diff options
Diffstat (limited to 'hosts/surtr')
-rw-r--r-- | hosts/surtr/postgresql/default.nix | 8 | ||||
-rw-r--r-- | hosts/surtr/postgresql/pgbackrest.crt | 13 | ||||
-rw-r--r-- | hosts/surtr/postgresql/pgbackrest.key | 26 |
3 files changed, 4 insertions, 43 deletions
diff --git a/hosts/surtr/postgresql/default.nix b/hosts/surtr/postgresql/default.nix index f0edfbac..54693b50 100644 --- a/hosts/surtr/postgresql/default.nix +++ b/hosts/surtr/postgresql/default.nix | |||
@@ -20,9 +20,9 @@ in { | |||
20 | repo1-retention-archive = 2; | 20 | repo1-retention-archive = 2; |
21 | 21 | ||
22 | repo2-host-type = "tls"; | 22 | repo2-host-type = "tls"; |
23 | repo2-host = "pgbackrest.vidhar.yggdrasil"; | 23 | repo2-host = "vidhar.yggdrasil.li"; |
24 | repo2-host-ca-file = toString ../../vidhar/pgbackrest/ca/ca.crt; | 24 | repo2-host-ca-file = toString ../../vidhar/pgbackrest/ca/ca.crt; |
25 | repo2-host-cert-file = toString ./pgbackrest.crt; | 25 | repo2-host-cert-file = toString ../../vidhar/pgbackrest/ca/surtr.crt; |
26 | repo2-host-key-file = config.sops.secrets."pgbackrest.key".path; | 26 | repo2-host-key-file = config.sops.secrets."pgbackrest.key".path; |
27 | repo2-retention-full-type = "time"; | 27 | repo2-retention-full-type = "time"; |
28 | repo2-retention-full = 14; | 28 | repo2-retention-full = 14; |
@@ -40,7 +40,7 @@ in { | |||
40 | "global:server" = { | 40 | "global:server" = { |
41 | tls-server-address = "2a03:4000:52:ada:1::"; | 41 | tls-server-address = "2a03:4000:52:ada:1::"; |
42 | tls-server-ca-file = toString ../../vidhar/pgbackrest/ca/ca.crt; | 42 | tls-server-ca-file = toString ../../vidhar/pgbackrest/ca/ca.crt; |
43 | tls-server-cert-file = toString ./pgbackrest.crt; | 43 | tls-server-cert-file = toString ../../vidhar/pgbackrest/ca/surtr.crt; |
44 | tls-server-key-file = config.sops.secrets."pgbackrest.key".path; | 44 | tls-server-key-file = config.sops.secrets."pgbackrest.key".path; |
45 | tls-server-auth = ["vidhar.yggdrasil=surtr"]; | 45 | tls-server-auth = ["vidhar.yggdrasil=surtr"]; |
46 | }; | 46 | }; |
@@ -64,7 +64,7 @@ in { | |||
64 | 64 | ||
65 | sops.secrets."pgbackrest.key" = { | 65 | sops.secrets."pgbackrest.key" = { |
66 | format = "binary"; | 66 | format = "binary"; |
67 | sopsFile = ./pgbackrest.key; | 67 | sopsFile = ../../vidhar/pgbackrest/ca/surtr.key; |
68 | owner = "postgres"; | 68 | owner = "postgres"; |
69 | group = "postgres"; | 69 | group = "postgres"; |
70 | mode = "0400"; | 70 | mode = "0400"; |
diff --git a/hosts/surtr/postgresql/pgbackrest.crt b/hosts/surtr/postgresql/pgbackrest.crt deleted file mode 100644 index b4dc4d97..00000000 --- a/hosts/surtr/postgresql/pgbackrest.crt +++ /dev/null | |||
@@ -1,13 +0,0 @@ | |||
1 | -----BEGIN CERTIFICATE----- | ||
2 | MIIB7zCCAW+gAwIBAgIPQAAAAGN7p/Q5SZ7JU43JMAUGAytlcTAfMR0wGwYDVQQD | ||
3 | DBRwZ2JhY2tyZXN0LnlnZ2RyYXNpbDAeFw0yMjExMjExNjI2MTFaFw0zMjExMjEx | ||
4 | NjMxMTFaMBoxGDAWBgNVBAMMD3N1cnRyLnlnZ2RyYXNpbDAqMAUGAytlcAMhABIl | ||
5 | okEGkov33jgsrF0QA4CKQILbIWkZ2tn+UUhXxxyDo4HGMIHDMB8GA1UdIwQYMBaA | ||
6 | FO+/yfEkwcLr+vNPIsyCW86UwJ3aMB0GA1UdDgQWBBQnVeShLYsqF35OmmzLJEV5 | ||
7 | dfenhjAOBgNVHQ8BAf8EBAMCBeAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr | ||
8 | BgEFBQcDAgYIKwYBBQUHAwEwRAYDVR0RBD0wO4IdcGdiYWNrcmVzdC5zdXJ0ci55 | ||
9 | Z2dkcmFzaWwubGmCGnBnYmFja3Jlc3Quc3VydHIueWdnZHJhc2lsMAUGAytlcQNz | ||
10 | AJqqMDWN1Ym5XANRKWcCh09j0Rej3V64XZlOOP7qFF9Gh4QJXeCvDMjX4LOeRUmi | ||
11 | lB8iosdRN9MSANI4kfwYBnzgn3BNMrvMI4faEOuVnd6X2ulsJdNbJNQzB3hRVsNf | ||
12 | b+QNBV+PpTUgR4k9e1XWX+wwAA== | ||
13 | -----END CERTIFICATE----- | ||
diff --git a/hosts/surtr/postgresql/pgbackrest.key b/hosts/surtr/postgresql/pgbackrest.key deleted file mode 100644 index c7057e6b..00000000 --- a/hosts/surtr/postgresql/pgbackrest.key +++ /dev/null | |||
@@ -1,26 +0,0 @@ | |||
1 | { | ||
2 | "data": "ENC[AES256_GCM,data:Bg4fIAqIGLF1P1P583vQnHhjzrD8fdnS5tA/7SuSdBRJjVaRzB0bieEv+2i9WxgaStG9TTUSmClCVUsbR5gy7MoV6Br4AL17Y++R6wPpJbQJvtMMDJB2xg+THU/Ex61dendcWqPYh73Wn4U9uBE/wC1eVrShXRM=,iv:YG/foZwVcrzi6hdk7Vk0sYZ92LMbmiKg1SbAgPaeUNM=,tag:lAcoxUfQXB4vvc6XnIcA/g==,type:str]", | ||
3 | "sops": { | ||
4 | "kms": null, | ||
5 | "gcp_kms": null, | ||
6 | "azure_kv": null, | ||
7 | "hc_vault": null, | ||
8 | "age": [ | ||
9 | { | ||
10 | "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq", | ||
11 | "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzM08wK2tWTGZqSXlkZkNC\nZmZGRVZONm8rU0tpUXVrQnZRSVlUd2JuOUU0Cno4MlVyYk5ILzB4TEtyMTdRUzJl\nUTdnOEcvMFkwZlZ1QmpEREJVNFhNYTgKLS0tIFg1QnlxeXZBYkpXVEppTUFEcnNC\nVEFnUnEwWjI2aFYvZ2EvRW5LR1NVQncK3K1sspt2zHemubUglQBkTRLvXUQyndiv\nQtaU/f5m3f70UoydE7jK1WfEbpUujjaTv5qZeQhA85OtsjRs20SRdA==\n-----END AGE ENCRYPTED FILE-----\n" | ||
12 | } | ||
13 | ], | ||
14 | "lastmodified": "2022-11-21T14:30:27Z", | ||
15 | "mac": "ENC[AES256_GCM,data:Dsfc1XrGl4abSnDqRl/IwC11bVy+kHz1RaI0V/nkkaJ3fM/qTXPVc5mMoWCiPn1nz5BTABQRSnrf79qHc0wpZ1WUpn07yOf7JejJ/T/bUC7D8BuoVdWRh1og+NzWCEIwaGXg0Eo04yli+GXisdM3YVM9g3BrxYrSInjnNZFyB+Q=,iv:T5QprwIhB8ZWwmmfWVtxkXqbMB1onW+wX7GPIFMn+z0=,tag:zMi77nMepajhg2Djgz8rBA==,type:str]", | ||
16 | "pgp": [ | ||
17 | { | ||
18 | "created_at": "2023-01-30T11:02:32Z", | ||
19 | "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA8rLHh5XmLvkM8spHa/iIxYYSecBwXitGydVcegMQQEgw\nKKxjDQ+6ffkdVqRt/9L9rg+LVcU5q0a8cxr6uRrTOVwdLyukczh1cj0qX+fjfLXc\n0lwBmw3j8IKtFLQYYiK8z+IAaujhlg8vRQyCaMfMWO0ZXA8NkhZlYhEBcwbvV/M2\nCVCcoUXeo+kimv+8eYg0jrmegCr2FI9f/FQSU1QnEg4sQiVe2i50Im8MC/8TTQ==\n=1j/D\n-----END PGP MESSAGE-----\n", | ||
20 | "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" | ||
21 | } | ||
22 | ], | ||
23 | "unencrypted_suffix": "_unencrypted", | ||
24 | "version": "3.7.3" | ||
25 | } | ||
26 | } \ No newline at end of file | ||