secrets: removed vault-cert-env, added rabulinski-com-cf

2024-03-24 17:24:03 +01:00 · 2024-03-24 17:24:03 +01:00 · d57ca9680d
commit d57ca9680d
parent 46c849a89f
19 changed files with 49 additions and 38 deletions
--- a/hosts/kazuki/vault.nix
+++ b/hosts/kazuki/vault.nix
@ -1,7 +1,7 @@
 { config, pkgs, ... }:
 {
-  age.secrets.vault-cert-env = {
-    file = ../../secrets/vault-cert-env.age;
+  age.secrets.rabulinski-com-cf = {
+    file = ../../secrets/rabulinski-com-cf.age;
    owner = config.services.nginx.user;
  };

@ -45,6 +45,6 @@

  security.acme.certs."vault.rabulinski.com" = {
    dnsProvider = "cloudflare";
-    credentialsFile = config.age.secrets.vault-cert-env.path;
+    credentialsFile = config.age.secrets.rabulinski-com-cf.path;
  };
 }
--- a/hosts/kazuki/zitadel.nix
+++ b/hosts/kazuki/zitadel.nix
@ -1,5 +1,10 @@
 { config, ... }:
 {
+  age.secrets.rabulinski-com-cf = {
+    file = ../../secrets/rabulinski-com-cf.age;
+    owner = config.services.nginx.user;
+  };
+
  settei.containers.zitadel.config = {
    services.zitadel = {
      enable = true;
@ -59,4 +64,9 @@
      };
    };
  };
+
+  security.acme.certs."zitadel.rabulinski.com" = {
+    dnsProvider = "cloudflare";
+    credentialsFile = config.age.secrets.rabulinski-com-cf.path;
+  };
 }
--- a/secrets/alert-nrab-lol-pass.age
+++ b/secrets/alert-nrab-lol-pass.age
--- a/secrets/alert-plain-pass.age
+++ b/secrets/alert-plain-pass.age
@ -1,7 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 ioPMHA 631XxPesBw0DC687j0Du8gyvwHuN8DrRMtVVVPJ3kEA
-A0zq6X8YgNVGMUBtpozcwXmy8pVQwtJRpelSPVywJ+Q
-> ssh-ed25519 GKhvwg NPPNc8ZreWcjYkriM0fn76AoYO5HSFmGY2Dnbhjchlg
-fpchA60ze8fx3ooQlyRk9lapL+m90NLn+p6eKRoyy64
--- KYS9LOiN9+RIlzyPZ71iqQ0c6I7MptxKzjfZzrEeAhs
-z	[´i‚è_»1x¯ >Ž®ÏG7ì2ÖLžØ!¨K,”™ãê[7ô¦Qì˜ì
+-> ssh-ed25519 ioPMHA Ke9jYfZ1pj3f+tZg6NR6mdzibsLRvF/rUAVB+p8xPH4
+NVlUyypRIFQ2wAZaINdPtcycrMQGwKDuVtBDO8SkMfA
+-> ssh-ed25519 GKhvwg 2jcoyEktwq/qtA+vSN4vm16N4BfKTxmN0PhVmdmkUzM
+LQA95udqdlmCeNltiwWXoxjb0T6A+4OyGLqtAFt5kYM
+--- zz9haSf4ourwVu7+V3AnVUk76SfSsYgiTQkWaruz/u0
+0a<EFBFBD>g–ÈVÁÉ±¡Üés·n#Ñö&I„¹ÍÛ×^´¨T&œMí¨¦’‘‘º*i¥hüÓ
--- a/secrets/attic-creds.age
+++ b/secrets/attic-creds.age
--- a/secrets/github-token.age
+++ b/secrets/github-token.age
--- a/secrets/hercules-cache.age
+++ b/secrets/hercules-cache.age
--- a/secrets/hercules-secrets.age
+++ b/secrets/hercules-secrets.age
--- a/secrets/hercules-token.age
+++ b/secrets/hercules-token.age
--- a/secrets/leet-nrab-lol-pass.age
+++ b/secrets/leet-nrab-lol-pass.age
--- a/secrets/legion-niko-pass.age
+++ b/secrets/legion-niko-pass.age
@ -1,7 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 ioPMHA jkLofh/bWIQ2C6GuMO2rj3txFSZqbygxmw2Wqf6BRnI
-cEN5l7MtRup7CrcvErWqQkjoswJhHVSwLYHlwbVHHGU
-> ssh-ed25519 GKhvwg sLzHoAm6XHQnOdZLNkjyMgNcV1LCzH5JoYprzu0bgEs
-uDrJR546WgW8PBoKRg+hZYzNwRtwUErT6jWFj9pDHlo
--- N8Tmhynh1k7quJdAgqNPnsa7tjkt/Ev5LrdhojbiM9E
-¤´A hWÜÍó”€Â+¯Xå²†G•*Ó<>ŸLŠ¢¶Možµ¥U+mÌ/%zP¨õ¦¾.ûœo¤î‰ö%þmcŠU;¹~[¤gáÏ°5ï82O¨-\ L•°ÿ2MX£JÃ2nÏfÎôþ?O
+-> ssh-ed25519 ioPMHA Swzz0jWR8ergR4rY0Mht17fW281TfqCIMpCvZihB6Ek
+9ZTI7oWuFheb42d2tHJEH+IITrbLmNeELzQ2st3MuIg
+-> ssh-ed25519 GKhvwg 37Rw1F7e8ZMopUAKhm/L+fwTzAC8wYpNm3Ingt5xXWQ
+g7hTguWj+c/atzV8GvCS0TxAILqEAHijJqsG28FEgoM
+--- wp7RhCcX8WQng29KppL/B/4Vn7PbX9YptE15FDOENRU
+â`lj6ý \ºUD0ù·ë<C2B7>Ì:{Ú0¥ƒ°Ã¡`–x´ÙŒï¼ïö€gˆÂ.‰ÑÂ?ñEU¶”¹Ä¦õé©yX§a,ásÂC[üÌáMùÞÿœ‡ÎNŽëXÔ÷…ûùà¢‰Ó
--- a/secrets/nrab-lol-cf.age
+++ b/secrets/nrab-lol-cf.age
@ -1,8 +1,8 @@
 age-encryption.org/v1
-> ssh-ed25519 84j9mw J8KF1LlgpFaq/LBh5/4H+RZ6et86bdDFOvi8+kpZXRA
-gs3mQE2r0uizPXVhiOv93DpIWFkQ8KkmNqEZ71p8KFk
-> ssh-ed25519 GKhvwg xh1ZHY499FomptXCxj5a1NO3j0KtIKXpsYZFF5erXik
-bmDBVcJLUzrDPEGzZO0kVgXDaWXbm5RpyCq8/A+Zk4I
--- TIKd5u8wRwrMAeDIkm9sIzeW2m+jXuzBewAVd5w5iqk
-<EFBFBD>Èâ1I¥È4œçqÓÔ™?b¡oUÔÇ2ùÙ<C3B9>eC:Ôû«PšÃî±žè›
-‡ªL#ÐYž+°R…,<2C>ö·CbŸö‡X„EuRD i,Ø1ÀÀoùZìx&
+-> ssh-ed25519 84j9mw ILWqHbxvEqIrjjXBJM57buPfjqUzShGomwOsLXP1aCw
+JSyo00R8+WemsEX3hnOchb3tPwdATp8pKFyAJxMzqlE
+-> ssh-ed25519 GKhvwg k5C6W1n0hD+NPMUXcJF9CHgcUoRGGSmHOd2J3gDFeWU
+wXHLNK21wC9nno9CFyRDozFJxikyRdaXyG1vnsn2Hf4
+--- 5CTApyYf69lPis/nqSnSez5JZKV/sdG9IxhsRPh97dI
+±Bw<42>„^# ÁA+Ôå²Ç<1F>ô·nýC/ÈláÜ¬œ(Fq~‰jÃ§xÄúJo_ò†eÍøkEÚìÐÆ¡~V„·–Šu1óÂ'sù[-¸a
+”„
--- a/secrets/ntfy-alert-pass.age
+++ b/secrets/ntfy-alert-pass.age
--- a/secrets/ntfy-niko-pass.age
+++ b/secrets/ntfy-niko-pass.age
@ -1,7 +1,8 @@
 age-encryption.org/v1
-> ssh-ed25519 84j9mw 9fO0Uss0X8+FmibHo84aRYKDB+Mavp9X2Cg9lqGTixc
-SnOdbe+GzL01jJ4rSSh+4Xb/CIJ/23bb0/+D686TnTU
-> ssh-ed25519 GKhvwg u3V5o3Mtk5YiwzETseVfBYlPT29HS1mwheCUCyJUh2M
-jko5Sdf+4E61I5dpjH4bUth60B8BnnOsOcAIdcMzBFw
--- CO2Ky/1xxfSu/Tb3f0a8ORtCoRkfeh1cDtJiaP/1MDI
-l*[—'ïA™Ùu27¢ý#uè¶¶³IQmå,XC7°|Ùž/Î‰rÿ¾æ-¢<
+-> ssh-ed25519 84j9mw hEtr3ET/9edzqFXoc39m5fmrEF4AA9msJJ6Q7NlPs3w
+anGy/8/x2OZV6Hvy8qt6uFH5HeDh73hDA0yPn70dwEU
+-> ssh-ed25519 GKhvwg juWch3g5LsM6tz9YCuXx+apVRpmtH2M9hnweKwnoOAg
+lDiS4TsYik7oM33adKJkaJciT7e5cxdqvf6aXRRuqDo
+--- tU6RdGReOS8XhGpBjpBJRu6le7xh8u4vJ/wHFeK3ewY
+($Ã”I„Žvõ
+ÿZëÿaÅùåI81€Tß©"ÎK¥‡™Ç#Ú´á™¦Ï<C2A6>Q
--- a/secrets/rabulinski-com-cf.age
+++ b/secrets/rabulinski-com-cf.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -10,10 +10,6 @@ in
    keys.system.kazuki
    keys.other.bootstrap
  ];
-  "vault-cert-env.age".publicKeys = [
-    keys.system.kazuki
-    keys.other.bootstrap
-  ];
  # "bitwarden-env-file.age".publicKeys = [keys.system.kazuki keys.other.bootstrap];
  "hercules-token.age".publicKeys = [
    keys.system.kazuki
@ -80,4 +76,8 @@ in
    keys.system.legion
    keys.other.bootstrap
  ];
+  "rabulinski-com-cf.age".publicKeys = [
+    keys.system.kazuki
+    keys.other.bootstrap
+  ];
 }
--- a/secrets/storage-box-creds.age
+++ b/secrets/storage-box-creds.age
@ -1,7 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 84j9mw cEEM1sFBEx0VLeOpToON4hb6d21gJEYMMn/vlHu/wBs
-khAgpAFxFGKBIG2z0f5qqh122KGsrlkt5FM+5daqQcY
-> ssh-ed25519 GKhvwg Zac7w0M77F9n0QjqEFe/mpyjanhH6YH2fc1UPPapx2o
-6AvDBxnlMZhQ/6inLj7d72k1P0EI43wBniwa5ieTgYk
--- zEz2LeBNXbH433jUfugEYHVMeEB64yq2/01Xd18tPgg
-€åg„]ººi°7‹±ŽËRñl4åõ÷p	ö¿C&<26>)oÅ^Ê…IsÄi¨:««[É¥7w ŽïyeXàš6$
¢¬åÙ—´°
+-> ssh-ed25519 84j9mw PC6bFOK3ckx+3BAhkeF4uQFKts+qv0iYBDfGZFvm9lI
+qQVTypBokLOfA8Dy731amUqDOMhZW7IAvscVQPpLbrk
+-> ssh-ed25519 GKhvwg jRZeUjFXgdMC/wPTDTxkcCRBwWvZrrAbOyRXW9/TqWQ
+Xyfz103+dug2SjKjxCZHLR2diFU4E+CKqOsvdGupbkY
+--- 4sX0V7sT9x5VYJhIJFABFDWjdwJkZ1c+tiK8aQXCjGk
+W"Ö/|5Í²:)°.tñvNSºo¬ÇáoQ†1þ@YÕ]±øÿ‘<C3BF>‚ca†5¤N\N="‚ÉçOùááäïòV¯Iåxõ`ý6Ac
--- a/secrets/storage-box-webdav.age
+++ b/secrets/storage-box-webdav.age
--- a/secrets/vault-cert-env.age
+++ b/secrets/vault-cert-env.age