feat(ssh): Add Nextcloud secrets
This commit is contained in:
parent
0fa8782abb
commit
d1379cdf99
5 changed files with 57 additions and 43 deletions
25
nixos/secrets/HomeLab.yaml
Normal file
25
nixos/secrets/HomeLab.yaml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
HomeLab:
|
||||||
|
Hugo:
|
||||||
|
ssh: ENC[AES256_GCM,data:Tfuba25e4hJ8Ovl1IdVtDvg0L0sCc9sYTXstRg89IAUzwv/1u8mxdj9ka6ZKaSQr2QUaNWs0BoPV36O4bI2hTwoqhUarhXXZNnJKHtd8xBu/+kfMSOMGa5qD9V9m3L5OFdt+gdwhJxemeQNkvN0Vhsu4DJFPZRPmGflJ2HVRYaRW4AsI+JPqiWSEeKz40f3PQPJ2h26gF+pADmPwtEfcUGZdGnJXUsiYMC0aBEWWxyAgBgj5W+Nbe+OCopEX1qyRcR8qO+LONjuC0b5hcGeOXjWj/d1FnBfxDHeoxRGhNCo8TUk0ap1mpSAttdr55/C51duQfeV09Iow4nzUR2H0jmzojUAjKXXCkBsK6yjIKxW+4+4OKCC9ERz5mDmu5Z+4aFM7CpSquCAnDVFw1Uq9MJqAnSz6AGh29J4LUwMnVNtf+gQwzGyl/C9wE/Svm0UAwP19h6hLcM1rp6bV4xjfSXNDspUkz4Xr3RdPpTI1PemtMZIq8fP64q0FlFZeV62ctl9hCtDVRDo3fG3FUM08fa0OfJpVYjSEAOfC,iv:T8z+P5++cES9Co9d/2tcU0PbxZZM/5x63tcxIjBeQ0I=,tag:AjsulFme64/xEPjgZQFtow==,type:str]
|
||||||
|
Nextcloud:
|
||||||
|
ssh: ENC[AES256_GCM,data:aVqa57u9hIOquP367EDj2rlyQWRe3EZv8l5cC+yQQKCri2bN5IFSq8qNemOIcU9ycBnxIyK6gLerJYQQcgzIIARmnfDpbJ9w+EeUL5yvPVJN6FM7oBeaL9mzYRl8aDKr22LhL9YiKAT1nKHESmTb3TZRvuvWJTGzCMRV85ROGxZYVUgG6BjuHEzuTsc4fy3NVPIl7/4ZjPgNNYx+UNsV5xwTejveB/sGblVrHOO74LZXzUWRlQNun5nM3MY3GALzfrPrVIAyGNu37CGachtwxaPOj7vUKZmD/e+XajYVKRJ3v33jrUeI0dDmhuwJj3taoFik6suAyiK3RlDdeWoERR8vqduiyxJnVMs6mNkigzkVtifpwZyQ8vNyG7w1JNPygMYgQzjN43lGVml8cx1lZvcoBzQabjWxcNzhV8gXxoGKvAwUV7ELB6l00rUH+EeI0uU8/IFm9kwmZq42ciM/bRGSGXzo2PYG2OHOiDe5b0nrIlajaRKd+vuuzTtFFU9EwH0GPzERRaoxVK+h9tzcco/REITCE+CVlHSx,iv:bb1X95HK5tT7EJpqqgMOUxw5VO5MuzoYxkPIzR5sEqU=,tag:y2LKHm7czwyuHp7Ea8KiYw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWWFUdnpERVlkK29TQ09k
|
||||||
|
SnJMVm5rUEV6S0huSzJ2YjFFQ3pNR0pmZWprClZEVDloeDE2ODNkMVVJTUtqaENz
|
||||||
|
ZzhwTTA4V2xOeW55WGtPZU5FWElQNDAKLS0tIFh5ZWtmZHRBWTAvM3ZwY3pKQ0R6
|
||||||
|
aDNUbFlhWWVoOWpjVlV1VTVJejlSMjQK6wCeCRdHY5oyTX6/R1U5AOGJyp0exi1A
|
||||||
|
dWPUMfkKBBBkrR+G6ougd8o3FwFf+yfb5RhaTxxqjit6p2RyMjR64w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-10-19T12:24:34Z"
|
||||||
|
mac: ENC[AES256_GCM,data:Bh/vHdsFCzk+YaRcZe/Eiq4xfLSDX1tSV4Jg8lFgzPqXCBwCgohDREZ8LSZPuQtStIugzyRNyPcnWrZcDwDiaS9klM5sIxjeGIF7ZDS81sQnQVNRyX/m9vl6AgVtP9KHgOpJwGObzuvNBE7XnOZ3q03/ah1LXRowJUn63wB4Qxk=,iv:GVLQUjm0bMHusD0F8gJ5DlZvqdDHPsT0VwxLhHh9ozE=,tag:cffv8wKTQ9UYrCPx+3zTMw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -1,24 +0,0 @@
|
||||||
Hugo:
|
|
||||||
ssh: ENC[AES256_GCM,data:Qi4YEvG64lJqhISMNtuC0mM02TU5KPpzdgs8x2UJwxAxus4+Aa3nIttkbcbKxtobL7ohKcMFGq7bBdj+s4zbctctknHdjiwj1caDoD7+Fm5H0RWLe7yjt5e4IxRywN8cNF59FfINl2tMutuENOzSucjHIXTKSV/ARZzwhcyZkQy//YvlReUSrUNaNkVM1VtjVILOToAXGzQx5w74eX+9JYV9FtZRTbr/spule+UDDtPZaaiFZmFfE5YjULFPaZJo2iUiirKalPodxfIar9eXzoN+bOQbz2Xys1QHNEt2cwWjERruCsojiyA+XeYFreWEWGggSEXizxv7cS5ab1e9XqtWR+u3Gdy/t1/cjoMBVXuLxQ+BwTlAO8NDgRbW0aq8q5yOsPCjShI/N4EVN5qtMUT1+mYZLCiZPPXbLBIiyqIWea/Ru8iIo7+WoF2iDBgshwnw8+uGDFfwlNh3SAwMSQOcGg06+U17PeU56Q/wqID2lEMDgGfHdqObvMlae1q+Qa9cwrp4xDw5S42NlgVaNcovUav5US5kO43r,iv:xvuRv4sqLRGv9npIVjnGV7zDPzIyS58ZKN2T23BmMZs=,tag:iGnBzgRhREEfKjE/ea5Drw==,type:str]
|
|
||||||
Gitea:
|
|
||||||
ssh: ENC[AES256_GCM,data:digqDmnEPg/Zn9Xt7+Z/R9lTBs6CeOgHgIhstWxHnvucwshUO7Zu+l80YPyzAck0pO5YIKML8hjAqj30lYqSPRzG1uRpT7likCy15MqyyQ64U+5PGQRNhybo1eYoqVFYd2sYc5xzkve1b8zCDfxj2mbmRYETYSidHZLaDilq6iKtWWSX+mnTXqJ2gIj+J7pfFBOHskWglnrVdj93AOdpG6cmnvzE7ey8SrMt9t0GzmRFAvjP3slio8NTsI97fu3isF0phGoh8q9tGGRnRMDq3E33zzntT3jawtWiib9ZCxuJ8Zhwc1fIF07YfBJ+sZJ7Kau1205NFJtISGbVhVmpD9kQdoFwYQxYJuvPcDYyIYH/K86bYnBmJWRCwbTh7Es7DCCC90VY/yMjRNoYvjupjhuHKGXE8O/Y8weERZ+GuZ8BSxFwU81YK9mcQyw+Z+MdAFsZEhR7cpxRkty2INKxOdX8wJGVw3A1cInwuiBjLiED0ndh39RqJbE8DUQAJgngSbYK52rCadjhs2xf+tPiDatsDMAHU2DpyDcz,iv:Dh9hhr1mp+gXA1eUvsJVb5opbaEtdRMKAd4HQSQlOpc=,tag:k4M96tstNATvyFe6xF2IzQ==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWWFUdnpERVlkK29TQ09k
|
|
||||||
SnJMVm5rUEV6S0huSzJ2YjFFQ3pNR0pmZWprClZEVDloeDE2ODNkMVVJTUtqaENz
|
|
||||||
ZzhwTTA4V2xOeW55WGtPZU5FWElQNDAKLS0tIFh5ZWtmZHRBWTAvM3ZwY3pKQ0R6
|
|
||||||
aDNUbFlhWWVoOWpjVlV1VTVJejlSMjQK6wCeCRdHY5oyTX6/R1U5AOGJyp0exi1A
|
|
||||||
dWPUMfkKBBBkrR+G6ougd8o3FwFf+yfb5RhaTxxqjit6p2RyMjR64w==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2023-10-05T19:05:15Z"
|
|
||||||
mac: ENC[AES256_GCM,data:8xMV6RkmXpt2uY07E+59ZXwTwTL6oqo9j5sFOxejwnFU06MGW9t1h/5HFg+GKpp3Jj1LT6a7uuyip6bDGCMEhI054sTv2uDlOIFd4nbHwOh+keEH/FLa8csTq4yyisROsaXUUCtWxraGXz0MQXT8xlQMT7Pn0x43JssmPhOwrRo=,iv:JKNsroIAxvV5V23at/DsDdud5idVn5IEQHrgeFHR3fQ=,tag:XY0hikk4yvqfynPI8q+GBg==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.7.3
|
|
|
@ -1,5 +1,7 @@
|
||||||
GitHub:
|
GitHub:
|
||||||
ssh: ENC[AES256_GCM,data:jzRpTgefhZg7Vhm8QvWNsPBko1yw56sM/XehY72lAc7aRz+dx6BGgyYbZiifd7GrGJGUbH6gWfUg8YjgVla6VRsiHCEvSK3bY0ADDwTeSUs+wuybYXQZqhivSCInVtVSNAcp99uI1QwKor289zmxcFtSZEXgU1OCSel/8br+qipAbOkzAKX1v15eigjY4OSQxXL59EuuuHEQ+vjVVv95tDv03jaNAoU9UKr0Atrny/Fn2sQn4Tmec5Q1XdvDErKhSxrAFiACkxXUwPZMHez+BUZrmkksqpzNJjYNIlmsITuOVr7Fyen9wotAwsDf96Fmz5JYLtRX9CAboUgQLdUOKprwX/xgBnFtDTSH1Qr785T1QSAZL6xdE6hNibxZO3vGeeaPC3oGB5g9x5CwTQelMdOUPKdKorCDj226o56cTc/IQxUpsULbeOyi2pMGHiTHbiQBzHpxWyQ/gBktPkF25GOFeaCu3gW+xsspX91jSKudcYdBqWUNmJcdsfHfPxPM4cZtA/sVMyoA+YcehgU7GTu9DAlxDTug/JWo,iv:5shfzmrFFVEuaYmyTkBMAw9BIFFkKz0yl1dyJWxq6Y4=,tag:CX7TBJJXCKuIPSmg9/RpGg==,type:str]
|
ssh: ENC[AES256_GCM,data:jzRpTgefhZg7Vhm8QvWNsPBko1yw56sM/XehY72lAc7aRz+dx6BGgyYbZiifd7GrGJGUbH6gWfUg8YjgVla6VRsiHCEvSK3bY0ADDwTeSUs+wuybYXQZqhivSCInVtVSNAcp99uI1QwKor289zmxcFtSZEXgU1OCSel/8br+qipAbOkzAKX1v15eigjY4OSQxXL59EuuuHEQ+vjVVv95tDv03jaNAoU9UKr0Atrny/Fn2sQn4Tmec5Q1XdvDErKhSxrAFiACkxXUwPZMHez+BUZrmkksqpzNJjYNIlmsITuOVr7Fyen9wotAwsDf96Fmz5JYLtRX9CAboUgQLdUOKprwX/xgBnFtDTSH1Qr785T1QSAZL6xdE6hNibxZO3vGeeaPC3oGB5g9x5CwTQelMdOUPKdKorCDj226o56cTc/IQxUpsULbeOyi2pMGHiTHbiQBzHpxWyQ/gBktPkF25GOFeaCu3gW+xsspX91jSKudcYdBqWUNmJcdsfHfPxPM4cZtA/sVMyoA+YcehgU7GTu9DAlxDTug/JWo,iv:5shfzmrFFVEuaYmyTkBMAw9BIFFkKz0yl1dyJWxq6Y4=,tag:CX7TBJJXCKuIPSmg9/RpGg==,type:str]
|
||||||
|
Gitea:
|
||||||
|
ssh: ENC[AES256_GCM,data:8eyuycMkBVMHfzaGeGs+0RA4vCpaAUTjCwiplUamypEk9BDYqxe+69O6OjJAGaPnmH4kpsb/WVd5sU6HNUogBuzDQhCrv2B6NadcmnV+fH3MHfAWvDy7R68PUkwcywWVOo65SONckjKVa0Y+8IeeJh9zpr36qCbbs+zPC4XTk+Y5R4vK/ocmSJSmwqVK1SfGGwOjFoJvHVI6jdXh//vgKaITqmyZV7N3OU9EiQp1FmNKwFf/x70w2LGATrNBcexwNy20ZYd6ewiAfJxFHR6Svfc2P5X2nlv99W5t1eU5QEGUcalcslsW/VkmFC3agN3Yry2EMIlfTlm0hm4+ryDGWEvgyUC0dLA8Ao0TLaaqig9HzBRP1h6aORe0lDwzTUg6WltrIu0s7hFwD4YLi1qP5lY99hvrDIRbTEg6AY6X4b32YFlyOXy0YDetv90+QyEcwANWO9MXz2S9hxuQmjOXMCVYMaiMLVUkG+mShbQuxTiFQt/7D83yOBSRLugx/aU318NKvUDlCt7wpZbMI3gBia4nUYLoLcXRKcAZ,iv:uc1ZtGdcolLrpQgS5n5LEAwBt0vMmkj2OuTXcn8sQ7A=,tag:F2ofcj0zEBgxwukMUd7+uw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -15,8 +17,8 @@ sops:
|
||||||
aDNUbFlhWWVoOWpjVlV1VTVJejlSMjQK6wCeCRdHY5oyTX6/R1U5AOGJyp0exi1A
|
aDNUbFlhWWVoOWpjVlV1VTVJejlSMjQK6wCeCRdHY5oyTX6/R1U5AOGJyp0exi1A
|
||||||
dWPUMfkKBBBkrR+G6ougd8o3FwFf+yfb5RhaTxxqjit6p2RyMjR64w==
|
dWPUMfkKBBBkrR+G6ougd8o3FwFf+yfb5RhaTxxqjit6p2RyMjR64w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-09-11T10:23:48Z"
|
lastmodified: "2024-10-19T12:24:38Z"
|
||||||
mac: ENC[AES256_GCM,data:3XEbhFY1TlXo6bTctV2u4i6QPzXnJC6iU3F/MUARSQl1z4peOB5x8hZfdiV/hVMR8I+83TxDcEAmKDrcaMf89Tqa+OiD//wBekMUfS7AmBRhpv7X5qfarflfnygacFsAMhf/bdiqowYbGSNvlPjueqHJaFZ+3x/wPrt/jAYNlr8=,iv:ciQmY7bE+Je6kMlmxxtQvp+r3e/ZK942tT4TtXhDX2M=,tag:4+7uZlEm5bcRfZC7pp5Y7Q==,type:str]
|
mac: ENC[AES256_GCM,data:g15gV0H0rlzoeN5Z/Zkgh/8ya9GSrWDVP9oqdVz3m4obmquCLDIygsPaYpRXmfOtPSgvX2KzZ08sNLfcBZSh7eH2Ws7xcezWOntOcmAQNz5LvemqP7YuwtivMK/P4qrkME+LQPkSrSUR+rT99Zj+RQXisy91Cq9NbVBj6uQH7+I=,iv:W+oDp5Dun0g35BFprOmgfI0LoPME3HpPuuniCKA32Kc=,tag:CUU74HZuRNedyI3txn9D+g==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.8.1
|
|
@ -7,9 +7,14 @@ in {
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
sops.secrets = lib.mkIf config.sisyphus.programs.sops.enable (
|
sops.secrets = lib.mkIf config.sisyphus.programs.sops.enable (
|
||||||
let
|
let
|
||||||
Hugo = {
|
HomeLab = {
|
||||||
format = "yaml";
|
format = "yaml";
|
||||||
sopsFile = ../../secrets/Hugo.yaml;
|
sopsFile = ../../secrets/HomeLab.yaml;
|
||||||
|
owner = user;
|
||||||
|
};
|
||||||
|
personal = {
|
||||||
|
format = "yaml";
|
||||||
|
sopsFile = ../../secrets/personal.yaml;
|
||||||
owner = user;
|
owner = user;
|
||||||
};
|
};
|
||||||
UGent = {
|
UGent = {
|
||||||
|
@ -18,17 +23,17 @@ in {
|
||||||
owner = user;
|
owner = user;
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
"Hugo/ssh" = Hugo;
|
|
||||||
"UGent/HPC/ssh" = UGent;
|
"UGent/HPC/ssh" = UGent;
|
||||||
|
|
||||||
"GitHub/ssh" = {
|
# Git authentication
|
||||||
format = "yaml";
|
"Gitea/ssh" = personal;
|
||||||
sopsFile = ../../secrets/GitHub.yaml;
|
"GitHub/ssh" = personal;
|
||||||
owner = user;
|
|
||||||
};
|
|
||||||
"Hugo/Gitea/ssh" = Hugo;
|
|
||||||
"UGent/GitHub/ssh" = UGent;
|
"UGent/GitHub/ssh" = UGent;
|
||||||
"UGent/SubGit/ssh" = UGent;
|
"UGent/SubGit/ssh" = UGent;
|
||||||
|
|
||||||
|
# HomeLab
|
||||||
|
"HomeLab/Hugo/ssh" = HomeLab;
|
||||||
|
"HomeLab/Nextcloud/ssh" = HomeLab;
|
||||||
});
|
});
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,3 @@
|
||||||
Host Hugo
|
|
||||||
User admin
|
|
||||||
HostName 192.168.0.11
|
|
||||||
IdentitiesOnly yes
|
|
||||||
IdentityFile /run/secrets/Hugo/ssh
|
|
||||||
|
|
||||||
Host HPC
|
Host HPC
|
||||||
User vsc44995
|
User vsc44995
|
||||||
HostName login.hpc.ugent.be
|
HostName login.hpc.ugent.be
|
||||||
|
@ -15,7 +9,7 @@ Host git.depeuter.dev
|
||||||
User git
|
User git
|
||||||
HostName git.depeuter.dev
|
HostName git.depeuter.dev
|
||||||
IdentitiesOnly yes
|
IdentitiesOnly yes
|
||||||
IdentityFile /run/secrets/Hugo/Gitea/ssh
|
IdentityFile /run/secrets/Gitea/ssh
|
||||||
|
|
||||||
Host github.com
|
Host github.com
|
||||||
User git
|
User git
|
||||||
|
@ -36,3 +30,15 @@ Host subgit.ugent.be
|
||||||
IdentityFile /run/secrets/UGent/SubGit/ssh
|
IdentityFile /run/secrets/UGent/SubGit/ssh
|
||||||
CanonicalizeHostname yes # Ignore capitalization
|
CanonicalizeHostname yes # Ignore capitalization
|
||||||
|
|
||||||
|
# HomeLab
|
||||||
|
Host Hugo
|
||||||
|
User admin
|
||||||
|
HostName 192.168.0.11
|
||||||
|
IdentitiesOnly yes
|
||||||
|
IdentityFile /run/secrets/HomeLab/Hugo/ssh
|
||||||
|
|
||||||
|
Host Nextcloud
|
||||||
|
User administrator
|
||||||
|
Hostname 192.168.0.14
|
||||||
|
IdentitiesOnly yes
|
||||||
|
IdentityFile /run/secrets/HomeLab/Nextcloud/ssh
|
||||||
|
|
Loading…
Reference in a new issue