summaryrefslogtreecommitdiff
path: root/hosts/surtr
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-02-22 10:57:45 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-02-22 10:57:45 +0100
commit4c700a89e59299978ba3ef0406e6b8d0e31ea81d (patch)
treee926fa39ece41d9ff6a9fece73828fa32939f4be /hosts/surtr
parente0cdbcd703336e0bd5685f64e1f8d57f73976b9d (diff)
downloadnixos-4c700a89e59299978ba3ef0406e6b8d0e31ea81d.tar
nixos-4c700a89e59299978ba3ef0406e6b8d0e31ea81d.tar.gz
nixos-4c700a89e59299978ba3ef0406e6b8d0e31ea81d.tar.bz2
nixos-4c700a89e59299978ba3ef0406e6b8d0e31ea81d.tar.xz
nixos-4c700a89e59299978ba3ef0406e6b8d0e31ea81d.zip
...
Diffstat (limited to 'hosts/surtr')
-rw-r--r--hosts/surtr/dns/default.nix3
-rw-r--r--hosts/surtr/dns/keys/.sops.yaml3
-rw-r--r--hosts/surtr/dns/keys/rheperire.org_acme.yaml36
3 files changed, 17 insertions, 25 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index 27f0715b..b5be6887 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -141,8 +141,7 @@ in {
141 141
142 sops.secrets = { 142 sops.secrets = {
143 "rheperire.org_acme_key.yaml" = { 143 "rheperire.org_acme_key.yaml" = {
144 key = ""; 144 format = "binary";
145 format = "yaml";
146 owner = "knot"; 145 owner = "knot";
147 sopsFile = ./keys/rheperire.org_acme.yaml; 146 sopsFile = ./keys/rheperire.org_acme.yaml;
148 }; 147 };
diff --git a/hosts/surtr/dns/keys/.sops.yaml b/hosts/surtr/dns/keys/.sops.yaml
deleted file mode 100644
index 4f536273..00000000
--- a/hosts/surtr/dns/keys/.sops.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
1creation_rules:
2 - path_regex: "\\.yaml$"
3 unencrypted_regex: "^(id|algorithm)$"
diff --git a/hosts/surtr/dns/keys/rheperire.org_acme.yaml b/hosts/surtr/dns/keys/rheperire.org_acme.yaml
index 16f6d19e..d748f3ab 100644
--- a/hosts/surtr/dns/keys/rheperire.org_acme.yaml
+++ b/hosts/surtr/dns/keys/rheperire.org_acme.yaml
@@ -1,38 +1,34 @@
1#ENC[AES256_GCM,data:exIBsQRSUnOhewl0P3WCqktpjsdFFIJ610rodabSsbKK/XF/0WwRU2ErAyv3wlmtXUJMY3jSugkzbRmnND9GIrj6n8M20BVoOeXzUA==,iv:SJBizi+kSa80964nQ78+43sapNDTGifSiV1kOheuujk=,tag:j4eowYRr4cmwUzXGwm3CAA==,type:comment] 1data: ENC[AES256_GCM,data:NkkikHThIEWXOMOpBr0KodTgJOG8wgG1hayZ8e++lNgQ7IcVu2j0MgQAbwZvAGfQ/6EQFzdl0KULifDLvqrL2HA4lID6QRGRfEG+t0EtdudL8F+LLhDYywrZWETEL9bkhZ9N7u1ujACSEuohju3fwdu0lSpt5gyrqMT0/FgQaugRmP8xdEhtiXXkZ8mjnch1whJ9ALVIMwJ4AO2vLLs4T73Iw8yOHEFCkRb1Ve/W78NghfYBxIQ9RqwdOTb8zeZI9rM/BoJFZNs=,iv:GUo9glw3Pt+aNT67CwyQ2ZhfJSNIBJ8friuuqUKoDpU=,tag:SkL2atC9wt/ZkIAngp/eQQ==,type:str]
2key:
3 - id: rheperire.org_acme
4 algorithm: hmac-sha256
5 secret: ENC[AES256_GCM,data:rgw4nQczDhEeI5JMl1fJA3HX5ZVBpjTQEEk2pkA3c9M1CWYpFvzFRtCAxe8=,iv:Y0G3+A161Lefpwknm+S2jj8rTfm/jlrP+pnR3vR6/mk=,tag:IHsCnkIU2p3hCmRokecbtw==,type:str]
6sops: 2sops:
7 kms: [] 3 kms: []
8 gcp_kms: [] 4 gcp_kms: []
9 azure_kv: [] 5 azure_kv: []
10 hc_vault: [] 6 hc_vault: []
11 age: [] 7 age: []
12 lastmodified: "2022-02-22T09:17:59Z" 8 lastmodified: "2022-02-22T09:57:31Z"
13 mac: ENC[AES256_GCM,data:tYWQT6iDQGsYm4zCtNbqvZhIYIMm3+Q9faRbqVpeERdq3oJlEvKIL3MAP2fj6789EbCKf/6zdah5HzYK9k4RsZWxtPfqxYXZp7gWvWwKwm5MRZfQtYzR7ThhD/8QANJKLVffl+PknJqhUYsUq9aeYTbLnyuR2AHY1WkR/fPwcLg=,iv:wGmozslNHE1dc4tpmNVGQJw2hhojB4L3gf7qu963ItA=,tag:4WrPw6biusQDV1OTWmXv6Q==,type:str] 9 mac: ENC[AES256_GCM,data:gYviKwnOEezRm7eJPVLKjPnxULqYQgMtn8AHk0WWfDqxwWG9OzJtFB+tON8I2pCLoicC46tR6ArgkcQHbC0OER1D+bNGRxqMzmt9nlMLzRUMHG4W4FiCTZ5MwCVWVaiJUuiEDTYfiJGWcESiWc8SYp7kjZPkZ637MZLgbwkRp7A=,iv:bl3q+oVdtnqD6bSHh/JcuWwp8SNwL8758q7E1fUppVU=,tag:JkdAhoS10IXOBtlEb4F/Xg==,type:str]
14 pgp: 10 pgp:
15 - created_at: "2022-02-22T09:17:59Z" 11 - created_at: "2022-02-22T09:57:31Z"
16 enc: | 12 enc: |
17 -----BEGIN PGP MESSAGE----- 13 -----BEGIN PGP MESSAGE-----
18 14
19 hF4DyFKFNkTVG5oSAQdAcxKwhh0Poivpl/A7YU53ab+rMWLWKRpeUSwehL6LPEMw 15 hF4DyFKFNkTVG5oSAQdAv/JlsS91dXdEfb3N9Ui9e3QWlyzXG2RnwEYtpRAA7Www
20 zv+AtmWUPtAL1GpyruFTYoT0P7CJ/PJLYYUDZPH/4oNcaU+5XiBi6sj3svWH5HQE 16 rcxaGdBszfSsn7Ef8gq7n/Kv4l+TlAjwLnpaBK4ZRuSByl3DVns0MDq+nSmSYbre
21 0l4BBkvxjYvgPNYSw68AJz/AlzRig4SL7q1VwaYH9w+UWnpwK2CeIZSn11lzDdcj 17 0l4BB20ezs1ZzrKQf+cdXBKc77QEyNR4KUqBf3ys0E+dVizdjIpzZy1tG9hH076B
22 8jUZK34aJFFcGWBM2ZKEtQDm3n5B2nRxwb5kLjqwith5zczJ289VNPDmnlVRU4BA 18 igMLb9lc+MteZR41WUAnbrEyq/q80juO4H7QBopmlID61Vl5ZSB0h+YYOm/lfeXT
23 =i8zc 19 =gRz3
24 -----END PGP MESSAGE----- 20 -----END PGP MESSAGE-----
25 fp: 7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8 21 fp: 7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8
26 - created_at: "2022-02-22T09:17:59Z" 22 - created_at: "2022-02-22T09:57:31Z"
27 enc: | 23 enc: |
28 -----BEGIN PGP MESSAGE----- 24 -----BEGIN PGP MESSAGE-----
29 25
30 hF4DXxoViZlp6dISAQdALxbhftpZmVeTmFU8ujPPR5w0Z8ljkZbI8SHAWmC2QEIw 26 hF4DXxoViZlp6dISAQdAsnf/vLI0xu63KWnqkUNTVFL/hydt0WiQQp3GVYVc0Ecw
31 iTS491iicbH7kzF+l3SZZ1XAFn9p4ZjQyZNeOHXD/q1KXxCWGn3UTRSbXlgzzmKZ 27 w71WxrVCO8L6KbsJMdQfcuxJlBfCT+cDQYpQSiZZ6ePS93GnTCaweL+AmGiNBFlb
32 0l4BSZpnpgmEgLospl5mS6smVEO58Q3XXjVTQVKAjQaxD9Oe1DRCgW4kOq4xKGWS 28 0l4B16ip2zmyRxXjOQV92BJ1tOWUVqYvBhxEgZI0/lEEiCFs+dGTLAq2F7N1jD5c
33 xF55QHP3bPt5ziF2nwF+Gs28HW4UzAFVcr7r7Bz9CxwHixFx5qjvzAWh+Pp+TdY0 29 v/BjXFEUmN+ukBLeFqjPJcLEtHVF0tj3tkl0WvIKqBlGa+Yt56xL2oTjP92DiZwX
34 =hSUL 30 =cKnB
35 -----END PGP MESSAGE----- 31 -----END PGP MESSAGE-----
36 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 32 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
37 unencrypted_regex: ^(id|algorithm)$ 33 unencrypted_suffix: _unencrypted
38 version: 3.7.1 34 version: 3.7.1