c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

freifunk: deprecate secrets repo

This commit is contained in:
Sandro - 2023-11-10 23:40:21 +01:00
parent 735e0910cb
commit e354d1da4c
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
2 changed files with 17 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
hosts/freifunk/default.nix
View File

@ -8,7 +8,6 @@ let
meshLoopback = "bmx_prime";
ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php";
ddmeshBroadcast = "10.255.255.255";
inherit (pkgs.c3d2-freifunk) ddmeshRegisterKey;
ddmeshNode = 51073;
ddmeshAddrPart = "200.74";
rt_table_hosts = 7;
@ -122,12 +121,13 @@ in
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ./secrets.yaml;
secrets."wireguard/vpn6/privateKey" = {
group = "systemd-network";
mode = "0440";
};
secrets."bird/ospf/auth" = {
owner = "bird2";
secrets = {
"bird/ospf/auth".owner = "bird2";
"freifunk/ddmeshRegisterKey".owner = "nobody";
"wireguard/vpn6/privateKey" = {
group = "systemd-network";
mode = "0440";
};
};
};
@ -454,11 +454,8 @@ in
# Re-register periodically
services.ddmesh-register-node = {
script = ''
${pkgs.curl}/bin/curl -k \
-o /tmp/ddmesh-registration.json \
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${
toString ddmeshNode
}'
${lib.getExe pkgs.curl} -k -o /tmp/ddmesh-registration.json \
"${ddmeshRegisterUrl}?registerkey=$(cat ${config.sops.secrets."freifunk/ddmeshRegisterKey".path})&node=${toString ddmeshNode}"
'';
serviceConfig = {
User = "nobody";

14
hosts/freifunk/secrets.yaml
View File

@ -1,9 +1,11 @@
wireguard:
vpn6:
privateKey: ENC[AES256_GCM,data:5xvDSbVz2r1D8MZVMgKxIeXD5oRTfXD1RfBukHaOxBz6QaDiUjK7IfZRFlw=,iv:jXZSguJofezFvOplCrRokH9vUGP67fQPkb3fea9uKYU=,tag:JXCD+ngAtAFRmf7NhP0wCQ==,type:str]
freifunk:
ddmeshRegisterKey: ENC[AES256_GCM,data:fXayGd5/Hx/soanZ11/A3R+YWo1zLOYnXm9UmYp20DFI4e0JwDhHYB0/1lnYaKMkSR1HhT91PwSnIZMEB5PW0ugwhZ+c9LV/9dmxIMbD4ozAdw5MyTa0uwNG12dgEDc=,iv:aiN8M97P9JIiY7httRisBIEXUY8IeM/UoFcdu6pD/rE=,tag:jzHl/OJ3ReYAMPDqUACzDw==,type:str]
bird:
ospf:
auth: ENC[AES256_GCM,data:a3lfAIOZhm8oD2bcOsb3vfIh47EqRVsyuPp8EbVYqzCbTLDADj2R0D7C9E0a/vxIXa0ibrBHdFliLG8=,iv:91lsSop8QBT/rlmxE11gcU/voKkV8HJ9ESZEco5i2DU=,tag:ytzqbP75vzt0JiHW1mvD6w==,type:str]
wireguard:
vpn6:
privateKey: ENC[AES256_GCM,data:5xvDSbVz2r1D8MZVMgKxIeXD5oRTfXD1RfBukHaOxBz6QaDiUjK7IfZRFlw=,iv:jXZSguJofezFvOplCrRokH9vUGP67fQPkb3fea9uKYU=,tag:JXCD+ngAtAFRmf7NhP0wCQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -28,8 +30,8 @@ sops:
MXIxR3JSc0tydG5FdE9rZEk3NGpsWW8KY+84QFAsVWkDLdcg65YfpQXXirrc9kD1
lE8Bk6m6vULBpU0yRRkU4gI3xOA+f/TA+xm8cTO0frjL8Mnqsltaiw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-26T23:30:17Z"
mac: ENC[AES256_GCM,data:XmY5EdBpYIcg917fhafs4PyNQZU8qxAiSIf8oe8KUXl4//ZEuS8O4hUd21XExRlBa9hQEP2W6J7FFRkfNZLHF6xtYWVWo0qWWe+twwZ/tt/LEygZspYu5G+AH/uoPRmL5XWXzKhO4p80BUxIZzLT9hvgwSMNIYFnliBecP9R7i4=,iv:5uRHki4OpT+BmxtdOzpbvdBwYDLEB7sX0yvi/R9W0dY=,tag:taeVkVqSoy13dNDSduKbIQ==,type:str]
lastmodified: "2023-11-10T22:19:05Z"
mac: ENC[AES256_GCM,data:i8b5efKRVgIMQ5Viop0TmOV5FaJP1Il9t54P8vM8reawL1F/+Z/9mBhuH6b/L+vgcfO1pPmEk8yNtGPXI9QsHHz9zSNXAweol0DnEFD8EOGCJn2rJrh3guU1nG3BG40AsV031YDD0wjFxW3S9thAWAKE+PfE7WiYX7gD52vwUis=,iv:wRYAiGfiiujxySX7NccTONz7LPFgZwwFaBv2ojGJIz4=,tag:ZaPi68VVHKqw/U3R4akSVA==,type:str]
pgp:
- created_at: "2023-08-08T22:43:30Z"
enc: |
@ -169,4 +171,4 @@ sops:
-----END PGP MESSAGE-----
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1