freifunk: deprecate secrets repo
This commit is contained in:
parent
735e0910cb
commit
e354d1da4c
|
@ -8,7 +8,6 @@ let
|
|||
meshLoopback = "bmx_prime";
|
||||
ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php";
|
||||
ddmeshBroadcast = "10.255.255.255";
|
||||
inherit (pkgs.c3d2-freifunk) ddmeshRegisterKey;
|
||||
ddmeshNode = 51073;
|
||||
ddmeshAddrPart = "200.74";
|
||||
rt_table_hosts = 7;
|
||||
|
@ -122,12 +121,13 @@ in
|
|||
sops = {
|
||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets."wireguard/vpn6/privateKey" = {
|
||||
group = "systemd-network";
|
||||
mode = "0440";
|
||||
};
|
||||
secrets."bird/ospf/auth" = {
|
||||
owner = "bird2";
|
||||
secrets = {
|
||||
"bird/ospf/auth".owner = "bird2";
|
||||
"freifunk/ddmeshRegisterKey".owner = "nobody";
|
||||
"wireguard/vpn6/privateKey" = {
|
||||
group = "systemd-network";
|
||||
mode = "0440";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -454,11 +454,8 @@ in
|
|||
# Re-register periodically
|
||||
services.ddmesh-register-node = {
|
||||
script = ''
|
||||
${pkgs.curl}/bin/curl -k \
|
||||
-o /tmp/ddmesh-registration.json \
|
||||
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${
|
||||
toString ddmeshNode
|
||||
}'
|
||||
${lib.getExe pkgs.curl} -k -o /tmp/ddmesh-registration.json \
|
||||
"${ddmeshRegisterUrl}?registerkey=$(cat ${config.sops.secrets."freifunk/ddmeshRegisterKey".path})&node=${toString ddmeshNode}"
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = "nobody";
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
wireguard:
|
||||
vpn6:
|
||||
privateKey: ENC[AES256_GCM,data:5xvDSbVz2r1D8MZVMgKxIeXD5oRTfXD1RfBukHaOxBz6QaDiUjK7IfZRFlw=,iv:jXZSguJofezFvOplCrRokH9vUGP67fQPkb3fea9uKYU=,tag:JXCD+ngAtAFRmf7NhP0wCQ==,type:str]
|
||||
freifunk:
|
||||
ddmeshRegisterKey: ENC[AES256_GCM,data:fXayGd5/Hx/soanZ11/A3R+YWo1zLOYnXm9UmYp20DFI4e0JwDhHYB0/1lnYaKMkSR1HhT91PwSnIZMEB5PW0ugwhZ+c9LV/9dmxIMbD4ozAdw5MyTa0uwNG12dgEDc=,iv:aiN8M97P9JIiY7httRisBIEXUY8IeM/UoFcdu6pD/rE=,tag:jzHl/OJ3ReYAMPDqUACzDw==,type:str]
|
||||
bird:
|
||||
ospf:
|
||||
auth: ENC[AES256_GCM,data:a3lfAIOZhm8oD2bcOsb3vfIh47EqRVsyuPp8EbVYqzCbTLDADj2R0D7C9E0a/vxIXa0ibrBHdFliLG8=,iv:91lsSop8QBT/rlmxE11gcU/voKkV8HJ9ESZEco5i2DU=,tag:ytzqbP75vzt0JiHW1mvD6w==,type:str]
|
||||
wireguard:
|
||||
vpn6:
|
||||
privateKey: ENC[AES256_GCM,data:5xvDSbVz2r1D8MZVMgKxIeXD5oRTfXD1RfBukHaOxBz6QaDiUjK7IfZRFlw=,iv:jXZSguJofezFvOplCrRokH9vUGP67fQPkb3fea9uKYU=,tag:JXCD+ngAtAFRmf7NhP0wCQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -28,8 +30,8 @@ sops:
|
|||
MXIxR3JSc0tydG5FdE9rZEk3NGpsWW8KY+84QFAsVWkDLdcg65YfpQXXirrc9kD1
|
||||
lE8Bk6m6vULBpU0yRRkU4gI3xOA+f/TA+xm8cTO0frjL8Mnqsltaiw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-06-26T23:30:17Z"
|
||||
mac: ENC[AES256_GCM,data:XmY5EdBpYIcg917fhafs4PyNQZU8qxAiSIf8oe8KUXl4//ZEuS8O4hUd21XExRlBa9hQEP2W6J7FFRkfNZLHF6xtYWVWo0qWWe+twwZ/tt/LEygZspYu5G+AH/uoPRmL5XWXzKhO4p80BUxIZzLT9hvgwSMNIYFnliBecP9R7i4=,iv:5uRHki4OpT+BmxtdOzpbvdBwYDLEB7sX0yvi/R9W0dY=,tag:taeVkVqSoy13dNDSduKbIQ==,type:str]
|
||||
lastmodified: "2023-11-10T22:19:05Z"
|
||||
mac: ENC[AES256_GCM,data:i8b5efKRVgIMQ5Viop0TmOV5FaJP1Il9t54P8vM8reawL1F/+Z/9mBhuH6b/L+vgcfO1pPmEk8yNtGPXI9QsHHz9zSNXAweol0DnEFD8EOGCJn2rJrh3guU1nG3BG40AsV031YDD0wjFxW3S9thAWAKE+PfE7WiYX7gD52vwUis=,iv:wRYAiGfiiujxySX7NccTONz7LPFgZwwFaBv2ojGJIz4=,tag:ZaPi68VVHKqw/U3R4akSVA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-08-08T22:43:30Z"
|
||||
enc: |
|
||||
|
@ -169,4 +171,4 @@ sops:
|
|||
-----END PGP MESSAGE-----
|
||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
version: 3.8.1
|
||||
|
|
Loading…
Reference in New Issue