mlaga97/mlaga97-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update secrets to reflect updated fortress configuration

Browse source
This commit is contained in:
Lauren Lagarde 2025-08-03 00:31:55 -05:00
parent 66de69830e
commit 81206cbb8a
3 changed files with 42 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.sops.yaml
View file

@ -6,7 +6,7 @@
# nix-shell -p ssh-to-age --run 'ssh-to-age -i ~/.ssh/id_ed25519.pub' # nix-shell -p ssh-to-age --run 'ssh-to-age -i ~/.ssh/id_ed25519.pub'
keys: keys:
- &system_bastion age1up8uth9hwtd9gup3v32l8dypdarj77s2lysm8js8w8mwa80rk4ds76ke6d - &system_bastion age1up8uth9hwtd9gup3v32l8dypdarj77s2lysm8js8w8mwa80rk4ds76ke6d
- &system_fortress age1v3nya8n8fys8une6cp0t4agrqh4zjk7dk3lel5403xjkf6k87qdqhgjrk8 - &system_fortress age1fraz2lnnqtcxnu6tnjy4f7y9tuc0fnqekzmdynnhtt0h8a230v5qddpxdu
- &system_blockhouse age14j6ns297c49wx5d8jddctfmek0kvn8rvw3y03nw3pankc03dlpuqhvvy7c - &system_blockhouse age14j6ns297c49wx5d8jddctfmek0kvn8rvw3y03nw3pankc03dlpuqhvvy7c
- &system_living_room age1kmt2khucyvscmwvrjnt0v90zggttuap9utx7rw54g9amhtrkzdlq94fe4j - &system_living_room age1kmt2khucyvscmwvrjnt0v90zggttuap9utx7rw54g9amhtrkzdlq94fe4j
- &system_ll_latitude age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz - &system_ll_latitude age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz

82
secrets.yaml
View file

@ -14,69 +14,69 @@ sops:
- recipient: age1up8uth9hwtd9gup3v32l8dypdarj77s2lysm8js8w8mwa80rk4ds76ke6d - recipient: age1up8uth9hwtd9gup3v32l8dypdarj77s2lysm8js8w8mwa80rk4ds76ke6d
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUUWZEWGNhSlFoZ3lyTDFB YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkV21KRTRiMXdLakxLOE1M
UFRoMzJUVllDaTJoUWk4ZDRmRkszRGZlMjNjCkFjMVJFeThWcDJWbEtQcGgyUGd3 M0tpTU9CaFVrOG52Q0VGOTdnbkVWS3RwSDNrCjNoaFBhL25TSlB3NmMxc3RGbkVz
Q0xDMjU1WVhPL2Z5Smg4bnFtM09uREEKLS0tIEVtcnlITDhSSmRnNmJScHQ4ZGRU cTgrRHhlQXZLYldRSWFjckpTaWZOUkEKLS0tIFd2clU2WTQvazRiTkNpMmJyZnRv
MlJ0SHRDZEI0S1BIL3A1ZGp1Ym5VUDgKXStZQ9SkULr9Lix0uhCJ5enszs3sDpMR eXpjT1paSnFrUVpuUENBL3AwQmdUUzQKMX07cQYaY26stpcw+KwuEzOuNDZLp1wl
PLoNroOYYfUPnzxNyIlTqpdvR+KeRQLLe0rQhX8ddbVf6CXKP3dUXg== yBwVDfwBOoQU7s5s9JraU9NRA24neEX3ZOaiB4cGZU93VHCA7FyCiQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1v3nya8n8fys8une6cp0t4agrqh4zjk7dk3lel5403xjkf6k87qdqhgjrk8 - recipient: age1fraz2lnnqtcxnu6tnjy4f7y9tuc0fnqekzmdynnhtt0h8a230v5qddpxdu
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWmxXSFk1ZkpzUUlIcDNx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM3g0V2JMbmhJOXlYWGlL
YUdLQmpxSnNBVkY5MC9RNTNQcHd6ZDl4VkQ4CmF4UG8vNS9FYjJCeU5YN1lCY2xG UWZaR0trM1JrT3Z0MnhRb05VQmgxTGdLRXdnCmhpSXVsRDZpYmpTODRkc2YrSUpQ
ajZVdHJoWHFjSlU3dGtSaGdFSG13NWMKLS0tIHNtUTlVVTY3U0dIOWJjcGxVZlJE WHRMNWUzSVRiZkZMVkdjaFZvd2xTdnMKLS0tIFNzOEJ5QjVhUVp3L2EvcC84VytH
a1ZFSUpkQXlYNjh2RlZuL09jdmVraE0K0YOa5s4Z81fQXnL2KSEPO8t6riiXFwVw NzQyZDdld292YzF0bFBXM0hWNlpZWk0Kp5FZbVoVVye6JGLwwryli8XfwMrie6dB
YSybBxht1U4l45dGuhRH3+o8YA+aWrk5GaKU+qc6SXhfjd0wsl0J+w== CucvY3jhh0wQIr/GcRDDYLIu6els+FMQwkAvEn1vyWQk3RQjLbOfjA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age14j6ns297c49wx5d8jddctfmek0kvn8rvw3y03nw3pankc03dlpuqhvvy7c - recipient: age14j6ns297c49wx5d8jddctfmek0kvn8rvw3y03nw3pankc03dlpuqhvvy7c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0WGtCY3lrSCs5emIvVy92 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAreVpHOVJKZWF2SDNBTW1r
M2VCa2hwaHVGOTgyVlNwTE0ySmQzYW9zMGxVCmlvOVdBVVRUSHlWWG9wcWhQK1hW aUgxSXJYcjBZK3JvZmZVd2ZQZXVITnlCdUU4CjBHM0Z1d1Q1Y29UaEx5TkZDWGdS
dERYdDhOdXE3My9iU3YwMmNOYVZqZlkKLS0tIEpZeGxCZHpIV0E0bjNaK2NyYUZu K2lvMzlOTE1wL05EWEt0U1NvNFNhWVEKLS0tIERJeUVUcTZQaGFJU1NmaGxjS2xE
SjJBTjE3T29DYy9PeHRLSXEwZkVFZHMKHRQX2I7W3NULFuLwI+/6dY4AG480TYgs cWtaZytaNW9XRzlvVnpkZ0hJRmVHV00Kg1O6dk9/0vO4887sATej5A+cCGEa3gIl
KHy5xKcfj8IeJ8g2szxcOQ5dWP6N1F9bSuez83umSCIJVNOhbz7khA== CY6tx5YzU3rImIk+otM/XerIl++oahaiSr47FU0WygPGtvndRtb8Dw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1kmt2khucyvscmwvrjnt0v90zggttuap9utx7rw54g9amhtrkzdlq94fe4j - recipient: age1kmt2khucyvscmwvrjnt0v90zggttuap9utx7rw54g9amhtrkzdlq94fe4j
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXM0k1VDdDa2l4L1RMY1hi YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLU2VDdjJ3cWludjhnUmRH
VEdreld0cnRiOGVtbzlxSlIyUDBPRktLTzFjCkpNOFhoVGxRdWVtdTFrOWN1M1NH U1VSVHMwZnNjM1pjYk40UERXVjhTMndZckNNCktNSVpkYnd0Uy9LdGhWZHhCNTJ2
U2JsbWV3MUhiL1JTYnkrZ3daZkRDa1UKLS0tIEtkMFl0SXBSU3FIUU5RS1ZzNHZ0 VjE5QjNHL09XZFUvaklpdlNJc0FWbUkKLS0tIEhwS1hjV0ZCS051Tlh1aTJVQTBi
cjNHdUxaSWd5Qy9wREFyU3FPci9HOHcKrd+gWMEhyRfKHrUXbRiwktTGw4pK9A+c cjNtYzduaXFDR1hrakplYzgvREkyRnMKFJL4q1J98Eh9Cbyx1Hlx2daH9aapcuGE
c0IKcGmZdI6lPNIFiVh5yYOndT0NMyEBAiPNXXS5+AYmNccI3X2g9A== Q5dlfeYTANNPNZ5tLmQ2++p3nWfyojPgkEwUgQK1HiOaLdxma5ku2w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz - recipient: age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1b0VQcUJCa1VvYUhTMHlT YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhKzFla0JUZ1RRSWtYUkNJ
QmVlV283RUFxYWhxTjRmOTc0VENrRlJhV0JVCi9mK2Z5eHd1OTJ0NzEzU1J3cDEv R2lhMHJJdXpLUU0wVnlWQk1nWjZwQmJVN253ClZIc1BlOEVlUEp5eUJsKzZpdG1y
d2NZWFJ6U29qSEhiSnR4dC9yQW5oL2sKLS0tIDRCWGQ2OXB4VUlwYWZkYXBBbXkv Ti9maENqdC82SGJzWmtpUWhBL0hLWXcKLS0tIDN6bE9SS2tDSXVqd0JQVVFpcmkx
Qk0zN3U4SzhzTUlUaGZpUHRVUDBVeU0Kp7uE1zpFtNYBZFerWHaRyKHSa0ccIN0Q REwzTS84OFdmNGprZzNLZnNVaWp1Y2cKHLAwPJ9+vb4ux4XPzNXs9O3oLfTy8744
B+Vi806d1pvaUBTfhkDCCkSBFB12wP82yA2XrJ8ask6ztc6X/gui0g== fkhkVr+2pEn4YN3tz70MVtYhRYPSZn2t26GeQxznODFFoN6tch5E6A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-31T04:05:03Z" lastmodified: "2025-07-31T04:05:03Z"
mac: ENC[AES256_GCM,data:OjQEe6aaTRsjMS1Zb/XlP4MhyrxIGYfn0mkB3GA81iOAGU02r79+uhx7vausjEgYN4IY+wXxyFju7M+xgRqTIWAfQrQtOuPIzsZUNvUd2FUzYAPhW0W2YrRJKa1gYYOHxKiyf4vaP1I/G7I4A0DG9pYRVDcDzvN6MzIvy97XGxI=,iv:/GYxPBSArfTZzUwRrLl+jkq7u24EU81+d00nnuyO98U=,tag:5CP5DihSPSZMhyc+3CyCEg==,type:str] mac: ENC[AES256_GCM,data:OjQEe6aaTRsjMS1Zb/XlP4MhyrxIGYfn0mkB3GA81iOAGU02r79+uhx7vausjEgYN4IY+wXxyFju7M+xgRqTIWAfQrQtOuPIzsZUNvUd2FUzYAPhW0W2YrRJKa1gYYOHxKiyf4vaP1I/G7I4A0DG9pYRVDcDzvN6MzIvy97XGxI=,iv:/GYxPBSArfTZzUwRrLl+jkq7u24EU81+d00nnuyO98U=,tag:5CP5DihSPSZMhyc+3CyCEg==,type:str]
pgp: pgp:
- created_at: "2025-07-31T04:06:37Z" - created_at: "2025-08-03T05:29:55Z"
enc: |- enc: |-
-----BEGIN PGP MESSAGE----- -----BEGIN PGP MESSAGE-----
hQIMA9BR1U1EkAnnAQ/+NSwCzekHKQuS1DEx2z3Llg2r1NYP21Pvzb3WKxzIlH/Y hQIMA9BR1U1EkAnnAQ//XjNIHXlHxW1gqTUGmBIIB0uRb3nyfaC0jqLFuLilYERG
rH2FJ4RhFJsG8GVWgURySHtqNKcafpB+8mm50b56IKKUiZe6A2ULIW4tBmU7wEb4 shoKYmHYt7X9BYX4fxDLeT1zbuITCv0+rUyZPPYDEClExT3ygt0VFweu666YRAbu
uEgFQ/YtJg4JyQxwYuZHX4ra3IsHIdbV/dsH9bv1A02Z95Eyb7nQutAiq/pz/DbS GmzjLnanrGCq4EB5kzYX1wDIJFo9MLBiJaB30sfy7V/3nZUEvtYyYDibONRV0Slf
/J2ndBzZmYO9cb4aHJ4h8cqdvWDcH+vWcNW8uqCaLKiNPYQLcPZOvMfGNia306Y6 JYWdJXuhsRasdC8EVKp/YePTTIHJBt774fvCL2C6edJbCXsftAnzyrRGglp8DuBI
9QSMIIvWP9eAcHIeBBP3U6blQJ/XXdoq0CuWfJim5fJGyfrkNgGQufYOADpJHJgL fRZ1hOYb/skVphNsDGUPIhp9VV0zjfVJpQ7iKF9BObXtsxnogvdLaox0cTd2CUb8
nNIRkI4RF04ky9ghoSPCxpGy9Rd4YQU1iqA5QWC+VqBFH9e8aFmptlCVSAZ0t74Z YJ9SGcQVw8LhreVtSj9Y1iViYFVrsJHt38PJ1EtfzytqoYrGFat5aG4NvIrrE8fK
iPDBWHLBVkjxGyTvNWtpmOmyB2ZAhR9OQjkX6EDnVL/YqPVSvwvlvkzDoscmzvl1 LhKU1ba2615tAMuwyf7hLr/hc7NW1GJa3m3Iy4oqXJmXs2p82CUdiPydc2kOG0HN
64OU3hSJ/vwCsXyb2iN+62JV+NP3UgvXJnJvpEdcohKfTfEJScegv2P/xk+vt8k9 tLInrTLidLstDJULW8OZm7+yUjlg7Gv3YePLdgS0XQ2PWtuV4jlouo611qHle+Fg
PXrW66jtBgT3XFssRAq1TUCfivYehzbdmS2iRIjnST0cjOJB/vX3Mc1gZ88zBqGS DaqHlBpkKs0fiOfN+OVjr+26iRF7EFsr5vOIRLrA9VDsJnzRFwGNdrb33aFBbO7V
fiqXryegdBUHULfJnGPK4ymQLEipFNxZXkFSLL6KTOCUpNeOJ46NqYgizKt4Ewio ekxL9kVQTzeSqZ8getsTIUGuDWDKa9EU8Vp2msCNAzbYZO8T0k/OPyRIuUj8adUn
BiJ0YCg91GrftElJIHhsehUiK+6C75TTL+c281l37zjv/tMZ1nmcUX0in1s/gJ3S m/RGWE3eeLFGOxaw2jMR3fmUqSmCctJ9V1zvy0hvKI0WLYFUTaS9LMTm8QcVpNnS
XgHrdCoe/vXYCQ2hTS+o8kHV1ksQPPGAvoEWvJrFPwUQhjJiqRKy7j5zwaYWSTth XgHLE+jjte0CqJOOXEymd960TSPnyOcxCcXA8eeDbrDZfu92h34b81QwBXUF/crp
p5YfPoLRWjwGS9V7VD99gYQVDgMzWpkzO/JqZxmNgV5ki5tN4eoR+rAUg19E064= MUtOn7Pqgj/5e8Ld6q381kQKb8audsOEfPDv2i6qCA7ziGVyMann0XmqukVNv3I=
=DDSk =/Uk2
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: 5F78261B65C565041662A3B7FF8FC3C735BD4A51 fp: 5F78261B65C565041662A3B7FF8FC3C735BD4A51
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted

34
systems/fortress/compose.yml
View file

@ -1,34 +0,0 @@
services:
secrets:
image: nixos/nix:latest
command: nix-shell -p ssh-to-age -p sops --command "mkdir -p /root/.config/sops/age && ssh-to-age -private-key -i /etc/ssh/ssh_host_ed25519_key > /root/.config/sops/age/keys.txt && sops --decrypt /app/secrets.yaml"
volumes:
- .:/app
- /etc/ssh/ssh_host_ed25519_key:/etc/ssh/ssh_host_ed25519_key
##############################################################################
##############################################################################
##############################################################################
# External Services
#httpd:
#haproxy:
#coturn:
##############################################################################
##############################################################################
##############################################################################
# Internal Services
#dnsmasq:
#tinc:
#wireguard:
##############################################################################
##############################################################################
##############################################################################
# Local Services
#dockge:
#uptime-kuma: