From 5895a66911100b5f997f78bb63729abcb44dda66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Laure=CE=B7t?= Date: Sat, 13 Jan 2024 16:29:01 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=94=90=20(secrets)=20rekey=20secrets?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- flake.nix | 1 - secrets/borgbackup.age | 17 +++++------------ secrets/gitea.age | 20 +++++++------------- secrets/secrets.nix | 2 +- 4 files changed, 13 insertions(+), 27 deletions(-) diff --git a/flake.nix b/flake.nix index 1e3ae6b..018ac62 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,6 @@ { description = "Laureηt's infrastructure"; - # TODO: rekey les secrets + changer la key de cesium # TODO: luks encrypt cesium (dropbear ?) # TODO: setup disko sur silicium diff --git a/secrets/borgbackup.age b/secrets/borgbackup.age index 1d68b46..dd7c433 100644 --- a/secrets/borgbackup.age +++ b/secrets/borgbackup.age @@ -1,12 +1,5 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtaRXBXdyBCSFps -YjhJT3l2NVMwUlc1L3laWmRoaHRjZUpzbFZyMXA2K3diZ1VuZWdzCktYa0V5Ujk5 -M2JndmxSMkZpZFZCN25uaVFDMk1aNDJhbmo4YlU1MVVMTkkKLT4gTGo+Ti1ncmVh -c2UgWFVaL0cKTTJ6ZGpRNzVkQTdBL00rd1NIVFpwQkV5WmVPWWJLMWNlaE51cDVy -ajVJd3VOL1pUSkxJVGJiejFQR3UwWFdQQwpqN2tTZzhWem85TGhEYmtRM3lKNHpz -azlreEFvbFgwYWxJK0JxMGV1MUFlUHQ4dVppYUtScjZ5Vjl2N1VQa21hCgotLS0g -bXA2YUxBNEc4NThjKzNKSXlNcEE5TE1DbWxoVUcxZTRLYXZrY1Rrb2cyTQqFtX6u -I6xKT4GsVsZONMHURFyBrwC6f9nyDcZv7w7i+0WjpalP3k26D3pLbB4I3g5p3X8U -A60vagUy20vBPYYh9P2dGsLDieGq6GRxQfwIXHkxZ+d7akAi3n+p5ltfJ2h9Zuti -RRBKtnxVIaHp6TZjausCKVfvIXW540gQogiUjadPm7xt ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 kZEpWw GRcmqKupwo/EZ5c28pu4Te0ODGmWU0rL+3HIbg7qgFE +dfnJzw6kZGgZQFoXjCNAOTnoLf4TO7ZTNT0ob0Q0qO4 +--- G6vG/80pcxtFNhbMacVxv393O4U9cpQEA8t0b4KMUzk +be$c`.k#^:"Κh8]d$j"aMu@i Zק^ei ݢe&e,-yF m,"C[*\7Ճ(jcCVfJ \ No newline at end of file diff --git a/secrets/gitea.age b/secrets/gitea.age index 366aa36..823fc37 100644 --- a/secrets/gitea.age +++ b/secrets/gitea.age @@ -1,13 +1,7 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtaRXBXdyBaTENK -NGt2K1pRRll2cStROFJDT0hMVzVSWEJQRmErUHpVVndyQzBDUmlvCnhlREd3YWc5 -c09LdldNeXZwMmg2SlNLRXhrelVwNnRua3BHN2JLYWlyZE0KLT4gc3NoLWVkMjU1 -MTkgdjhFOVV3IE1acEhiTElpTzVQc3ExdkNVaG41SlQ2TXUrcTZJVE9Oc1hqRVNt -clhMMGsKZ1Z1THRhZzZ3MkNHODV3RWllbzJUSk4xTk1DcGl2MzV3UFlGZXdZRldz -VQotPiA8ODZhZjAtZ3JlYXNlCjJidUIrVmZ3MHdYVUlzdDl2VHIzK3BUWUQxOGVG -OXFGMDNuY3VDTnNldEZjdlFQV2N2SUk1dkc2SnJ4b1ZXb3YKVzIrTVFxb1d0SE1X -Z3hSK0x2MWMKLS0tIHFwemhyYmxDSEhCUk90TW1nSmMxYVE2ajJYOUpNVG54SHBS -MWk2L01qMWcKhPYyts5zbaAtGuGVJpwReTxAj0iCR9Fqa3TwMzogeSEEZhyp3j3w -Vc+RiCM/ykf4DqFg/Xiulb2H+3TN0lT40UF2VEHbSnZFvJDDR9ltVwubI7fq8C5r -feA1+W0uQ7FDY4a+q1yjHcf47oirK6Q1+95hAn+Iq+koiEDP6TquTAWCaOIpMg== ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 kZEpWw wwRzGnuU1emv5/dIg1nmg6gsFIq+b/JBdML9nlZ54V8 +uw2/wrycilU5m0QH/JHVADH41mAqcl7udmfpKAwMQAY +-> ssh-ed25519 mQMqbw OnupY43Uc/RGdHHUj9ItT5QBiASqwMpyih4Xnq1JSRU +1PEkalnMjdgObz6euu0PbuutOyly/F5AGYEzYWcWpgg +--- /KSY8DngUMetAF2hSb/scg2ZcV2I2bGu6B1JsdWHH+k +EvR1/$~XJѹ #W0c% \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ff7bfd1..1cef618 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,6 +1,6 @@ let silicium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@silicium"; - cesium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxh42mMYqftTU7WtfktZbkdMI07VuH7mhUv3m2Ca3fV root@cesium"; + cesium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVxpWbNJl+OXe6YImMpsJprfuTd+9UJVTiteiuyx6oP root@cesium"; in { "borgbackup.age".publicKeys = [silicium]; "gitea.age".publicKeys = [silicium cesium];