1
0

modules/monitoring: migrate monitoring vpn secrets to age

This commit is contained in:
2023-05-02 19:42:46 +02:00
parent cb12fb64cb
commit dcf8bc4035
19 changed files with 137 additions and 1 deletions
bin
hosts
backup-4
carbon
clerie-backup
dn42-il-gw1
dn42-il-gw5
dn42-il-gw6
gatekeeper
hydra-1
hydra-2
minecraft-2
monitoring-3
nonat
osmium
palladium
porter
storage-2
web-2

15
bin/add-secret.sh Executable file

@ -0,0 +1,15 @@
#!/bin/bash
set -euo pipefail
cd $(git rev-parse --show-toplevel)
host=$1
secret=$2
mkdir -p hosts/${host}/secrets
nix run github:ryantm/agenix -- -e hosts/${host}/secrets/new
mv hosts/${host}/secrets/new hosts/${host}/secrets/${secret}.age

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w NS7or54RThBygIkXukAmaMBerb3XzBl9MWxhhXSOHTs
B9+EuN080AMUEdm/KRVcR/sqlw0uC8/lO4VFuTkfECk
-> ssh-ed25519 eelCFw KF1iYVpI/owY2K2entqcm4KaOztBC1Y+9/qK11s3Z0Y
IS3ABKW5+NEDW9bJ2KAb64WiIkHoMibyWtyuF3sF3eI
-> D,/q5iN-grease
LBaWGpsSun/TqNuM8OnhBu6/+u4NrwgrSe7iMkER7yrA/j4RKDfzHC17P9l701xN
OWFhKaA1qsxwe2Pk+3cN9Tp7SklE/hY9ADIvA1Jqqa1uVhYonrpZFEUXPVbnEEs
--- JYxwomGwWYbjcoqV5u3ReD/2kaZ7XQmxc7aUEZOGcCk
<EFBFBD>A<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,J<>i<EFBFBD><69>y<EFBFBD><79>8<EFBFBD>K@<40><><EFBFBD>ڨ0]<5D><>_MM౉w7ު!<21>Ϲ2<06>Ѭԛ<D1AC><4A><DEAF><15><>l<EFBFBD>Qt<><74>=p<15><><EFBFBD>$

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w IkxlO8D2o7SoBGyg9/edvw97sAqj9e1nUtQk9ci8tws
t3mju7vCMEQcOs21Q56U53hTYyplMlj8L89oVVcgifQ
-> ssh-ed25519 5EcjHQ W1oWURPqGGfSwDZbIfqKVBBL+fMdLh1KnW3mMqALWmA
RbuAx/Sgj4wmuzijnjtS2Mai3n0T+89qSv2v5pxDfVw
-> w)}-grease $do
nc2bWeMeBxc3hd4XkX/k+isQudb0VZBD
--- 3Smsch2WrfWCMaeQffV+52LBY11YTtUa9K40DWrsAzY
<EFBFBD>כ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><04>u<EFBFBD><75><EFBFBD>In<6E>m<EFBFBD><6D>)<29><>n<EFBFBD><6E>O'<27><><EFBFBD> <0B>q<EFBFBD>̨<>r<EFBFBD><72> R{<7B><><EFBFBD><EFBFBD>T<EFBFBD>=<3D><><EFBFBD>+<2B><>ïj<C3AF>c<EFBFBD>? Hw]dBa<><61>

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w t9osbbi1s3J96OhWrTgrNmGHfIWUAqB4aFvmbNqtTG8
DD+iNLEd6WBvRS8PC0pfiCgNmVR4jNwBZHcaR8a814Y
-> ssh-ed25519 ILP4Ew sisQcIh1A9M3qwl9yD+cSPNM/nnNpII+Xfesj9mwkRM
7h/dPRCYHA88Q7lWvvPvdHf4ppCiEnu9ca6TY0BZLzY
-> {9O-grease a_:E
g5khXWjhnAYGhbvvT8+gbde58hiKZe9UtQfsGUDvnngA+OQulOiV9+tRX+yuzUhb
0z6nyMS0R9kPFsSFg7H03SYbkKaidh54FCYzyRMLld9nHYe6mUE
--- zDunV7ZXq7wNxXOVAdEUJmeGI25kHpsO2S5qNklhHQ4
G

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w +AFhSTsqwKkww+OGHnKI+qi0JvrQVe8p+XRVnn1oZk4
t7nBc4g5guqSsP6XFWYLAXPZEKFJA0tk4GM9XP3uoUo
-> ssh-ed25519 g+l3bg LjbGz8bbxotI4uhVaFzCjaOohfjJbTgPCbQ5UgCVgEI
+7h66Z41OSyvZjJ7ANYFA+ut1FWQXE79WonaXE5HREc
-> OapV-grease jkg)M@ NO4*'ml? lUG]H liUD3iK>
628DJDgpTFp0XP05robVn8j6/3f340BaYvdZIKLKvqXp93GufqwBnfYRIjYDyolA
Kt0M59kSw2DOtaYaOEk/E5BJhdYa+cDBEs8
--- 0V08Pg4II/yihrNWngXKWXwr6+Lcu9+XijZYupCyzHo
E<EFBFBD><1D>?a<><61>S,<2C><>&<26>\<03>Bҗ8<D297><38>X<EFBFBD><1D>]S^B<06>HI<48><><1A>/<2F>F<EFBFBD>'#<23>;C<>@o&~<7E>i<EFBFBD><69><EFBFBD><EFBFBD><11><>\=<3D><>ԯ<EFBFBD>

Binary file not shown.

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w 5r8PAnWrr1maOMNehoMkegIq1RvYcOTVSC6aynbI9Dc
g/q8AoKehfdRK8zuIVfj1TQeu37PQdUUXEPez07d2x0
-> ssh-ed25519 I+qNDQ r2etKUBWkHA4X6wpnGZbMmkLRQWhZ4JI13mOV3XX3Xk
/FJzTBB29gVH0VAeStXzi4rFZNoc/odYjXyObq/wVuQ
-> !YfpC-grease 4B
4ZoUV7O6DjEEHUXCG8+PcjyDt64X4nfKcnH1xt/45Wc
--- HptZmw/gU1pbkVwRvrTvDSj6Ly5ip5BQrMMyvVDULZ8
<EFBFBD>\<5C><17>x!*<2A><>z<EFBFBD><7A><EFBFBD>Zy`<60><><EFBFBD>Ɠ<15><>q<EFBFBD>m<EFBFBD>S=<3D><>jk*W<>ޥ<EFBFBD> <1B>(,<2C>F`<60>t<EFBFBD><74><EFBFBD>5<EFBFBD><35><EFBFBD><EFBFBD><51>q<EFBFBD>X<EFBFBD>

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w ScSNP64jvvU/1t/fKlXPW9vaPwGvHwy6UEmGRA/h9HY
GV0KnasHBoj+qtTIT9aI0k6A/XgHPFXvmsApPDhAjc0
-> ssh-ed25519 W4Oy+w 455qbO83X2y2XZR2obj4IItMGkrC/WiRc6B2jp9MOEU
RLT/FkTDWJYHtAhtYAEHaw+CcgITvgBJKLLrN9MpMg0
-> kN4?-grease sJ p ZV(8^Djl N*7)k~
0wq67UmJOPjObCWQhRSzUE6kWIhZsmv4zz6lEt71YoH5nFb7TzF1vYVfrqMycht2
QvzqtKMNAmFu6jv30X2ULBIjLNajtMGeZxLyBIjnbkCscnoWv4c
--- 7Fu5hMch3bfWXWlCwRvhVQCWx444fy/SMQyOwUyidqE
<EFBFBD>l<EFBFBD><EFBFBD><04>=<3D>·3Y`\<5C>ԅ<08><><EFBFBD><EFBFBD>R@؊-<2D>©<EFBFBD><C2A9><12><>K9)X<><04><07><><14>YwǠ-*c]<5D> <0B>v<EFBFBD><76><EFBFBD>><3E>P1R<1D><>~

@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w iq9GCoMvjYmB36sb3ObwjSO2eL/wyyxTsIbJ8lye1zE
6PcXowhq3ADvC94MQ0BuFeyiCxmxWwwgEjve2fP3uRc
-> ssh-ed25519 UgSomQ OtaRJDru8abGAMKcmcF0YHPDMnilqZAk9LULZ3eVd3I
3vzkjiqpOz1rIODQdO1QTs7j8JW+f7/9hrlBvb48z+M
-> zXcO;;.{-grease
w1zwccIRbNRBbiXF5p6fVAS1Fm8OUJdq105gfEaGNUgEKSzUzGRlron5JemsebJt
6rLBebjmtxrgLOMvPMbtpX1hQJOrWV6yVJkBOuqlRtVdFPNMrIEWXc5v+VXR8Ccx
XMs
--- v41dXOCQtZwpIdKXoQSB1oblr17HunSpwoRnfPtKkS4
<EFBFBD>M%<25><><D484><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><17>[<5B><><02><><EFBFBD><EFBFBD>_W<>!s<><73><02><g<15>0+2,43>
.<2E>H<EFBFBD><48>o<EFBFBD>0<EFBFBD>w6t<36>?<3F><>'<27>zo<7A> <20>Иh<01>

Binary file not shown.

Binary file not shown.

@ -75,7 +75,7 @@ in {
ips = [ "fd00:327:327:327::1/64" ]; ips = [ "fd00:327:327:327::1/64" ];
listenPort = 54523; listenPort = 54523;
peers = monitoringPeers; peers = monitoringPeers;
privateKeyFile = "/var/src/secrets/wireguard/wg-monitoring"; privateKeyFile = config.age.secrets.wg-monitoring.path;
}; };
}; };

Binary file not shown.

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w iEMelLHDM8EUtRxTjZakRhyaCgvu0y078c2m30LjlgY
o7v/DLKisYUVOgr/q5R/vdrFwsvibdPyGmDdoYxG9wg
-> ssh-ed25519 wTWpBQ R1dUP4h19a97U2pRtayUWOer6SZr0K4NQ5HwfxlfljU
NwTJQET27YxUZVMr0Eysniqp7R/mhVLjrcv7KyKk7HQ
-> \'G8L\\-grease
IYhz41mhvSiBPNpEd//WIhhxz58Rj5nQrnsyNUcNJ8DJo+u/5XsMX7xsiUpPlqZl
gljbE5k3W79kGV45+gTGbBi6j1kwM98ZPzUx6zF/wdkV+6/UdRvcxdwCBeLMQCpE
--- 9cL+fMX0BHh+Tdtx6DBoUG/U/dVlwX8YN0CoWIZvU/s
F [*<2A>T<EFBFBD><54>T;<0E>^b&<26>! d<>XO<><4F><EFBFBD>@K<>F<EFBFBD>
<EFBFBD>%/<2F><>k/'<27>٭<11><><EFBFBD><EFBFBD><EFBFBD>/{
<EFBFBD><EFBFBD><EFBFBD>n<EFBFBD><EFBFBD>Cn<17><>"<22><>Zg/?

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w GdM0PlWSyTELO16TOGV5qVDnpy+wmRVISm8zq4AkL2I
bFPVH0sTvsAoewRyetxxMDq4TXKBbo9kcer4j/+TnEY
-> ssh-ed25519 e95K1g C9JuyI5jzWfFdhN6BNiUeEUHyVTW6hrZzf0fxHWniGk
TBU7VCgk1OKYwc4ol+kcKnAUXae83BePZh2DBoTGz+A
-> "-grease
/GBX/iJRT06Kgz3sXOsc4gqb5ZugnM0qDWBBCsrQ0cWkhswar/wIocSYVilsrM+0
X8ZhFq0LIN63eCcVcw3bLk4Kvqz/GCF68uk0VOxxSThVZ+rj
--- xW5X/IzB/clE7LZDkvD42EUmKnwEmgDmzPrKR5ni/uE
<EFBFBD>E<EFBFBD><EFBFBD>p<EFBFBD><EFBFBD><EFBFBD>}<7D>:.<2E>f<EFBFBD>G(70T<30><13> )V<><12>|<7C><>O"<22><1F>w<EFBFBD><77><EFBFBD><EFBFBD>1<EFBFBD>2<EFBFBD><32><EFBFBD>u<EFBFBD><19>kwn<77>֚<EFBFBD>N<EFBFBD>ѩ<EFBFBD>3}͂XC<58><05>B

@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w ctm6hruSuzSBwGGcW9x7qIIFe7z+AGhlO8ICU8cwO3U
9fhK5PdJJn7BpM9Vplrpi1Gcofpzafv30z+O2SuEVR0
-> ssh-ed25519 RfitmQ fnVZmd42HVD6iBkEzEGn57D4LNMcYfWXeRpnRutjNyY
s1+OrASe6ONf9kVgfBiAuoSd8314h4ek6yoz+mL04Cw
-> nTx'S6-grease 1Dt%/
mr9/gUTNOMrFAQVmUgVVfXpkKk+aXes6CulorL24APwN9dL1GPEOWdP3v1NEFcR1
db6L78xilCtNf/jszgpMFYh5ctehauTa
--- EkgK0s3mBI1KvlZIWl5iB+p9xu6of0oL3NEVV+Jcjfc
+0xE<78>~<7E><>T:<3A><><EFBFBD>֟Tj<54>~c<><63>L<EFBFBD>@<40><>wDX<44>D<EFBFBD><44><EFBFBD>NJ4s<34>׳<1A>DS<44><53><EFBFBD><EFBFBD><EFBFBD>K/<1E>V<EFBFBD><1A><>!<21>o<EFBFBD><6F><EFBFBD><EFBFBD>U<EFBFBD><55>_x<5F><78>:

Binary file not shown.

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w 3DdeLEaXCmEsm5U5idLUPb2t25cbd66Cppf0xcF3GEs
V7g2WywINm7qB7WcV/zL490I/7vCqudlnzNXY1Ckzrg
-> ssh-ed25519 pI7EWw HNBoCvxcX9qEJHzjO/8RxPgsy7J1RmqROFKTf/bIcgs
9JSsE7iqZ+1h5YfPPI6v4fth9wdFP8qfU/mNkaTQr6s
-> 9Kh.qZ]-grease
gx3ohTVB+gSV
--- OzhRO0ke2wUPWxBayTpVLE2leygx0pT60PTpcTlVgis
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>a<EFBFBD>lP<EFBFBD>$c8<63>G<EFBFBD>j<EFBFBD><6A><EFBFBD><EFBFBD>T<EFBFBD><54><EFBFBD><EFBFBD><1D><18>G<EFBFBD><47>P͉{"<22>R<>c0Y=<3D><>><1C>>퉆f<ED8986><66>߸i<0E>

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w ZWn7K/SI1OWS0FslI6Vz+KooVyWXuww4dNa5y0O1+Xo
P723ghoGExFpcMYjdvcZrvT1eOG/pmccI3IO0/UnaAw
-> ssh-ed25519 1nn+0Q IL+SAfWJvd1KPV1z1kAyoLu3o/t6qdCx4cHjplqkaAo
5io07rjFwtbvmgvA2sYn0VsjdtHi0AA1JRwhH5yijpI
-> m2cEFebO-grease )(5.!z\
--- 4ILHmhv4fz6NZaWVYAKmFGY4ojpt4WQu3ulxz0R5FCA
<>nl<6E><6C><EFBFBD>*U<><55><EFBFBD><EFBFBD>j<EFBFBD>ˮî<11><><EFBFBD>:<3A>U51<72>‡<EFBFBD>A<><41> <20>޴c<DEB4><63><EFBFBD><EFBFBD>C<EFBFBD><43>N<EFBFBD><4E>|<7C><1F>_X.s<7F>[K&<0F><>