951072b9f69cb13b 100644 GIT binary patch delta 622 zcmdna(!n}Gwca_@IV&Pi!O_emFx%I{CCj+nEZi(9$t2Sytt2TuG&DUsyD-xuIXKtN zG}$uOEi=f1%O}sLuq-*#-6_H>(KjNgtjeXx&96AEG|ke<#W5q;vcR{h(5N!dJ5)cJ zOV>`JxHv;MHO0u()X-8PyC^cXG*BV4qAJY9Ti?>pr{2IM$TvI0($mSg+&!(#qS7<3 zGT0==q&Pb=A~Pts$~BoQ$1EZz(m60&-`&_aKh@MQ(9b2!qS7!UIG`jlKg-h7-6^>+ zz$mLQ(b5Fnx=>5Eh@5nVFe9&I(^NzKLgOTT7iZU0!;~Tu|00Vrzof|eBxCn1Llajc z6Vr6ZTt`;}u8MN6vZQPye@F9lx1jP+N6!FXFQX(c_wwX0k3g4#g6xV&!w}2xumE>Y zkagZ(y6Hu!iN&c39#NT5+Ik8pj#-Yyc~-7mJ{cBXm43zf6=p zNnY9}Va0`kzD}NLW%X6Qg)X6HejX8Kg zM#jm^Tdpq@`}_FQQQ3#5`_7mi-X<5y#Ly^sh}W=JSNeU|+wDS6tMbAGAO2!0cmM2L wQeLUJd)n^3J#6c$H~DYRciS=7<)rgV?!ZV@UFKa%CFUmQPd2>QmXBNn0N&-<82|tP delta 541 zcmeBR-Oe&WwLa9+Eg~mfAt@xt**LJEEU&;Ivoa?lvP?hRv(P`$KP)uF-N-1{v&5@3 zGutiO-9I~@tH?adMcc$VHO1XHD6}xgEZo>D)g|04)!5z3-_xMf!@x7FG^N`JxHv;MHO0u()X-8PyC^cXG*F?$s3M>+FT}Xezdpy^%ObEKDcqn)U%M(PFVnp! zN83L!$iO|&FfBRP($Ip-Da5=W$vw%(&o@6MBD^FZ%~;xX;*^TQK=-`*%z#{{bZyJ< zZ0`({U=z1uu9CE{qJk*1H1m=a1GAvi!0h0Nya-p%Aj^sp=iKa|#G=d$&j8o33=e-t zkag~%dAYjjMX8C!sR}V6Nos`(I-zP2CJL3tTv_EMh1r2zy1Kdw!DY@>`hn&ZPAQoc zX~vnM9_c2<#T6bo8TC=#9(gAI&JjT_7U52=?g7DpTvGD>MR~H@w3$yVi{!ui@Ox#? ze}<#Hza9F2mu@qy5t%xxIzI