Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: all servers now require the dns secret for acme now

Browse source
This commit is contained in:
silver 2024-05-30 19:42:26 +01:00
parent 379cb84839
commit 689344e518
Signed by: silver
GPG key ID: 54E2C71918E93B74
2 changed files with 42 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

71
secrets/dns_certs.secret.age
View file

@ -1,31 +1,42 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA tzgPuOSktRbzGWk2BDFHmbr1Sm05qdYjyRz2/HTx6B4 -> ssh-ed25519 V1pwNA JVysrUp8W6swlXv0ERKcVHqSaQr+oA3LC2fogPlwATQ
U81/Gr5l69wte3fAtN3nYfx5OAMu5x7WTS4gygHUucc 3hr+AvewDRSjsPJM3BbFQKAPLCGSl6IHuaOZtHMyF50
-> ssh-ed25519 4PzZog EPHeQJYsFoEHlgScAHEsu5qvylaTzvcPw3Y2CXOSuWQ -> ssh-ed25519 4PzZog zR6rKPs9vcvC/nk1qyHip1i9+6kbEgBcLQqDJI7e/hU
U2PGDUHKIAR/0qovVc7ovAT9dyn/fOTncfNWrKk8ljY d748TFIo0EKwKreJEdEVaFO9+FxzantexynqvjHucZA
-> ssh-ed25519 5Nd93w 4CHAkRax2v275ksja2Pxw+5DoZXWNKd3lHZq8+Y1W0U -> ssh-ed25519 5Nd93w S9jU/4qN3E9s0bXi5zoH0nxuzcGYPXLwqezNJw3TIhc
Br95FoQN2AZf2io3wFTX7SCHxGoGv2O/8/kbnu2bqvg oXaibBkKdjiqDuko/GsWKkF5C92FNQIxs+fNQQEP0+g
-> ssh-ed25519 q8eJgg zds5ccfqHdh67yLnN+33eXwHF5FFKVFAxW8Ecgk7ZHg -> ssh-ed25519 q8eJgg oCCuyZPi85tb+UxXMtfJx479RLEPtAagH9HkQ3Undww
vDZ13K30m+rx+wyteX8SuA5uEI9dZMV/vRJSt9ydKMo YENj+QuWzxgJBCEXcekBGc20TQI2/Q+UKUH0V88h1JQ
-> ssh-ed25519 XSrA6w 27EVcnWYtJnsl1EJtmbucY3pyXHRZKezi8KN30bK0Vc -> ssh-ed25519 /Gb5gQ wv0DOmgF0JOnAIqgjFS/mxMpwovX+m8RYpWxljnN9hQ
y41vgV5yH3aZJUx0Wl/zP29466yOl2IGgl+6ti3pAVQ R8h2ZzUBwX2QtSTpS6+Owp6Ih6JYK1MIBJ53xwMbCBc
-> ssh-ed25519 DVzSig XRuB0GkA1CFvcq7mc2Nod79+jYnN26dEOfCDcRoS+nc -> ssh-ed25519 NtlN/A Aqz2cgvhFaYfOMw/rdQ6BvETChlgGQZN2QvKC936+lo
Oy//M5W8tspc/YmQjYK8joYYpm3SoKfrKKmrLmSy7z0 WkXzMfw/IJjLXgoddYZ74+i/+yM6+WXykFSH+DkZREg
-> ssh-ed25519 SqDBmA cSiRVHtiZbLp/OFS+5tOgmf5msgfaTUW+6U9vC8Nj1s -> ssh-ed25519 v2Y09A ZOHo6cr4vyTkgPsJsAZ+LImajSkXVQ3mzAPKlSS6ZmI
8pymGU7WaIx3o0WkwqFXgM9lFjvablusQF/9O9xRrcQ 0sAYUb0rJUPNk0egtyksB58uPDN4F+xk7CnPI1DH/EI
-> ssh-ed25519 UE6fcQ rl54j3p+k4eMCC63Hl2hKyWkKwWAS61iBdhGolnh7g0 -> ssh-ed25519 XSrA6w 1tciV+KCPcAvwIr1DuG4Eoe2oPNTquT7msB30HnYljs
fqO/fSuwRyTAW49t0w/ffTMaIAvBnJrX94grAO2f0uI LBYy5RQLHMIcOTUcUZ6+MpLYdnfXbSyx4kcNMxMrkKk
-> ssh-ed25519 8vZ9CQ old/mJ0AN9vJmvbr1/0ELh02R8tGPys+rwSj6Tq2Sh8 -> ssh-ed25519 DVzSig aarBueaR0rgOhPGIwDeboqBfQvT/dkRvf0swKm4NlWw
W+BcsKswtQv+e7kAjHn6vrdApawGuNwIAK2hNV3SJWo pxEhg8dfxz7obMdyipbpUg7IQeixNJhFfhq72jyx+bA
-> ssh-ed25519 IzAMqA lotJU4JW3eHjdb+ZQ3s2XN7JmZz3FFBh7CJ1t+/+Ghc -> ssh-ed25519 uZzB3g g6K54jq2HOqx7wzbycJJ3ZTs98OOEb/rYFzNb4D7PC8
wIJsNn4SUXjtobDz1xzLSe0oEqo3nRlWjJiLqDiHv6A yiVfm+9tFTP2Rje9HLCOWDoYpA8hMnQmovAFRLI8bb4
-> ssh-ed25519 uZzB3g eH+/Tew6AU7j95BBMcUtwnaoReZeFp6CaF1S+JdWUCQ -> ssh-ed25519 yvS9bw 8MuNIrtc61CGDQm/6wGBVfRZnjo7/UfbDyRq1Sj04CU
VjNNv+gd1JkUVFtJx4H7qDKpOPSkgRVcsJhYFhPxbWI 7Mnbaqeak9ykwLgh3OI3VeQ1EIZo2+80skVZZtEiSGo
-> ssh-ed25519 Hb0ipQ k732pON+GqpltKfPmArf/d6wX0L5OLVh6l56M0Vf6UU -> ssh-ed25519 IzAMqA AziNzb8XO/A9IaiE5fgxTU9xNvMO5g/z6RG/loOFCGE
UdEG5xrFoFnjXAb47uPO0lC957yvocPgK7iRrxwBvg0 xxbml25nPGs1kDN/yAYOuh26Nzhx/7hOv25/8/bC8cM
-> ssh-ed25519 uZzB3g 0Q1BNGOJoH41b6z8YG/QOi8wshGJsPHN7XXMAyIVTwE -> ssh-ed25519 Hb0ipQ NDzUtPajSgMdo++L1FD5/Zx6549/8+uz3RmOYFfvV0s
ecj8oOZyRSYCXPXEQXmM/KDZktEpsgyohQtK45Du1ow cIFWJHhmvNtZjyVVBEjKYgZQcmRh6CE5fCCRpb4wPxo
-> ssh-ed25519 YFaxCg hHWU1ehve1zeDoilyZh1QjtSiGgii0i3ks7+DCXuPmI -> ssh-ed25519 3pl/Kw At1BJ2WKbgJveuLxvhOUWPPJGPd9wc2AuWgQlBtnDRw
krPnm4YCmcg98u735WdiwCeMLG/5Ie8rk0/AE7ZP+qk BGuaoiMt3UYwfBGPvG6JJHnQ2Ndf+J5QhsvPaL4F8ks
--- 6aIkITPoSXpoPQB7IqEDvbC5SqQt+91+8SiNZbfrfwQ -> ssh-ed25519 SqDBmA WWU3AT+9L8SPXPz1sOJaBwXxT1NU5ZlcSjaPQaWydlY
0fÊd”ŽÁr«·CT ا<>w°êwŒ…«éÇý<C387>TSšÿ=‰M©(F ·“§Pº×Qжÿx*îæ<>ü TÒáÍaƒÉöd<C3B6>·]Dt>W0¦T²?¾ài}¬WŠ.“Ï…ñŠàìn0°ºjéS¶Ê«2\~ýÄ sòçnДläÀ³e¯$­ˆì¨Ïï¸8…®{iY.¦uI•|€vâkÇáFv¿äOÛÏOc—sùÏA ]:ûÜÓ3p0Øý†¸\þÌç91( aceO83wb8oNXCuWY86tOc2UqwYMHJP9y/gQc/SVXrx8
-> ssh-ed25519 UE6fcQ b7r0Im5jYaaUMY54Tmkr+v/8n/CmfUp6+UrKPzf8wRg
1nSQ93LLZ4OVaL2D1VE5w/Wk1HaGuyGSe3jIz8cEdl8
-> ssh-ed25519 YFaxCg cveiV9/m6G8UZWGloGOus3ftaYLTHH0N2ibTh03CqmU
NIPQrVigfgSIg01f9lzYHHemUi8fZiRllbjCBd8gG90
-> ssh-ed25519 elCEeg inFC6DXefO27b54O70iRAhM8qzYVFYqJT2xIDDfsqWc
J4Mr0K3TIlvmY5luZPL9bYKHX1l/1rkRCKxg0gGZxZ4
-> ssh-ed25519 8vZ9CQ xHkHzdIbHKp+qvkPG5wUgKA61wkCOTziuYbZaDo3FAI
MQh8gvvKAZahtvqqBizqVVu/rnxznzhZishIrFavIhs
--- PJAog4mRqJvcK2KqjhWxMauvAstZ02CVEIWo1+cgVMI
ÔåÄ(>ŸÙ"Äl¢•F<E280A2>÷Å$\lG¿[H#íŸBç·ó²ÂépíøãBp=‡q2Ú"ñÒ‡ÖùNñV LÓEuå¦#¿Ñóø
ÒèÒžÞeY#„†ˆ¢ôr'±©ÕÒÓßXp¹X`ïB ù6Õ1 u[=µQÏKSq{(ÛuÃñ!§92˜4ˆ¾\ÚáYÇ\Tls¥†MæüÈ¥þŸI„ŒMœU"…>(˜={íÿ …žL§úÁj³2<póÁ—d°d]<5D>ÉwžÙ…âSÍ¢!

2
secrets/secrets.nix
View file

@ -112,7 +112,7 @@ let
in { in {
# nix run github:ryantm/agenix -- -e secret1.age # nix run github:ryantm/agenix -- -e secret1.age
"dns_certs.secret.age".publicKeys = users ++ webservers; "dns_certs.secret.age".publicKeys = users ++ systems;
"dns_dnskeys.conf.age".publicKeys = users ++ dns; "dns_dnskeys.conf.age".publicKeys = users ++ dns;
"stream_ulfm.age".publicKeys = users ++ [galatea]; "stream_ulfm.age".publicKeys = users ++ [galatea];