From 8a9f96eefca35343b53845fd41d8bbbae42ea305 Mon Sep 17 00:00:00 2001 From: Colin Date: Sun, 26 May 2024 14:31:08 +0000 Subject: [PATCH] moby: import own OVPN privkey --- hosts/by-name/moby/default.nix | 2 ++ secrets/moby/ovpn_privkey.bin | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 secrets/moby/ovpn_privkey.bin diff --git a/hosts/by-name/moby/default.nix b/hosts/by-name/moby/default.nix index a896b9d8..d372cd4e 100644 --- a/hosts/by-name/moby/default.nix +++ b/hosts/by-name/moby/default.nix @@ -24,6 +24,8 @@ sane.programs.zsh.config.showDeadlines = false; # unlikely to act on them when in shell sane.services.wg-home.enable = true; sane.services.wg-home.ip = config.sane.hosts.by-name."moby".wg-home.ip; + sane.ovpn.addrV4 = "172.24.87.255"; + # sane.ovpn.addrV6 = "fd00:0000:1337:cafe:1111:1111:18cd:a72b"; # XXX colin: phosh doesn't work well with passwordless login, # so set this more reliable default password should anything go wrong diff --git a/secrets/moby/ovpn_privkey.bin b/secrets/moby/ovpn_privkey.bin new file mode 100644 index 00000000..9f044155 --- /dev/null +++ b/secrets/moby/ovpn_privkey.bin @@ -0,0 +1,32 @@ +{ + "data": "ENC[AES256_GCM,data:Uxsdc5EcVdG5byjTBlHZTJkAtJ4eXuX5wfsdzGEi6aZgrbQKHvc0Z1RxMqN0,iv:BEXez08u/bqURPcZk1TOgm0Bbkkeu0wPjU7k2S7u32g=,tag:ujlZ84+3rk3oKzyjuN2ABQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArZ0J5TjRpUUNmekpnVUw3\nR3hJMzdBN0lZc0dNaVlMb1VnWkwzU1hZcUE4CkFWR0RQYVMwNlZsRHJOUEhoWmV1\na09XTmFhY3BSWFdSVHZMZk90ZXJUd00KLS0tIHd6VWxCdENIQU9sMlpaQkZRN1Fl\nNUNrWnFselBkeThPb0d5b1JlS0xxcTgKSDpXztvaQtfcIzR4YlHCNeH0FTdGZ2bf\nIJVmPO4TRWlH3iicJqhb9oXCM211QibAgZl0hrRIUNA7BeUFR9TNqw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFNEhPMmNYSW5uTmdVVVhk\neUhKOERvTWFzM1dLcXduc3R1UjVRdHhPY3pFCjl5MVkwdlB1V3B3WEhEKzNRbFI1\nS1dndXd2dGpLeXpGVGxQSk5GZmtVNjAKLS0tIGdTYzdRdXNPMDJHUU43MXJqcG4v\nODV0S3hMQzlTYlZreHhEZXR6V1NOVDQKnW4QZDDKMa2tu/K06sVUCfcpDdr35b0W\nzlytcoKULDty+nC4aShnBLoxJ/KuJY35Vt3fVoYg2RagQtPRJck2LQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzRTFpVVV3dldWZHN6VDJz\nN3UvMTB5R0U5RzQyKzBTMU9DTXBvRStoVUNNCnpvYkgrWWk0VXdZMnNHcGUyZFd6\nTjRseGNQclNyYXR6emNhY3U1TXNpLzAKLS0tIFBOKzQwZENnVDFxeExabklwbXo0\nYUxORlNqWGd3eHpRY2Z3UkErdGNKWGsKg8XmxV7TQ3EvO6o/PgN3skmd7vGKo87r\nNusc7kEKXFBir2RrhTjog3yP29Y926bz6H6pXFB5MHiba6jJQ4q0VA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlS0pOVXdwS294MGZON1RH\nbGNwdEtWYUcwdzlGNEZ2N2lKdjYwbWdaOEFFCkRmUitTRTRacDVUVFk5TWxZOXFi\neWVWMGRRVmxxMlpZK2tQWjRFL2tVOFUKLS0tIEFkOUhRYm4zQTA2eHVpWXFwSm9Q\nVkRmMHo0YmxJcmpCV0tpZmV5SkprbEkKlePj3UiQh7ubQLDY4t+Kf5mjVKOjfzMk\nTeHGHF60sbrH8DG/FZ46e5OBC1EXYfFCfoMAJK7Or77XPzCtdzIANw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-05-26T14:30:53Z", + "mac": "ENC[AES256_GCM,data:xQX72CDP4OVwcp3RXhh6jsnPSX3YhpTLSZPa/hO/S9E2b7SITpiK53LOA05pFQQks4rQ9HykI6UPcfMY7fBZjhfaq8RWjhi3u/pc2FvFv23di5YaT8fOEWufDUCiJEkcNGfhXBMTpZOSHYzF8BNCZlk+L99CT7f9+A0KBLTDGd4=,iv:s3sexug6kDWOTapCa0vSEW6StxMVn7Qd3P173NIDlMw=,tag:VW3YBDz/HGUEWM8klbj3Rw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file