Secrets are not available during build phase. Store plain proxy cert.
This commit is contained in:
parent
7d02cab301
commit
40bcd631dd
4 changed files with 14 additions and 6 deletions
11
machines/Marid/certs/proxy
Normal file
11
machines/Marid/certs/proxy
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBpTCCAUqgAwIBAgIRAIflL1WWaHxgiJbOCWYfGi8wCgYIKoZIzj0EAwIwMDEu
|
||||||
|
MCwGA1UEAxMlQ2FkZHkgTG9jYWwgQXV0aG9yaXR5IC0gMjAyMiBFQ0MgUm9vdDAe
|
||||||
|
Fw0yMjEyMjMwOTE5MzZaFw0zMjEwMzEwOTE5MzZaMDAxLjAsBgNVBAMTJUNhZGR5
|
||||||
|
IExvY2FsIEF1dGhvcml0eSAtIDIwMjIgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggq
|
||||||
|
hkjOPQMBBwNCAAR+7NPc1wU+ABpAhYeuyRzEeV1v01hWrMjdPvy6G4dD/Oon2A2Q
|
||||||
|
Usi6QL/c5tuEfbqbWcZDkwLJcMxJaRQtqN3do0UwQzAOBgNVHQ8BAf8EBAMCAQYw
|
||||||
|
EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUQZIPAhP0jaREFGTlSfy+uWfs
|
||||||
|
gjUwCgYIKoZIzj0EAwIDSQAwRgIhAN5Qh5IzCxIL04ms8lmcOzjcSmB38VV5Bcrs
|
||||||
|
mnskmEZvAiEAiEORBtKwR6WaxRDzWdYgZDLVg2Q3QH3Yu4m8denQMV4=
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -3,7 +3,7 @@
|
||||||
{
|
{
|
||||||
services.cron.enable = false;
|
services.cron.enable = false;
|
||||||
security.pki.certificateFiles = [
|
security.pki.certificateFiles = [
|
||||||
config.sops.secrets."certs/proxy".path
|
./certs/proxy
|
||||||
];
|
];
|
||||||
networking.dhcpcd.extraConfig = "noarp";
|
networking.dhcpcd.extraConfig = "noarp";
|
||||||
system.stateVersion = "21.05";
|
system.stateVersion = "21.05";
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
users:
|
users:
|
||||||
derped:
|
derped:
|
||||||
password: ENC[AES256_GCM,data:bSkIZ3CrpnYPzmOZSp/J6y2IUXOe2kszqRYH1ffv7UQgE0sbbbRD/Re5b/p2RfJMhF7vRGH7QfSX6rcTMktyf4cnq14L655OHrah4/+J9YgRRYtGKNeVxr6DJAFPcoW3nc99,iv:NI9lm0SeNN0keDxeLoa+tU6LCfDkICJNCMm90+kKd5c=,tag:edoH4DVqjnu4233DXk5GIg==,type:str]
|
password: ENC[AES256_GCM,data:bSkIZ3CrpnYPzmOZSp/J6y2IUXOe2kszqRYH1ffv7UQgE0sbbbRD/Re5b/p2RfJMhF7vRGH7QfSX6rcTMktyf4cnq14L655OHrah4/+J9YgRRYtGKNeVxr6DJAFPcoW3nc99,iv:NI9lm0SeNN0keDxeLoa+tU6LCfDkICJNCMm90+kKd5c=,tag:edoH4DVqjnu4233DXk5GIg==,type:str]
|
||||||
certs:
|
|
||||||
proxy: ENC[AES256_GCM,data:T68c6HOxit4pJwWhRcYfFFXi3F8c5j0auiIAlafoexaJvOgnarjmyDnikRB4+gobV0ZytVYIRosb2JuqtH159B05310dJDmUBnGPpOyKSKtPjIaKV0BFCnMI04sosTqh0dNKhqPCuA/95QNJeXvJ3zHkpWuriZhuej45EGJLROWG3fQCpibdDvYaeHhWj2SdtJB9o/eRRbyI7g/AuqJfuvHXoKJmTKbsEXZHu8M0qAiABoR/fuMwF8/FrCgzJ9FZPLPBqQLfGzLMyRULYay8JYegmbvw/YKGk2Y6OMp2zgQOz2xbIAPfGFrPVhoaeyJMRq6aaVa1zupHKFLd8R+cxIfYuViRwMQGOQWZ/hy6gEOCasBzZQVP1SXpCYmHLZPK1Q9jsRxO3ja61EBwNg2dFEe9ONBfSftmj71Ipzrjo/jm3VBPabI3OYbp6LaDIShn/lJxVoyTYJiSe2rn1jix/LE2mwJYg//g2ckkCDSJCVr991MHpsYKeGc7Aocxy/UAWUFPWtCdLGfkJ5T/Z1jYqvGE0MbcifUO2KBvOdZJSu4ptYWxgq1hg0q+f/KQu7WPGcDXpiE2AOfA04coaF+NxCOwHq46py7Ez36wt4y3a2/5xBYnvsdQCb2kKf253IuSF1hMB+yj0Fbw2+HU4FK5V8zuVjfhvC9zncq8WSWojiyodWritbzBKBj/FDqOSKH4UdFfsC4oSzY8y0vDsW5Ied2iE5gPlDeXqwmkfEQuqtBLekc8063ny+iX8TD+5WbEUxn+6++lXiQZWPcaGffGSWcGFaE+EhKV67ul6uARYSuB328WO/mA9cKlv1xPH4HwEXcqPBOdtw==,iv:vyUBk+7VryI+u1yIkPYLYV13gZVE2P9q4T/pmz92OqY=,tag:htempltVO7hkJI0Wfkgm/A==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -18,8 +16,8 @@ sops:
|
||||||
MHl3cFVaa0pnbTR3NGhuTXp0dk5ob2cKh2aFZqv1C/m3rZvEKSl9sCYJ8lC/mofq
|
MHl3cFVaa0pnbTR3NGhuTXp0dk5ob2cKh2aFZqv1C/m3rZvEKSl9sCYJ8lC/mofq
|
||||||
oaigG2BXkgVkcT9xhZufWkMDhS+mOZW7oL0m2DDM3M8cnSMx55ONFg==
|
oaigG2BXkgVkcT9xhZufWkMDhS+mOZW7oL0m2DDM3M8cnSMx55ONFg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-06-17T17:35:37Z"
|
lastmodified: "2023-06-20T07:56:36Z"
|
||||||
mac: ENC[AES256_GCM,data:r4VXy06lvBAtGMexX3zDg9VI67WYeWLS7g9zg9HIv9rZUfwF2/2ZAXDu4PC9Ree8navCb1JhRYpopkZqlm04ky/6XI8RgFfGHXrdtvJAMJeS3houHuL7xLHlEarPvlLfE53g0zZa/GJqBiPzv+VTFEibv6kRKhhQ3FyRgsqUrO4=,iv:cpX1FIhCivvzM6dN4e+z6A2Lo/crHxRffRDweIViehA=,tag:FHRX14G/ke8MgJMyge+eiQ==,type:str]
|
mac: ENC[AES256_GCM,data:tBRPhDw4GUhtWT33zx1YwdHq0lT5DrMC5QYCat6CsD6jgbrRMZ3ZMH3JDr2/ZtqicyxR0lx789aNrZTL4aGbf+2XRgJzrH7gTPCWOTavbs/Yovv02JQV1nX+LCH0/wxYuS+50Z9p8rnIoSFaCb+bNU1c51EaNRPnHWmTwQpprL4=,iv:AGC34KpJ4YBUvVCrO/+8fkDRts2BnPWdLvWQIMs64i0=,tag:v2mqqBkX6P0L4zcLCvGWBg==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-06-17T16:07:20Z"
|
- created_at: "2023-06-17T16:07:20Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
|
@ -9,6 +9,5 @@
|
||||||
};
|
};
|
||||||
# TODO: auto loop over users
|
# TODO: auto loop over users
|
||||||
secrets."users/derped/password".neededForUsers = true;
|
secrets."users/derped/password".neededForUsers = true;
|
||||||
secrets."certs/proxy".mode = "0440";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue