diff --git a/.gitignore b/.gitignore index 92e4b98..9c0ec39 100644 --- a/.gitignore +++ b/.gitignore @@ -7,7 +7,6 @@ !hosts/cube/ !hosts/cube/forgejo/ !hosts/cube/grafana/ -!hosts/cube/mail/ !hosts/cube/matrix/ !hosts/cube/nextcloud/ diff --git a/hosts/cube/forgejo/default.nix b/hosts/cube/forgejo/default.nix index cb4ce7d..70ba486 100644 --- a/hosts/cube/forgejo/default.nix +++ b/hosts/cube/forgejo/default.nix @@ -8,7 +8,7 @@ let port = 8004; in systemConfiguration { secrets.forgejoMailPassword = { - file = ./password.mail.age; + file = ../password.plain.mail.age; owner = "forgejo"; }; secrets.forgejoRunnerPassword = { diff --git a/hosts/cube/forgejo/password.mail.age b/hosts/cube/forgejo/password.mail.age deleted file mode 100644 index b1fc1ab..0000000 --- a/hosts/cube/forgejo/password.mail.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw UdpGG1O9oC4Z3OasaGJyU3TM9FkwcaXQX9+QT4Wqrjs -RX+NdBYD+/GtOSGun8Y04S48MKLDHkQsfqjJQ0vVj18 --> ssh-rsa jPaU3Q -EVX4PE+5bBQm3tzrUkbPBfG7Ech9dS2Ix8ZLLWYW2DFp30F49tJvYUDLGgpRARa+ -dh0+tuiOdPHENVbyhM8pob+Jk4Ii1+ZYwQdah0bAmewJ88NAHgfNCPMuAZFsR2w7 -r+KeuMa+1PtX3llIVWqTc+pdfrPVnG/DcbQqSgs5a2NVQauMgFgT9eCrwvuWCTSQ -dlUWdysSTYsnGHSKxSgS/MmMIFsrlxqoUUBYTFdS6yU/w6b7VFSJdGczmzD9zFMJ -ywkregpi5y0Z8K5byroRMR1IfIl7B0CHcZbsTFqSrlDSX9Rq2D84TGwdhwBK0L17 -Yy1UM3mFIDWgWe2lBY2KRterzxF/XxfDgbDc+1d8NWANVDinoXIOLYg3QBCSupwR -QmgjfvMcqjDSeg/QaV3PXtK/GyzVk8ehAFQpCyi+XofuavhBzP+9yk6IoHQupEAx -mQkm1ZXRc//C5w7Svjf6DmR5KKbF/mTRr7QqJp4XuCNCHA4Bf5BQEw5p8NtfqiWh - ---- iRy3XLKWkh6sUOkUS79ZRtRAjGdvvlKRZ6L6h6cKzjE -lڣY~Ϭ bQ/o3^s}+,B \ No newline at end of file diff --git a/hosts/cube/grafana/default.nix b/hosts/cube/grafana/default.nix index a19ff27..1ff6c66 100644 --- a/hosts/cube/grafana/default.nix +++ b/hosts/cube/grafana/default.nix @@ -12,7 +12,7 @@ in systemConfiguration { owner = "grafana"; }; secrets.grafanaMailPassword = { - file = ./password.mail.age; + file = ../password.plain.mail.age; owner = "grafana"; }; diff --git a/hosts/cube/grafana/password.mail.age b/hosts/cube/grafana/password.mail.age deleted file mode 100644 index c0cd623..0000000 --- a/hosts/cube/grafana/password.mail.age +++ /dev/null @@ -1,15 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 +rZ0Tw O0H0h+hSKjcOPaWE8iDSpYsR0TGigDeyBUmHtFTCNjQ -EHORIYFfRAoYEME9SM6l3ef6jfYmLBXEgGxZ7L+wZyA --> ssh-rsa jPaU3Q -bG32pycqaE13cyS0OVqd3mI3lmP91UOgBrhnIhUv6WCDxJdQoshrUNhfF93JAI9+ -HSAsAOM1UHeffdNuucCQsoTxENCFonldrK8+cQwPyQlPSGIP5yE4hFFRUjoct0X5 -qdJsjgHAP53c5707mdwsx7lbpRLFPhW6JvA90wn1LKZPgMHBD5yQRPc+qM0NQ10b -sOqNU8dVuuIwWGtzHm9vrw3jUZMNiH+AUJ8IcaEC8+5FFAHr1cib3+rzyUmbzrxr -n2dXsIICLmQZVXoNPMYltcHyM6jf1a+cxh9Z7ZKhVxJvD2jXh9CqrHw5Z2xbQJTL -rwKNE85xxwQNzldYPMGLWyfn25j08/Jx4uZHXQIGrjVQCRRy+Mmn9d05MY2BNPNC -vpA848kn1IIM5ybBdsEXSqywoE2+r+J39JVUcQgTdXhjQwfZWcXiaq3haD6mhtRp -0VIqnBeu4vuvgtOEnWzvqVj0k64sYs+uPVjuXrW6szcSBcHj/QLfIQ//Tw4sRpQy - ---- DRdJx69Bkj+MVtk3dlZ0gMQmHG7NC7ZbzuMGbEbNVUQ - Ȏ^@%,q\4aEQEi>Rv \ No newline at end of file diff --git a/hosts/cube/mail/default.nix b/hosts/cube/mail.nix similarity index 96% rename from hosts/cube/mail/default.nix rename to hosts/cube/mail.nix index 8cdd5b9..2d764b8 100644 --- a/hosts/cube/mail/default.nix +++ b/hosts/cube/mail.nix @@ -7,7 +7,7 @@ let prometheusPort = 9040; in systemConfiguration { - secrets.mailPassword.file = ./password.age; + secrets.mailPassword.file = ./password.plain.mail.age; services.prometheus = { exporters.postfix = enabled { diff --git a/hosts/cube/mail/password.age b/hosts/cube/mail/password.age deleted file mode 100644 index 6e93dd8..0000000 Binary files a/hosts/cube/mail/password.age and /dev/null differ diff --git a/hosts/cube/password.hash.mail.age b/hosts/cube/password.hash.mail.age new file mode 100644 index 0000000..f58bafc Binary files /dev/null and b/hosts/cube/password.hash.mail.age differ diff --git a/hosts/cube/password.plain.mail.age b/hosts/cube/password.plain.mail.age new file mode 100644 index 0000000..e3bd36c --- /dev/null +++ b/hosts/cube/password.plain.mail.age @@ -0,0 +1,16 @@ +age-encryption.org/v1 +-> ssh-ed25519 +rZ0Tw lq/rDwjTA4jnScCGxGy1GWRaowo0Mw3nbabRlEyQznU +CVk3OU1TKX/kJJwKLbHsR8yX30PKRiRd9meZfd3q//U +-> ssh-rsa jPaU3Q +sHWdz6gQGl9SpMbNH3iwuBIXsymMTAQH/r76bMuG/q9ieSf3sLg5ylQUcZuNHWJ3 +F4LGXlzXxmn1qdqmKQY4i0Hk3CbkWUa3RmUQGwqLZHIHPPBGN1qSifUkyOJz2J1j +cUl4mYNDeVrP3Ya5AHLdfnix11Ftmva/Bw9wSzUCCaORdGvFlprMdjI1ESKFqOM0 +sBvcGwcVovWoi/n4f4VASELUSErq5JgfHz5U58ytEZc2BEzJVXbJHEh2fo1MDSpt +oLupdIOTTKeeLU6bwdNCbU3HoBsAjrG4GFlHr2ib9+cF+mXBd1XxSi/MmsnbPH59 +Ni88ab/dQ1INgkBzLjTurXQmMa8ZaQ5dOhd6vA72SGoRzL3p0/adHrtf6oI8Kpjn +eYeql9Ifl475RTQSyCbqR8Y0xWGCHysNG3qPcRtt/MiclX50nrB1IUvJMxLNd2Tx +HrBMurl8aOeOIfm1hs3eAdrxsChTbIEWvD4g9JHZg+t4fd0eSeWC9P9Za/5XXAuf + +--- 0v8HOdMoYyvq1YKwSdgBCho2WJ3KKX/S5YOD5gkBObA +p4E42Cn&Jzְ' +]=ٸ}{mwʛ \ No newline at end of file diff --git a/secrets.nix b/secrets.nix index ceb11b7..da6ee0d 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,24 +1,30 @@ let keys = import ./keys.nix; in with keys; { + ### cube "hosts/cube/password.rgb.age".publicKeys = [ cube enka ]; - "hosts/cube/forgejo/password.mail.age".publicKeys = [ cube enka ]; + "hosts/cube/password.plain.mail.age".publicKeys = [ cube enka ]; + "hosts/cube/password.hash.mail.age".publicKeys = [ cube enka ]; + "hosts/cube/forgejo/password.runner.age".publicKeys = [ cube enka ]; "hosts/cube/grafana/password.age".publicKeys = [ cube enka ]; - "hosts/cube/grafana/password.mail.age".publicKeys = [ cube enka ]; "hosts/cube/matrix/password.secret.age".publicKeys = [ cube enka ]; "hosts/cube/matrix/password.sync.age".publicKeys = [ cube enka ]; - "hosts/cube/mail/password.age".publicKeys = [ cube enka ]; - "hosts/cube/nextcloud/password.age".publicKeys = [ cube enka ]; + "hosts/cube/nextcloud/password.age".publicKeys = [ cube enka ]; + + ### disk "hosts/disk/password.floppy.age".publicKeys = [ disk enka ]; + ### enka "hosts/enka/password.orhan.age".publicKeys = [ enka ]; "hosts/enka/password.said.age".publicKeys = [ enka ]; + ### shared + "hosts/password.acme.age".publicKeys = [ cube disk enka ]; }