tbarnouin/nixos-hypervisor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Try to use age for crowdsec lapi config

Browse source
This commit is contained in:
Théo Barnouin 2025-04-04 15:33:53 +02:00
parent 42792ec4d8
commit 88c4095a29
7 changed files with 70 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

32
secrets/initialPassword.age
View file

@ -1,18 +1,18 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBkcDhX
WHFGRlJFUll0TFlEVzBiUmkxd3duVHFEdFU0K3hta2JGZzdENzJrCnNBcVRtUkkz
NFFoamExVjNhOXh0UjBJS3p0WmtBOWFGZTNkTTdlMm9aMWsKLT4gc3NoLWVkMjU1
MTkgd25FVXB3IGpKemJpTGJlMU0zU0hPaFpVd2pZcGFlNUhYTHdxS1NlemlwaWY0
UFRBMDAKbm9CSlpxZE1JNnNsZHdtL0R6U2Q3STVLbGQxd1F1ZzY1VkNXeWlSQk55
TQotPiBzc2gtZWQyNTUxOSBubUtTK0EgUzMyMGJXczlic2NUOUl1d1N6MGhxZlZ6
UXlPNEVMYk1zR3UxZkozcXVTbwpyd1UyK0dGSWhIcXpPTk5TU2ZRTjFadGRXRVlY
OG9tbVhvZzNLcjlQL3FZCi0+IHNzaC1lZDI1NTE5IHNpbmd2USA4a0JFRmlBQjV4
VTNhbCtMVUE2YzFwTTFwT09HT240RHRGUFdsUFNsN25nCi9zdllEcHRudmFRTC84
c2QrbjR6eThUdW0zclBFdzVXRTRPU0R1YzlTb2cKLT4gc3NoLWVkMjU1MTkgeHFt
eWpBIGR5ZlljUVZSZHFFZThIcHJJc1J1R2o3eGpyQ3A5T1Q2ODRyTFFqN0JyU0EK
TFBpdTVjdTQzUmdRUUVkZDVOSlh4KzM1T1FDUXhaMVAwM2t1ZHFhdmhHVQotPiA9
LWdyZWFzZSBlc2h8UitCIHsyIC41KS4gX1JBdnwKdUpQSm1tdXQwUFZPb0FMNENj
TFZRM3o0Wk1lN3RobHpxZUVnZHFiT2hWcmoKLS0tIDV0d3NTWUZFNHFpQTJqNGh4
UFdtVGJ2ZFFBMkVpaDdKN0hFcC9tSGwrWTAKSJMImvBdD1SGCFOYFpEqj0xcohO4
9Eb1cfj6OeUsC5GMsXXJ78/XSjYtCu1wtWBml3HeQzg=
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9Xa1ZYdyBwZ0Fl
Rm50ZmJmeWM5blk0RU5sQVExcGRsamJ2M2t3Uk9tQUJMK3JXeFd3CmJZWFJJdXVi
Zk0yZGRFVlR1eHJoZlBTQ09FU3ZhdUJpUTZyMHZoSlhhZVUKLT4gc3NoLWVkMjU1
MTkgd25FVXB3IFdxU0REZzdQSG5OdzBNVVN1VHJNcVZ4a2N1VTlHTWdyejlXUmpX
UXQxem8KdnY5eUdCbWJMNkJRY1pBOFQrSUd3OCtLczlUWFJnZ0dTZzhlMXp6dHk5
ZwotPiBzc2gtZWQyNTUxOSBubUtTK0EgalR0bGUzY1orS2Jqc1FVZVczUG84YmIx
WUdrUnFFNHlLbHFQcWJoMTJsWQo3cjY1Zi8zUUlqeXU2clk0RS9uY2xCT1V3bHNV
NWd1cjBaR0JnV2Q4N1VRCi0+IHNzaC1lZDI1NTE5IHNpbmd2USBWdnFrdGpIeVZX
S3pLOWhsdFpJUUhKUmVGN1FiSE5NcWFYZ0EyaXI1a1RFClN5VU5BZXZFWkRycVlE
dW5WYStEMS9LUGk3aFlNb1V2NDRrRkh6Qzc5ZTAKLT4gc3NoLWVkMjU1MTkgeHFt
eWpBIHpjaEdBWitvVWtjMlNBb0I2dUlyRG5GdkppV2F0Tk9SNTNCRUVsd25LM1kK
dGhuLzFnN2JDZ05aTEM1ZXp6K0k3dG1pdVBuNms4UjRCU0dzemFHTDAyUQotPiBv
dCVudi1ncmVhc2UgcCAqa1xVXGwKSjcwMHU5ZG9EYTFqdmk0bGF1cVQ1QUVlYUJV
K0Fvb2RiK1FpK2RBeDErWjhmaThFYWNndWtDR2U5eFF3ZGcKLS0tIDRFMHI1aGd5
S2V1NU1UMGN2MzF6Z2ZUR0xEdHlBNWo5MGg3aFByN3NrZ2MK61WFEz2M9I38JC0R
zMvY1Nw9CwpmUkRT7fQzH2LksXkMTv1kxsAy61xo8XjJerUeYjfNJmo=
-----END AGE ENCRYPTED FILE-----

31
secrets/secrets.nix
View file

@ -1,31 +0,0 @@
let
tbarnouin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxccGxdfOFXeEClqz3ULl94ubzaJnk4pUus+ek18G0B tbarnouin@nixos";
users = [tbarnouin];
grafana = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQxvO9vdd2f9aV4F3LEQrrTJaLwLvSLbLtjB9qNxc4z root@grafana";
onlyoffice = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAEHTFFQoi8PtzkdTEeA5lGELFS01J51GLLjrnySJM7R root@onlyoffice";
postgresql = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJW7qA7j1sICuu1RAfs9ifR9dmOlHq45tKu1ga7CKaob root@pgsql";
forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMf3Cc/S0p/LFcW+RLMEqpxOOv8q/HrKO4I9joHmRxl root@forgejo";
nginx = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX2wkS9bpMy1+ITPtQclRkthOwksWBZOLa3bT9oLAe1 root@nixos-nginx";
systems = [grafana onlyoffice postgresql forgejo];
in {
"initialPassword.age".publicKeys = users ++ systems;
"services/grafana/secrets/grafana-db.age".publicKeys = [tbarnouin grafana];
"services/grafana/secrets/grafana-oauth_secret.age".publicKeys = [tbarnouin grafana];
"services/grafana/secrets/kuma-token.age".publicKeys = [tbarnouin grafana];
"services/onlyoffice/secrets/office-dbpass.age".publicKeys = [tbarnouin onlyoffice];
"services/onlyoffice/secrets/office-jwtpass.age".publicKeys = [tbarnouin onlyoffice];
"services/forgejo/secrets/forgejoDBPass.age".publicKeys = [tbarnouin forgejo];
"services/postgresql/secrets/nextcloudDBPass.age".publicKeys = [tbarnouin postgresql];
"services/postgresql/secrets/giteaDBPass.age".publicKeys = [tbarnouin postgresql];
"services/postgresql/secrets/authentikDBPass.age".publicKeys = [tbarnouin postgresql];
"services/postgresql/secrets/grafanaDBPass.age".publicKeys = [tbarnouin postgresql];
"services/postgresql/secrets/onlyofficeDBPass.age".publicKeys = [tbarnouin postgresql];
"services/nginx/secrets/cs-lapi-key.age".publicKeys = [tbarnouin nginx];
}