Skynet/nixos
6
1
Fork 0
Code Issues 43 Pull requests 1 Projects Releases Packages Wiki Activity Actions

secrets ldap: set up teh secrets for teh ldap

Browse source
This commit is contained in:
silver 2023-05-20 21:28:15 +01:00
parent 144f3bce54
commit b61a645824
9 changed files with 59 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
secrets/dns_certs.secret.age
View file

Binary file not shown.

30
secrets/dns_dnskeys.conf.age
View file

@ -1,16 +1,16 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA DfzcqndqsUzYetw/gJnMuobUz5YZVyzR+DsAS4CUtys -> ssh-ed25519 V1pwNA +XdmsmDKDUcu4JbZa+GIB7bXNeijvcjPCX3cl8qtIko
hbOXs5Zbw1QeK1QTAryWL6EoTi0tmD2iYd5ACC+nr1g ojl/wN8Z94wcnpjFqzWucxjb4Cj1aw/T72Sn6HImQRc
-> ssh-ed25519 rIwlvw YOBEFhjODvCw5xqtHqaAWTelyYpfpSr0krCllsJKT1M -> ssh-ed25519 rIwlvw EhWuRFm8qmsI//N40Ak3qEBibsG6FtalDu7a2ByBRDs
Mi9iUBxJ+OZ3p6YonykQ99RbleHllIwT0nlpoFm3yDw +alf69rCF58siskxLsyH1j/TY5Abuzety737QxVea7Q
-> ssh-ed25519 q8eJgg E1wagIqjBP/Galo1em3UOYk3ziAVKCmEaucpF9ZQ51Y -> ssh-ed25519 q8eJgg vpheYQurSMI6K0cFUzlRgTCgSh6XVXnfihC5TCpOTAk
/RhPMgC10KHBpafEBsFanjIlwSZD+qYJWVDXJXh/Lm4 EdABzrQzke1aMRo8p8EwufS6hc1rEyyyQ/Z4qP4Vq/E
-> ssh-ed25519 pBdJmw TCeREFpI+UVJ8YaewGknyZrxCmmsUKZxaZFIYemFv1A -> ssh-ed25519 pBdJmw tiQopXd0eWJmGG8w58DGjRgrAp8rKVzg1rWsS+MLkFA
C5qOJGusg88QTKeOCsKBudO2z7X7sfb665K/YpRS8MI CaZ+uAQy3s5P714hIlNlnJ4xLgD0qJtMf9575tyjDL0
-> ssh-ed25519 v2Y09A 3SP4nhLYwjyKwLp/KREWDZwhhmXRSnTr9i4v0XLkn0o -> ssh-ed25519 v2Y09A 7AJTfw+VR9xfpDBNV1uSoBNVThyIjlF9UBHFcJksnm8
xZ6aQO+/IrF9UVA3trxCDUep74l+bLjFND4tO3v8cP0 p0Q0xlexTBsnib54A2bWgn+0j9IZ9spHcrAXz6jsHRo
-> t4=-grease E> v& -> h-grease \ F&PIoI^Q
sSFNyGaZbRSZ7AG3Y2cV13tzaOmvI2mdeBgzgjStetXpGKZdw3gVIVILIzr4YW0U JKo0JA
jrxRB4NFYUrqM79G6YVE+VZG --- lNEh0Ik3wmehWp/RGexGRY83HcDQ2/p7b0IS/oqozOs
--- I9HCyyMZFaBl1KBelEpaNI3ANfF6GiY7CtkZDMqILJU <0C>×¼þæPÙZGÿÈ :><>÷”„‹‘Ó`U„/•o'òßøHÂÿ8;<ïÜÅåMfs ²ôO eYçÛ‘ª éd<>Ÿ<EFBFBD>D: Õ£‚Ǧ)¨áÕA«/
לÝPÂ\Ɉ9)l…!Úº7;Æ^u~Rý§ÿÇ7cœ¾ÙSPȲ³$¯,&)š[O©<Öd£=<Èac¹[¡!¶’e@ø0We M¶¹ëd²2…ªbíH¦óy>”›^Ñ'´ =&´jŽ¡‚Ń..  ch@Í•_¶f8T×;<”A^ ÷g‰CD/ƒÛNäVºJ<C2BA>YÝ9èÙL$QlFLžôàO~£?=Ô3ˆ½lÞ><3E>9kw

BIN
secrets/gitlab/db.age
View file

Binary file not shown.

23
secrets/gitlab/db_pw.age
View file

@ -1,14 +1,11 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 V1pwNA oDDXva3pRMe3CSRikmVGGdpubZjpP956O4JV4TqPJzc -> ssh-ed25519 V1pwNA SLyqJZr5f8MMO/bt6/EJBqo5ttdRfDwKah3WyebdN1o
Q/eRz6DvACToZeKn6Bs+lYgyQgqS+0hQjrLJLZ2XtWI YfDtmgQXMXqr5xLyZq6hW24ximzoOmAWzRXfyLd6uc4
-> ssh-ed25519 rIwlvw xXFVnFqt+dHIMhgfGDBWth5/a0Qab5+M8frRhRaOJVA -> ssh-ed25519 rIwlvw BQGsjpzKjQP1Dw+7aQ+o7sStn37GkOY1g/vtnjMtMAk
+173cEuzFlJwvpZvzeKgieuxfdvUZ6EWwyekk1B2V1o bVZVqd/KuyBvNB038q5iplLBbdDsKACPmcypDKkCjm4
-> ssh-ed25519 q8eJgg pZ/mB69ljGXCZjHMzKAOYZhX7L3xfsYoStZIkFIPQlc -> ssh-ed25519 q8eJgg FmX4ccfGCb6pO+D2I2JNWTwY6YhnWElxHWpMvzDSCkU
zwq0IkahfA9ZwlzaiLPWsxvINE4v9PMERewxVePN3Wg nGdjyJNPRkSA0G0VTOhgxPpW7raqvPyJzsZH5Gh77cI
-> {&QI5p-grease ry3`{sn& u! ;= -> gm61-grease .qRHg X{R[|1r O#:So9>$ HvCVm
EomX1EI
--- w3F7Hf1hhITmzVfUpt7+qHBQ6chuYJceiyTetjZOiWk --- tsDlkO7xbQAqgLcmz6v2hUUsMN8EVZ7VWtHNmSTXgfg
űÍN™L4°WUÁÇHÓ<EFBFBD>ň¨Â^öÉd+Çş ¬•†»Ő#×ŘT! úhĆP­y/.Îť¸uŘ<>";$Ý„ ŕđ»ř[ë/p”“,<06>¸}×Xc:úÂa ”Rôö8[7CCoGn<47>˝Ş÷÷<±:<3A>*ŁJú{ö«łŘô?łŠ"—ˇhEŢëô®É.‡ ą¤ˇ-Oei$ Ü$HTfş·8ŠŹiPÜň(ű [E B‰řt=÷őIĘ2§ťđó÷
b˛ňĹ
źsesÍ•§žĹ|ÉÎő,Sá6Lj\K*%ä 󮺜^µ9TÇń
q=p´•K#¤»I(QÎÁ¦´Ú.Z&<26>€U»zď†ĹOĎk”˘/µ6<żE-Ł‰čd¬ĄöšŃćň)Qqßş\QůťŘ7=¤óý0z˛§-۲Ž^

BIN
secrets/gitlab/pw.age
View file

Binary file not shown.

18
secrets/ldap/pw.age Normal file
View file

@ -0,0 +1,18 @@
age-encryption.org/v1
-> ssh-ed25519 V1pwNA AX0kN3epMM74LV5rSkk9YSmkjEBVcpOHgMsiD4lybB8
3wPFbon7wHTBI67xENlyXrvNobeFH391lIu6Mtz57QE
-> ssh-ed25519 rIwlvw +SiD/4Z54cHwpfrwZY2TDTZdbnriUYG0tsnVeL1OnBs
ycXT27Ghr9XVq8lVPfbFwrahF6cPjRL0zYQLNMsBjmk
-> ssh-ed25519 q8eJgg lu1vgV7TlY0F9d7YeWrBDCX18tBWWSxvpa4k91NNXSE
BEPBLvzttBLxsj7RoKUCrs2ET6zJiN0XXdaLdJ/0EHQ
-> ssh-ed25519 DVzSig LmuwjlScGcud/rcBTzHIF2NzqpudSq4FknGz+EKM830
BxWb3k53smGaCC7ZgIC9nj2qTpHXRPfqVHkHr5jb9fw
-> ssh-ed25519 IzAMqA HtoBkw5Kw+3Q0No18g6fKeYkyYp2CNvCiKLOYchZuy4
JROp4CYz4Iu0QZ4lnzJdYwwqlGeTuKRSQGzIhEEo+bo
-> F-grease 2~ G1v
amft7S+//HEUloHGXN6JZkMwTH+93wF/MqmJkqz+03nK1DCxuV5LwePQfMS1pSJi
srcTmQG8A7WcpOvUj21ljato1kPgjfAVVeD2RC+k4gurgmY21Pf+mTs10qT0AmY2
oO9l
--- eUA2j4lvZQfuMA9ugmeGBosgJDDlJVbVE09OUSxV9HA
^)' ¿öQNÃøÇ5!rôõ÷i]™ðŒinÔ(8ŸŸUü<55>~!<21>8(|¬&_q Üm
! žI>†3òÅÄ5 „ª¥Ì÷Qcç'Ü#ØAÆæÒÐÞW ð þhÚ^l|SÈæv€9ýQ—ßg;ý„£nÞ4ô•z´UÔàŠù<C5A0>âÖ‰Þûÿ…½]ð°=Ñ°È_<Rr¯ª•ÊºC<>åîØ•P

BIN
secrets/ldap/self_service.age Normal file
View file

Binary file not shown.

19
secrets/secrets.nix
View file

@ -39,13 +39,22 @@ let
vigil vigil
]; ];
# these need dns stuff ldap = [
webservers = [ # only here as a tmp basis
galatea
optimus optimus
kitt kitt
]; ];
# these need dns stuff
webservers = [
# ULFM
galatea
# Games
optimus
]
# ldap servers are web facing
++ ldap;
in in
{ {
# nix run github:ryantm/agenix -- -e secret1.age # nix run github:ryantm/agenix -- -e secret1.age
@ -60,4 +69,8 @@ in
"gitlab/db.age".publicKeys = users ++ [glados]; "gitlab/db.age".publicKeys = users ++ [glados];
"gitlab/db_pw.age".publicKeys = users ++ [glados]; "gitlab/db_pw.age".publicKeys = users ++ [glados];
# for ldap
"ldap/pw.age".publicKeys = users ++ ldap;
"ldap/self_service.age".publicKeys = users ++ ldap;
} }

BIN
secrets/stream_ulfm.age
View file

Binary file not shown.