c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

hydra: add hydra ssh keys

This commit is contained in:
Sandro - 2023-01-06 23:04:47 +01:00
parent 6ac3242ba6
commit 83ca783593
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
2 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hosts/hydra/default.nix
View File

@ -264,20 +264,28 @@ in
owner = config.users.users.hydra-queue-runner.name;
inherit (config.users.users.hydra-queue-runner) group;
};
"ssh-keys/hydra/private" = {
mode = "400";
path = "/var/lib/hydra/.ssh/id_ed25519";
};
"ssh-keys/hydra/public" = {
mode = "440";
path = "/var/lib/hydra/.ssh/id_ed25519.pub";
};
"ssh-keys/root/private" = {
mode = "600";
mode = "400";
path = "/root/.ssh/id_ed25519";
};
"ssh-keys/root/public" = {
mode = "644";
mode = "440";
path = "/root/.ssh/id_ed25519.pub";
};
"ssh-keys/updater/private" = {
mode = "600";
mode = "400";
path = "/var/lib/updater/.ssh/id_ed25519";
};
"ssh-keys/updater/public" = {
mode = "644";
mode = "440";
path = "/var/lib/updater/.ssh/id_ed25519.pub";
};
};

7
hosts/hydra/secrets.yaml
View File

@ -5,6 +5,9 @@ nix-serve:
ldap:
search-user-pw: ENC[AES256_GCM,data:tSWin/QPIow2P5Aps/XaT42J+MXb8+a24SEri1QjF1O3bDlCxcR8RHqSX8d4Vg==,iv:P5qMaE2cdKxTaXuKO2nh+LDhKkY3psSlWf+JckmUYt4=,tag:eq8XW7P6FNlkviY5PydkZg==,type:str]
ssh-keys:
hydra:
private: ENC[AES256_GCM,data:VLJtsaUKRiBijAv+ISQmgIJoFx+2Pw8SMZckHlbF9LgFRm0YzPag6KXBlEFKcBTyz4+06w8pI1iBetYhK8gqMT0IFxhf/zNzkVFYsPGzEsQ9cztYuX4Z6eZXJMCXZUpPBxAXN8i9f6FtyvCgTCOXkqwUKdPnvleq3X0dfe02C8S3e9axhUVzdeTNbizTbioGyNpJn4B//c7G7h3KW31zYXxRTQ3Tt9KYXZ0HB+0jNTtmNVhk2hHzsBSOOXdj2anThknr/yUREnfI4YPWFv29CSqKgQ8FtBfaocFI0WAGcAxqY0hIBoCt+qx0CgGGIMOx0fIXZ63Jja0AAyrV74vgVLl+HubkqLvrPO4b6LouuTW9cAXdY4itc5UVQNIchMbxWjo/EQx9ezyuoDV5Gsz8WrZwukgPvEkuGNgrNlcFm2RFE55kRZR/+laryahy0Dc3ELaDOL9mhggWZXN8g+qJuMse8FF4rXNRg3CVsNvQe0ZwSO0p3QEAyazfQfnbEJMpvK34y6Ag1ZWNtUDpI7pg,iv:C55QPZAgzpzMuve0+LbKUvvZmwS2nJkty47xl3hOnuY=,tag:qXg85hBHKGDRBH9o70sg5Q==,type:str]
public: ENC[AES256_GCM,data:AlsVj68iSEBDNCNWMK4XvvtxnEiLnloA08om78aDRHF/QABQ4zHlJqoTxFDZii2YNJonjOtAfO+B7ivk2NPW3wdXdkEJMPkApb0lo4mY99/sAX4j5eUmOzfZuN0=,iv:T0RLHs7zJMVAsgtiYXj1Jaa1HkiIMUW4/bxRTTYKypo=,tag:5kTsZ+DAabYfgGfYwg7WUA==,type:str]
root:
private: ENC[AES256_GCM,data:aerhMF9uwwOPsgcWLumpXuPSOI1JHUYP3fqeo+F64+n1068rmJwPTtAj9NTTmxJB0XeCsI7VwM5gYaQx3Zl6bYYRWHdgLJmQAyCZhiLKqZDPypGnBBLWR6Ctd3BpOGd253bVPXVPOw8FqYfC152KjnGNANZQVbsv26CSiS+3j0D+S3xt70mkyTQxrfUdFPP5RojmqbgvbvOJt0qj02HOmnUdrzwIILqJMBM3CycP9qSnq36mEihqJSJ0YkX+qechVxU0PktmcLUGBjri38kSLno4v4oc1eRSsljyOYRUbf/M5vyHuHgNql3ROweS+RegsJIljtN3XdH2X0SHkntaAk6+d1ssrb6UKnTbP6ipEBGAnu12jErvRZHLYehcl+rx0gk3RCPKEmH88tPIIiOlSADgLw59Ghr6E68U3d9VpqQhZe5qh1jv7ZVAr1k4XkJJvx9oCnbf6UR8jQ4DZFqCYusB56nBKZkcXtCoMlLXTFD3eLLRwXNmAqZoUu9mXzFK9TIyk+zsI+JdUbK0ZAju,iv:ZCGvaBjhG0tSRgrEANPf0fR5XnDK1gqU0WORSu75/lY=,tag:lAhZHLltfA8j2hF1IZM4qw==,type:str]
public: ENC[AES256_GCM,data:7skUJMhKvPVhVO3lpXOUepgExVGR6C01NUK6r0rnXnU81tCsiZoG7PF5RedSiE1USOpm/k2kz1IJUehn4xKqtLZNrVn1PPjNJIZ7Dpgm15PvVOtvyM+wSdxHFw==,iv:bz/rLsOHVapgvCPgewAHFPamKOCWYJXSp12SLeCNFSQ=,tag:vUDqPrvn/Y6Y5aLxfMYVow==,type:str]
@ -35,8 +38,8 @@ sops:
WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf
dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-04T23:32:36Z"
mac: ENC[AES256_GCM,data:wBh2gnaGCcLPItcr7SfMV3F8dmWlpeV9H77Cc0bRovFbbrxob+9A7FKNzqNSR372MnTRCaf6pRWDu5U9nNAGohrqtP11oouehuNyieW3PlijWepAN3A+BYd0DFYqu5FtNvccFWJnKy6I4Fjsf1Fjh8ark06h7fg8mMafsudLXH0=,iv:11bCknws/idxujuLWSyn2Sa6ilCyI1IIihHguuwLuxs=,tag:PKtlEddCxmgWTiOJDQOqhA==,type:str]
lastmodified: "2023-01-06T21:53:26Z"
mac: ENC[AES256_GCM,data:9DZDaGv7GDp0AqsxZ4AWYgUFa13nBisTk24Ftk6Fiwk/hSQo7zvYE1P4Nw9GzLtiwPzu8h0JznK1OdPoQyMaRW+i3cuCeWJsEJiJlJzYSDBRmONy/NdzCAgZ9X1KWkxKhq41FoEvsReEE0ftcxBobaCpCc8EuHDPoapKm9VDdg4=,iv:z+pp0EdOByM0pLLtFnI7QApnNYSqELGDQO8jHFH/9Uk=,tag:AuiqZ/e11tq+6nFn0FjPrw==,type:str]
pgp:
- created_at: "2022-12-26T19:10:03Z"
enc: |