diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2024-07-30 15:22:50 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2024-07-30 15:22:50 +0200 |
commit | bf329299d3c412bdbe6d1145b0947e6950c5c548 (patch) | |
tree | ced74c587ea71ad41df5258255fae7415a4a682e | |
parent | cd3c763cadbe887d5918f91619a836227d9e3846 (diff) | |
download | nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.gz nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.bz2 nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.xz nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.zip |
...
-rw-r--r-- | .sops.yaml | 28 | ||||
-rw-r--r-- | hosts/sif/default.nix | 8 | ||||
-rw-r--r-- | hosts/sif/gkleen-rclone.yaml | 34 | ||||
-rw-r--r-- | hosts/sif/hw.nix | 76 | ||||
-rw-r--r-- | hosts/sif/mail/secrets.yaml | 34 | ||||
-rw-r--r-- | modules/yggdrasil/hosts/sif/private-keys.yaml | 34 | ||||
-rw-r--r-- | system-profiles/openssh/host-keys/sif.yaml | 34 |
7 files changed, 154 insertions, 94 deletions
diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 00000000..0dba3f40 --- /dev/null +++ b/.sops.yaml | |||
@@ -0,0 +1,28 @@ | |||
1 | keys: | ||
2 | - &admin_gkleen age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866 | ||
3 | - &machine_surtr age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq | ||
4 | - &machine_vidhar age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l | ||
5 | - &machine_sif age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne | ||
6 | |||
7 | creation_rules: | ||
8 | - path_regex: surtr[^\/]*$ | ||
9 | key_groups: | ||
10 | - age: [ *admin_gkleen, *machine_surtr ] | ||
11 | - path_regex: vidhar[^\/]*$ | ||
12 | key_groups: | ||
13 | - age: [ *admin_gkleen, *machine_vidhar ] | ||
14 | - path_regex: sif[^\/]*$ | ||
15 | key_groups: | ||
16 | - age: [ *admin_gkleen, *machine_sif ] | ||
17 | - path_regex: ^hosts/surtr/ | ||
18 | key_groups: | ||
19 | - age: [ *admin_gkleen, *machine_surtr ] | ||
20 | - path_regex: ^hosts/vidhar/ | ||
21 | key_groups: | ||
22 | - age: [ *admin_gkleen, *machine_vidhar ] | ||
23 | - path_regex: ^hosts/sif/ | ||
24 | key_groups: | ||
25 | - age: [ *admin_gkleen, *machine_sif ] | ||
26 | - path_regex: ^modules/yggdrasil/hosts/sif/ | ||
27 | key_groups: | ||
28 | - age: [ *admin_gkleen, *machine_sif ] | ||
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index 319dccd9..87c0f3bf 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
@@ -13,7 +13,7 @@ in { | |||
13 | imports = with flake.nixosModules.systemProfiles; [ | 13 | imports = with flake.nixosModules.systemProfiles; [ |
14 | ./hw.nix | 14 | ./hw.nix |
15 | 15 | ||
16 | initrd-all-crypto-modules default-locale openssh rebuild-machines | 16 | tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines |
17 | networkmanager | 17 | networkmanager |
18 | ]; | 18 | ]; |
19 | 19 | ||
@@ -35,8 +35,8 @@ in { | |||
35 | emergencyAccess = config.users.users.root.hashedPassword; | 35 | emergencyAccess = config.users.users.root.hashedPassword; |
36 | }; | 36 | }; |
37 | luks.devices = { | 37 | luks.devices = { |
38 | nvm0 = { device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; bypassWorkqueues = true; }; | 38 | nvm0 = { device = "/dev/disk/by-uuid/bef17e86-d929-4a60-97cb-6bfa133face7"; bypassWorkqueues = true; }; |
39 | nvm1 = { device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; bypassWorkqueues = true; }; | 39 | nvm1 = { device = "/dev/disk/by-uuid/2884e98d-5afd-4965-91c9-88ffb5ec58bc"; bypassWorkqueues = true; }; |
40 | }; | 40 | }; |
41 | availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; | 41 | availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; |
42 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" "dm-mod" "dm-crypt" ]; | 42 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" "dm-mod" "dm-crypt" ]; |
@@ -655,6 +655,6 @@ in { | |||
655 | in [ gtk-portal ]; | 655 | in [ gtk-portal ]; |
656 | }; | 656 | }; |
657 | 657 | ||
658 | system.stateVersion = "20.03"; | 658 | system.stateVersion = "24.11"; |
659 | }; | 659 | }; |
660 | } | 660 | } |
diff --git a/hosts/sif/gkleen-rclone.yaml b/hosts/sif/gkleen-rclone.yaml index 4bc07556..f0430f71 100644 --- a/hosts/sif/gkleen-rclone.yaml +++ b/hosts/sif/gkleen-rclone.yaml | |||
@@ -5,28 +5,26 @@ sops: | |||
5 | azure_kv: [] | 5 | azure_kv: [] |
6 | hc_vault: [] | 6 | hc_vault: [] |
7 | age: | 7 | age: |
8 | - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d | 8 | - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866 |
9 | enc: | | 9 | enc: | |
10 | -----BEGIN AGE ENCRYPTED FILE----- | 10 | -----BEGIN AGE ENCRYPTED FILE----- |
11 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhazlZcFRyY2ZxZ2dLb00v | 11 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZU1MY0JCRkdPK0JIWEs4 |
12 | SzZmM3paanI1b090NW8za1FKa3Q0bWlKeTJNCllhRGo2bDNaMkxpMHlweEZGU3FQ | 12 | MnVQYWN1cklPSFJFTkYxVm9nVFpYSjRTUENnClZZaUw0QVYxejMzM0VvYTUzMUlE |
13 | SlFIQmxqK2trWm5TRFp0SEhVRUNNWncKLS0tIHc3OGNqbHF0eFozdWp1V3IvRFJJ | 13 | N0ZVV0laeVJQV3BsUHJzVWlNM0ZZWEUKLS0tIEZvRWtEdzFwVlVMS2FxT2Z3NHRo |
14 | bzd6VTRPT1pqYVFPQ0IyblVQdWt4MUUKtp8FKeOVhZ6DTY0euegOFcmUL6bNYlml | 14 | STZZRWxURnQ1MHE2RlJVQmdiM2VlNVkKpDJSJxij/LKFGUyuy/iAmf/Gq+PhLh4V |
15 | 1DlbDUF47mAMz6HfsvpyoJmLG/uQBCXUVIpP18ignQtJJx043+vnEA== | 15 | DoowTqWMehgKz/x14HCegI6fIuI2Spwk6GVVICQvmk5Y33/kyneOiA== |
16 | -----END AGE ENCRYPTED FILE----- | ||
17 | - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne | ||
18 | enc: | | ||
19 | -----BEGIN AGE ENCRYPTED FILE----- | ||
20 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c0hoSGE4SVpwRkpBZmgv | ||
21 | SVVDODZmbkN4THNMelJucXZ3aTFrUDlmRmtZCkl3UFlROWJyd0VGakZRK3NGUEty | ||
22 | UUxjMDVZZWc4MXdKQTlKczF4N1gxYUUKLS0tIHRyczNiTzJLYTZaRFduc2RoaXhU | ||
23 | SUpCMXJDd1YwcnpuQ2hHa2Q4TlNGYjgKe3cSIERblN7XbI8mBWWSKhdLs6J8LT6t | ||
24 | 3Q2gz8LZhtEJvROOYiVjcnZG9iOLLkgsy/mI34Y0evcKZrvvsPyQ1g== | ||
16 | -----END AGE ENCRYPTED FILE----- | 25 | -----END AGE ENCRYPTED FILE----- |
17 | lastmodified: "2022-01-31T18:19:02Z" | 26 | lastmodified: "2022-01-31T18:19:02Z" |
18 | mac: ENC[AES256_GCM,data:E/XAsuv+EqFud686SHuRp6XZ4f8uoXMI2rnPI733lQg/x/zuvCoOil9AtnQpStnu9wchlbee/y53uUDzAdTiYsjBCRqqt+19iAPnRHPZ2eb82SPetIRA8leKhiJFtOpHFTmlPYHCokxVBH6qLDjaJj/1Dx7Iv9xoAB4ECYnWxTo=,iv:wY5p++ixK5KA+Xnpuj0/3YBLMr/CQwIm3Nj3DzQC4II=,tag:f+7rincFHPEJZp+QJ2iiMQ==,type:str] | 27 | mac: ENC[AES256_GCM,data:E/XAsuv+EqFud686SHuRp6XZ4f8uoXMI2rnPI733lQg/x/zuvCoOil9AtnQpStnu9wchlbee/y53uUDzAdTiYsjBCRqqt+19iAPnRHPZ2eb82SPetIRA8leKhiJFtOpHFTmlPYHCokxVBH6qLDjaJj/1Dx7Iv9xoAB4ECYnWxTo=,iv:wY5p++ixK5KA+Xnpuj0/3YBLMr/CQwIm3Nj3DzQC4II=,tag:f+7rincFHPEJZp+QJ2iiMQ==,type:str] |
19 | pgp: | 28 | pgp: [] |
20 | - created_at: "2023-01-30T10:58:04Z" | ||
21 | enc: | | ||
22 | -----BEGIN PGP MESSAGE----- | ||
23 | |||
24 | hF4DXxoViZlp6dISAQdAEEQ+ELalInEqD7WVWPyhz9C2WGOAqYZdW8wHn+i7c3cw | ||
25 | HgPkJXA0JJBawtQ+eqWtVBbmZbabVdiZ7xOAlVQWrVXa7tN7s2y4yY6KESB/5NFo | ||
26 | 0l4BvOF0KdMDkBx9rhVakSfCJ9w/3ZodD2tZ/KgttamnsYg9EwI2xDSsFowK0gUM | ||
27 | 2t7ZnDbDsQCrIR0y/qL5DwFVVKlvbDl5ZGLq5Py/ECMh5WdsEQ0dqBmeytxN44gw | ||
28 | =SxAd | ||
29 | -----END PGP MESSAGE----- | ||
30 | fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 | ||
31 | unencrypted_suffix: _unencrypted | 29 | unencrypted_suffix: _unencrypted |
32 | version: 3.7.1 | 30 | version: 3.7.1 |
diff --git a/hosts/sif/hw.nix b/hosts/sif/hw.nix index 3442a93a..bd3aa0de 100644 --- a/hosts/sif/hw.nix +++ b/hosts/sif/hw.nix | |||
@@ -1,25 +1,65 @@ | |||
1 | { config, lib, pkgs, ... }: | 1 | { config, lib, pkgs, ... }: |
2 | 2 | ||
3 | { | 3 | { |
4 | fileSystems."/" = | 4 | fileSystems = { |
5 | { device = "/dev/disk/by-uuid/f094bf06-66f9-40a8-9ab2-2b54d05223d2"; | 5 | "/boot" = |
6 | fsType = "btrfs"; | 6 | { device = "LABEL=boot"; |
7 | }; | 7 | fsType = "vfat"; |
8 | options = [ "fmask=0022" "dmask=0022" ]; | ||
9 | }; | ||
10 | "/.bcachefs" = | ||
11 | { device = "LABEL=sif"; | ||
12 | fsType = "bcachefs"; | ||
13 | neededForBoot = true; | ||
14 | }; | ||
15 | "/nix" = | ||
16 | { device = "/.bcachefs/nix"; | ||
17 | fsType = "none"; | ||
18 | options = [ "bind" ]; | ||
19 | }; | ||
20 | "/root" = | ||
21 | { device = "/.bcachefs/root"; | ||
22 | fsType = "none"; | ||
23 | options = [ "bind" ]; | ||
24 | }; | ||
25 | "/var/log" = | ||
26 | { device = "/.bcachefs/var/log"; | ||
27 | fsType = "none"; | ||
28 | options = [ "bind" ]; | ||
29 | }; | ||
30 | "/var/lib/sops-nix" = | ||
31 | { device = "/.bcachefs/var/lib/sops-nix"; | ||
32 | fsType = "none"; | ||
33 | options = [ "bind" ]; | ||
34 | neededForBoot = true; | ||
35 | }; | ||
36 | "/var/lib/nixos" = | ||
37 | { device = "/.bcachefs/var/lib/nixos"; | ||
38 | fsType = "none"; | ||
39 | options = [ "bind" ]; | ||
40 | neededForBoot = true; | ||
41 | }; | ||
42 | "/var/lib/chrony" = | ||
43 | { device = "/.bcachefs/var/lib/chrony"; | ||
44 | fsType = "none"; | ||
45 | options = [ "bind" ]; | ||
46 | }; | ||
47 | "/var/lib/systemd" = | ||
48 | { device = "/.bcachefs/var/lib/systemd"; | ||
49 | fsType = "none"; | ||
50 | options = [ "bind" ]; | ||
51 | neededForBoot = true; | ||
52 | }; | ||
53 | "/home" = | ||
54 | { device = "/.bcachefs/home"; | ||
55 | fsType = "none"; | ||
56 | options = [ "bind" ]; | ||
57 | }; | ||
58 | }; | ||
8 | 59 | ||
9 | fileSystems."/boot" = | 60 | swapDevices = [ |
10 | { device = "/dev/disk/by-uuid/B3A2-D029"; | 61 | { device = "LABEL=swap"; } |
11 | fsType = "vfat"; | 62 | ]; |
12 | }; | ||
13 | |||
14 | fileSystems."/home" = | ||
15 | { device = "/dev/disk/by-uuid/9e932072-3c56-4a9c-8da7-3163d2a8bf28"; | ||
16 | fsType = "btrfs"; | ||
17 | }; | ||
18 | |||
19 | fileSystems."/var/media" = | ||
20 | { device = "/dev/disk/by-uuid/437eca70-d017-4d52-a1fa-2f4c7a87f096"; | ||
21 | fsType = "btrfs"; | ||
22 | }; | ||
23 | 63 | ||
24 | nix.settings.max-jobs = 12; | 64 | nix.settings.max-jobs = 12; |
25 | # High-DPI console | 65 | # High-DPI console |
diff --git a/hosts/sif/mail/secrets.yaml b/hosts/sif/mail/secrets.yaml index 5ac36cc6..3c74b710 100644 --- a/hosts/sif/mail/secrets.yaml +++ b/hosts/sif/mail/secrets.yaml | |||
@@ -5,28 +5,26 @@ sops: | |||
5 | azure_kv: [] | 5 | azure_kv: [] |
6 | hc_vault: [] | 6 | hc_vault: [] |
7 | age: | 7 | age: |
8 | - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d | 8 | - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866 |
9 | enc: | | 9 | enc: | |
10 | -----BEGIN AGE ENCRYPTED FILE----- | 10 | -----BEGIN AGE ENCRYPTED FILE----- |
11 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEYkM2VWRIZzZCQUVYeThv | 11 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MVYrR1ZrUXVhYVIvdTdS |
12 | eWhHZE5GVFVOSUtLcDBXQmhtdFhuTThBdTF3ClNVcDl3SUdRMGJXOENyNWdSb21z | 12 | OUxoOGhRZ3p2dFhCYkxta1REYy9FWTFEZVNJCjhpQ0VMcWdkWWQ1blZyVVpGWk81 |
13 | OXY1QUNwUjRrbU00b2hHS3pJM3diTFkKLS0tIEFxV2JSbWphdEEzbE8xbkd2cXBz | 13 | UVBTZzNKSis2ZVVNdFA4TldvL05oMWcKLS0tIEl0TU8xQUhkTk83dDhzYU5aeCtR |
14 | dEhFSDVKbFJJZWRPY3o2am94ZURJL2cKwJkjD9jarS3zdcNBVpx3cIjh8XmXCL+C | 14 | OVcrdFRaeGxZL2kxT3VzUnBtWEI1Y1UK8LwKTus25P/nQrMJG5MOuR/lD2PCgeLC |
15 | AN1T7DQjzQpD65Mdbj9QqXx1p0HmjO/sqr1yNQopub8oQneLbtx8Gg== | 15 | WYBIbFusX//mwr1nymyWnHXkfXf8uHzpc6rJGFoa+TuOVU3elYB/Pg== |
16 | -----END AGE ENCRYPTED FILE----- | ||
17 | - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne | ||
18 | enc: | | ||
19 | -----BEGIN AGE ENCRYPTED FILE----- | ||
20 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcUs2OGp6WWN5cm9IVDdx | ||
21 | TFRpZTJXQjBXeGp3RytPaFdjR3UyVURnYmhZCnh3SDNYR0J1US9vcEhTbmJCNm5r | ||
22 | emJReml2QTNkTC93M0lpYlpNbTc4TGsKLS0tIGZ4YkE4STQ2dmh4akJVcnZOUVhT | ||
23 | MTNrOGxqZmFWSnl0U3lVTnllbEFTN28KKv/W6tk2YlNQV8fotfjSLg1HOs6OdMj4 | ||
24 | GkZ30jQYfwmFYEA8YPn9JXbVNpprXd0d6ufLl/tAQckT6lsqGhwzeg== | ||
16 | -----END AGE ENCRYPTED FILE----- | 25 | -----END AGE ENCRYPTED FILE----- |
17 | lastmodified: "2022-02-02T14:45:23Z" | 26 | lastmodified: "2022-02-02T14:45:23Z" |
18 | mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str] | 27 | mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str] |
19 | pgp: | 28 | pgp: [] |
20 | - created_at: "2023-01-30T10:58:14Z" | ||
21 | enc: | | ||
22 | -----BEGIN PGP MESSAGE----- | ||
23 | |||
24 | hF4DXxoViZlp6dISAQdAYwW96YVgfK1Y3Ue1EA3qbE3zw4k4gdTnzWeBB2Ljux4w | ||
25 | urG4pwe47rkuq3e1TMdZxxDeZe0OvLwaZBVfD+eFVUrnLYbkrm4shvrq+6xv70Zm | ||
26 | 0l4BvG9W6VvUXNyKR0Bl65K/hqm8A7GOBPfB35npsY+1ufeJJYdmxX6n7dL94SX5 | ||
27 | he4m9JRuiyPrRxomudU5nrWLQwKQk8WtavExfVq6zIlnkhlGerKbxDVEIsFaDleT | ||
28 | =7IFo | ||
29 | -----END PGP MESSAGE----- | ||
30 | fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 | ||
31 | unencrypted_suffix: _unencrypted | 29 | unencrypted_suffix: _unencrypted |
32 | version: 3.7.1 | 30 | version: 3.7.1 |
diff --git a/modules/yggdrasil/hosts/sif/private-keys.yaml b/modules/yggdrasil/hosts/sif/private-keys.yaml index d48eaba3..0c4274d1 100644 --- a/modules/yggdrasil/hosts/sif/private-keys.yaml +++ b/modules/yggdrasil/hosts/sif/private-keys.yaml | |||
@@ -6,28 +6,26 @@ sops: | |||
6 | azure_kv: [] | 6 | azure_kv: [] |
7 | hc_vault: [] | 7 | hc_vault: [] |
8 | age: | 8 | age: |
9 | - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d | 9 | - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866 |
10 | enc: | | 10 | enc: | |
11 | -----BEGIN AGE ENCRYPTED FILE----- | 11 | -----BEGIN AGE ENCRYPTED FILE----- |
12 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscEJ6K01KUDdNd1lTUSs3 | 12 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiTjludkxXUm5OREx4Zndk |
13 | T3FKcS9ZQ1g1UHRSeDBqbWJkYm40dVVPSVN3CjNIY2JHL2lrcXY4TnB2Ky9tcUZl | 13 | czI0VmMxUE5kOHVKQ1lTL1RvQXlIQ3FhWFRVCmVXbmFqNTBDNy94RDJtakQra0lh |
14 | emRiMWUrSFgwK0FLUHpKelhvaG1jRzgKLS0tIExaeVV3OTBJVm5WL09hMnV4OHU4 | 14 | a2JrZlBxWFNVVFh6WFU3bjBwaFVIa1kKLS0tIFNObGZvVmpuQlU4SFBjZk45dlJM |
15 | ZkszeE0vMlo3WUpJNmxkNTl5YW55VEEKA+so8j95RSMcjx6yUrTmrovPBFAXiV75 | 15 | d3VHVVZsVGlBd2craGNVbHdoeUpyVFEK/Tj9QVqAOWmAJv/PESvIOnnIbZkKof6E |
16 | FnAME65A9Mry+OyOwFPDhC7lvMY11Gw71H01Mo2vXbR96eCBS7K0og== | 16 | HHaEYANQTp5kLyWaz4rfJiiQOP2bL5hDr1XV61mf6y9W8m9w4IynHg== |
17 | -----END AGE ENCRYPTED FILE----- | ||
18 | - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne | ||
19 | enc: | | ||
20 | -----BEGIN AGE ENCRYPTED FILE----- | ||
21 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6L2lSdUUvSE1iUTEvdkxm | ||
22 | Nm4vV3MySWlTdldMZEw2dEhtSlZCb0wvL0VBCnJxY2dNUlJhcktQNVVOdHhPemJF | ||
23 | ZUJ3NUR0ZTRZdFkwMmExR2gwOHFlMTQKLS0tIHhLbkZQalBuNm5mRHBVQ1NNbGM4 | ||
24 | YUNsNE8vbnk0RnpRbHB5azM2NmdmKzAKwUVFQHvBvGjc/mGI9lhkW86ovUVvUxok | ||
25 | O6QelapJHGP2gQ3aZBk8eFJJs7Ve+q1yiQUbO34BFFdIfRyiObmbKw== | ||
17 | -----END AGE ENCRYPTED FILE----- | 26 | -----END AGE ENCRYPTED FILE----- |
18 | lastmodified: "2021-01-02T14:46:16Z" | 27 | lastmodified: "2021-01-02T14:46:16Z" |
19 | mac: ENC[AES256_GCM,data:Phng7z7UlE6nO3FFIQPOHgKCqDm2uOGL57ryJbokjipSSdoWPinpz0zIJv9Z67b9uOf3CQoGtV4YwcudNkzDBKOyD8uA6RYwCKpbYcZIdiy8DLL46+VT/wq9toTkeDXM6jKupzzOARZhHT8DCOLqW7u8Q3S645cbTJmw0+LMIGk=,iv:y4KEh0+bKhtnSobKVdfaPuRsueNC1lcrEbUGfEAn+Bg=,tag:3Oi4e/hSgPVsoFQpnVQj+g==,type:str] | 28 | mac: ENC[AES256_GCM,data:Phng7z7UlE6nO3FFIQPOHgKCqDm2uOGL57ryJbokjipSSdoWPinpz0zIJv9Z67b9uOf3CQoGtV4YwcudNkzDBKOyD8uA6RYwCKpbYcZIdiy8DLL46+VT/wq9toTkeDXM6jKupzzOARZhHT8DCOLqW7u8Q3S645cbTJmw0+LMIGk=,iv:y4KEh0+bKhtnSobKVdfaPuRsueNC1lcrEbUGfEAn+Bg=,tag:3Oi4e/hSgPVsoFQpnVQj+g==,type:str] |
20 | pgp: | 29 | pgp: [] |
21 | - created_at: "2023-01-30T10:58:15Z" | ||
22 | enc: | | ||
23 | -----BEGIN PGP MESSAGE----- | ||
24 | |||
25 | hF4DXxoViZlp6dISAQdAtt8EY8x8Ue/kqTgv49k+1RhZ3U3MJ9i8UzUmwpaq0mIw | ||
26 | zHXj+7l+QuHHuI1SGraQ7GwWYbOK/BGhY6GgsjKGNPOBe0tVxjqIu9d6l2VnvI4D | ||
27 | 0l4BfCR6ClScDi4Me1+rGaZz5NVLZZKeXKIXmPXWixjk0YXJEtVCfcp5oQHIpd/F | ||
28 | i1JniOvH9lEMjNkM3BuwNlG+5bVVlx2vzOqm/U6nUqMRw/KtyIBMpr3olq3rQjwp | ||
29 | =ZA3T | ||
30 | -----END PGP MESSAGE----- | ||
31 | fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 | ||
32 | unencrypted_suffix: _unencrypted | 30 | unencrypted_suffix: _unencrypted |
33 | version: 3.6.1 | 31 | version: 3.6.1 |
diff --git a/system-profiles/openssh/host-keys/sif.yaml b/system-profiles/openssh/host-keys/sif.yaml index bc66c1a2..ca904535 100644 --- a/system-profiles/openssh/host-keys/sif.yaml +++ b/system-profiles/openssh/host-keys/sif.yaml | |||
@@ -6,28 +6,26 @@ sops: | |||
6 | azure_kv: [] | 6 | azure_kv: [] |
7 | hc_vault: [] | 7 | hc_vault: [] |
8 | age: | 8 | age: |
9 | - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d | 9 | - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866 |
10 | enc: | | 10 | enc: | |
11 | -----BEGIN AGE ENCRYPTED FILE----- | 11 | -----BEGIN AGE ENCRYPTED FILE----- |
12 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMzdPNTFsSmJtVzIrV2c3 | 12 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLL1N1YlVlaTRLblhNS2ZN |
13 | aG9HbVo0Y0F2ZkRaclhuTlR1b0prVnVpSDNzCkxweHkwYnVaVnFLQWJkVmw2cExD | 13 | TW5VTHhBTHVHN3RMWjFYQzhmRTNneVU1THhzCmlaWlhMTzNGVENsdG03TzVHM0s1 |
14 | VEh2TU9NUzJkRzBlQnpUR09sUkY1RHMKLS0tIDhsWkh3OXRrY3JDaXR5b2ZzWWhN | 14 | K1lEcFBQZm8zTW9uelppRXd6dEJvZFkKLS0tIGVSem1nd1Y0VHdRWUc1UVEyZHc5 |
15 | MWVzNlBTa0xkZDZrMWdsU0lvemVRb0kKbTUwFHMXZqbVdKqBWSa0B81ymVGqS7G3 | 15 | UEVlc3BKVTFlbkhMZ2doZzhSOGNVZk0K+xn79UxArLoDo9+Ek0Hi/mUJf974OIIZ |
16 | ZhchZZpZdQcKMQ/I/rkvJqFstuOuEHYvUWeKz04zL3W2BuMp/TwOXQ== | 16 | g/hDK+e8ZtKyIhXYmH0CXYzZNpwhf2qegYoj7gZLOL2IIWxGdfytgg== |
17 | -----END AGE ENCRYPTED FILE----- | ||
18 | - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne | ||
19 | enc: | | ||
20 | -----BEGIN AGE ENCRYPTED FILE----- | ||
21 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBWDFNWEpUV1cxbjlpOHBG | ||
22 | L010cW5tNXcrYXpoNUpYb1VuSFo5L2g2eVVVCkJCWFVtMW1zMlAvbEdXYVZoSnFF | ||
23 | dG1ucmgwdGtNVm1SL0ZJTUNUdWFXSVEKLS0tIER6bFRMK2lxZ0JRc1p1T09xOTVv | ||
24 | c2NKR0dyOGNpUUtTYlArd3hUbHk4T28KxHufhcZOHj94zoQANPvbYrprCSFZ9crx | ||
25 | IMA8NSi2i9evmxjaZwYQBJGMbmwgLmBTssY8sRl1vj17WqnwImyajA== | ||
17 | -----END AGE ENCRYPTED FILE----- | 26 | -----END AGE ENCRYPTED FILE----- |
18 | lastmodified: "2021-01-02T19:05:26Z" | 27 | lastmodified: "2021-01-02T19:05:26Z" |
19 | mac: ENC[AES256_GCM,data:yJGzs0W0R+b6WPkUaQc9cxeTBBEXot0ffUAG77Of88kREFsD5ams9qEDCs8LhPhMtLSH5L8bqMLF28n2w6d9gf41NDBl/oj+XTJE26c4D+MWF2A0fqTvwv1l3524TfavVU8iur0bCbytNfcHSZ3zCQAYElswOGupO+K0Y3hwKKI=,iv:jHSgQV6Jg2Yckp8G0Z23Ny74ZQxZ/+C/neXKrEWUVak=,tag:DhOr2cVhIq8i4JAO+fdXxA==,type:str] | 28 | mac: ENC[AES256_GCM,data:yJGzs0W0R+b6WPkUaQc9cxeTBBEXot0ffUAG77Of88kREFsD5ams9qEDCs8LhPhMtLSH5L8bqMLF28n2w6d9gf41NDBl/oj+XTJE26c4D+MWF2A0fqTvwv1l3524TfavVU8iur0bCbytNfcHSZ3zCQAYElswOGupO+K0Y3hwKKI=,iv:jHSgQV6Jg2Yckp8G0Z23Ny74ZQxZ/+C/neXKrEWUVak=,tag:DhOr2cVhIq8i4JAO+fdXxA==,type:str] |
20 | pgp: | 29 | pgp: [] |
21 | - created_at: "2023-01-30T10:57:39Z" | ||
22 | enc: | | ||
23 | -----BEGIN PGP MESSAGE----- | ||
24 | |||
25 | hF4DXxoViZlp6dISAQdANv2DNGghv2Kh8xkNTxD7zLoo9CA0wg3QKJ6MHIFfDyMw | ||
26 | v6VzYeLDETRzJnqbmNrUD4iumJJfLUsbiBdCFNYsuiGgwrzRKLRyFYZ/vU6WGetm | ||
27 | 0l4BK8qWw4Te7oRdHymqckpf9G6elyM+5z7ZDVqcFp8frmKJexP3e95UJU4I0rOj | ||
28 | MM6S/XcDsMVdxDo9hliZ1t6aTiBizqpBCK+YK6SrQ+OuoS5PSpSqfq2w5sLIDGiJ | ||
29 | =cLdo | ||
30 | -----END PGP MESSAGE----- | ||
31 | fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 | ||
32 | unencrypted_suffix: _unencrypted | 30 | unencrypted_suffix: _unencrypted |
33 | version: 3.6.1 | 31 | version: 3.6.1 |