summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2024-07-30 15:22:50 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2024-07-30 15:22:50 +0200
commitbf329299d3c412bdbe6d1145b0947e6950c5c548 (patch)
treeced74c587ea71ad41df5258255fae7415a4a682e
parentcd3c763cadbe887d5918f91619a836227d9e3846 (diff)
downloadnixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar
nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.gz
nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.bz2
nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.tar.xz
nixos-bf329299d3c412bdbe6d1145b0947e6950c5c548.zip
...
-rw-r--r--.sops.yaml28
-rw-r--r--hosts/sif/default.nix8
-rw-r--r--hosts/sif/gkleen-rclone.yaml34
-rw-r--r--hosts/sif/hw.nix76
-rw-r--r--hosts/sif/mail/secrets.yaml34
-rw-r--r--modules/yggdrasil/hosts/sif/private-keys.yaml34
-rw-r--r--system-profiles/openssh/host-keys/sif.yaml34
7 files changed, 154 insertions, 94 deletions
diff --git a/.sops.yaml b/.sops.yaml
new file mode 100644
index 00000000..0dba3f40
--- /dev/null
+++ b/.sops.yaml
@@ -0,0 +1,28 @@
1keys:
2 - &admin_gkleen age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866
3 - &machine_surtr age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq
4 - &machine_vidhar age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l
5 - &machine_sif age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne
6
7creation_rules:
8 - path_regex: surtr[^\/]*$
9 key_groups:
10 - age: [ *admin_gkleen, *machine_surtr ]
11 - path_regex: vidhar[^\/]*$
12 key_groups:
13 - age: [ *admin_gkleen, *machine_vidhar ]
14 - path_regex: sif[^\/]*$
15 key_groups:
16 - age: [ *admin_gkleen, *machine_sif ]
17 - path_regex: ^hosts/surtr/
18 key_groups:
19 - age: [ *admin_gkleen, *machine_surtr ]
20 - path_regex: ^hosts/vidhar/
21 key_groups:
22 - age: [ *admin_gkleen, *machine_vidhar ]
23 - path_regex: ^hosts/sif/
24 key_groups:
25 - age: [ *admin_gkleen, *machine_sif ]
26 - path_regex: ^modules/yggdrasil/hosts/sif/
27 key_groups:
28 - age: [ *admin_gkleen, *machine_sif ]
diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix
index 319dccd9..87c0f3bf 100644
--- a/hosts/sif/default.nix
+++ b/hosts/sif/default.nix
@@ -13,7 +13,7 @@ in {
13 imports = with flake.nixosModules.systemProfiles; [ 13 imports = with flake.nixosModules.systemProfiles; [
14 ./hw.nix 14 ./hw.nix
15 ./mail 15 ./mail
16 initrd-all-crypto-modules default-locale openssh rebuild-machines 16 tmpfs-root bcachefs initrd-all-crypto-modules default-locale openssh rebuild-machines
17 networkmanager 17 networkmanager
18 ]; 18 ];
19 19
@@ -35,8 +35,8 @@ in {
35 emergencyAccess = config.users.users.root.hashedPassword; 35 emergencyAccess = config.users.users.root.hashedPassword;
36 }; 36 };
37 luks.devices = { 37 luks.devices = {
38 nvm0 = { device = "/dev/disk/by-uuid/fe641e81-0812-4181-a5f6-382ebba509bb"; bypassWorkqueues = true; }; 38 nvm0 = { device = "/dev/disk/by-uuid/bef17e86-d929-4a60-97cb-6bfa133face7"; bypassWorkqueues = true; };
39 nvm1 = { device = "/dev/disk/by-uuid/43df1ba8-1728-4193-8855-920a82d4494a"; bypassWorkqueues = true; }; 39 nvm1 = { device = "/dev/disk/by-uuid/2884e98d-5afd-4965-91c9-88ffb5ec58bc"; bypassWorkqueues = true; };
40 }; 40 };
41 availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ]; 41 availableKernelModules = [ "drbg" "nvme" "xhci_pci" "usb_storage" "sd_mod" "sr_mod" "rtsx_pci_sdmmc" ];
42 kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" "dm-mod" "dm-crypt" ]; 42 kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" "dm-mod" "dm-crypt" ];
@@ -655,6 +655,6 @@ in {
655 in [ gtk-portal ]; 655 in [ gtk-portal ];
656 }; 656 };
657 657
658 system.stateVersion = "20.03"; 658 system.stateVersion = "24.11";
659 }; 659 };
660} 660}
diff --git a/hosts/sif/gkleen-rclone.yaml b/hosts/sif/gkleen-rclone.yaml
index 4bc07556..f0430f71 100644
--- a/hosts/sif/gkleen-rclone.yaml
+++ b/hosts/sif/gkleen-rclone.yaml
@@ -5,28 +5,26 @@ sops:
5 azure_kv: [] 5 azure_kv: []
6 hc_vault: [] 6 hc_vault: []
7 age: 7 age:
8 - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d 8 - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866
9 enc: | 9 enc: |
10 -----BEGIN AGE ENCRYPTED FILE----- 10 -----BEGIN AGE ENCRYPTED FILE-----
11 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhazlZcFRyY2ZxZ2dLb00v 11 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZU1MY0JCRkdPK0JIWEs4
12 SzZmM3paanI1b090NW8za1FKa3Q0bWlKeTJNCllhRGo2bDNaMkxpMHlweEZGU3FQ 12 MnVQYWN1cklPSFJFTkYxVm9nVFpYSjRTUENnClZZaUw0QVYxejMzM0VvYTUzMUlE
13 SlFIQmxqK2trWm5TRFp0SEhVRUNNWncKLS0tIHc3OGNqbHF0eFozdWp1V3IvRFJJ 13 N0ZVV0laeVJQV3BsUHJzVWlNM0ZZWEUKLS0tIEZvRWtEdzFwVlVMS2FxT2Z3NHRo
14 bzd6VTRPT1pqYVFPQ0IyblVQdWt4MUUKtp8FKeOVhZ6DTY0euegOFcmUL6bNYlml 14 STZZRWxURnQ1MHE2RlJVQmdiM2VlNVkKpDJSJxij/LKFGUyuy/iAmf/Gq+PhLh4V
15 1DlbDUF47mAMz6HfsvpyoJmLG/uQBCXUVIpP18ignQtJJx043+vnEA== 15 DoowTqWMehgKz/x14HCegI6fIuI2Spwk6GVVICQvmk5Y33/kyneOiA==
16 -----END AGE ENCRYPTED FILE-----
17 - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne
18 enc: |
19 -----BEGIN AGE ENCRYPTED FILE-----
20 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4c0hoSGE4SVpwRkpBZmgv
21 SVVDODZmbkN4THNMelJucXZ3aTFrUDlmRmtZCkl3UFlROWJyd0VGakZRK3NGUEty
22 UUxjMDVZZWc4MXdKQTlKczF4N1gxYUUKLS0tIHRyczNiTzJLYTZaRFduc2RoaXhU
23 SUpCMXJDd1YwcnpuQ2hHa2Q4TlNGYjgKe3cSIERblN7XbI8mBWWSKhdLs6J8LT6t
24 3Q2gz8LZhtEJvROOYiVjcnZG9iOLLkgsy/mI34Y0evcKZrvvsPyQ1g==
16 -----END AGE ENCRYPTED FILE----- 25 -----END AGE ENCRYPTED FILE-----
17 lastmodified: "2022-01-31T18:19:02Z" 26 lastmodified: "2022-01-31T18:19:02Z"
18 mac: ENC[AES256_GCM,data:E/XAsuv+EqFud686SHuRp6XZ4f8uoXMI2rnPI733lQg/x/zuvCoOil9AtnQpStnu9wchlbee/y53uUDzAdTiYsjBCRqqt+19iAPnRHPZ2eb82SPetIRA8leKhiJFtOpHFTmlPYHCokxVBH6qLDjaJj/1Dx7Iv9xoAB4ECYnWxTo=,iv:wY5p++ixK5KA+Xnpuj0/3YBLMr/CQwIm3Nj3DzQC4II=,tag:f+7rincFHPEJZp+QJ2iiMQ==,type:str] 27 mac: ENC[AES256_GCM,data:E/XAsuv+EqFud686SHuRp6XZ4f8uoXMI2rnPI733lQg/x/zuvCoOil9AtnQpStnu9wchlbee/y53uUDzAdTiYsjBCRqqt+19iAPnRHPZ2eb82SPetIRA8leKhiJFtOpHFTmlPYHCokxVBH6qLDjaJj/1Dx7Iv9xoAB4ECYnWxTo=,iv:wY5p++ixK5KA+Xnpuj0/3YBLMr/CQwIm3Nj3DzQC4II=,tag:f+7rincFHPEJZp+QJ2iiMQ==,type:str]
19 pgp: 28 pgp: []
20 - created_at: "2023-01-30T10:58:04Z"
21 enc: |
22 -----BEGIN PGP MESSAGE-----
23
24 hF4DXxoViZlp6dISAQdAEEQ+ELalInEqD7WVWPyhz9C2WGOAqYZdW8wHn+i7c3cw
25 HgPkJXA0JJBawtQ+eqWtVBbmZbabVdiZ7xOAlVQWrVXa7tN7s2y4yY6KESB/5NFo
26 0l4BvOF0KdMDkBx9rhVakSfCJ9w/3ZodD2tZ/KgttamnsYg9EwI2xDSsFowK0gUM
27 2t7ZnDbDsQCrIR0y/qL5DwFVVKlvbDl5ZGLq5Py/ECMh5WdsEQ0dqBmeytxN44gw
28 =SxAd
29 -----END PGP MESSAGE-----
30 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
31 unencrypted_suffix: _unencrypted 29 unencrypted_suffix: _unencrypted
32 version: 3.7.1 30 version: 3.7.1
diff --git a/hosts/sif/hw.nix b/hosts/sif/hw.nix
index 3442a93a..bd3aa0de 100644
--- a/hosts/sif/hw.nix
+++ b/hosts/sif/hw.nix
@@ -1,25 +1,65 @@
1{ config, lib, pkgs, ... }: 1{ config, lib, pkgs, ... }:
2 2
3{ 3{
4 fileSystems."/" = 4 fileSystems = {
5 { device = "/dev/disk/by-uuid/f094bf06-66f9-40a8-9ab2-2b54d05223d2"; 5 "/boot" =
6 fsType = "btrfs"; 6 { device = "LABEL=boot";
7 }; 7 fsType = "vfat";
8 options = [ "fmask=0022" "dmask=0022" ];
9 };
10 "/.bcachefs" =
11 { device = "LABEL=sif";
12 fsType = "bcachefs";
13 neededForBoot = true;
14 };
15 "/nix" =
16 { device = "/.bcachefs/nix";
17 fsType = "none";
18 options = [ "bind" ];
19 };
20 "/root" =
21 { device = "/.bcachefs/root";
22 fsType = "none";
23 options = [ "bind" ];
24 };
25 "/var/log" =
26 { device = "/.bcachefs/var/log";
27 fsType = "none";
28 options = [ "bind" ];
29 };
30 "/var/lib/sops-nix" =
31 { device = "/.bcachefs/var/lib/sops-nix";
32 fsType = "none";
33 options = [ "bind" ];
34 neededForBoot = true;
35 };
36 "/var/lib/nixos" =
37 { device = "/.bcachefs/var/lib/nixos";
38 fsType = "none";
39 options = [ "bind" ];
40 neededForBoot = true;
41 };
42 "/var/lib/chrony" =
43 { device = "/.bcachefs/var/lib/chrony";
44 fsType = "none";
45 options = [ "bind" ];
46 };
47 "/var/lib/systemd" =
48 { device = "/.bcachefs/var/lib/systemd";
49 fsType = "none";
50 options = [ "bind" ];
51 neededForBoot = true;
52 };
53 "/home" =
54 { device = "/.bcachefs/home";
55 fsType = "none";
56 options = [ "bind" ];
57 };
58 };
8 59
9 fileSystems."/boot" = 60 swapDevices = [
10 { device = "/dev/disk/by-uuid/B3A2-D029"; 61 { device = "LABEL=swap"; }
11 fsType = "vfat"; 62 ];
12 };
13
14 fileSystems."/home" =
15 { device = "/dev/disk/by-uuid/9e932072-3c56-4a9c-8da7-3163d2a8bf28";
16 fsType = "btrfs";
17 };
18
19 fileSystems."/var/media" =
20 { device = "/dev/disk/by-uuid/437eca70-d017-4d52-a1fa-2f4c7a87f096";
21 fsType = "btrfs";
22 };
23 63
24 nix.settings.max-jobs = 12; 64 nix.settings.max-jobs = 12;
25 # High-DPI console 65 # High-DPI console
diff --git a/hosts/sif/mail/secrets.yaml b/hosts/sif/mail/secrets.yaml
index 5ac36cc6..3c74b710 100644
--- a/hosts/sif/mail/secrets.yaml
+++ b/hosts/sif/mail/secrets.yaml
@@ -5,28 +5,26 @@ sops:
5 azure_kv: [] 5 azure_kv: []
6 hc_vault: [] 6 hc_vault: []
7 age: 7 age:
8 - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d 8 - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866
9 enc: | 9 enc: |
10 -----BEGIN AGE ENCRYPTED FILE----- 10 -----BEGIN AGE ENCRYPTED FILE-----
11 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEYkM2VWRIZzZCQUVYeThv 11 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MVYrR1ZrUXVhYVIvdTdS
12 eWhHZE5GVFVOSUtLcDBXQmhtdFhuTThBdTF3ClNVcDl3SUdRMGJXOENyNWdSb21z 12 OUxoOGhRZ3p2dFhCYkxta1REYy9FWTFEZVNJCjhpQ0VMcWdkWWQ1blZyVVpGWk81
13 OXY1QUNwUjRrbU00b2hHS3pJM3diTFkKLS0tIEFxV2JSbWphdEEzbE8xbkd2cXBz 13 UVBTZzNKSis2ZVVNdFA4TldvL05oMWcKLS0tIEl0TU8xQUhkTk83dDhzYU5aeCtR
14 dEhFSDVKbFJJZWRPY3o2am94ZURJL2cKwJkjD9jarS3zdcNBVpx3cIjh8XmXCL+C 14 OVcrdFRaeGxZL2kxT3VzUnBtWEI1Y1UK8LwKTus25P/nQrMJG5MOuR/lD2PCgeLC
15 AN1T7DQjzQpD65Mdbj9QqXx1p0HmjO/sqr1yNQopub8oQneLbtx8Gg== 15 WYBIbFusX//mwr1nymyWnHXkfXf8uHzpc6rJGFoa+TuOVU3elYB/Pg==
16 -----END AGE ENCRYPTED FILE-----
17 - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne
18 enc: |
19 -----BEGIN AGE ENCRYPTED FILE-----
20 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQcUs2OGp6WWN5cm9IVDdx
21 TFRpZTJXQjBXeGp3RytPaFdjR3UyVURnYmhZCnh3SDNYR0J1US9vcEhTbmJCNm5r
22 emJReml2QTNkTC93M0lpYlpNbTc4TGsKLS0tIGZ4YkE4STQ2dmh4akJVcnZOUVhT
23 MTNrOGxqZmFWSnl0U3lVTnllbEFTN28KKv/W6tk2YlNQV8fotfjSLg1HOs6OdMj4
24 GkZ30jQYfwmFYEA8YPn9JXbVNpprXd0d6ufLl/tAQckT6lsqGhwzeg==
16 -----END AGE ENCRYPTED FILE----- 25 -----END AGE ENCRYPTED FILE-----
17 lastmodified: "2022-02-02T14:45:23Z" 26 lastmodified: "2022-02-02T14:45:23Z"
18 mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str] 27 mac: ENC[AES256_GCM,data:UdM/VmdfqhYm1aFCHaO0mbJA/oyV/J2oKVVmGDa0Co3MWq9aWMqP726O+rLk36W0HOG4fmue//R1Q524au2hMW9bZUFzrubfQt2V78tZRZeHCJSRmOmi1D1EDdfPz9J3oWDvIEgIIsAk5H5EuuH0j6FILye6tzcomNGDAKZbwuc=,iv:a7dJAqkcroLp01gkGKV5gm6gTIIMa/9P8qJn44ISrw0=,tag:R9/6X6mgfVSLK7bmoWRnfQ==,type:str]
19 pgp: 28 pgp: []
20 - created_at: "2023-01-30T10:58:14Z"
21 enc: |
22 -----BEGIN PGP MESSAGE-----
23
24 hF4DXxoViZlp6dISAQdAYwW96YVgfK1Y3Ue1EA3qbE3zw4k4gdTnzWeBB2Ljux4w
25 urG4pwe47rkuq3e1TMdZxxDeZe0OvLwaZBVfD+eFVUrnLYbkrm4shvrq+6xv70Zm
26 0l4BvG9W6VvUXNyKR0Bl65K/hqm8A7GOBPfB35npsY+1ufeJJYdmxX6n7dL94SX5
27 he4m9JRuiyPrRxomudU5nrWLQwKQk8WtavExfVq6zIlnkhlGerKbxDVEIsFaDleT
28 =7IFo
29 -----END PGP MESSAGE-----
30 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
31 unencrypted_suffix: _unencrypted 29 unencrypted_suffix: _unencrypted
32 version: 3.7.1 30 version: 3.7.1
diff --git a/modules/yggdrasil/hosts/sif/private-keys.yaml b/modules/yggdrasil/hosts/sif/private-keys.yaml
index d48eaba3..0c4274d1 100644
--- a/modules/yggdrasil/hosts/sif/private-keys.yaml
+++ b/modules/yggdrasil/hosts/sif/private-keys.yaml
@@ -6,28 +6,26 @@ sops:
6 azure_kv: [] 6 azure_kv: []
7 hc_vault: [] 7 hc_vault: []
8 age: 8 age:
9 - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d 9 - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866
10 enc: | 10 enc: |
11 -----BEGIN AGE ENCRYPTED FILE----- 11 -----BEGIN AGE ENCRYPTED FILE-----
12 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscEJ6K01KUDdNd1lTUSs3 12 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiTjludkxXUm5OREx4Zndk
13 T3FKcS9ZQ1g1UHRSeDBqbWJkYm40dVVPSVN3CjNIY2JHL2lrcXY4TnB2Ky9tcUZl 13 czI0VmMxUE5kOHVKQ1lTL1RvQXlIQ3FhWFRVCmVXbmFqNTBDNy94RDJtakQra0lh
14 emRiMWUrSFgwK0FLUHpKelhvaG1jRzgKLS0tIExaeVV3OTBJVm5WL09hMnV4OHU4 14 a2JrZlBxWFNVVFh6WFU3bjBwaFVIa1kKLS0tIFNObGZvVmpuQlU4SFBjZk45dlJM
15 ZkszeE0vMlo3WUpJNmxkNTl5YW55VEEKA+so8j95RSMcjx6yUrTmrovPBFAXiV75 15 d3VHVVZsVGlBd2craGNVbHdoeUpyVFEK/Tj9QVqAOWmAJv/PESvIOnnIbZkKof6E
16 FnAME65A9Mry+OyOwFPDhC7lvMY11Gw71H01Mo2vXbR96eCBS7K0og== 16 HHaEYANQTp5kLyWaz4rfJiiQOP2bL5hDr1XV61mf6y9W8m9w4IynHg==
17 -----END AGE ENCRYPTED FILE-----
18 - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne
19 enc: |
20 -----BEGIN AGE ENCRYPTED FILE-----
21 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6L2lSdUUvSE1iUTEvdkxm
22 Nm4vV3MySWlTdldMZEw2dEhtSlZCb0wvL0VBCnJxY2dNUlJhcktQNVVOdHhPemJF
23 ZUJ3NUR0ZTRZdFkwMmExR2gwOHFlMTQKLS0tIHhLbkZQalBuNm5mRHBVQ1NNbGM4
24 YUNsNE8vbnk0RnpRbHB5azM2NmdmKzAKwUVFQHvBvGjc/mGI9lhkW86ovUVvUxok
25 O6QelapJHGP2gQ3aZBk8eFJJs7Ve+q1yiQUbO34BFFdIfRyiObmbKw==
17 -----END AGE ENCRYPTED FILE----- 26 -----END AGE ENCRYPTED FILE-----
18 lastmodified: "2021-01-02T14:46:16Z" 27 lastmodified: "2021-01-02T14:46:16Z"
19 mac: ENC[AES256_GCM,data:Phng7z7UlE6nO3FFIQPOHgKCqDm2uOGL57ryJbokjipSSdoWPinpz0zIJv9Z67b9uOf3CQoGtV4YwcudNkzDBKOyD8uA6RYwCKpbYcZIdiy8DLL46+VT/wq9toTkeDXM6jKupzzOARZhHT8DCOLqW7u8Q3S645cbTJmw0+LMIGk=,iv:y4KEh0+bKhtnSobKVdfaPuRsueNC1lcrEbUGfEAn+Bg=,tag:3Oi4e/hSgPVsoFQpnVQj+g==,type:str] 28 mac: ENC[AES256_GCM,data:Phng7z7UlE6nO3FFIQPOHgKCqDm2uOGL57ryJbokjipSSdoWPinpz0zIJv9Z67b9uOf3CQoGtV4YwcudNkzDBKOyD8uA6RYwCKpbYcZIdiy8DLL46+VT/wq9toTkeDXM6jKupzzOARZhHT8DCOLqW7u8Q3S645cbTJmw0+LMIGk=,iv:y4KEh0+bKhtnSobKVdfaPuRsueNC1lcrEbUGfEAn+Bg=,tag:3Oi4e/hSgPVsoFQpnVQj+g==,type:str]
20 pgp: 29 pgp: []
21 - created_at: "2023-01-30T10:58:15Z"
22 enc: |
23 -----BEGIN PGP MESSAGE-----
24
25 hF4DXxoViZlp6dISAQdAtt8EY8x8Ue/kqTgv49k+1RhZ3U3MJ9i8UzUmwpaq0mIw
26 zHXj+7l+QuHHuI1SGraQ7GwWYbOK/BGhY6GgsjKGNPOBe0tVxjqIu9d6l2VnvI4D
27 0l4BfCR6ClScDi4Me1+rGaZz5NVLZZKeXKIXmPXWixjk0YXJEtVCfcp5oQHIpd/F
28 i1JniOvH9lEMjNkM3BuwNlG+5bVVlx2vzOqm/U6nUqMRw/KtyIBMpr3olq3rQjwp
29 =ZA3T
30 -----END PGP MESSAGE-----
31 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
32 unencrypted_suffix: _unencrypted 30 unencrypted_suffix: _unencrypted
33 version: 3.6.1 31 version: 3.6.1
diff --git a/system-profiles/openssh/host-keys/sif.yaml b/system-profiles/openssh/host-keys/sif.yaml
index bc66c1a2..ca904535 100644
--- a/system-profiles/openssh/host-keys/sif.yaml
+++ b/system-profiles/openssh/host-keys/sif.yaml
@@ -6,28 +6,26 @@ sops:
6 azure_kv: [] 6 azure_kv: []
7 hc_vault: [] 7 hc_vault: []
8 age: 8 age:
9 - recipient: age1ure0athvtnaqqw48pe0y3upqdzmkaen9h70yggd9va4hva6avd8qqm6s4d 9 - recipient: age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866
10 enc: | 10 enc: |
11 -----BEGIN AGE ENCRYPTED FILE----- 11 -----BEGIN AGE ENCRYPTED FILE-----
12 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsMzdPNTFsSmJtVzIrV2c3 12 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLL1N1YlVlaTRLblhNS2ZN
13 aG9HbVo0Y0F2ZkRaclhuTlR1b0prVnVpSDNzCkxweHkwYnVaVnFLQWJkVmw2cExD 13 TW5VTHhBTHVHN3RMWjFYQzhmRTNneVU1THhzCmlaWlhMTzNGVENsdG03TzVHM0s1
14 VEh2TU9NUzJkRzBlQnpUR09sUkY1RHMKLS0tIDhsWkh3OXRrY3JDaXR5b2ZzWWhN 14 K1lEcFBQZm8zTW9uelppRXd6dEJvZFkKLS0tIGVSem1nd1Y0VHdRWUc1UVEyZHc5
15 MWVzNlBTa0xkZDZrMWdsU0lvemVRb0kKbTUwFHMXZqbVdKqBWSa0B81ymVGqS7G3 15 UEVlc3BKVTFlbkhMZ2doZzhSOGNVZk0K+xn79UxArLoDo9+Ek0Hi/mUJf974OIIZ
16 ZhchZZpZdQcKMQ/I/rkvJqFstuOuEHYvUWeKz04zL3W2BuMp/TwOXQ== 16 g/hDK+e8ZtKyIhXYmH0CXYzZNpwhf2qegYoj7gZLOL2IIWxGdfytgg==
17 -----END AGE ENCRYPTED FILE-----
18 - recipient: age1fj65apkhfkrwyv5tx6zcs9nkjg8267fy733qph30sc7zfn7vapjqkd5kne
19 enc: |
20 -----BEGIN AGE ENCRYPTED FILE-----
21 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBWDFNWEpUV1cxbjlpOHBG
22 L010cW5tNXcrYXpoNUpYb1VuSFo5L2g2eVVVCkJCWFVtMW1zMlAvbEdXYVZoSnFF
23 dG1ucmgwdGtNVm1SL0ZJTUNUdWFXSVEKLS0tIER6bFRMK2lxZ0JRc1p1T09xOTVv
24 c2NKR0dyOGNpUUtTYlArd3hUbHk4T28KxHufhcZOHj94zoQANPvbYrprCSFZ9crx
25 IMA8NSi2i9evmxjaZwYQBJGMbmwgLmBTssY8sRl1vj17WqnwImyajA==
17 -----END AGE ENCRYPTED FILE----- 26 -----END AGE ENCRYPTED FILE-----
18 lastmodified: "2021-01-02T19:05:26Z" 27 lastmodified: "2021-01-02T19:05:26Z"
19 mac: ENC[AES256_GCM,data:yJGzs0W0R+b6WPkUaQc9cxeTBBEXot0ffUAG77Of88kREFsD5ams9qEDCs8LhPhMtLSH5L8bqMLF28n2w6d9gf41NDBl/oj+XTJE26c4D+MWF2A0fqTvwv1l3524TfavVU8iur0bCbytNfcHSZ3zCQAYElswOGupO+K0Y3hwKKI=,iv:jHSgQV6Jg2Yckp8G0Z23Ny74ZQxZ/+C/neXKrEWUVak=,tag:DhOr2cVhIq8i4JAO+fdXxA==,type:str] 28 mac: ENC[AES256_GCM,data:yJGzs0W0R+b6WPkUaQc9cxeTBBEXot0ffUAG77Of88kREFsD5ams9qEDCs8LhPhMtLSH5L8bqMLF28n2w6d9gf41NDBl/oj+XTJE26c4D+MWF2A0fqTvwv1l3524TfavVU8iur0bCbytNfcHSZ3zCQAYElswOGupO+K0Y3hwKKI=,iv:jHSgQV6Jg2Yckp8G0Z23Ny74ZQxZ/+C/neXKrEWUVak=,tag:DhOr2cVhIq8i4JAO+fdXxA==,type:str]
20 pgp: 29 pgp: []
21 - created_at: "2023-01-30T10:57:39Z"
22 enc: |
23 -----BEGIN PGP MESSAGE-----
24
25 hF4DXxoViZlp6dISAQdANv2DNGghv2Kh8xkNTxD7zLoo9CA0wg3QKJ6MHIFfDyMw
26 v6VzYeLDETRzJnqbmNrUD4iumJJfLUsbiBdCFNYsuiGgwrzRKLRyFYZ/vU6WGetm
27 0l4BK8qWw4Te7oRdHymqckpf9G6elyM+5z7ZDVqcFp8frmKJexP3e95UJU4I0rOj
28 MM6S/XcDsMVdxDo9hliZ1t6aTiBizqpBCK+YK6SrQ+OuoS5PSpSqfq2w5sLIDGiJ
29 =cLdo
30 -----END PGP MESSAGE-----
31 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
32 unencrypted_suffix: _unencrypted 30 unencrypted_suffix: _unencrypted
33 version: 3.6.1 31 version: 3.6.1