clerie/nixfiles
1
0
Fork 0
Code Activity

hosts/hydra-1: Sign nix cache entries with multiple keys

Browse Source
This commit is contained in:
clerie
2024-05-22 17:17:14 +02:00
parent d55dc35882
commit 37685080b9
5 changed files with 90 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/hydra-1/nix-cache.nix
View File

@@ -5,7 +5,18 @@
services.harmonia = {
enable = true;
settings.bind = "[::1]:5005";
signKeyPath = config.sops.secrets.nix-cache-key.path;
};
systemd.services.harmonia = {
environment = {
SIGN_KEY_PATHS = "%d/key1 %d/key2";
};
serviceConfig = {
LoadCredential = [
"key1:${config.sops.secrets."sign-key-nix-cache.clerie.de".path}"
"key2:${config.sops.secrets."sign-key-cache.nix.clerie.de".path}"
];
};
};
services.nginx.virtualHosts = {

7
hosts/hydra-1/secrets.json
View File

@@ -1,5 +1,6 @@
{
"nix-cache-key": "ENC[AES256_GCM,data:AFDvfikObYvlwqRd0Wz3jfZdrKp6vu5ga6mFKRSPhh/BPFS1mBNyz3DQTL914bO7Pn47QHQVxufFVYlYmIq9sIK5snudZmRNDC21D95CvnJMWkO4d+nO8sMbjTMocEBmBEPMC18WHrkVmWOJ,iv:sD1qpX4sgAqb0c4Vmr7cRAELwiQhORKleGggKnOtmB4=,tag:q9D/f/+n9J2+ZtyuLXuk6w==,type:str]",
"sign-key-nix-cache.clerie.de": "ENC[AES256_GCM,data:V6PHF1p8I43uErwNdixWeU5dw6liI/8LtFL61bZ7vldvv/7RbqJ/e5gvLYhrsK5hzLYbBqKEpt2v7007Jh/A16fX0VZ+M1d5OqTClAzRdW6FC/A/JAaJfcDphYK2MXeXdNtN9WlRS6hBK9T6,iv:Y0eiMTFu34/Oy6hRHHPJ+wWOJsJ9S7mUFKwfJiRwjus=,tag:sYsjS3LVGDPUy2ZrDlXw8g==,type:str]",
"sign-key-cache.nix.clerie.de": "ENC[AES256_GCM,data:vuc21vilquxcasVXv7dsMSDxq1i0pUENmuoehFZHQd2vJqpkT8IFjwRBdVScxBgcz2/qv1iA3Ou4yBVPAfUKmOM6S1hzJGPxOfQySUTrQE6LgJZFAe/nKxNdiE0cBksMF7UtfJt4AmRv93BN,iv:s1N0U1X6sY/0HM7OMAGjrqFRRpiwHpedQn11/U3C944=,tag:nDrmDhB4D2OCu1ZLfoflag==,type:str]",
"wg-monitoring": "ENC[AES256_GCM,data:C5C1s8GgEhu0QrIYiToJu/6Be7njwwNzdj5oMDGihT0m4lCtkwDI9NPxdBQ=,iv:icgVuwsJjl9+6pank/0MenY3Sm9eZiJ4KqQHASz+GXE=,tag:ANKZxndDHXAakUFr0euvkQ==,type:str]",
"sops": {
"kms": null,
@@ -12,8 +13,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiS01SZzVxOGVjeDNuMEY2\nMjd3VjJHRTgyckZxbitFYTg5cUNZNHk5TTM0CkM3QnZyaFFmTUp2T2phZ3FuR3lR\nd1E3TlpsRnBQVXM4WlNIKzdTelJIbkUKLS0tIG5xR1VlK25LR3JucDIwakMzNVp6\nYkI1ZmorajhDUHdHZHQ0QlkxMkE5dHMKTaffSqKMM7Z6pDmMLvRr6MEsNPvJ9ycF\ny5Wilaie7qdFPEWJDNXOmmKwJgF/wPIsYYouL+YlKaOalL4X0i4xgA==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-04-21T16:30:03Z",
"mac": "ENC[AES256_GCM,data:aEIs0bTuMJJsjCLtwQ/3ApO8iVCdlfPhBY97veU518R+Z2aywEh9R7h89skuVjrRcrbzeZthaubD3fqK+0mWkIgk9cYWzcHAA8OYNX8inZAnWuhN4kcc9pAy6abdqYtlqtTBY33m4BITEsIsUROW+VP7V87Kyp3THnn2S0QqAag=,iv:1wqiyugRLFXT3uXfo053E6mGH/wFGjUO/AkXz915GrA=,tag:8Vil1vZRkKUN4HwcFNJsXQ==,type:str]",
"lastmodified": "2024-05-22T15:14:09Z",
"mac": "ENC[AES256_GCM,data:kOC/GOhtq00jcHQoLSaCeI9ACUDv4aoMH8+Zn3tCEpK2k71/mdzV0ces5Aojxu7CIsZh+0GpStCPVgA68Ke96PKt5yYv4G0PaN0dlFs8luvl29OcvEWIvM3Hzb3KVmp5/rYsch4l1YrxCO9PqNVN6aIwe0mdJlLLpwTshZ2bgu8=,iv:0YkBoKBqi7S3ioXbo8p1yr5jVRjjBAI/y8cy9VJhIDU=,tag:3VQKXWhoK+nFZ4WKz3Y3AA==,type:str]",
"pgp": [
{
"created_at": "2024-04-21T16:29:22Z",