diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-22 10:57:45 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-22 10:57:45 +0100 |
commit | 4c700a89e59299978ba3ef0406e6b8d0e31ea81d (patch) | |
tree | e926fa39ece41d9ff6a9fece73828fa32939f4be /hosts/surtr | |
parent | e0cdbcd703336e0bd5685f64e1f8d57f73976b9d (diff) | |
download | nixos-4c700a89e59299978ba3ef0406e6b8d0e31ea81d.tar nixos-4c700a89e59299978ba3ef0406e6b8d0e31ea81d.tar.gz nixos-4c700a89e59299978ba3ef0406e6b8d0e31ea81d.tar.bz2 nixos-4c700a89e59299978ba3ef0406e6b8d0e31ea81d.tar.xz nixos-4c700a89e59299978ba3ef0406e6b8d0e31ea81d.zip |
...
Diffstat (limited to 'hosts/surtr')
-rw-r--r-- | hosts/surtr/dns/default.nix | 3 | ||||
-rw-r--r-- | hosts/surtr/dns/keys/.sops.yaml | 3 | ||||
-rw-r--r-- | hosts/surtr/dns/keys/rheperire.org_acme.yaml | 36 |
3 files changed, 17 insertions, 25 deletions
diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix index 27f0715b..b5be6887 100644 --- a/hosts/surtr/dns/default.nix +++ b/hosts/surtr/dns/default.nix | |||
@@ -141,8 +141,7 @@ in { | |||
141 | 141 | ||
142 | sops.secrets = { | 142 | sops.secrets = { |
143 | "rheperire.org_acme_key.yaml" = { | 143 | "rheperire.org_acme_key.yaml" = { |
144 | key = ""; | 144 | format = "binary"; |
145 | format = "yaml"; | ||
146 | owner = "knot"; | 145 | owner = "knot"; |
147 | sopsFile = ./keys/rheperire.org_acme.yaml; | 146 | sopsFile = ./keys/rheperire.org_acme.yaml; |
148 | }; | 147 | }; |
diff --git a/hosts/surtr/dns/keys/.sops.yaml b/hosts/surtr/dns/keys/.sops.yaml deleted file mode 100644 index 4f536273..00000000 --- a/hosts/surtr/dns/keys/.sops.yaml +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | creation_rules: | ||
2 | - path_regex: "\\.yaml$" | ||
3 | unencrypted_regex: "^(id|algorithm)$" | ||
diff --git a/hosts/surtr/dns/keys/rheperire.org_acme.yaml b/hosts/surtr/dns/keys/rheperire.org_acme.yaml index 16f6d19e..d748f3ab 100644 --- a/hosts/surtr/dns/keys/rheperire.org_acme.yaml +++ b/hosts/surtr/dns/keys/rheperire.org_acme.yaml | |||
@@ -1,38 +1,34 @@ | |||
1 | #ENC[AES256_GCM,data:exIBsQRSUnOhewl0P3WCqktpjsdFFIJ610rodabSsbKK/XF/0WwRU2ErAyv3wlmtXUJMY3jSugkzbRmnND9GIrj6n8M20BVoOeXzUA==,iv:SJBizi+kSa80964nQ78+43sapNDTGifSiV1kOheuujk=,tag:j4eowYRr4cmwUzXGwm3CAA==,type:comment] | 1 | data: ENC[AES256_GCM,data:NkkikHThIEWXOMOpBr0KodTgJOG8wgG1hayZ8e++lNgQ7IcVu2j0MgQAbwZvAGfQ/6EQFzdl0KULifDLvqrL2HA4lID6QRGRfEG+t0EtdudL8F+LLhDYywrZWETEL9bkhZ9N7u1ujACSEuohju3fwdu0lSpt5gyrqMT0/FgQaugRmP8xdEhtiXXkZ8mjnch1whJ9ALVIMwJ4AO2vLLs4T73Iw8yOHEFCkRb1Ve/W78NghfYBxIQ9RqwdOTb8zeZI9rM/BoJFZNs=,iv:GUo9glw3Pt+aNT67CwyQ2ZhfJSNIBJ8friuuqUKoDpU=,tag:SkL2atC9wt/ZkIAngp/eQQ==,type:str] |
2 | key: | ||
3 | - id: rheperire.org_acme | ||
4 | algorithm: hmac-sha256 | ||
5 | secret: ENC[AES256_GCM,data:rgw4nQczDhEeI5JMl1fJA3HX5ZVBpjTQEEk2pkA3c9M1CWYpFvzFRtCAxe8=,iv:Y0G3+A161Lefpwknm+S2jj8rTfm/jlrP+pnR3vR6/mk=,tag:IHsCnkIU2p3hCmRokecbtw==,type:str] | ||
6 | sops: | 2 | sops: |
7 | kms: [] | 3 | kms: [] |
8 | gcp_kms: [] | 4 | gcp_kms: [] |
9 | azure_kv: [] | 5 | azure_kv: [] |
10 | hc_vault: [] | 6 | hc_vault: [] |
11 | age: [] | 7 | age: [] |
12 | lastmodified: "2022-02-22T09:17:59Z" | 8 | lastmodified: "2022-02-22T09:57:31Z" |
13 | mac: ENC[AES256_GCM,data:tYWQT6iDQGsYm4zCtNbqvZhIYIMm3+Q9faRbqVpeERdq3oJlEvKIL3MAP2fj6789EbCKf/6zdah5HzYK9k4RsZWxtPfqxYXZp7gWvWwKwm5MRZfQtYzR7ThhD/8QANJKLVffl+PknJqhUYsUq9aeYTbLnyuR2AHY1WkR/fPwcLg=,iv:wGmozslNHE1dc4tpmNVGQJw2hhojB4L3gf7qu963ItA=,tag:4WrPw6biusQDV1OTWmXv6Q==,type:str] | 9 | mac: ENC[AES256_GCM,data:gYviKwnOEezRm7eJPVLKjPnxULqYQgMtn8AHk0WWfDqxwWG9OzJtFB+tON8I2pCLoicC46tR6ArgkcQHbC0OER1D+bNGRxqMzmt9nlMLzRUMHG4W4FiCTZ5MwCVWVaiJUuiEDTYfiJGWcESiWc8SYp7kjZPkZ637MZLgbwkRp7A=,iv:bl3q+oVdtnqD6bSHh/JcuWwp8SNwL8758q7E1fUppVU=,tag:JkdAhoS10IXOBtlEb4F/Xg==,type:str] |
14 | pgp: | 10 | pgp: |
15 | - created_at: "2022-02-22T09:17:59Z" | 11 | - created_at: "2022-02-22T09:57:31Z" |
16 | enc: | | 12 | enc: | |
17 | -----BEGIN PGP MESSAGE----- | 13 | -----BEGIN PGP MESSAGE----- |
18 | 14 | ||
19 | hF4DyFKFNkTVG5oSAQdAcxKwhh0Poivpl/A7YU53ab+rMWLWKRpeUSwehL6LPEMw | 15 | hF4DyFKFNkTVG5oSAQdAv/JlsS91dXdEfb3N9Ui9e3QWlyzXG2RnwEYtpRAA7Www |
20 | zv+AtmWUPtAL1GpyruFTYoT0P7CJ/PJLYYUDZPH/4oNcaU+5XiBi6sj3svWH5HQE | 16 | rcxaGdBszfSsn7Ef8gq7n/Kv4l+TlAjwLnpaBK4ZRuSByl3DVns0MDq+nSmSYbre |
21 | 0l4BBkvxjYvgPNYSw68AJz/AlzRig4SL7q1VwaYH9w+UWnpwK2CeIZSn11lzDdcj | 17 | 0l4BB20ezs1ZzrKQf+cdXBKc77QEyNR4KUqBf3ys0E+dVizdjIpzZy1tG9hH076B |
22 | 8jUZK34aJFFcGWBM2ZKEtQDm3n5B2nRxwb5kLjqwith5zczJ289VNPDmnlVRU4BA | 18 | igMLb9lc+MteZR41WUAnbrEyq/q80juO4H7QBopmlID61Vl5ZSB0h+YYOm/lfeXT |
23 | =i8zc | 19 | =gRz3 |
24 | -----END PGP MESSAGE----- | 20 | -----END PGP MESSAGE----- |
25 | fp: 7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8 | 21 | fp: 7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8 |
26 | - created_at: "2022-02-22T09:17:59Z" | 22 | - created_at: "2022-02-22T09:57:31Z" |
27 | enc: | | 23 | enc: | |
28 | -----BEGIN PGP MESSAGE----- | 24 | -----BEGIN PGP MESSAGE----- |
29 | 25 | ||
30 | hF4DXxoViZlp6dISAQdALxbhftpZmVeTmFU8ujPPR5w0Z8ljkZbI8SHAWmC2QEIw | 26 | hF4DXxoViZlp6dISAQdAsnf/vLI0xu63KWnqkUNTVFL/hydt0WiQQp3GVYVc0Ecw |
31 | iTS491iicbH7kzF+l3SZZ1XAFn9p4ZjQyZNeOHXD/q1KXxCWGn3UTRSbXlgzzmKZ | 27 | w71WxrVCO8L6KbsJMdQfcuxJlBfCT+cDQYpQSiZZ6ePS93GnTCaweL+AmGiNBFlb |
32 | 0l4BSZpnpgmEgLospl5mS6smVEO58Q3XXjVTQVKAjQaxD9Oe1DRCgW4kOq4xKGWS | 28 | 0l4B16ip2zmyRxXjOQV92BJ1tOWUVqYvBhxEgZI0/lEEiCFs+dGTLAq2F7N1jD5c |
33 | xF55QHP3bPt5ziF2nwF+Gs28HW4UzAFVcr7r7Bz9CxwHixFx5qjvzAWh+Pp+TdY0 | 29 | v/BjXFEUmN+ukBLeFqjPJcLEtHVF0tj3tkl0WvIKqBlGa+Yt56xL2oTjP92DiZwX |
34 | =hSUL | 30 | =cKnB |
35 | -----END PGP MESSAGE----- | 31 | -----END PGP MESSAGE----- |
36 | fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 | 32 | fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 |
37 | unencrypted_regex: ^(id|algorithm)$ | 33 | unencrypted_suffix: _unencrypted |
38 | version: 3.7.1 | 34 | version: 3.7.1 |