freifunk: move ospf secret to sops
This commit is contained in:
parent
fe6490b081
commit
dae9fcd0ff
|
@ -125,6 +125,9 @@ in {
|
|||
group = "systemd-network";
|
||||
mode = "0440";
|
||||
};
|
||||
secrets."bird/ospf/auth" = {
|
||||
owner = "bird2";
|
||||
};
|
||||
};
|
||||
|
||||
# unbreak wg-vpn6 ingress path
|
||||
|
@ -330,6 +333,8 @@ in {
|
|||
# Advertise Freifunk routes to ZW core
|
||||
services.bird2 = {
|
||||
enable = true;
|
||||
# nix-build cannot access /run/secrets/
|
||||
checkConfig = false;
|
||||
config = ''
|
||||
protocol kernel K4 {
|
||||
ipv4 {
|
||||
|
@ -387,8 +392,7 @@ in {
|
|||
interface "core" {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -401,8 +405,7 @@ in {
|
|||
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.freifunk.ospf.upstreamInstance} {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -415,8 +418,7 @@ in {
|
|||
interface "core" {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -435,8 +437,7 @@ in {
|
|||
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.${upstream}.ospf.upstreamInstance} {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -455,8 +456,7 @@ in {
|
|||
interface "core" instance ${toString zentralwerk.lib.config.site.hosts.${upstream}.ospf.upstreamInstance} {
|
||||
hello 10;
|
||||
wait 20;
|
||||
authentication cryptographic;
|
||||
password "${pkgs.zentralwerk-ospf-message-digest-key}";
|
||||
include "${config.sops.secrets."bird/ospf/auth".path}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
wireguard:
|
||||
vpn6:
|
||||
privateKey: ENC[AES256_GCM,data:5xvDSbVz2r1D8MZVMgKxIeXD5oRTfXD1RfBukHaOxBz6QaDiUjK7IfZRFlw=,iv:jXZSguJofezFvOplCrRokH9vUGP67fQPkb3fea9uKYU=,tag:JXCD+ngAtAFRmf7NhP0wCQ==,type:str]
|
||||
bird:
|
||||
ospf:
|
||||
auth: ENC[AES256_GCM,data:a3lfAIOZhm8oD2bcOsb3vfIh47EqRVsyuPp8EbVYqzCbTLDADj2R0D7C9E0a/vxIXa0ibrBHdFliLG8=,iv:91lsSop8QBT/rlmxE11gcU/voKkV8HJ9ESZEco5i2DU=,tag:ytzqbP75vzt0JiHW1mvD6w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -25,8 +28,8 @@ sops:
|
|||
YklwNTFsUVZCU1RwZXlPeUJ6VW5iZ00KQqK0K0sizbBsKoZdfjo2QL3+syc5DQJq
|
||||
lL77+ChtwzssaX6d0zCwsoES28n1bNDN65n39K3gBmjTiSFSouvmtA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-06-13T19:00:35Z"
|
||||
mac: ENC[AES256_GCM,data:RhGB+CNoIAGr6W1WxDpquG76FLZ0REF5OZwvD3DyfNxNai8XzqqDEsY6XneQ0Ac992kAcXdxleYDYC6keokvkOgnNmr+Buc4+rnASAReyRN19lIUWNjAB6oZWjqwEY2lrwklJc/yi+2LOuaigVsOLxOiMtpTs+QVtofRlmNpbGU=,iv:IqZGKWXKYTGP6m+9wb6j7sSVrSJZ++F/CcL/r2LaSYQ=,tag:6MLFHzcEayEGKtIxWZoljg==,type:str]
|
||||
lastmodified: "2023-06-26T23:30:17Z"
|
||||
mac: ENC[AES256_GCM,data:XmY5EdBpYIcg917fhafs4PyNQZU8qxAiSIf8oe8KUXl4//ZEuS8O4hUd21XExRlBa9hQEP2W6J7FFRkfNZLHF6xtYWVWo0qWWe+twwZ/tt/LEygZspYu5G+AH/uoPRmL5XWXzKhO4p80BUxIZzLT9hvgwSMNIYFnliBecP9R7i4=,iv:5uRHki4OpT+BmxtdOzpbvdBwYDLEB7sX0yvi/R9W0dY=,tag:taeVkVqSoy13dNDSduKbIQ==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-12-26T19:09:40Z"
|
||||
enc: |
|
||||
|
|
Loading…
Reference in New Issue