From f131537a629d8443261e4dd4defa54323a424c05 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 20 Mar 2023 13:27:21 +0100 Subject: vidhar/pgbackrest: srv01.uniworx.de --- hosts/surtr/postgresql/default.nix | 8 ++++---- hosts/surtr/postgresql/pgbackrest.crt | 13 ------------- hosts/surtr/postgresql/pgbackrest.key | 26 -------------------------- 3 files changed, 4 insertions(+), 43 deletions(-) delete mode 100644 hosts/surtr/postgresql/pgbackrest.crt delete mode 100644 hosts/surtr/postgresql/pgbackrest.key (limited to 'hosts/surtr') diff --git a/hosts/surtr/postgresql/default.nix b/hosts/surtr/postgresql/default.nix index f0edfbac..54693b50 100644 --- a/hosts/surtr/postgresql/default.nix +++ b/hosts/surtr/postgresql/default.nix @@ -20,9 +20,9 @@ in { repo1-retention-archive = 2; repo2-host-type = "tls"; - repo2-host = "pgbackrest.vidhar.yggdrasil"; + repo2-host = "vidhar.yggdrasil.li"; repo2-host-ca-file = toString ../../vidhar/pgbackrest/ca/ca.crt; - repo2-host-cert-file = toString ./pgbackrest.crt; + repo2-host-cert-file = toString ../../vidhar/pgbackrest/ca/surtr.crt; repo2-host-key-file = config.sops.secrets."pgbackrest.key".path; repo2-retention-full-type = "time"; repo2-retention-full = 14; @@ -40,7 +40,7 @@ in { "global:server" = { tls-server-address = "2a03:4000:52:ada:1::"; tls-server-ca-file = toString ../../vidhar/pgbackrest/ca/ca.crt; - tls-server-cert-file = toString ./pgbackrest.crt; + tls-server-cert-file = toString ../../vidhar/pgbackrest/ca/surtr.crt; tls-server-key-file = config.sops.secrets."pgbackrest.key".path; tls-server-auth = ["vidhar.yggdrasil=surtr"]; }; @@ -64,7 +64,7 @@ in { sops.secrets."pgbackrest.key" = { format = "binary"; - sopsFile = ./pgbackrest.key; + sopsFile = ../../vidhar/pgbackrest/ca/surtr.key; owner = "postgres"; group = "postgres"; mode = "0400"; diff --git a/hosts/surtr/postgresql/pgbackrest.crt b/hosts/surtr/postgresql/pgbackrest.crt deleted file mode 100644 index b4dc4d97..00000000 --- a/hosts/surtr/postgresql/pgbackrest.crt +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIB7zCCAW+gAwIBAgIPQAAAAGN7p/Q5SZ7JU43JMAUGAytlcTAfMR0wGwYDVQQD -DBRwZ2JhY2tyZXN0LnlnZ2RyYXNpbDAeFw0yMjExMjExNjI2MTFaFw0zMjExMjEx -NjMxMTFaMBoxGDAWBgNVBAMMD3N1cnRyLnlnZ2RyYXNpbDAqMAUGAytlcAMhABIl -okEGkov33jgsrF0QA4CKQILbIWkZ2tn+UUhXxxyDo4HGMIHDMB8GA1UdIwQYMBaA -FO+/yfEkwcLr+vNPIsyCW86UwJ3aMB0GA1UdDgQWBBQnVeShLYsqF35OmmzLJEV5 -dfenhjAOBgNVHQ8BAf8EBAMCBeAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr -BgEFBQcDAgYIKwYBBQUHAwEwRAYDVR0RBD0wO4IdcGdiYWNrcmVzdC5zdXJ0ci55 -Z2dkcmFzaWwubGmCGnBnYmFja3Jlc3Quc3VydHIueWdnZHJhc2lsMAUGAytlcQNz -AJqqMDWN1Ym5XANRKWcCh09j0Rej3V64XZlOOP7qFF9Gh4QJXeCvDMjX4LOeRUmi -lB8iosdRN9MSANI4kfwYBnzgn3BNMrvMI4faEOuVnd6X2ulsJdNbJNQzB3hRVsNf -b+QNBV+PpTUgR4k9e1XWX+wwAA== ------END CERTIFICATE----- diff --git a/hosts/surtr/postgresql/pgbackrest.key b/hosts/surtr/postgresql/pgbackrest.key deleted file mode 100644 index c7057e6b..00000000 --- a/hosts/surtr/postgresql/pgbackrest.key +++ /dev/null @@ -1,26 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:Bg4fIAqIGLF1P1P583vQnHhjzrD8fdnS5tA/7SuSdBRJjVaRzB0bieEv+2i9WxgaStG9TTUSmClCVUsbR5gy7MoV6Br4AL17Y++R6wPpJbQJvtMMDJB2xg+THU/Ex61dendcWqPYh73Wn4U9uBE/wC1eVrShXRM=,iv:YG/foZwVcrzi6hdk7Vk0sYZ92LMbmiKg1SbAgPaeUNM=,tag:lAcoxUfQXB4vvc6XnIcA/g==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": [ - { - "recipient": "age19a7j77w267z04zls7m28a8hj4a0g5af6ltye2d5wypg33c3l89csd4r9zq", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzM08wK2tWTGZqSXlkZkNC\nZmZGRVZONm8rU0tpUXVrQnZRSVlUd2JuOUU0Cno4MlVyYk5ILzB4TEtyMTdRUzJl\nUTdnOEcvMFkwZlZ1QmpEREJVNFhNYTgKLS0tIFg1QnlxeXZBYkpXVEppTUFEcnNC\nVEFnUnEwWjI2aFYvZ2EvRW5LR1NVQncK3K1sspt2zHemubUglQBkTRLvXUQyndiv\nQtaU/f5m3f70UoydE7jK1WfEbpUujjaTv5qZeQhA85OtsjRs20SRdA==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2022-11-21T14:30:27Z", - "mac": "ENC[AES256_GCM,data:Dsfc1XrGl4abSnDqRl/IwC11bVy+kHz1RaI0V/nkkaJ3fM/qTXPVc5mMoWCiPn1nz5BTABQRSnrf79qHc0wpZ1WUpn07yOf7JejJ/T/bUC7D8BuoVdWRh1og+NzWCEIwaGXg0Eo04yli+GXisdM3YVM9g3BrxYrSInjnNZFyB+Q=,iv:T5QprwIhB8ZWwmmfWVtxkXqbMB1onW+wX7GPIFMn+z0=,tag:zMi77nMepajhg2Djgz8rBA==,type:str]", - "pgp": [ - { - "created_at": "2023-01-30T11:02:32Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdA8rLHh5XmLvkM8spHa/iIxYYSecBwXitGydVcegMQQEgw\nKKxjDQ+6ffkdVqRt/9L9rg+LVcU5q0a8cxr6uRrTOVwdLyukczh1cj0qX+fjfLXc\n0lwBmw3j8IKtFLQYYiK8z+IAaujhlg8vRQyCaMfMWO0ZXA8NkhZlYhEBcwbvV/M2\nCVCcoUXeo+kimv+8eYg0jrmegCr2FI9f/FQSU1QnEg4sQiVe2i50Im8MC/8TTQ==\n=1j/D\n-----END PGP MESSAGE-----\n", - "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.7.3" - } -} \ No newline at end of file -- cgit v1.2.3