secrets: split nix_serve_privkey out of servo.yaml
This commit is contained in:
parent
e25a4bbee6
commit
55875816d0
|
|
@ -34,7 +34,7 @@
|
|||
};
|
||||
|
||||
sops.secrets."nix_serve_privkey" = {
|
||||
sopsFile = ../../../secrets/servo.yaml;
|
||||
sopsFile = ../../../secrets/servo/nix_serve_privkey.bin;
|
||||
};
|
||||
|
||||
sops.secrets."pleroma_secrets" = {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,3 @@
|
|||
#ENC[AES256_GCM,data:1zQ8X9W4ZGquYEjEsN8YNLhwBt6kaRCKYMjM8GiZbKzsaqwt/cFk+4cC85+QKWF0FNlX38Uba7bI2FvC8fTIO8eoZ5VymJ9Du3NcExE1976FSIze44FhtkSKQkm/vQw5cb2sPNKBGFLSNV/IpdPu,iv:xwv2+Fns0k2STkS760v9p1XZ5s2HAz3wLb8xyIOGTGA=,tag:OGtHxQgyWxGKtg5I9nJAag==,type:comment]
|
||||
nix_serve_privkey: ENC[AES256_GCM,data:JlLuslwyjKARo3Mo36SeRz6ctVuV+jzDMXACekaGs/UjP+Jm8PoxZsWjMcN+qq0tJB9xGMfi7TKHDi+XnK2k60h+7+yDyeqJQfjID6axMYmgxYUivq4CugutFVB27FmDPljUs2M7CRqe1IHrdjc=,iv:1iQVr9rP80hHCRSVD95KW7bpOWj3oZReJAvqa9TllJ8=,tag:6DDGtHF4suOyy2kcnqSDsQ==,type:str]
|
||||
#ENC[AES256_GCM,data:cyptbs4VfXY4P4+W5e2LRZOHkpqvWzn2JEpV80w8cIaQ0lTZa/Hg7IwDNQcsYobmBFO2yLrKawHDKlDos2fMy0KgIhUrw4f8WksxdC06oMqS0mDtgA==,iv:StB34bvA8GWR+7nwOOpsiJ3yqGgeSg5frAgRMhff8nw=,tag:b1LYFzII2Ik1nmGXxgMZuw==,type:comment]
|
||||
pleroma_secrets: ENC[AES256_GCM,data:TSbNUptz/1vybQAl1cBh6h75JR/yYue/zkAOoCrevQtZLuwOioTNGCesSeD/Y2O387N0BD+reVovdmfDA8WqvUnUZ4KpIjXRe+fxAxw4s14/BNChaSohCtADN0919JrvxjiKACizvgMNKmcP7PXsaoXMLmY1jh1VjK/3xL5+OMa1sHH58fndwgVF7f4XO+7VRRgYfUdyDobLPyE5ESKCYLWA2dUIuGPMo7zYQPVe++mgJ3S44Spx1AmJ+XNOf8z+GhQB3Fcc1yITv+drUHeBGC4Y6vVH1gEQA2K1kqSTEaNcPFhKBnN1ITzee24ULozNotdNPDWvv71K/ZdgZ8qx3hRECUGTgTSpqE5IlCk7kDYyyLcH28+yUurto6sNo4k28tiGh64QM5r4mQepfkFpDs2aNXE+EwF4/+wxlzZj69flIAtkN7i5YTj9tKBf93rs5zNuRpNnNCclcD1XukbUp4mMt4t74TdYH3uN35j/bIApEGliiU8TTBxxLXFLsCSxXJPUhNGdIPwuYivp4m9joezID/U/LBT+0qOB4+tuPk+C2Z2vp4i2a8G+VvBFqCKQWpflZS9hO4flyfOTJ3zquuWozbsqFugLjeqj+/4c0BYOL5gWnvitbqTQJtmzf/XncNL9UjmztbQg+IzCx90xb6OHX77G+beiiyz+ASglXkiN++17Wi5+0PJQFSLgY4JKbQ5Au7X5KzRAHFrB5NpekhaoIno1QULcrl8QJ0jiB3NLW5uE9MPLZDv8kwK01mcR5iaUv/sYP3OXDui4uQ==,iv:FmAx/D4u7XBysO53kbpl9ASnGwTD0w9wSi+9hqQOKl8=,tag:5pngKmp07l2KCjMXUgZqhw==,type:str]
|
||||
#ENC[AES256_GCM,data:RdKGF5jpu91pgr8dkekaBED+3vlA8C/ccWSeS8fNFXZ0JcWaeDq+za6JO2X13+7QHIMQ0doOFJmvVmAlrV7pM6tenCqXxyvYmNL1dfHS/x7s8XJFCzDzubzFbWc=,iv:SisRMWRBHOkBIvdNmbdpaWLQ6Nt3JuPpddGdg+ufwSs=,tag:r+7lgrucNMIc07sG7RVE7Q==,type:comment]
|
||||
matrix_synapse_secrets: ENC[AES256_GCM,data:bjqs4r8g2RHNnlr+nr0EH+gfLkh2xntLZgd/ArMXvmpkW3ldjzrUPQGVlJLUkrkHG03NaCVCNthnb3PxurowjLh2J3fPXMvDXWQlmOIwOAq7Bixq3LIA5ejNFLieRLe5lacPVkkrBrdJEzXeUISuuTaEw4QPrpntXuqlQ36HNgfXLQvOjTWbo0cI51AKjz0SHzFsPw0gYRsUkvbnVu9dYEhj+tybZjWTKvYeVVXFegop50z3utLJPZf5G9bjUE/7U/AburW3iMyvdpyEJQG4pc+4Yw+cMoZIWbUBQkTK6lQJZVTDRffj4vfyVlQm5D0ZRv/QhRsKa1jy9PvmrNUCiAtMfSh0OThlOd5CwGcMKnaQZfl5jG3E/Q6/GoeJzzhN0Oe20x5hJFEh3qlsEeuHTyzP4/rL6ZVuwZH/IpDEL8lWgFSKeud4VSPfacpstNmtEhwMXrr+JNsw6WoJYpItqJ2oaYXL7NlVO7TK7nsu0vuT9H2pRcfweqfdHwkje2Af965QEM3zT4qEgHXf2ZFPrLgySCibCV4IxxV72Y60FN9kSq5zEVA0WhkaiHjqc8T7QZ4NnU78GT5w1SSVQR11hgq0R7/MgSp7egDGuEbuMoIuqqHTWvaNeOUZRFcTSgHLt1A3Mb0War5ngNLnyRrJ79P9DrU=,iv:q2LBAhexpFSg/EFCYzCc8TcQuqLkPPM+8fGaFYhnOQA=,tag:vIOLhtadKkuxBS4cVWzwvA==,type:str]
|
||||
|
|
@ -46,8 +43,8 @@ sops:
|
|||
cWplOHBNWjlJdGI3ZWtJc0t4Mk9URG8KE+9IPGYZsIs2PaDJ2AUE4gB4QEj5zo6P
|
||||
aZVbubu6Tbg+tD/98RkfWAkNvoVeDYuLNPDNgqOL0UgCQiTrPPaTjw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-05-14T08:41:14Z"
|
||||
mac: ENC[AES256_GCM,data:mrtj8Yr/0SROpjW5XPDOuzmCOOb8F+BoqfxVZGtUx+1I5EYTOaiZ7emejthBtrF1+nnt4WmspLTE3xdBssU+kyPszbF+E+r6hl7huHYMpElT2oTAyGCCXGRyct75EvijwZB1uFxB4lJ2rPWO8zxvaoMt3J3/0OAMFrsRbjTpINE=,iv:vUyy7TN/6oWSNbf/s3qwsRADb+7TGXe2tG6CTmAjE80=,tag:TR+rRcKue1oRBYnqRK+w4w==,type:str]
|
||||
lastmodified: "2023-05-14T08:42:45Z"
|
||||
mac: ENC[AES256_GCM,data:+wHKgZC0fzQXMvs4AhwiwqYGg/JotVNZFsBrW/HtffEll1RxH4umjA9BTtRCv1Xjd4g9NODpLj6BVvlbioUGuQENAx1RpUsnET43dIs5a6THLVOKNpcsMiek83VofFWzWdOovsbB5z4F6px/9puUMqLogAeVC0JENVst0nkfAYA=,iv:3v41zlq8Oczuz5C4fvTkXOPRmE+ufDH/ZrlX5sKTkcA=,tag:YJNnmnyAQVyWm2fghekz1A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
|
|||
|
|
@ -4,6 +4,9 @@
|
|||
- dovecot_passwd: auth for mail accounts
|
||||
- passwd file looks like /etc/passwd
|
||||
- generate pw hash with: `nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "my passwd"`
|
||||
- nix_serve_privkey.bin:
|
||||
- generate with nix-store --generate-binary-cache-key nixcache.uninsane.org cache-priv-key.pem cache-pub-key.pem
|
||||
- pubkey: nixcache.uninsane.org:r3WILM6+QrkmsLgqVQcEdibFD7Q/4gyzD9dGT33GP70=
|
||||
- wg_ovpns_privkey.bin: wireguard private key for OVPN
|
||||
- to generate:
|
||||
- wg genkey > wg0.private
|
||||
|
|
|
|||
32
secrets/servo/nix_serve_privkey.bin
Normal file
32
secrets/servo/nix_serve_privkey.bin
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:53RONADy+lnxfbBJtDeSurlLMfTET3TSbfUNO3TG2hDdZ5nr4GhIH/bGvCG6IftVKHI2yRHt1xUtqOESgBo7X4NYKaThuhnx3HQizgNQRD2wGs4kQvY81XyOo7WC7vBDsOUEyMc0+92Kklj1mZ4E,iv:msp5kJHH0UBOgt1nWqtCDbb9afaDp9RWZztXPTi//G0=,tag:wtwu0INdxi2L19qKLFVrFA==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzdHAreFpaRndFQ3VRNXgx\nekp6enFiNER0c010ck1xS211Y3ZnL09QaUMwClFjVmtKaUwyRXcrbmhtZWR2YzJ6\nWGRvL01LMmsxME9pV3JSYmVEV01ER3cKLS0tIElXMStOaVBYdHowaElwWmlMYVhH\neGxiSnc2NFVGK0tncEplc2dOWEtXa1UKxB10UJ7aUmt5B03PhzU9cFEaq8wwWvtc\na1vsSk3F/uvJcBtwlC3VcZ+kycwasmlpVYS4kKMB3SLcKjeeIr2ivA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bjV4WTBLSmgvMUxYZE5T\nakZBNy9DeitwVUpWdm1EaDdvWDR6RGUwZVZFCjFxRVVscGhsY0JIT2dVNnpLSGFk\nWkN3VzN3TnUrZldRRW9UVWZNWjRTRUUKLS0tIHFxODZwblZyblhaeXRjcE5OY1Ev\nMlRaVEhqYWNIWHZscFVuZUdTS2FKWDAKwDql4aWLizoY1C+y7As059KoE1Ws2xC/\nIjhmOOK80be4A4OwGZJnvk9vy5ZJudAi5ATGDe9Y4RKC+64V/Y5hiQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdTlQbjBtY3B0WDk3NFUy\nTVN3MW5IVm44TnJNNHVuMDVXSWZra0htcEJNCmYwSTcvV2RqeGhrTUNGT2lndVZG\nVnJkVHJMSCsremRsbVlMRTd4c0dNNGsKLS0tIHM2S1BrNWp3MXpxMGd6cjl6dWdK\nZ1N6UlhSTHhWakNXcncvVzFUVmxRUVEKp1RR0anb0UOmauv3G5esDsJmU9noD/RE\n13OCQXXNvof1Y5AZrN8SeHRExeRxI+MJHA6g52jTJfYWr/wDdV7Ceg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkZG1iVmlmMWFoclBDZHR0\nbHRGcGl3ZE51VkVHM3MrMkwyVHdSS01Id0hZClAybzdHTkprMlpDanJjY2Q2TzlV\na2lSOTRqNElZOGhiSE1PWnhFUXBZME0KLS0tIHdlTzNvNUxMUmpjVUJzZTUyeUpv\nUkdhTThGa3hVbHkxN29EdTlJeUF4V0EK//T0j/HFAwqZNwl3z1PQDYn3vho1Q4G7\nj315AHaJkh++3JTRXEftU9HaH0RM9zbpRNXkG1fVmKAhfehPZnKpOg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2023-05-14T08:42:10Z",
|
||||
"mac": "ENC[AES256_GCM,data:Rj32Bm0UOVlR/GGPJyR/jMvonCN2Ug2ealE1Xnyybk+84AYFKe3xJP/kLKIP3Qwqo+vURgHH7qHE2kSp0R/oYNgJr+W0sOVMw2O84Ju2oRje8u/1heLdZP+ATw0JT0L5DXB2iNXIrnKNGXEtcXqDJ420JNUQVUaHhzge8+4uKoY=,iv:aEttlOmz98v4oNPaofEVHBAchK7Vlm/cB8IjCl27N3M=,tag:tbODrTuaSLVgyH50jdcmpQ==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.3"
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user