1
0

router: add ppp-secrets

This commit is contained in:
Ember 'n0emis' Keske 2022-07-23 16:46:03 +02:00
parent d2474d943f
commit 7f6c224c23
No known key found for this signature in database
GPG Key ID: 00FAF748B777CF10
5 changed files with 66 additions and 12 deletions

View File

@ -1,10 +1,18 @@
keys: keys:
- &admin_clerie DD2D88B9FCB74C81E6F63AAD5B5D448C88684BC3 - &admin_clerie DD2D88B9FCB74C81E6F63AAD5B5D448C88684BC3
- &admin_n0emis 6E10217E3187069E057DF5ABE0262A773B824745 - &admin_n0emis 6E10217E3187069E057DF5ABE0262A773B824745
- &host_router age1ghrvqrw92y355qw2m48jxvlu34pxf9c68nkus9lspfm05nes63gqmh5av5
- &host_nerd age1x69924s94z4k7s50utyuqrwshpt8p8yzwaxny2gle7yeyg4w3spqml95mu - &host_nerd age1x69924s94z4k7s50utyuqrwshpt8p8yzwaxny2gle7yeyg4w3spqml95mu
- &host_yate age10pxa70g3ekxdrk788l52s93a6ftavdw3r8x6d23gmsluudmwq3asmu6ah9 - &host_yate age10pxa70g3ekxdrk788l52s93a6ftavdw3r8x6d23gmsluudmwq3asmu6ah9
- &host_yate_dialup age14zsha5c5238v6hzchdfkjgjjwzc2qc79tl0ngmqrdquck5f945zs35vps4 - &host_yate_dialup age14zsha5c5238v6hzchdfkjgjjwzc2qc79tl0ngmqrdquck5f945zs35vps4
creation_rules: creation_rules:
- path_regex: hosts/router/.*
key_groups:
- pgp:
- *admin_clerie
- *admin_n0emis
age:
- *host_router
- path_regex: hosts/nerd/.* - path_regex: hosts/nerd/.*
key_groups: key_groups:
- pgp: - pgp:

View File

@ -6,15 +6,10 @@
interface = "ens18"; interface = "ens18";
}; };
networking.vlans."net-uplink-a.7" = {
id = 7;
interface = "net-uplink-a";
};
services.pppd = { services.pppd = {
peers.uplink-a = { peers.uplink-a = {
config = '' config = ''
plugin rp-pppoe.so net-uplink-a.7 plugin rp-pppoe.so net-uplink-a
user "002742928961551138009163#0001@t-online.de" user "002742928961551138009163#0001@t-online.de"
ifname ppp-uplink-a ifname ppp-uplink-a
persist persist

View File

@ -6,15 +6,10 @@
interface = "ens18"; interface = "ens18";
}; };
networking.vlans."net-uplink-b.7" = {
id = 7;
interface = "net-uplink-b";
};
services.pppd = { services.pppd = {
peers.uplink-b = { peers.uplink-b = {
config = '' config = ''
plugin rp-pppoe.so net-uplink-b.7 plugin rp-pppoe.so net-uplink-b
user "002269158219551138009162#0001@t-online.de" user "002269158219551138009162#0001@t-online.de"
ifname ppp-uplink-b ifname ppp-uplink-b
persist persist

View File

@ -1,6 +1,10 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
sops.secrets.ppp_secrets = {
path = "/etc/ppp/pap-secrets";
mode = "0440";
};
# Setting default routes based on interfaces in different tables # Setting default routes based on interfaces in different tables
environment.etc."ppp/ip-up" = { environment.etc."ppp/ip-up" = {
text = '' text = ''

52
hosts/router/secrets.yaml Normal file
View File

@ -0,0 +1,52 @@
ppp_secrets: ENC[AES256_GCM,data:FQQdo1xFu+pW4wshQBVEBFqyhyTpprVZ9QAeasht1p82x5cODiGqnRNxNohnVVVxJmOtcuwIh1vN6dSEN8ju1XyuUn7suURnZ4og4Fk5yqHMFlBptAdViYLONV6dngGskIGug60Kyy8ysgBJSoq3LKy0plivSQ==,iv:RM+aYOP7zVO62h28EQHgvIEw96d7BNK5W0ut2TCfe4g=,tag:ZDAazjUtll+mEDWK8vlyGQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ghrvqrw92y355qw2m48jxvlu34pxf9c68nkus9lspfm05nes63gqmh5av5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBibE1jbGFjZUdBZjNZY0h4
RkdCTElUS0xtMzQ5WHNScDR0dnBZRzBHanlVCi8vTE52Y0V2QW1SbUR0OFNwc0Rt
UVU5bWxKc0U3OEloOXFnYldvUjVOSW8KLS0tIDcyeHFWR2d3Q3V0U013QzdvODJi
WmdZQ2h3Qi9LWXhBbTNxSlkxaFlBSDgKPSe9TF+kKct2YYL0mmGYK5pAfGpeobUI
SsQPevDyZG8qTiBDnzw9uFfCJO9XSwaWms2hfEtNNFMFmgdBdbBrMQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-07-23T14:37:21Z"
mac: ENC[AES256_GCM,data:TRGnDcBjfuKa/VyiWJiYB9FVtztUeJAHwSrZHmK3+9Y9Ae6Q+JNUiep+tUY2c5yhTyD8IJ/0IZ/ad+lKi+W5gfPOnmpSGEhqckc8CwM2dAHN5+jFIdu8RYGIxwpevn38ZjNmRFII/FGc08JMtiGTIvDL6WPe0+KdKxnMCn1ps3k=,iv:FFh5Vw8vAl2vwcMGTM/gCKmief8J9C4RlLr4g4aNs2s=,tag:iEdFCwQDWbfDeRKs3nrFOQ==,type:str]
pgp:
- created_at: "2022-07-23T14:30:56Z"
enc: |
-----BEGIN PGP MESSAGE-----
hQIMA6BIUohpxMXcAQ/9Hl6jRICaP6tNYoAc2STPLgv0s0KL24ef5VtwZb56pAkL
p8Rd76UhFSaw5VgEaDpJV/FEtOL7Pc6BO6LkqUZcdINVj53IIBazt2zf6GEcFcL7
vu+CahApzlotMC9X3IMoo4zmii9DXoJ+xekqA/WWc0cB6w8IS7xcTjYVid/4JlPh
L80gC/+o7fDeDYaNAQKvDq6vhvqkeC6KxogdKlVV6BKragS8GRfhJuTQrT7DLH5+
QJhKf0BNVNBvbR+KbDSvih8o9Duv55OTrnN2UiOefHJe/nRK2zy7CPeLmkGG6Ifa
spRdq2kyJ/E9wzfsmnTtfP6YSGb0y5MLzG9Y5QhwZjzLfR9MOvZMtBJVTG/4wXqL
sJGF2FstSmPaFdFdDnbHOt4vnamHnO1VtYkSuHJZKHPW7gCJvelspHCevl14C2Hs
VZCYfWck3wwXtVDyoV/7s3QFyoXdtq5sqksJ3LHZmXR1czB6WpZ2ITdwWTR5IxO1
QBBeYjnlec4bHVz9wDx46lNvzK+oUam4tWuB1puderzSFkTcM9VTGhrwqJ2gGiD0
nWMjsNW0PtwfmKTO33BPIqwcqxRBlzPoDG2XBVk/+Vp1gwlGJ+VhhRoShMxi72S3
CHEHxJLybMGzhJFFe4GwEf1qicj52OiuwrBoYAZKDzwH0rApjLQZwQVGzzDPwhHS
XgG70cfHZA9iUVTQ3RH5YLWqYMTj8vsCtAczZoMADdDboZZ3XoKJZzP9mneus2a+
5wHBf12QzICj2bdawGeUtwmJ7AdKVOz9orpScPvv0q7wuHt2VTUr/EHwjZuX+ZU=
=tuD3
-----END PGP MESSAGE-----
fp: DD2D88B9FCB74C81E6F63AAD5B5D448C88684BC3
- created_at: "2022-07-23T14:30:56Z"
enc: |
-----BEGIN PGP MESSAGE-----
hE4D6iFd6webPCUSAQdAVZFfxX2qwqqOTdVKP3Gwgr9hGjsMw9LjuOke+MQIzU0g
V4ZfuxxGV5jur+KQgzyinpS7OsGlE6+VTHdKzvk0zI3SXgHZlR2Scbu1GayIBd1D
Gjw2TzhA5Oglwi0sp19JJscY0YEAiKEN35EefAhIY6ZDPg/rRogY3nMSNcrjMNgW
yHe/WT5QsAP97rqDls7dnXmN2nfQtw151T9f1/+hC28=
=l5ht
-----END PGP MESSAGE-----
fp: 6E10217E3187069E057DF5ABE0262A773B824745
unencrypted_suffix: _unencrypted
version: 3.7.1