From a7255ba16633d70c22e8bed75ae52c49f08e1c18 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 22 Feb 2022 15:48:59 +0100 Subject: surtr: dns/tls: rfc2136 --- hosts/surtr/tls/Gupfile | 2 ++ hosts/surtr/tls/default.nix | 51 +---------------------------- hosts/surtr/tls/tsig_key.gup | 6 ++++ hosts/surtr/tls/tsig_keys/141.li | 26 +++++++++++++++ hosts/surtr/tls/tsig_keys/dirty-haskell.org | 26 +++++++++++++++ hosts/surtr/tls/tsig_keys/kleen.li | 26 +++++++++++++++ hosts/surtr/tls/tsig_keys/nights.email | 26 +++++++++++++++ hosts/surtr/tls/tsig_keys/praseodym.org | 26 +++++++++++++++ hosts/surtr/tls/tsig_keys/xmpp.li | 26 +++++++++++++++ hosts/surtr/tls/tsig_keys/yggdrasil.li | 26 +++++++++++++++ 10 files changed, 191 insertions(+), 50 deletions(-) create mode 100644 hosts/surtr/tls/Gupfile create mode 100644 hosts/surtr/tls/tsig_key.gup create mode 100644 hosts/surtr/tls/tsig_keys/141.li create mode 100644 hosts/surtr/tls/tsig_keys/dirty-haskell.org create mode 100644 hosts/surtr/tls/tsig_keys/kleen.li create mode 100644 hosts/surtr/tls/tsig_keys/nights.email create mode 100644 hosts/surtr/tls/tsig_keys/praseodym.org create mode 100644 hosts/surtr/tls/tsig_keys/xmpp.li create mode 100644 hosts/surtr/tls/tsig_keys/yggdrasil.li (limited to 'hosts/surtr/tls') diff --git a/hosts/surtr/tls/Gupfile b/hosts/surtr/tls/Gupfile new file mode 100644 index 00000000..13ba8cf6 --- /dev/null +++ b/hosts/surtr/tls/Gupfile @@ -0,0 +1,2 @@ +tsig_key.gup: + tsig_keys/* \ No newline at end of file diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix index 01c9050e..b28d33e9 100644 --- a/hosts/surtr/tls/default.nix +++ b/hosts/surtr/tls/default.nix @@ -8,51 +8,6 @@ let tsigSecretName = domain: "${domain}_tsig-secret"; cfg = config.security.acme; - knotCfg = config.services.knot; - - knotDNSCredentials = domain: let - zone = if cfg.domains.${domain}.zone == null then domain else cfg.domains.${domain}.zone; - in pkgs.writeText "lego-credentials" '' - EXEC_PATH=${knotDNSExec zone}/bin/update-dns.sh - EXEC_PROPAGATION_TIMEOUT=300 - EXEC_POLLING_INTERVAL=5 - ''; - knotDNSExec = zone: pkgs.writeScriptBin "update-dns.sh" '' - #!${pkgs.zsh}/bin/zsh -xe - - mode=$1 - fqdn=$2 - challenge=$3 - - owner=''${fqdn%".${zone}."} - - commited= - function abort() { - [[ -n "''${commited}" ]] || ${knotCfg.cliWrappers}/bin/knotc zone-abort "${zone}" - } - - ${knotCfg.cliWrappers}/bin/knotc zone-begin "${zone}" - trap abort EXIT - - case "''${mode}" in - present) - if ${knotCfg.cliWrappers}/bin/knotc zone-get ${zone} "''${owner}" TXT; then - ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT '""' - fi - ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT "''${challenge}" - ;; - cleanup) - ${knotCfg.cliWrappers}/bin/knotc zone-unset ${zone} "''${owner}" TXT "''${challenge}" - ${knotCfg.cliWrappers}/bin/knotc zone-set ${zone} "''${owner}" 30 TXT '""' - ;; - *) - exit 2 - ;; - esac - - ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" - commited=yes - ''; domainOptions = { options = { @@ -111,10 +66,6 @@ in { extraDomainNames = optional cfg.domains.${domain}.wildcard "*.${domain}"; dnsResolver = "127.0.0.1:5353"; }; - mkKnotc = shared // { - dnsProvider = "exec"; - credentialsFile = knotDNSCredentials domain; - }; mkRFC2136 = let tsigInfo = readYaml tsigPath; in shared // { @@ -129,7 +80,7 @@ in { RFC2136_POLLING_INTERVAL=2 ''; }; - in (if isTsig then mkRFC2136 else mkKnotc) // cfg.domains.${domain}.certCfg; + in assert isTsig; mkRFC2136 // cfg.domains.${domain}.certCfg; in genAttrs (attrNames cfg.domains) domainAttrset; }; diff --git a/hosts/surtr/tls/tsig_key.gup b/hosts/surtr/tls/tsig_key.gup new file mode 100644 index 00000000..3d81b603 --- /dev/null +++ b/hosts/surtr/tls/tsig_key.gup @@ -0,0 +1,6 @@ +#!/usr/bin/env zsh + +keyFile=../dns/keys/${2:t}_acme.yaml +gup -u $keyFile +sops -d --input-type=binary --output-type=binary ${keyFile} | yq -r '.key[0].secret' > $1 +sops -p '7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8,30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51' --input-type=binary -e -i $1 \ No newline at end of file diff --git a/hosts/surtr/tls/tsig_keys/141.li b/hosts/surtr/tls/tsig_keys/141.li new file mode 100644 index 00000000..f94b492f --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/141.li @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:wjjG+kaLFnWG8vTKCMHRsTB2ksZEQV/lZON7OTGs4RGF2UGyzr7uFiaPEu69,iv:x29NlTSg48NuDZmNwQx7WFhKPanOLEziDF59GpAbYIU=,tag:U0jQimah+7dfJ8+rElb75w==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-02-22T14:15:30Z", + "mac": "ENC[AES256_GCM,data:NVzJqLoMPP1I322E002PPHB4hp6K2FpZTz1+E+eggsVnXtcU3da0zzRZTe+1JRRRLgTp1nFafxkDZbOF53byUgcuA+YVD0lIcX/Zk4JtkihS/AKBgCFSDXox+WFPulT+Jy8piRQuLFIj9m//FrPqbbZje4tT9MqtU8GFtQ/RZSA=,iv:ZXv5MXjUH939pbFZTHLICovdKgDxN3HkJWjzEBu0mIM=,tag:0h6XiH4oIeFEH3dFivHe2g==,type:str]", + "pgp": [ + { + "created_at": "2022-02-22T14:15:29Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdA3LvoKvgJIXhXYc5cnoUHE4k9EnJzrSokuwHX6vsXMF4w\nl/Am3E8SYCRLW6GH84v5nRogvRi4/njDTUMltRil4AreR8AKs6O22K/dotFDFpm8\n0l4BjzIFo5lin5t/fJQnam+Q9N0sRu6CKe74id93IEWn4fh8jnGm2z45VQf08edv\n5TT3atYJPXK3BoOGZqWLbYk1zZMxlj/yNDC/gsoNzkv7tFfQyd8Rk0pbGOELrvlq\n=QUbV\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-02-22T14:15:29Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdApyLjA3a/6MiK3911+Dp7+GldIgztIqDfePqSVGQ9Tngw\n8ojc86qm6daCc2aceZGmmvt28kPX4XNmd5KOnFhF6B33o1tSI2duoVeYMOMY5sc0\n0l4BXL2CeNPvdX5To1I4OAUV6t3HEhgnW41/b6B3LqaGg34KBI4i7xNb8+djVSxu\nMEtYkD9QoSkDdNOpDAlH5GnPmrIVPHY9ml70agC1ctwET+P6L9qt0lzwCs2K1oT2\n=/Ukj\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/hosts/surtr/tls/tsig_keys/dirty-haskell.org b/hosts/surtr/tls/tsig_keys/dirty-haskell.org new file mode 100644 index 00000000..b9effeda --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/dirty-haskell.org @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:c4XzB/MbBfDcgR+6/FRNxDsRxtfdOR8oaKj7eLByJfnDyDrnN/p5DHrwNOe+,iv:TmCVdXMFJtRb1eT0M8Tga23rxoyUldjPATPX04n7I18=,tag:AhqhULrs/FVtfPUeWv5SdQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-02-22T14:20:36Z", + "mac": "ENC[AES256_GCM,data:AZxoNR2oE7c5LXEg8o3cBYTflBMeGadPWr1cJ5GEyBJUJUloN9V9iTjnN/62Pj1zkTQvOhL4vkoOd0q812mOV1QgCi/RbLTPIn55dDWJ8d8jYQLlqrMV3LR+xtsGDDBDOPWJ8pNIug9D7f3BwVQpbvj3W2WOnJvm3oAZNHa0RJ8=,iv:YVFNSC74bZQgGpVLxWFCkC1oouSYwJjQ+k3beSeXUJc=,tag:oi7bSs83GsDl4qpsJ8zqCw==,type:str]", + "pgp": [ + { + "created_at": "2022-02-22T14:20:35Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAhNF59zErbJlEDeJjF5kFLUVeAF81ageD34K/7NjVf3Ew\nFAn32mbWKZmoY4ekfOyZesKWTvpaYH8vnLj0r0vTc4nnqIejrVbz5T7nxl9mKgxX\n0l4BS9jVKuC7mGvTlKvpABPEP7uQS083JRVdTQ9nLFF3kOgf3rHWTX7I+QNMT+7E\nWqdm0q8OV09wk0I94lpRVjQjeosZmLGV58E8Q1D5x9xKjwS1Z9IT2SHONaZDAc5a\n=jdQT\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-02-22T14:20:35Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAMpNL9Ff2tSQLZYJlJCc3zUeTIiJYBwPXngz89tnrtxMw\n7cBQezv8MW/nKS5+8VPsr5NA2EfbPRlPAGDs3i7c82iNyaq8wjlZ7E5kJt9Cp1UA\n0l4BUddH560+QD8JZ7Tas943jI0GvBSrP3gm/dpILXS6APmIo8cY1Ex8Qkyvp0vn\nfumu+TRaUIjgSo5ZbqbJx+/duUjTg+j+p0Zu1xvBDQizbP894y5LFfsEsWQB2tkC\n=QZbr\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/hosts/surtr/tls/tsig_keys/kleen.li b/hosts/surtr/tls/tsig_keys/kleen.li new file mode 100644 index 00000000..3f31b1ec --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/kleen.li @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:Jjw1uufbrTcNTY9QLDbC98BXyDsUpO7jlS56qHmrIC4gBT0DF29v4thHgDe/,iv:AJeaK7SA2dlVMZKT7VGYXpjYOvIlWsSPghylvwq5hfE=,tag:af6RdYpyPSioqiTpnuLYNQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-02-22T14:43:58Z", + "mac": "ENC[AES256_GCM,data:Ws+LHpDFB9tKzfV5zVg5POTbzwb5KNFigPCQON85yIupazVMKesW5mpBZTzbknL0IwPfVnCQNX92bnJ6RBqJ+vIdOdax/eZzuIMvXyUGw1gjafkE3F9gv0CWu3n34SoLOynEIHXOrM/nTVWOLs6+DP1fH8MmscjhvaX52yIxe8E=,iv:OhYYyc0tcI2BrL8i2ZWADso9AcHzhb/wNrqVEnTXUJY=,tag:+GoBXxlveNe2puCbFz2foQ==,type:str]", + "pgp": [ + { + "created_at": "2022-02-22T14:43:58Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAHUWRBd0g/lAt4SNSRTyY084xlAmLVFiWY38oItiWEzUw\ngFigoJRqCtFsfRgmPC/VyasEAsUCSmmA15rGH+C1DA0HRyXLNUVGEcsnL1J7yNxS\n0lwBVaPi+AgmKtV48v6YzArTeY36TA9CInZl588Wy/YFitnTX6wqIuoZeJlDgEhN\nVF4XQVjb1mQhHFHbgD7SJSW6fHi8KWb+B3Tr6qt+p+CzwCycH/IaDbWbhIRSZg==\n=06jP\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-02-22T14:43:58Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAZbcJU1YXpht/sVq+NgOi23+BCjuiT/DH2Q4o9oQwEBkw\nLlQGzqtLfKPAjZWCECgsgz7ssAQVY90S9MDM3fUYWX56TXZabFkgz18Bn0cq1Ywa\n0lwBeS1RQX6gyjLNrO3B52eL9t/FW01RtWWS51nGN0WafVgoIaohV00lDCFZPAD/\noajw9vLd7Njjk11Pqv6H7pUanQOk69+tX5pKpzwGlRE0eZre6OSPZp9WTgfLTQ==\n=Af2i\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/hosts/surtr/tls/tsig_keys/nights.email b/hosts/surtr/tls/tsig_keys/nights.email new file mode 100644 index 00000000..5e387091 --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/nights.email @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:WrhKcorA/PdPrt6tr1eDuVA/Wdr/DaRtc5ETixVKZtxDZzKQakF5ltVB49Dj,iv:f/1Ko1m064gAVPEbt2SnHt7zee/PQvMZb+/qneVc0ls=,tag:qimiralQNxwOZ/uAs1T7/g==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-02-22T14:44:08Z", + "mac": "ENC[AES256_GCM,data:+/9QfW6yc0AXNKu73Mkp7hK98lWWyNn3WLJ2wdi6mh7dAR/pYxcuIa8a9b8Kv41WrExwExVbWbI886v2hC63GMI+rZeiOXAZEEFNCpYQwyog0bzWedZ9gE5ZmymaErrPsVJYauys+8NYomhtj+3ufB5FZNwfmEOO76dzcr10qZY=,iv:ecyJqhBYHHNj97JvOCFgFg4jxaBySUdj3ZgZKY6ulLw=,tag:a62hRw50887xQarS6O/GgA==,type:str]", + "pgp": [ + { + "created_at": "2022-02-22T14:44:08Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAwkyJitOwmF+FeN4F3Z72t5wf8vTizR+TjlBPU/OwRUYw\nYVBQCma/uqjRj4UZeWXo6lq3weKI+gRp17z3Fvzc0YCWdtGq7lKyVtmwPltrvEXc\n0l4B4h6XT2+EcPuqtvkpNwIUoNphYZV8xGUD4v6lAQqUOYFsJvZfZbYe7tukcAQg\nwvbuWE2Hht0cxPpY65cVURA92wEcs7aP6Bp9Mqb/lQn7Ju1sv1a4bAvYvNVFnqu2\n=OkoI\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-02-22T14:44:08Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAFIJLO7eo3lhEVg13E2zI8DMn3ljuQv9JggBD2mHk4Xcw\nDjk54ugbH3AacQN4zsoGJsAjZEUpfCBhGl/fpVZYEVzgMLzA2SRqRol94YPyNpM3\n0l4Bived0rDJwIYAEhpCplpX/JKAN48BaauPC14QuWDxgBpZTWSKqa+BoYpTbBoc\nN0amWuqWp7WGLrRizpfah1w/+Og6QycgccXzG/dz5aRVC71ddxycvjbR2k6sH3tr\n=m8ZH\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/hosts/surtr/tls/tsig_keys/praseodym.org b/hosts/surtr/tls/tsig_keys/praseodym.org new file mode 100644 index 00000000..c4afce5d --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/praseodym.org @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:LLr/euxUJL1qSnjx2HlUG/X5dIg15WXb3VryAnVtHCLHUxnfrUF2PNlAoneL,iv:7OeUpmgXb7PfyDwfgNvaqhnPn9UKqYd4ug8as01gIDU=,tag:CYKMKyol09ahPr6SKGB9kA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-02-22T14:43:37Z", + "mac": "ENC[AES256_GCM,data:dMgOwAv7CWEsP568dNX/1mGOcVIXc/eU92gJUSkZaQBWoJExa7Y1K0Ocyin9YsdQsFGcBFgjyo1DtdVUrf8j5/V69CG8xXiWwf82O247lifK+V2/Etgys7W71GZXxX+C5+fnN8SgsVQeOKX47ljiDeajKMXOptQEx7Awooe1vYM=,iv:GP57gibgf20yrZTgGzGxewOEWnu+1E7uJUYYJO85n9Q=,tag:Zhl9FmLYUyydiNzbXjLN4g==,type:str]", + "pgp": [ + { + "created_at": "2022-02-22T14:43:37Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAEwneu5Lzspri3SHXIFgp8G+nTOpl3DGEoQTCaxeJvkgw\n/q3IUfiNFbpH32V7V07oOk3CD3SIlVVLNcxD/3DuOLHLeCehnWJ6OAtzaakvR2zW\n0l4BEBu/NBzhrtxbOt2vJnUyIoPwJIQuzQ92nUppd3gdaMoHyA+Wk/CAByTZ6+Gu\nq4jPWyeVwGeItpQ3PfpnCKJJQGhs/2E9TQrrovr2vhurnaxiEW80U/NdCQ3eMXiw\n=vKZP\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-02-22T14:43:37Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA1KY9DWpdJsUWLsvl4jJWel1tsdiNJ4z1VJw1W1Uiti0w\nLBhjFCiX4trrvYZf/s27t3CEE3j1xHpk+nhG+5rvh4PKOy9+4Z4dQ7ePr3khWK8d\n0l4BrSZXnmP1+i49AjR4F94EvezVS5MMNlqbHOfChBaybXO95oXl8CamSu2X0kSC\naJJe/ovfYblK2QCD1+kAb/e4LOedAHkL/YSOFtKa0WVhKNJoRIocAAYfCAXuQSRP\n=GWol\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/hosts/surtr/tls/tsig_keys/xmpp.li b/hosts/surtr/tls/tsig_keys/xmpp.li new file mode 100644 index 00000000..35acd462 --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/xmpp.li @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:Bice54S+zPCtUASZD0wnqFeBDekIKAfaZmNc4BJ8yFzzP1AeenJqOow69lf/,iv:dsBceXehjvhfTSd+KXE2QOvpTwNTY7gr9ef0hNFdDms=,tag:6iMISbLkELFP5OBbRgcdqA==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-02-22T14:43:10Z", + "mac": "ENC[AES256_GCM,data:IACasoGWgaouc0QnJAztTJkRnD60D0r0pXdxhXnDqpsz3qeS4Nnc5wgjMjSC6iTLNTDsGHw5s8egoIYKNhMVv1Gi7jYPgaIMGkjtg5iGIGmd12dqQTT4LPTfvrA0zqvu6BjzjO1BEBaJ26u8SBWw6yIg76b0BPpmM6afmyKo4X0=,iv:el8SzvnpQzURe1POMWNI3d2vYbAHqgfWzkzFi6GTQx8=,tag:HWABf4iOAZZLiJiMivGQ7Q==,type:str]", + "pgp": [ + { + "created_at": "2022-02-22T14:43:10Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAqBgOG0dMrKdKrPfL605eIH0q4zc/qLSepP3Mbi4wUCAw\nwVXV+LDTZKtCiT3RioyM3Vlf6blY1i5A8VgCKPHKFSy7TEMmhsHKKQGExahE35tm\n0l4BSmNYGiyW6mdiOlVS4uHlztG0SkzxAKoWs7lgwXufP97M0c9GaGLwVUCaOrWj\n416XfTI1wL8HmLBHaa8s2GyVPo+VWRKUpPu9gXAjTpqmRxeFjt7j749nIK8X27y8\n=2zXf\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-02-22T14:43:10Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA4FILrqlN0ta93yHezBedT+3UuCQqonGlarHvrwi77DUw\nIi4IxaLcYRwqISIhsjz0k7MzJ/BlP1/Qg/NMaB9CoSQIoVc8P7TK/gdP81ORE+r2\n0l4BT9n00HJPJ4IHJKcKmG+Ta5xOPHsVqRNgLSp7Ss71I0HLEa6YqhE/4z3kwvcE\nD7fWKVLkMuA6PMzjEa+ZGY/baqHL0VFW+Vy3/Fn+E0nStUT17Ya0ANB5kuyRp/v6\n=cwHX\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file diff --git a/hosts/surtr/tls/tsig_keys/yggdrasil.li b/hosts/surtr/tls/tsig_keys/yggdrasil.li new file mode 100644 index 00000000..7c75602c --- /dev/null +++ b/hosts/surtr/tls/tsig_keys/yggdrasil.li @@ -0,0 +1,26 @@ +{ + "data": "ENC[AES256_GCM,data:nfXCp4v2HFGHzceTQJY7knQ3ci8sPUGdiYL5Cy9epu3LK1QULNFb+eA+vFHG,iv:xBdtLNYMgGQfLsdjj63uwc9NWe8UvVnVmyuMAM0S1bQ=,tag:9xSy1U4+crLKvWr7eKti4w==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-02-22T14:43:24Z", + "mac": "ENC[AES256_GCM,data:DzSO3ir1Q2KWzwcmrW9ksw9GFRJXOVkb2tuhgDQxzV+sHC8O6VLMvYUZCNrYSKlZR0i2xiGuQD+3cO09YRYMF9MoR3ODl1BAGi5C0z0UKYPxf8BE/8x1qj2ak4Qdp7BHtaAQHo+IU+dX8AK64DJ5b2pJ/ThZzRSlfaeYp3X8cgA=,iv:FeuDzZzI8R2sZxWry5Jr1eoUWQlLkSqiNLutrvBviKI=,tag:VQJoQSodDkHIkrDXsnPG7Q==,type:str]", + "pgp": [ + { + "created_at": "2022-02-22T14:43:23Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DyFKFNkTVG5oSAQdAP/YAe2yfGvQ3TcChWjoRsi1bSezMKA2VDWPgRZuA1xQw\nEXhjL2Iu/ORRaktmd6ortqSxckYo2WOosqLXLLWXSnSpBK0mpSFO4/DJbMeKapCA\n0lwB0Tq0hP1Knh7jrTm/9mj2zcqonJY4P8mDwobBI4p1Ll29HxG4KCExrsxFFV6S\nQj1/r9Sz3SLsA9+z8hS8SQO3+877ITmAF518LTjs5clelO4I3KYCQqezXTVOSA==\n=2jir\n-----END PGP MESSAGE-----\n", + "fp": "7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8" + }, + { + "created_at": "2022-02-22T14:43:23Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdArOyejysX1GDvK5g928BoioPtvEz1VzindL8Ng3Ta/Bcw\nUCB1/NKkCM8Ex2jALoGrBeZ5GdL2eRAOmQysaYPpeYRSG84/6e3DUixsbavL63tO\n0lwB+fVTe4tsLKFQ/j+GRJrBkHWNLVSjq50t68OhqTMQ31e8FejeTdAmsFG33MjH\ntumC/AGjz9qAGR7G690wu6WZaJRFD+aPMAJdFN2Fu3A+Imdra3hlTExs8ZAVaA==\n=7NiP\n-----END PGP MESSAGE-----\n", + "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.7.1" + } +} \ No newline at end of file -- cgit v1.2.3