From 6a456fc990cdc259248b304dcef525e9f62aa73a Mon Sep 17 00:00:00 2001 From: uku Date: Thu, 18 Jan 2024 16:35:14 +0100 Subject: [PATCH] switch to age keys --- modules/common.nix | 2 +- secrets/fuji/rootPassword.age | 22 ++++++++++------------ secrets/kilimandjaro/rootPassword.age | 23 ++++++++++++----------- secrets/secrets.nix | 10 +++++----- secrets/tailscaleKey.age | 20 ++++++++++---------- secrets/userPassword.age | 19 ++++++++++--------- 6 files changed, 48 insertions(+), 48 deletions(-) diff --git a/modules/common.nix b/modules/common.nix index b9fab7b..186e151 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -7,7 +7,7 @@ ... }: { age = { - identityPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + identityPaths = ["/etc/age/key"]; secrets = { rootPassword.file = ../secrets/${config.networking.hostName}/rootPassword.age; diff --git a/secrets/fuji/rootPassword.age b/secrets/fuji/rootPassword.age index ac9bdc5..f73f458 100644 --- a/secrets/fuji/rootPassword.age +++ b/secrets/fuji/rootPassword.age @@ -1,14 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFd5V3BRdyBQcnVF -UGNPWC9NaUJhbEZnbGFjUEtDS2FEZWRBeUxaK1JpZ08xY2tiUEVjClEyb09tVWlk -WGtkRXBIU1JPUGZKVUJVQ1lOV0R6K1NjVkZQeldvS212RWcKLT4gc3NoLWVkMjU1 -MTkgVmIvYW1BIFRkNTJrYzZtYlhIVUZ3T3FDNWlwV3NnK1U1UjltbGJuL2U5MFVY -RFpLaGcKYU4zQ1BaalNCNG1FOXN4ZStkdW9XNEFqbTdBVVdTZmFTMERNTEFXNkZi -QQotPiBvT2Z9My1ncmVhc2UgYmRoMm0iNFEgcyhOfWRcIDwKTVJVZllHWnhjUG9m -Q0hmWTBmTVlmT2RReFJjU2FKWGpTMi9WaUlZTWoxL2pmOFRMVjVpbU9jREJoZlBm -NlR3QQpRYUpZakNXNWpKSzgreEhsMWpqczg0VGhKeGNNYmc5UjJnCi0tLSBWOVZp -dkthdnh1dFV4djBTMjg1SUh6ZWpCaUttWStYTnZjREZkNnZPYWFzCpGQpx4DjeYa -ySZeZU/9qaM2lty9XsRyyY9Y3MfU4zORTEs6EoxQQ5uJSkksWOiKq1pXEVp7Eiiw -zlml1y9HZjUJWHTkJqIu47bqBIeIJjwL4PZ9L73EmTa9m+LvfqFpMC9Ka42Iwwz3 -C/7dsp19SrYydPct/nHstHL8a6ymIkXfmI35Cfl4puvE8do= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5dFR0dUVuTThzMFZTTlht +bnlPNkJ0YlV1WnA3TnNXdkJSMG4rT1JBMFVjCmdjWTR5cmZZcXlNSmJETVNVT1VF +UU1tY0ZsQzNqTE1rMXowcUpFaG9oUjAKLT4gWDI1NTE5IFNpVjA0blVIWHBlT1R3 +M3Y5T3lHaGV2c3JaREN0V1BVd0RsQWcwNjdmU0EKTnVVUEFxMWpHclZjWCtIR1lH +cUJHM3lMc1FCdVY5VTBIUGc0LzI4dFgxawotPiBnSCt6SCotZ3JlYXNlIH0KVzZr +WURzcXlHemRLOFlEcTU2WERjRDV6bWpvT0NnT2ZvR2lySDRFCi0tLSA0UDY2RG5X +MmtwZmp6VWwvT2ZvMzFRKzg5SGxkZmsvSGFhKzN2U2VoOFVFCiXEs907Y0YetyFF +0IfFzesKLjF7NWA81HeYRkK6RRk2CYDHfXOyVQdLVjUYZR3IAMmZfhxdZ2JDE5ul +WFmStlS8kpCDJjqjV5j65/BUz3NySaId7/Qh87ac5oOGLb3A5JUYU56xvBB5EOPA +17T1zatrQFbZ+b2m591Ol82qLIwpu/j4DKCH2Pnm8aw= -----END AGE ENCRYPTED FILE----- diff --git a/secrets/kilimandjaro/rootPassword.age b/secrets/kilimandjaro/rootPassword.age index ec1d0b2..fde975d 100644 --- a/secrets/kilimandjaro/rootPassword.age +++ b/secrets/kilimandjaro/rootPassword.age @@ -1,13 +1,14 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFd5V3BRdyA5aVlB -L1krb2xjbklkVCttMzZNczVYV3ZtRDBWLzI2MGphTW42TmwyTkdVCi8rOEpLUGhx -YXR1cnVZN0RVK3hOVVRwUTB4cHU3djFqY1MxeDRZckVhQzQKLT4gc3NoLWVkMjU1 -MTkgVmIvYW1BIG9qcFNzdDhaZmFxczRVd1JaTEVlSEplcTdxQTM1YTIyZVhSVTVX -OHN5bGMKR1ZjTjJ1NVdYOFFMbFUvNlRZbTU2UDdaVDBOOFh4SkUzTEl1RUZvQ2Jx -UQotPiA3djRILWdyZWFzZSBpO1dtLWpJICQyPyB+ZkRncyB9YSFVIWdzKgpBSVRU -MklzYmNNaUxQNHJ2QUJIYjhiU2Z1QTAKLS0tIENPYkpsNUI0eFVHbnRkU0t0Q3Jv -SXRsYzNjYmRKa0tQOXBnMUdmalZiS00KQDI4rngNrAQUeBm1jkO99uAba2XAOmc4 -ps3WPwPj+uQvF/kQ3sJsy6JCGErumTXJ/tm9+Atv1hrsDsCQ73vloLsbhNGNpumH -3DPYRTSr30l7ncu6qciyaFLHjSB2uTD18hh3+QSD0CJkq+0EoZZiJwZSehLsatjR -ufIgRoaf5P7cE9jBcJUT2QZSOw== +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ZmFZU1FvMDlaRWNRNXZo +TEFUWEhJem9IanZHTGVienJJcXpnNVhjQ2pnCnNVdlVpWmFhRXZSS284QkdpYnVq +SEtRZURONFFLT1U3by9lUythV3RRRUEKLT4gWDI1NTE5IDlPVEF5SFJQYmRobUQv +Zk5YaFFDWUthc3cxdjlqZE8zR1hZUHArUWRwU00KaG1qZWY0OGwrWlN6cS9GY1pL +emhVZ2k4bTF6YWp4SklhSkNGSFIvQ2M5bwotPiA4bTopWCY7Ni1ncmVhc2UgdFs5 +S1xaeFIgfk1MTApnOE10WVphZnRTd0ZKbDdGcTlvWlY3RHN0YjhRcDN3eGlNRVFk +eDZBU3RJNitZZnpmTkFsOEh3d1Ywamd3TEV1CjBJZkhQYU9iRVVGMzhnaFdBZG1D +ZUNjdEpTNDV4NEhxdWpEUU9CWDRlQ2RYVGcKLS0tIEJQQy8waFVvK0FqaklDOUZD +c3BabjA4QXJ0RTVlazl0VkJGbkNoQy9zZEEKM6mW4mDz0aWpe1x2tkpzcjdjqe0i +trBwj6kaUh3mDoUfdMLZ3FDVqi7je9jFQIBMVctzZNKMOADgbGDTli7m0wGZBWSL +i8bTv1I9tgny46Kc2jvP2xOPgfTFKU87pRf133Nt1sbxL+LT0tgcPUDuEMTf3E7U +g5FXSN7Kk/aaZ/h2U2rRddn54ypLyw== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 25ffcdd..58289d5 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,12 +1,12 @@ let - fuji = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHETiSgdsFFub534ChUKrY3U1ApAlyM7jqFmj3qN65so root@fuji"; - kilimandjaro = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPbRi03uVAVzqEI5zc8QmP3uthcC1ep55gQL+nQPrEvv root@kilimandjaro"; + fuji = "age16ujdfcahmnhe4ygruf28n0urgxycv8zgsp4f8856a5suewhn49cs0mqk7w"; + kilimandjaro = "age1ny0re542mcvf829y28rz6eta9myaqlxasfnn933srw64dlgavpsqc59q79"; main = [fuji kilimandjaro]; - server = main; + all = main; in { - "userPassword.age".publicKeys = server; - "tailscaleKey.age".publicKeys = server; + "userPassword.age".publicKeys = all; + "tailscaleKey.age".publicKeys = all; "fuji/rootPassword.age".publicKeys = main; "kilimandjaro/rootPassword.age".publicKeys = main; diff --git a/secrets/tailscaleKey.age b/secrets/tailscaleKey.age index 18d328c..46a2591 100644 --- a/secrets/tailscaleKey.age +++ b/secrets/tailscaleKey.age @@ -1,12 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFd5V3BRdyAwT3NR -NmVyVERocFpVNkpHQXBuL1oyZUx5RFdJRXpOek41Tmd3OHJTQ1FJCjJIQndIWWNn -RGh0cjdHN1lEbkdwUnhuRDlvdVVWODRJY1pjTHVIRlJJTXMKLT4gc3NoLWVkMjU1 -MTkgVmIvYW1BIEYxRlJhb3ZEMU9yMW5majlJaDFGUXVWUXlHT1NPd2J4QzM0azZo -cVpnUzgKaU5CUWQwL2NrdUc4K096eW5BckRkdHJTOCtBMW41SnJkM2ZQNHBReVdL -dwotPiBcLWdyZWFzZSBkQz0gcng1KCBXaFx1SiBsTAp3YmlGNVRKcTF2eGVkRWtV -RER2azZBNFpzdwotLS0gT2hKbmpvK25OdTNGUFBzTXNPWUxYdUIySnlGS21TY0FM -YUJiSk1WYjVtVQqAxVWNyP4XGgZahX5r3lcocV8zRWjLbu0Hyvy9Oma6fFDiEKuq -l+Xwb5Bs6WaSowSPJO815x/T/xGdo8ggntUDNDFN4lLrKQhIkz00pbbxeVaXva9X -rrkZBn8= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbEI1TTVWeE9VSTBBTmdU +dkxkdlh0bzRiTEJsamRBOC9yTTU4ZzViN3lvClZpQVFYL0h1cERadDFjbUZjT1F4 +ZmNzbEtrNWxNbURPK0xtSzhzaE9URkEKLT4gWDI1NTE5IHpYOGFTcTc2RGxvSnhC +MTk3aloxV0s0cTNPSkV3QXUxVW5PTkl4M3B3VmsKMmovM1NMeFVwTG5TVjNoMDRn +VVg4a2Q2Uk5leW5IM1JWbDBiL0lCU3E5YwotPiBmJnlOSiEwaS1ncmVhc2UgISB2 +JXpBaWBCCndwOCttYTRQV3Q3L2h4MXBWaENEQzlCZktndmhpQVduL0ExaFRzYzlv +bG5NMnJZREltekFsc21tVjZCb3FnCi0tLSBpNjBoTU9kaVpjclZmYS85YUJwbVBo +NHhJRDI4TytKa0hTUHdHcE9zV2pJCuXL+3f4X0WqOtdkf4aa4I+4j6aYzN71aUPd +gefAEG7Nrl1XiGX01K0dYfm8rnWmf1tNhfXpmq9eU7KTfLvK8bTrqOuKQtJqXnOp +ansfY2eWuGNDu1LdlbGIrg== -----END AGE ENCRYPTED FILE----- diff --git a/secrets/userPassword.age b/secrets/userPassword.age index ddb779a..9b1ca53 100644 --- a/secrets/userPassword.age +++ b/secrets/userPassword.age @@ -1,11 +1,12 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFd5V3BRdyBZbkkw -UlVDRmY4SStUc3NUeHJwajE2MGZKU01abXBsSjhUTlVaR1RUS0FBCnI1aGdOeTRS -cE1va3MyR08rSFZXd0h3eFNTcm05dGZGYTVFeEk1TC8zR1EKLT4gc3NoLWVkMjU1 -MTkgVmIvYW1BIEJlbHhZVUdTWlZSeFNWT2xON1RCRWNrQnNpeDNiTE1lcERCSFNo -Y0NmQmsKM0hBdkZ3K0FpV3RxMUs0eXkySmt0TDB6U0N1dkhUczhsWUowV2lCSkxq -awotPiBqYi1ncmVhc2UgdCcKdTRlOQotLS0gR2Q4ajQvR2p2cWVmS3dMeTJNam5H -NUU5dkxvRFA2SXdEa1NtTWZUOE1uZwrc3tjr3tkK0xwRJT1BvUWvKmsMBqlwly7p -CBB0rphclsuS+HdxuCU1/qQ6dfXw8heoIKrRR0iTFp3NMZLQgcrWExwqRfQhS4wy -uA/xZPhUA96MhTpTtthnmClSijn5rAv++DFx9UajBjXr +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4amN5eXNianBtOTRpQ2hj +clhMVUwweXRkblYyS1VjdllRRTIrZ25KM25jClhkT0kxaUVWWTEzTk5wU012WEFl +Skc1K01BdXFMVG82emo5SXRRdEIzcFEKLT4gWDI1NTE5IE9NaHl2OXd6ZXlMdXVB +aklzZ0FIN3JKOWpkVkV3RHlRLzZXSjdQNlNRMDgKUHA4U1FTdTBKTkd3cEVUTUFO +Ujc0cmNEMjZsVDJCNkNsczVTMGJnOHFzcwotPiBnQSJJRy1ncmVhc2UKMUxPQm5G +blhzWTBWYmQ5dTZJWjdTNnZJQTY0L3p6S3ZVa3FLNVR1UENVVVRVYUJteG1IdGtU +MEpoSnBEQ1hBMQpZakdHOE12YQotLS0gTm93cXJoNEVUVjRzQlpDaHA0UVIyNXFr +MG9OYUFBekJ3TUdqVTlEcm1pbwoV2hJ7OZJ9OWVyn0Ma1LCS0vm+Lq5pVxodl6dX +mLwd9jT2ELKelt1CDkzTESToZw6FeFifC14Jv8H9z0+IwThBT9kptQ9xIsvtJ5vH ++yUTtxcz6oWJA8f8xRGh1FvWrUf1g7xhMkzVstPv -----END AGE ENCRYPTED FILE-----