From 3d5b1509be78c0e9d8923af7e63f38d9dcbdefdf Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Wed, 3 Nov 2021 23:28:00 +0100 Subject: yggdrasil-wg: dual stack --- modules/yggdrasil-wg/default.nix | 173 +++++++++++++++++-------------- modules/yggdrasil-wg/hosts/4/sif.priv | 26 +++++ modules/yggdrasil-wg/hosts/4/sif.pub | 1 + modules/yggdrasil-wg/hosts/4/surtr.priv | 26 +++++ modules/yggdrasil-wg/hosts/4/surtr.pub | 1 + modules/yggdrasil-wg/hosts/4/vidhar.priv | 26 +++++ modules/yggdrasil-wg/hosts/4/vidhar.pub | 1 + modules/yggdrasil-wg/hosts/6/sif.priv | 26 +++++ modules/yggdrasil-wg/hosts/6/sif.pub | 1 + modules/yggdrasil-wg/hosts/6/surtr.priv | 26 +++++ modules/yggdrasil-wg/hosts/6/surtr.pub | 1 + modules/yggdrasil-wg/hosts/6/vidhar.priv | 26 +++++ modules/yggdrasil-wg/hosts/6/vidhar.pub | 1 + modules/yggdrasil-wg/hosts/sif.priv | 26 ----- modules/yggdrasil-wg/hosts/sif.pub | 1 - modules/yggdrasil-wg/hosts/surtr.priv | 26 ----- modules/yggdrasil-wg/hosts/surtr.pub | 1 - modules/yggdrasil-wg/hosts/vidhar.priv | 26 ----- modules/yggdrasil-wg/hosts/vidhar.pub | 1 - 19 files changed, 258 insertions(+), 158 deletions(-) create mode 100644 modules/yggdrasil-wg/hosts/4/sif.priv create mode 100644 modules/yggdrasil-wg/hosts/4/sif.pub create mode 100644 modules/yggdrasil-wg/hosts/4/surtr.priv create mode 100644 modules/yggdrasil-wg/hosts/4/surtr.pub create mode 100644 modules/yggdrasil-wg/hosts/4/vidhar.priv create mode 100644 modules/yggdrasil-wg/hosts/4/vidhar.pub create mode 100644 modules/yggdrasil-wg/hosts/6/sif.priv create mode 100644 modules/yggdrasil-wg/hosts/6/sif.pub create mode 100644 modules/yggdrasil-wg/hosts/6/surtr.priv create mode 100644 modules/yggdrasil-wg/hosts/6/surtr.pub create mode 100644 modules/yggdrasil-wg/hosts/6/vidhar.priv create mode 100644 modules/yggdrasil-wg/hosts/6/vidhar.pub delete mode 100644 modules/yggdrasil-wg/hosts/sif.priv delete mode 100644 modules/yggdrasil-wg/hosts/sif.pub delete mode 100644 modules/yggdrasil-wg/hosts/surtr.priv delete mode 100644 modules/yggdrasil-wg/hosts/surtr.pub delete mode 100644 modules/yggdrasil-wg/hosts/vidhar.priv delete mode 100644 modules/yggdrasil-wg/hosts/vidhar.pub diff --git a/modules/yggdrasil-wg/default.nix b/modules/yggdrasil-wg/default.nix index cef1ce4e..55064baa 100644 --- a/modules/yggdrasil-wg/default.nix +++ b/modules/yggdrasil-wg/default.nix @@ -4,10 +4,13 @@ with lib; let listenPort = 51820; - wgSubnet = "2a03:4000:52:ada:1"; + wgSubnet = { + "4" = "2a03:4000:52:ada:2"; + "6" = "2a03:4000:52:ada:3"; + }; wgSubnetLength = 80; wgHostLength = wgSubnetLength + 16; - batSubnet = "2a03:4000:52:ada:2"; + batSubnet = "2a03:4000:52:ada:1"; batSubnetLength = 80; batHostLength = batSubnetLength + 16; @@ -16,27 +19,49 @@ let to = "surtr"; endpointHost = "202.61.241.61"; PersistentKeepalive = 25; + family = "4"; + } + { from = "vidhar"; + to = "surtr"; + endpointHost = "2a03:4000:52:ada::"; + PersistentKeepalive = 25; + family = "6"; + } + { from = "sif"; + to = "surtr"; + endpointHost = "202.61.241.61"; + PersistentKeepalive = 25; + family = "4"; } { from = "sif"; to = "surtr"; endpointHost = "2a03:4000:52:ada::"; PersistentKeepalive = 25; + family = "6"; } { from = "sif"; to = "vidhar"; endpointHost = "192.168.2.168"; PersistentKeepalive = 25; + family = "4"; } ]; - wgHostIPs = { + wgHostIPs = mapAttrs (_family: wgSubnet: { surtr = "${wgSubnet}::/${toString wgHostLength}"; vidhar = "${wgSubnet}:1::/${toString wgHostLength}"; sif = "${wgSubnet}:2::/${toString wgHostLength}"; - }; + }) wgSubnet; greHostMACPrefixes = { - surtr = "02:00:01:00:00"; - vidhar = "02:00:01:00:01"; - sif = "02:00:01:00:02"; + "4" = { + surtr = "02:00:01:00:00"; + vidhar = "02:00:01:00:01"; + sif = "02:00:01:00:02"; + }; + "6" = { + surtr = "02:00:02:00:00"; + vidhar = "02:00:02:00:01"; + sif = "02:00:02:00:02"; + }; }; batHostMACs = { surtr = "02:00:00:00:00:00"; @@ -49,46 +74,47 @@ let sif = ["${batSubnet}:2::/${toString batHostLength}"]; }; - mkPublicKeyPath = host: ./hosts + "/${host}.pub"; - mkPrivateKeyPath = host: ./hosts + "/${host}.priv"; + mkPublicKeyPath = family: host: ./hosts + "/${family}" + "/${host}.pub"; + mkPrivateKeyPath = family: host: ./hosts + "/${family}" + "/${host}.priv"; kernel = config.boot.kernelPackages; - publicKeyPath = mkPublicKeyPath hostName; - privateKeyPath = mkPrivateKeyPath hostName; - inNetwork = pathExists privateKeyPath && pathExists publicKeyPath; - hostLinks = filter ({ from, to, ... }: thisHost from || thisHost to) links; - linkToPeer = opts@{from, to, ...}: + publicKeyPath = family: mkPublicKeyPath family hostName; + privateKeyPath = family: mkPrivateKeyPath family hostName; + inNetwork' = family: pathExists (privateKeyPath family) && pathExists (publicKeyPath family); + inNetwork = any inNetwork' families; + hostLinks = filterAttrs (_family: links: links != []) (mapAttrs (_family: filter ({ from, to, ... }: thisHost from || thisHost to)) links); + linkToPeer = family: opts@{from, to, ...}: let other = if thisHost from then to else from; in { - AllowedIPs = wgHostIPs.${other}; - PublicKey = trim (readFile (mkPublicKeyPath other)); + AllowedIPs = wgHostIPs.${family}.${other}; + PublicKey = trim (readFile (mkPublicKeyPath family other)); } // (optionalAttrs (thisHost from) (linkCfgFilterCustom opts // linkMkEndpointCfg opts)); linkCfgFilterCustom = filterAttrs (n: _v: !(elem n ["from" "to" "endpointHost"])); linkMkEndpointCfg = opts@{from, ...}: optionalAttrs (opts ? "endpointHost" && thisHost from) { Endpoint = "${opts.endpointHost}:${toString listenPort}"; }; - linkToGreDev = opts@{from, to, ...}: + linkToGreDev = family: opts@{from, to, ...}: let other = if thisHost from then to else from; - in nameValuePair "yggre-${other}" { + in nameValuePair "yggre-${other}-${family}" { netdevConfig = { - Name = "yggre-${other}"; + Name = "yggre-${other}-${family}"; Kind = "ip6gretap"; }; tunnelConfig = { - Local = stripSubnet wgHostIPs.${hostName}; - Remote = stripSubnet wgHostIPs.${other}; + Local = stripSubnet wgHostIPs.${family}.${hostName}; + Remote = stripSubnet wgHostIPs.${family}.${other}; }; }; - linkToGreNetwork = ix: opts@{from, to, ...}: + linkToGreNetwork = family: ix: opts@{from, to, ...}: let other = if thisHost from then to else from; in nameValuePair "yggre-${other}" { matchConfig = { - Name = "yggre-${other}"; + Name = "yggre-${other}-${family}"; }; linkConfig = { - MACAddress = "${greHostMACPrefixes.${hostName}}:${toHexByte ix}"; + MACAddress = "${greHostMACPrefixes.${family}.${hostName}}:${toHexByte ix}"; RequiredForOnline = false; }; networkConfig = { @@ -96,71 +122,72 @@ let LinkLocalAddressing = "no"; }; }; - - thisHost = host: builtins.match "^(ipv(4|6)\.)?${hostName}$" host != null; + familyToYggdrasilDev = family: nameValuePair "yggdrasil-wg-${family}" { + netdevConfig = { + Name = "yggdrasil-wg-${family}"; + Kind = "wireguard"; + }; + wireguardConfig = { + PrivateKeyFile = config.sops.secrets."yggdrasil-wg-${family}.priv".path; + ListenPort = listenPort; + }; + wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer family opts; }) hostLinks.${family}; + }; + familyToYggdrasilNetwork = family: nameValuePair "yggdrasil-wg-${family}" { + name = "yggdrasil-wg-${family}"; + matchConfig = { + Name = "yggdrasil-wg-${family}"; + }; + address = [wgHostIPs.${family}.${hostName}]; + routes = [ + { routeConfig = { + Destination = "${wgSubnet.${family}}::/${toString wgSubnetLength}"; + }; + } + ]; + linkConfig = { + RequiredForOnline = false; + }; + networkConfig = { + Tunnel = map (opts@{from, to, ...}: let other = if thisHost from then to else from; in "yggre-${other}-${family}") hostLinks.${family}; + }; + }; + familyToSopsSecret = family: nameValuePair "yggdrasil-wg-${family}.priv" (mkIf (pathExists (privateKeyPath family)) { + format = "binary"; + sopsFile = privateKeyPath family; + mode = "0640"; + owner = "root"; + group = "systemd-network"; + }); + + thisHost = host: host == hostName; trim = str: if hasSuffix "\n" str then trim (removeSuffix "\n" str) else str; stripSubnet = addr: let matchRes = builtins.match "^(.*)/[0-9]+$" addr; in if matchRes == null then addr else elemAt matchRes 0; optIx = optName: xs: let withOpts = listToAttrs (imap0 (ix: x: nameValuePair x.name (x.value // { ${optName} = ix; })) (filter (x: x.value.${optName} or false) (imap0 (ix: nameValuePair (toString ix)) xs))); withoutOpts = listToAttrs (map (nv: nameValuePair nv.name (removeAttrs nv.value [optName])) (filter (x: !(x.value.${optName} or false)) (imap0 (ix: nameValuePair (toString ix)) xs))); in genList (ix: withOpts.${toString ix} or withoutOpts.${toString ix}) (length xs); - mkLinks = id; + groupFamilies = links: mapAttrs (_name: value: map (filterAttrs (k: _v: k != "family")) value) (groupBy (x: x.family) links); + mkLinks = groupFamilies; + families = attrNames links; + hostFamilies = attrNames hostLinks; toHexByte = n: let hex = toHexString n; in if (stringLength hex < 2) then "0${hex}" else hex; in { config = { - assertions = [ - { assertion = inNetwork || !(pathExists privateKeyPath || pathExists publicKeyPath); - message = "yggdrasil-wg: Either both public and private keys must exist or neither."; - } - { assertion = !inNetwork || (wgHostIPs ? "${hostName}"); - message = "yggdrasil-wg: Entry in wgHostIPs must exist."; - } - ] ++ map ({from, to, ...}: let other = if thisHost from then to else from; in { assertion = pathExists (mkPublicKeyPath other); message = "yggdrasil-wg: This host (${hostName}) has a link with ‘${other}’, but no public key is available for ‘${other}’."; }) hostLinks; - systemd.network = mkIf inNetwork { enable = true; netdevs = { - yggdrasil-wg = { - netdevConfig = { - Name = "yggdrasil-wg"; - Kind = "wireguard"; - }; - wireguardConfig = { - PrivateKeyFile = config.sops.secrets."yggdrasil-wg.priv".path; - ListenPort = listenPort; - }; - wireguardPeers = map (opts@{to, from, ...}: { wireguardPeerConfig = linkToPeer opts; }) hostLinks; - }; yggdrasil = { netdevConfig = { Name = "yggdrasil"; Kind = "batadv"; }; }; - } // listToAttrs (map linkToGreDev hostLinks); + } // listToAttrs (map familyToYggdrasilDev hostFamilies) // listToAttrs (concatMap (family: map (linkToGreDev family) hostLinks.${family}) hostFamilies); networks = { - yggdrasil-wg = { - name = "yggdrasil-wg"; - matchConfig = { - Name = "yggdrasil-wg"; - }; - address = [wgHostIPs.${hostName}]; - routes = [ - { routeConfig = { - Destination = "${wgSubnet}::/${toString wgSubnetLength}"; - }; - } - ]; - linkConfig = { - RequiredForOnline = false; - }; - networkConfig = { - Tunnel = map (opts@{from, to, ...}: let other = if thisHost from then to else from; in "yggre-${other}") hostLinks; - }; - }; yggdrasil = { name = "yggdrasil"; matchConfig = { @@ -178,18 +205,10 @@ in { RequiredForOnline = false; }; }; - } // listToAttrs (imap0 linkToGreNetwork hostLinks); + } // listToAttrs (map familyToYggdrasilNetwork hostFamilies) // listToAttrs (concatMap (family: imap0 (linkToGreNetwork family) hostLinks.${family}) hostFamilies); }; - sops.secrets = { - "yggdrasil-wg.priv" = mkIf (pathExists privateKeyPath) { - format = "binary"; - sopsFile = privateKeyPath; - mode = "0640"; - owner = "root"; - group = "systemd-network"; - }; - }; + sops.secrets = listToAttrs (map familyToSopsSecret hostFamilies); networking.hosts = mkIf inNetwork (listToAttrs (concatMap ({name, value}: map (ip: nameValuePair (stripSubnet ip) ["${name}.yggdrasil"]) value) (mapAttrsToList nameValuePair batHostIPs))); diff --git a/modules/yggdrasil-wg/hosts/4/sif.priv b/modules/yggdrasil-wg/hosts/4/sif.priv new file mode 100644 index 00000000..5641c1f2 --- /dev/null +++ b/modules/yggdrasil-wg/hosts/4/sif.priv @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:OxzV8j/9fiZ9ZZhgjQDbf4qOkczMZiT2rYgBZZjlLKdmDIYTqCzZ3epg6v+F,iv:cZzHiXb9jGUsbfnGTgl4em4enkd2mxCBHXoBCdTQkKs=,tag:i5JYsS+W88N3CSmOi6Yslw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-10-09T08:19:12Z", + "mac": "ENC[AES256_GCM,data:XCMsYdeKpMO5K0qb+qk9jd93/dgYDz/FCRD4XMcKAggZAl2WiVphjybeAX8pjOhZAt+JGmUFdb1icbnPAkQ741B5msF79PemnRFqElF6yQZRsmfDmuo9xLenNWSLM00YpsBlZnsdUrz11uburgm78wPr/Fvj/6fryTkEYlNQrLM=,iv:u8rgprTsegxOzM2v5zMHq3aMNTaOta45EYJCL684xFY=,tag:IGZbYmsc58sKzBaujH5l5g==,type:str]", + "pgp": [ + { + "created_at": "2021-10-09T08:19:11Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdA7ENCPeYBw3QHeCIVeZtjnX4k1iWK+NZPP3uUQkh8JWMw\noxlc9S0yqG7AerCJszSwmF4hC7B41Zsq97QFVQ+vecohermef7ZZZclw7adnMYl1\n0lwBT1RNT1V+9Tow0uNHKJpMzAwmlG0t5KZrXqsSKnjyvCkdTSKWg0yVMtLgy4lN\nnjk1P66Q3vGEFd9aVLVvtxrJ1TBtN7MTVtS/g0yMzz0WaZoTL4kFRjkaoBDSVw==\n=eJe0\n-----END PGP MESSAGE-----\n", + "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8" + }, + { + "created_at": "2021-10-09T08:19:11Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAv3YnirqRXgFoLz/XTNx1gccOW/lylh0iEDGNcr1seVsw\nJdrmxN8sAsDKIsem8JEBNhT9RFHtUfVY2SjWpwWX5Xcm5EJSUFaa9lTDA8e6q7SB\n0lwBPFnboct+bXp22xpahkz5NOgbnNNIS27S9bizGfUu5w6cHYs8BGzaXXdLRjuh\nSKX57025OXD9sEScsQoakFMKbAgtMIDbhArCFRdxNLCNqCn7Dpy+R4DbKcWc+A==\n=gLxH\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/modules/yggdrasil-wg/hosts/4/sif.pub b/modules/yggdrasil-wg/hosts/4/sif.pub new file mode 100644 index 00000000..0f6ec4a8 --- /dev/null +++ b/modules/yggdrasil-wg/hosts/4/sif.pub @@ -0,0 +1 @@ +yioRagUtRvalJLrTtLp8NPiym6a3RpIcqgVfNL1iyRA= diff --git a/modules/yggdrasil-wg/hosts/4/surtr.priv b/modules/yggdrasil-wg/hosts/4/surtr.priv new file mode 100644 index 00000000..b5d107f5 --- /dev/null +++ b/modules/yggdrasil-wg/hosts/4/surtr.priv @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:TbEkDgs1y71JYTfmF8wXtPDtkFlhYRnpOPIVQPV+u5Se9D7l5TT6r7CFP/FP,iv:OjktMWZhKYIklsKTdj3cViXcO6LcnGSsDllZatof4hg=,tag:oHoSbCPEcQWkAu7mhSOUiA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-09-29T19:10:07Z", + "mac": "ENC[AES256_GCM,data:/hFdwXsAxrt3SCU0rbPPeBZ6mBsWcGkN3IMcOP3c28Df452/H0FM67/54NXwSErubnfIY4RXyGfj1dgLBV3A3r43E/F3uN4K8Qt1Ms+dJJdMjKiYpsOuCMgLe27yvI6LtUu0ePPJAPu+me1dOMSdvlQAMwNByrtKmLceMFVJ7gw=,iv:UauO61EBRWvVxYU2vlMI8nqIWw+KO1lEVIc82vVs4ZA=,tag:BzYnM9XcefVd/2T0JcMM2A==,type:str]", + "pgp": [ + { + "created_at": "2021-09-29T19:10:06Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAoHdrbuBJjuTnrUDbeAf7aeb6Kz6HbLuLiHZmSt/rSlow\nfgcSqsdYKMdSFeemRzAw++dBuIeduye31GGNDpsZUYyK9r90x0PJaFL3AABudAsj\n0l4Bm1YyqMDv/gzZeK87QDGpYZPu7+dkSrYO1sRe1qHrdI0L1WUs38l0eQM1qSUR\n4Gv4JBXNipoVTH8cfcGRvAy9y2+deEdzDtNK8rqLaQrc+q2TdV8Qlngp/EZqsQef\n=PM7q\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + }, + { + "created_at": "2021-09-29T19:10:06Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAIQL7kGdUkG3CgEyRFdayydeTJGxjD4epYvaQBl4L0g4w\npKoTQuDf8FD3HeFI6ZO/jaE0BFX9Ifd3TYINK/XtqePOkYteos8aqJ/83t35aCIa\n0l4Bq2wt9BRR1pOQzJxnu8Dn9BsnOAQTp8JpwX5fY/FuPXTP8SV2XwWuHKnRd0j/\np7cSOUrog9agk9pc8tjwR+M451xN5AOpqdbqLkuNhi1b6QuxvI+sGsdh3sMz0UBs\n=5ozm\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/modules/yggdrasil-wg/hosts/4/surtr.pub b/modules/yggdrasil-wg/hosts/4/surtr.pub new file mode 100644 index 00000000..abe753eb --- /dev/null +++ b/modules/yggdrasil-wg/hosts/4/surtr.pub @@ -0,0 +1 @@ +YP/sWEUWw51czlGxvgrgyEZ+ssx/3C9siufgd0a8d3g= diff --git a/modules/yggdrasil-wg/hosts/4/vidhar.priv b/modules/yggdrasil-wg/hosts/4/vidhar.priv new file mode 100644 index 00000000..c5b2ea99 --- /dev/null +++ b/modules/yggdrasil-wg/hosts/4/vidhar.priv @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:5RT5TQsBBZY5c4yRpDTYL+M3zLIzYSLST8L31ZmwlQdZs7saXwfehnHo5j0o,iv:/3QrjBfLqQ//ySv9TdTV7jGIzFkR+ZPBi0KJBAkxH+Y=,tag:kwx+Uln6AFBxkv7EE2jFgg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-09-29T19:10:37Z", + "mac": "ENC[AES256_GCM,data:iglf4GccydO5//TZbw2TWndqeIuZz3G1k7blAW1fNgoxdEDGN16NtsH+/iduQj27BsFhRdPXLO9JWmpeOjwzUMnmkuEOhmALYMZGaZRBzO/x6k5EICFacm6lGUHDm307hexzWtIpNaViuZJiWVlT4IDi5k3N2QaUCYp02AqzPeU=,iv:c5RCIl4zLxrWewc37QIwKIyK5lrBWwSe7Me/yP3UCoU=,tag:LfjGnveOB/lMGhOYk3Ev3A==,type:str]", + "pgp": [ + { + "created_at": "2021-09-29T19:10:37Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA0wHAgvPYDG0FBH2rql1gX37YtzsK1K/AUNSarn71dAQw\nJ6FEldRQ6M+hN41ooX9DSebEtumtiLNQHnvShICw8ULFhrsgyGdUkZAb9eJ9pHnO\n0l4BDS9/MbcTpsZWW+LfFPAZCGsVi1eF5abQKDFDt5RMvxERefIR7jHd6vmjDKgy\nrESOG1nGFsvLnU5/OKJtSmWKDsnMh4ohJ1Agojh4YeVRUnFkM0vdihdZnEAlMz6E\n=DO1o\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + }, + { + "created_at": "2021-09-29T19:10:37Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAJ09HBaaPhDdTOfpzVxuhtzG7s5ZjVrpZWmKKeO23bGYw\n2ctQ4YdNJt5Wv0AhgA0XVZK06rHtBV18utaeXhP7DYZID+wyMUkO7UR4/hhEGmb9\n0l4BzTxnL9liRwH5zB9r7erJYcDOUixtqtriRaoHUM2hDemprMqg+GoBj/Js7V52\nOKCiNGx5uDZ83W6+SFITIExm6I9pvBIcKUNc5aXSov3IWRRik46nU1iqYqYg5n/0\n=2+px\n-----END PGP MESSAGE-----\n", + "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/modules/yggdrasil-wg/hosts/4/vidhar.pub b/modules/yggdrasil-wg/hosts/4/vidhar.pub new file mode 100644 index 00000000..2807df64 --- /dev/null +++ b/modules/yggdrasil-wg/hosts/4/vidhar.pub @@ -0,0 +1 @@ +IOuHpNQ2ff09HCPKtKY95lDXoRhd8FIBsbB8kaMeUUA= diff --git a/modules/yggdrasil-wg/hosts/6/sif.priv b/modules/yggdrasil-wg/hosts/6/sif.priv new file mode 100644 index 00000000..56a4c6fe --- /dev/null +++ b/modules/yggdrasil-wg/hosts/6/sif.priv @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:aRL5e5YWZDxsdZmlB+OMTLmA84XJ3I3MX+CWbWxNHo9FdnLN65yp3QepXG5k,iv:0TGwAaAtIivuFUduL4owWewqHEXBqAAR/FGibA8f4YM=,tag:lZzxcJtIxivv+0lgGGTTzg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-11-03T22:06:48Z", + "mac": "ENC[AES256_GCM,data:rJRrcBJnmEcLp27LYO72GR62ESX9VF9115JJi5w438LGWSloEt9AS8qwC4sMwG4pe8FFhsB0108El+RcPDJaIKiNyCNP/KnFtNABJttkxd1ldFv1tP+a150ydFZyxtlyEApiLxJNv54/ut1XZfbtgWRT+YaqNjLx0Mdxvptg+5s=,iv:nn5xw8jB4PCvR9/ickJqwVWatgUg0UeUwKwM/jqCQDY=,tag:D4AqHdklo+dS1fOamTDn0A==,type:str]", + "pgp": [ + { + "created_at": "2021-11-03T22:06:44Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdASEiKC1/IWGM9kw+rR9wQTooxQNjFU80myZmmK/qIBw4w\nM3oBU1Jx3XLmbbkx+okzwzHI792Mfgb2dPaMnoy7GaiwdBhDcZQBg6wxJ0bV0WcR\n0l4BJ+3IQNgHRbmluWrb6WOmwfjMQoVP8apT4TMrJ2RQVd4sLNjucgqZ71qKlPpT\nVSEsff0EwQintmGU7+9xeTJSqbTCjyGph+S/ZvWPb8yRaw+RfGlV5XpJzuETx/Y1\n=GASC\n-----END PGP MESSAGE-----\n", + "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8" + }, + { + "created_at": "2021-11-03T22:06:44Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA6KDXI2M9dQVaCTfbixQtx3TWEp3nsJrzX6xUOiVjs30w\n3dvPXRgVODNgkqg+GJQGgkyvrnnNjZU222Y8HpF8HBuFMjAigsUdpI0BoKTwSo82\n0l4BNgxO/SoxxPfekvTcqrTTL71rNjNnsR/aU3wOef2K4MUT4VpPPOsB/aGFAXNf\n/wi7sPXR0zVpafqI8ZdAupKjF+/A8wtkI2hnMi19P+zkZuG5AQ8ymlHGaCsUXWPZ\n=BfQt\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/modules/yggdrasil-wg/hosts/6/sif.pub b/modules/yggdrasil-wg/hosts/6/sif.pub new file mode 100644 index 00000000..d7723626 --- /dev/null +++ b/modules/yggdrasil-wg/hosts/6/sif.pub @@ -0,0 +1 @@ +zIgyMw5wSernKPmMfDZ+fqaYUjbIQUhsXe+7hIZgJho= diff --git a/modules/yggdrasil-wg/hosts/6/surtr.priv b/modules/yggdrasil-wg/hosts/6/surtr.priv new file mode 100644 index 00000000..59000d34 --- /dev/null +++ b/modules/yggdrasil-wg/hosts/6/surtr.priv @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:YkLe1V2tH+osAZ01DpB5iE/CW7ACuEmOJYECmyl2oN9LoJ0mzoq+gkW/ONBn,iv:3ukCz63ECPm6c+kUmKtcefRZpWyq3F9Fbi31lyLA0Mo=,tag:R8hwaMoYej1sU++7zLq7zw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-11-03T22:07:35Z", + "mac": "ENC[AES256_GCM,data:ao6Sw1yljXJ5MtiuQx7/8Dajrvn1bs9qivA6z57nAjdYbRPulLMlwq4Aqdp3FGUdw3itIqO2GLGxfdxsNcOmN73+sR3ElLJB0VfD2uPpscR5JAGtc/Z9zTyjp2n+8X2ZcxpRIK4C/v/8kI7ruz0/DDf+UyWXmEYuL2cpnuCp2T0=,iv:RpSJjMtCZPamyQN8BVrqWMc8NWz8Ni+ktTaS7eEQABo=,tag:mr736mcGxje+q20NdPk2gg==,type:str]", + "pgp": [ + { + "created_at": "2021-11-03T22:07:34Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAocjF7FLoL3ZmU+TYqYNFeuA7YYueJ5lcF73p/+/Hclgw\njBsAZP7kDzZaQ+40cLfHwRFn6N0SoLlOI3P/gcLbC8hpGGsbRIDHQEPYDML1Aodu\n0l4BL1xwtqtVkdfr/YxCZgUeBgjuN9wcCqzKy+VeWNGOpM+l6A7Fnn51ycFLLiCg\nzHzBhYhkpHwU6wE8DAG7w1awvbZTSGpQhruoQu3TVCgdIdpgEdbCRcDptDDoAKS7\n=BezJ\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2021-11-03T22:07:34Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAzqWPGgn4kKXUIsZscibGXyyihcISJDam75X5lZMfVVsw\nht/PSnpV/U0K8N7ABJ4YLSadxrCZ3L3EdoQWovAVIZpDf5slFN4C9RTgHQ4QOl4y\n0l4BoUau5bHJMvNXERmjCSg5dNrF4EsYA6qd1hRlSOj8Vfgl0rwcrvt99GGSXs4l\nqFRb9khKkN/dPrUZEynZl4xo+gyGM5PIwNkre+1SGD9AYTqN91WOFVHiokpsSxId\n=InEY\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/modules/yggdrasil-wg/hosts/6/surtr.pub b/modules/yggdrasil-wg/hosts/6/surtr.pub new file mode 100644 index 00000000..78f5000d --- /dev/null +++ b/modules/yggdrasil-wg/hosts/6/surtr.pub @@ -0,0 +1 @@ +6V2EjwvZ07Pebc9g9TNqIlQu57MvqyUsCeIOzky4Txw= diff --git a/modules/yggdrasil-wg/hosts/6/vidhar.priv b/modules/yggdrasil-wg/hosts/6/vidhar.priv new file mode 100644 index 00000000..d2a30501 --- /dev/null +++ b/modules/yggdrasil-wg/hosts/6/vidhar.priv @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:a62p277CP9O3P7H888tpU7sYB4Yf97FdUBEsVA1LBjgyKSETaHx/nC1AN3zD,iv:GUZyh5wI1KNPoUrJgPZcrB4xqIL9t88IZxDJYIbmVyc=,tag:8f4b1kGIltxLBApVzWNK3A==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2021-11-03T22:08:03Z", + "mac": "ENC[AES256_GCM,data:DYVkiZUQgVXacVTab21+RqERTrwbKt4eiHB1pWpoTx9gyJIpNX4zOYOeWzye5u7oEh6Gsd0+LepRt3k5ne0BvkctDrVcElHREaIOh8+Dt/kC6x3RzZbyIG5IhVz1WPePAYXIIAtbYy4Ummp4gOxCsQ7mx1yod/tEEQ8bzNy3nhI=,iv:IpFZrxS5s6cx99DAifT7JDfTb0Kcu02w5ffTv+IPkYs=,tag:OwqBZC63PGbshj0W+JZa5w==,type:str]", + "pgp": [ + { + "created_at": "2021-11-03T22:08:03Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAG9h5v/5dQvH2I2F+0hRLWwKbTBeQgq1+OA2v0tEk9hUw\n4vt1Wt56cx4BbkhagNVX35UVS+yrJjJB9d+CDWSJCMegicew6IHqelnCv8Zglrxm\n0l4BI866f5QVEEP4+UVJeKlxqcwwW8xgJTvi1rgmACBhvnwDoq3ImO1S+PEDJx/N\noQodaudvWTCkzAq2ChpITv3KMF8IV9n88ivk7n40jj8siECO19J0GOTAxGsG3Dfv\n=R/DA\n-----END PGP MESSAGE-----\n", + "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362" + }, + { + "created_at": "2021-11-03T22:08:03Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA6n6jG3A5oRo5VrJeXejiFKmEibWZ32O5+m1FrfXMrhUw\nxAIy7qTBKl4jU1zlTFF8up45vzSTZTAvOhG4Nt3hmniJOXZpc6L18HVMLU1ka6CH\n0l4BvQ6n//4okOLO97OhInFijX58u5v5QbNdrcHYte8yctZ5bu9Ssqo0PpJo5MWZ\nX1SLzAdllgHbAdHgrhq/F5o2SN9tAbaxREKDQzV73TLvfIGOPjDRgoFgQHXRhu6N\n=OQrL\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/modules/yggdrasil-wg/hosts/6/vidhar.pub b/modules/yggdrasil-wg/hosts/6/vidhar.pub new file mode 100644 index 00000000..b8135102 --- /dev/null +++ b/modules/yggdrasil-wg/hosts/6/vidhar.pub @@ -0,0 +1 @@ +jdaF4sx+dhdkTNGxQI6g6JV4XwXgD9QQJQ4f0NYy1gY= diff --git a/modules/yggdrasil-wg/hosts/sif.priv b/modules/yggdrasil-wg/hosts/sif.priv deleted file mode 100644 index 5641c1f2..00000000 --- a/modules/yggdrasil-wg/hosts/sif.priv +++ /dev/null @@ -1,26 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:OxzV8j/9fiZ9ZZhgjQDbf4qOkczMZiT2rYgBZZjlLKdmDIYTqCzZ3epg6v+F,iv:cZzHiXb9jGUsbfnGTgl4em4enkd2mxCBHXoBCdTQkKs=,tag:i5JYsS+W88N3CSmOi6Yslw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2021-10-09T08:19:12Z", - "mac": "ENC[AES256_GCM,data:XCMsYdeKpMO5K0qb+qk9jd93/dgYDz/FCRD4XMcKAggZAl2WiVphjybeAX8pjOhZAt+JGmUFdb1icbnPAkQ741B5msF79PemnRFqElF6yQZRsmfDmuo9xLenNWSLM00YpsBlZnsdUrz11uburgm78wPr/Fvj/6fryTkEYlNQrLM=,iv:u8rgprTsegxOzM2v5zMHq3aMNTaOta45EYJCL684xFY=,tag:IGZbYmsc58sKzBaujH5l5g==,type:str]", - "pgp": [ - { - "created_at": "2021-10-09T08:19:11Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4Dgwm4NZSaLAcSAQdA7ENCPeYBw3QHeCIVeZtjnX4k1iWK+NZPP3uUQkh8JWMw\noxlc9S0yqG7AerCJszSwmF4hC7B41Zsq97QFVQ+vecohermef7ZZZclw7adnMYl1\n0lwBT1RNT1V+9Tow0uNHKJpMzAwmlG0t5KZrXqsSKnjyvCkdTSKWg0yVMtLgy4lN\nnjk1P66Q3vGEFd9aVLVvtxrJ1TBtN7MTVtS/g0yMzz0WaZoTL4kFRjkaoBDSVw==\n=eJe0\n-----END PGP MESSAGE-----\n", - "fp": "F1AF20B9511B63F681A14E8D51AEFBCD1DEF68F8" - }, - { - "created_at": "2021-10-09T08:19:11Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAv3YnirqRXgFoLz/XTNx1gccOW/lylh0iEDGNcr1seVsw\nJdrmxN8sAsDKIsem8JEBNhT9RFHtUfVY2SjWpwWX5Xcm5EJSUFaa9lTDA8e6q7SB\n0lwBPFnboct+bXp22xpahkz5NOgbnNNIS27S9bizGfUu5w6cHYs8BGzaXXdLRjuh\nSKX57025OXD9sEScsQoakFMKbAgtMIDbhArCFRdxNLCNqCn7Dpy+R4DbKcWc+A==\n=gLxH\n-----END PGP MESSAGE-----\n", - "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/modules/yggdrasil-wg/hosts/sif.pub b/modules/yggdrasil-wg/hosts/sif.pub deleted file mode 100644 index 0f6ec4a8..00000000 --- a/modules/yggdrasil-wg/hosts/sif.pub +++ /dev/null @@ -1 +0,0 @@ -yioRagUtRvalJLrTtLp8NPiym6a3RpIcqgVfNL1iyRA= diff --git a/modules/yggdrasil-wg/hosts/surtr.priv b/modules/yggdrasil-wg/hosts/surtr.priv deleted file mode 100644 index b5d107f5..00000000 --- a/modules/yggdrasil-wg/hosts/surtr.priv +++ /dev/null @@ -1,26 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:TbEkDgs1y71JYTfmF8wXtPDtkFlhYRnpOPIVQPV+u5Se9D7l5TT6r7CFP/FP,iv:OjktMWZhKYIklsKTdj3cViXcO6LcnGSsDllZatof4hg=,tag:oHoSbCPEcQWkAu7mhSOUiA==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2021-09-29T19:10:07Z", - "mac": "ENC[AES256_GCM,data:/hFdwXsAxrt3SCU0rbPPeBZ6mBsWcGkN3IMcOP3c28Df452/H0FM67/54NXwSErubnfIY4RXyGfj1dgLBV3A3r43E/F3uN4K8Qt1Ms+dJJdMjKiYpsOuCMgLe27yvI6LtUu0ePPJAPu+me1dOMSdvlQAMwNByrtKmLceMFVJ7gw=,iv:UauO61EBRWvVxYU2vlMI8nqIWw+KO1lEVIc82vVs4ZA=,tag:BzYnM9XcefVd/2T0JcMM2A==,type:str]", - "pgp": [ - { - "created_at": "2021-09-29T19:10:06Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAoHdrbuBJjuTnrUDbeAf7aeb6Kz6HbLuLiHZmSt/rSlow\nfgcSqsdYKMdSFeemRzAw++dBuIeduye31GGNDpsZUYyK9r90x0PJaFL3AABudAsj\n0l4Bm1YyqMDv/gzZeK87QDGpYZPu7+dkSrYO1sRe1qHrdI0L1WUs38l0eQM1qSUR\n4Gv4JBXNipoVTH8cfcGRvAy9y2+deEdzDtNK8rqLaQrc+q2TdV8Qlngp/EZqsQef\n=PM7q\n-----END PGP MESSAGE-----\n", - "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" - }, - { - "created_at": "2021-09-29T19:10:06Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAIQL7kGdUkG3CgEyRFdayydeTJGxjD4epYvaQBl4L0g4w\npKoTQuDf8FD3HeFI6ZO/jaE0BFX9Ifd3TYINK/XtqePOkYteos8aqJ/83t35aCIa\n0l4Bq2wt9BRR1pOQzJxnu8Dn9BsnOAQTp8JpwX5fY/FuPXTP8SV2XwWuHKnRd0j/\np7cSOUrog9agk9pc8tjwR+M451xN5AOpqdbqLkuNhi1b6QuxvI+sGsdh3sMz0UBs\n=5ozm\n-----END PGP MESSAGE-----\n", - "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/modules/yggdrasil-wg/hosts/surtr.pub b/modules/yggdrasil-wg/hosts/surtr.pub deleted file mode 100644 index abe753eb..00000000 --- a/modules/yggdrasil-wg/hosts/surtr.pub +++ /dev/null @@ -1 +0,0 @@ -YP/sWEUWw51czlGxvgrgyEZ+ssx/3C9siufgd0a8d3g= diff --git a/modules/yggdrasil-wg/hosts/vidhar.priv b/modules/yggdrasil-wg/hosts/vidhar.priv deleted file mode 100644 index c5b2ea99..00000000 --- a/modules/yggdrasil-wg/hosts/vidhar.priv +++ /dev/null @@ -1,26 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:5RT5TQsBBZY5c4yRpDTYL+M3zLIzYSLST8L31ZmwlQdZs7saXwfehnHo5j0o,iv:/3QrjBfLqQ//ySv9TdTV7jGIzFkR+ZPBi0KJBAkxH+Y=,tag:kwx+Uln6AFBxkv7EE2jFgg==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2021-09-29T19:10:37Z", - "mac": "ENC[AES256_GCM,data:iglf4GccydO5//TZbw2TWndqeIuZz3G1k7blAW1fNgoxdEDGN16NtsH+/iduQj27BsFhRdPXLO9JWmpeOjwzUMnmkuEOhmALYMZGaZRBzO/x6k5EICFacm6lGUHDm307hexzWtIpNaViuZJiWVlT4IDi5k3N2QaUCYp02AqzPeU=,iv:c5RCIl4zLxrWewc37QIwKIyK5lrBWwSe7Me/yP3UCoU=,tag:LfjGnveOB/lMGhOYk3Ev3A==,type:str]", - "pgp": [ - { - "created_at": "2021-09-29T19:10:37Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA0wHAgvPYDG0FBH2rql1gX37YtzsK1K/AUNSarn71dAQw\nJ6FEldRQ6M+hN41ooX9DSebEtumtiLNQHnvShICw8ULFhrsgyGdUkZAb9eJ9pHnO\n0l4BDS9/MbcTpsZWW+LfFPAZCGsVi1eF5abQKDFDt5RMvxERefIR7jHd6vmjDKgy\nrESOG1nGFsvLnU5/OKJtSmWKDsnMh4ohJ1Agojh4YeVRUnFkM0vdihdZnEAlMz6E\n=DO1o\n-----END PGP MESSAGE-----\n", - "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" - }, - { - "created_at": "2021-09-29T19:10:37Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAJ09HBaaPhDdTOfpzVxuhtzG7s5ZjVrpZWmKKeO23bGYw\n2ctQ4YdNJt5Wv0AhgA0XVZK06rHtBV18utaeXhP7DYZID+wyMUkO7UR4/hhEGmb9\n0l4BzTxnL9liRwH5zB9r7erJYcDOUixtqtriRaoHUM2hDemprMqg+GoBj/Js7V52\nOKCiNGx5uDZ83W6+SFITIExm6I9pvBIcKUNc5aXSov3IWRRik46nU1iqYqYg5n/0\n=2+px\n-----END PGP MESSAGE-----\n", - "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.7.1" - } -} \ No newline at end of file diff --git a/modules/yggdrasil-wg/hosts/vidhar.pub b/modules/yggdrasil-wg/hosts/vidhar.pub deleted file mode 100644 index 2807df64..00000000 --- a/modules/yggdrasil-wg/hosts/vidhar.pub +++ /dev/null @@ -1 +0,0 @@ -IOuHpNQ2ff09HCPKtKY95lDXoRhd8FIBsbB8kaMeUUA= -- cgit v1.2.3