diff --git a/hosts/kazuki/vault.nix b/hosts/kazuki/vault.nix index 0178379..aeb1a57 100644 --- a/hosts/kazuki/vault.nix +++ b/hosts/kazuki/vault.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - age.secrets.vault-cert-env = { - file = ../../secrets/vault-cert-env.age; + age.secrets.rabulinski-com-cf = { + file = ../../secrets/rabulinski-com-cf.age; owner = config.services.nginx.user; }; @@ -45,6 +45,6 @@ security.acme.certs."vault.rabulinski.com" = { dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.vault-cert-env.path; + credentialsFile = config.age.secrets.rabulinski-com-cf.path; }; } diff --git a/hosts/kazuki/zitadel.nix b/hosts/kazuki/zitadel.nix index 7abcd8d..71d0fe3 100644 --- a/hosts/kazuki/zitadel.nix +++ b/hosts/kazuki/zitadel.nix @@ -1,5 +1,10 @@ { config, ... }: { + age.secrets.rabulinski-com-cf = { + file = ../../secrets/rabulinski-com-cf.age; + owner = config.services.nginx.user; + }; + settei.containers.zitadel.config = { services.zitadel = { enable = true; @@ -59,4 +64,9 @@ }; }; }; + + security.acme.certs."zitadel.rabulinski.com" = { + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.rabulinski-com-cf.path; + }; } diff --git a/secrets/alert-nrab-lol-pass.age b/secrets/alert-nrab-lol-pass.age index a41dc38..353ae7d 100644 Binary files a/secrets/alert-nrab-lol-pass.age and b/secrets/alert-nrab-lol-pass.age differ diff --git a/secrets/alert-plain-pass.age b/secrets/alert-plain-pass.age index e638fc8..0509d95 100644 --- a/secrets/alert-plain-pass.age +++ b/secrets/alert-plain-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 ioPMHA 631XxPesBw0DC687j0Du8gyvwHuN8DrRMtVVVPJ3kEA -A0zq6X8YgNVGMUBtpozcwXmy8pVQwtJRpelSPVywJ+Q --> ssh-ed25519 GKhvwg NPPNc8ZreWcjYkriM0fn76AoYO5HSFmGY2Dnbhjchlg -fpchA60ze8fx3ooQlyRk9lapL+m90NLn+p6eKRoyy64 ---- KYS9LOiN9+RIlzyPZ71iqQ0c6I7MptxKzjfZzrEeAhs -z [i_1x>G72L!K,[7Q \ No newline at end of file +-> ssh-ed25519 ioPMHA Ke9jYfZ1pj3f+tZg6NR6mdzibsLRvF/rUAVB+p8xPH4 +NVlUyypRIFQ2wAZaINdPtcycrMQGwKDuVtBDO8SkMfA +-> ssh-ed25519 GKhvwg 2jcoyEktwq/qtA+vSN4vm16N4BfKTxmN0PhVmdmkUzM +LQA95udqdlmCeNltiwWXoxjb0T6A+4OyGLqtAFt5kYM +--- zz9haSf4ourwVu7+V3AnVUk76SfSsYgiTQkWaruz/u0 +0agVɱsn#&I^T&M*ih \ No newline at end of file diff --git a/secrets/attic-creds.age b/secrets/attic-creds.age index 94875ac..18f9e54 100644 Binary files a/secrets/attic-creds.age and b/secrets/attic-creds.age differ diff --git a/secrets/github-token.age b/secrets/github-token.age index 516eb0e..b9e993b 100644 Binary files a/secrets/github-token.age and b/secrets/github-token.age differ diff --git a/secrets/hercules-cache.age b/secrets/hercules-cache.age index 5d7c19b..b5456e6 100644 Binary files a/secrets/hercules-cache.age and b/secrets/hercules-cache.age differ diff --git a/secrets/hercules-secrets.age b/secrets/hercules-secrets.age index 6df036f..c743767 100644 Binary files a/secrets/hercules-secrets.age and b/secrets/hercules-secrets.age differ diff --git a/secrets/hercules-token.age b/secrets/hercules-token.age index bd83def..6159676 100644 Binary files a/secrets/hercules-token.age and b/secrets/hercules-token.age differ diff --git a/secrets/leet-nrab-lol-pass.age b/secrets/leet-nrab-lol-pass.age index 6788736..5d4884d 100644 Binary files a/secrets/leet-nrab-lol-pass.age and b/secrets/leet-nrab-lol-pass.age differ diff --git a/secrets/legion-niko-pass.age b/secrets/legion-niko-pass.age index b6e5efb..883e11d 100644 --- a/secrets/legion-niko-pass.age +++ b/secrets/legion-niko-pass.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 ioPMHA jkLofh/bWIQ2C6GuMO2rj3txFSZqbygxmw2Wqf6BRnI -cEN5l7MtRup7CrcvErWqQkjoswJhHVSwLYHlwbVHHGU --> ssh-ed25519 GKhvwg sLzHoAm6XHQnOdZLNkjyMgNcV1LCzH5JoYprzu0bgEs -uDrJR546WgW8PBoKRg+hZYzNwRtwUErT6jWFj9pDHlo ---- N8Tmhynh1k7quJdAgqNPnsa7tjkt/Ev5LrdhojbiM9E -AhW+X岆G*ӍLMoU+m/%zP.o%mcU;~[gϰ582O-\L2MXJ2nf ?O \ No newline at end of file +-> ssh-ed25519 ioPMHA Swzz0jWR8ergR4rY0Mht17fW281TfqCIMpCvZihB6Ek +9ZTI7oWuFheb42d2tHJEH+IITrbLmNeELzQ2st3MuIg +-> ssh-ed25519 GKhvwg 37Rw1F7e8ZMopUAKhm/L+fwTzAC8wYpNm3Ingt5xXWQ +g7hTguWj+c/atzV8GvCS0TxAILqEAHijJqsG28FEgoM +--- wp7RhCcX8WQng29KppL/B/4Vn7PbX9YptE15FDOENRU +`lj6\UD0:{0á`xg.?EUĦyXa,sC[M NXࢉӭ \ No newline at end of file diff --git a/secrets/nrab-lol-cf.age b/secrets/nrab-lol-cf.age index 31220f1..82b9007 100644 --- a/secrets/nrab-lol-cf.age +++ b/secrets/nrab-lol-cf.age @@ -1,8 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw J8KF1LlgpFaq/LBh5/4H+RZ6et86bdDFOvi8+kpZXRA -gs3mQE2r0uizPXVhiOv93DpIWFkQ8KkmNqEZ71p8KFk --> ssh-ed25519 GKhvwg xh1ZHY499FomptXCxj5a1NO3j0KtIKXpsYZFF5erXik -bmDBVcJLUzrDPEGzZO0kVgXDaWXbm5RpyCq8/A+Zk4I ---- TIKd5u8wRwrMAeDIkm9sIzeW2m+jXuzBewAVd5w5iqk -1I4qԙ?boU2ٍeC:P -L#Y+R,CbXEuRD i,1oZx& \ No newline at end of file +-> ssh-ed25519 84j9mw ILWqHbxvEqIrjjXBJM57buPfjqUzShGomwOsLXP1aCw +JSyo00R8+WemsEX3hnOchb3tPwdATp8pKFyAJxMzqlE +-> ssh-ed25519 GKhvwg k5C6W1n0hD+NPMUXcJF9CHgcUoRGGSmHOd2J3gDFeWU +wXHLNK21wC9nno9CFyRDozFJxikyRdaXyG1vnsn2Hf4 +--- 5CTApyYf69lPis/nqSnSez5JZKV/sdG9IxhsRPh97dI +Bw^#A+ nC/lܬ(Fq~jçxJo_ekE ơ~Vu1's[-a + \ No newline at end of file diff --git a/secrets/ntfy-alert-pass.age b/secrets/ntfy-alert-pass.age index f67b830..59aa10a 100644 Binary files a/secrets/ntfy-alert-pass.age and b/secrets/ntfy-alert-pass.age differ diff --git a/secrets/ntfy-niko-pass.age b/secrets/ntfy-niko-pass.age index 34a4c45..8b9a9b3 100644 --- a/secrets/ntfy-niko-pass.age +++ b/secrets/ntfy-niko-pass.age @@ -1,7 +1,8 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw 9fO0Uss0X8+FmibHo84aRYKDB+Mavp9X2Cg9lqGTixc -SnOdbe+GzL01jJ4rSSh+4Xb/CIJ/23bb0/+D686TnTU --> ssh-ed25519 GKhvwg u3V5o3Mtk5YiwzETseVfBYlPT29HS1mwheCUCyJUh2M -jko5Sdf+4E61I5dpjH4bUth60B8BnnOsOcAIdcMzBFw ---- CO2Ky/1xxfSu/Tb3f0a8ORtCoRkfeh1cDtJiaP/1MDI -l*['Au27#u 趶IQm,XC7|ٞ/Ήr-< \ No newline at end of file +-> ssh-ed25519 84j9mw hEtr3ET/9edzqFXoc39m5fmrEF4AA9msJJ6Q7NlPs3w +anGy/8/x2OZV6Hvy8qt6uFH5HeDh73hDA0yPn70dwEU +-> ssh-ed25519 GKhvwg juWch3g5LsM6tz9YCuXx+apVRpmtH2M9hnweKwnoOAg +lDiS4TsYik7oM33adKJkaJciT7e5cxdqvf6aXRRuqDo +--- tU6RdGReOS8XhGpBjpBJRu6le7xh8u4vJ/wHFeK3ewY +($ÔIv +Za I81Tߩ"K#ᙦύQ \ No newline at end of file diff --git a/secrets/rabulinski-com-cf.age b/secrets/rabulinski-com-cf.age new file mode 100644 index 0000000..25cef0a Binary files /dev/null and b/secrets/rabulinski-com-cf.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d93cc64..b58981e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -10,10 +10,6 @@ in keys.system.kazuki keys.other.bootstrap ]; - "vault-cert-env.age".publicKeys = [ - keys.system.kazuki - keys.other.bootstrap - ]; # "bitwarden-env-file.age".publicKeys = [keys.system.kazuki keys.other.bootstrap]; "hercules-token.age".publicKeys = [ keys.system.kazuki @@ -80,4 +76,8 @@ in keys.system.legion keys.other.bootstrap ]; + "rabulinski-com-cf.age".publicKeys = [ + keys.system.kazuki + keys.other.bootstrap + ]; } diff --git a/secrets/storage-box-creds.age b/secrets/storage-box-creds.age index ddc30e0..5042f31 100644 --- a/secrets/storage-box-creds.age +++ b/secrets/storage-box-creds.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 84j9mw cEEM1sFBEx0VLeOpToON4hb6d21gJEYMMn/vlHu/wBs -khAgpAFxFGKBIG2z0f5qqh122KGsrlkt5FM+5daqQcY --> ssh-ed25519 GKhvwg Zac7w0M77F9n0QjqEFe/mpyjanhH6YH2fc1UPPapx2o -6AvDBxnlMZhQ/6inLj7d72k1P0EI43wBniwa5ieTgYk ---- zEz2LeBNXbH433jUfugEYHVMeEB64yq2/01Xd18tPgg -g]i7Rl4p C&)o^ʅIsi:[ɥ7wyeX6$ ٗ  \ No newline at end of file +-> ssh-ed25519 84j9mw PC6bFOK3ckx+3BAhkeF4uQFKts+qv0iYBDfGZFvm9lI +qQVTypBokLOfA8Dy731amUqDOMhZW7IAvscVQPpLbrk +-> ssh-ed25519 GKhvwg jRZeUjFXgdMC/wPTDTxkcCRBwWvZrrAbOyRXW9/TqWQ +Xyfz103+dug2SjKjxCZHLR2diFU4E+CKqOsvdGupbkY +--- 4sX0V7sT9x5VYJhIJFABFDWjdwJkZ1c+tiK8aQXCjGk +W"/|5Ͳ:) .tvNSooQ1@Y]ca5N\N="OVIx`6Ac \ No newline at end of file diff --git a/secrets/storage-box-webdav.age b/secrets/storage-box-webdav.age index bd650f9..15903c5 100644 Binary files a/secrets/storage-box-webdav.age and b/secrets/storage-box-webdav.age differ diff --git a/secrets/vault-cert-env.age b/secrets/vault-cert-env.age deleted file mode 100644 index 070e2d3..0000000 Binary files a/secrets/vault-cert-env.age and /dev/null differ