freifunk: deprecate secrets repo
This commit is contained in:
parent
735e0910cb
commit
e354d1da4c
|
@ -8,7 +8,6 @@ let
|
||||||
meshLoopback = "bmx_prime";
|
meshLoopback = "bmx_prime";
|
||||||
ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php";
|
ddmeshRegisterUrl = "https://register.freifunk-dresden.de/bot.php";
|
||||||
ddmeshBroadcast = "10.255.255.255";
|
ddmeshBroadcast = "10.255.255.255";
|
||||||
inherit (pkgs.c3d2-freifunk) ddmeshRegisterKey;
|
|
||||||
ddmeshNode = 51073;
|
ddmeshNode = 51073;
|
||||||
ddmeshAddrPart = "200.74";
|
ddmeshAddrPart = "200.74";
|
||||||
rt_table_hosts = 7;
|
rt_table_hosts = 7;
|
||||||
|
@ -122,12 +121,13 @@ in
|
||||||
sops = {
|
sops = {
|
||||||
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
defaultSopsFile = ./secrets.yaml;
|
defaultSopsFile = ./secrets.yaml;
|
||||||
secrets."wireguard/vpn6/privateKey" = {
|
secrets = {
|
||||||
|
"bird/ospf/auth".owner = "bird2";
|
||||||
|
"freifunk/ddmeshRegisterKey".owner = "nobody";
|
||||||
|
"wireguard/vpn6/privateKey" = {
|
||||||
group = "systemd-network";
|
group = "systemd-network";
|
||||||
mode = "0440";
|
mode = "0440";
|
||||||
};
|
};
|
||||||
secrets."bird/ospf/auth" = {
|
|
||||||
owner = "bird2";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -454,11 +454,8 @@ in
|
||||||
# Re-register periodically
|
# Re-register periodically
|
||||||
services.ddmesh-register-node = {
|
services.ddmesh-register-node = {
|
||||||
script = ''
|
script = ''
|
||||||
${pkgs.curl}/bin/curl -k \
|
${lib.getExe pkgs.curl} -k -o /tmp/ddmesh-registration.json \
|
||||||
-o /tmp/ddmesh-registration.json \
|
"${ddmeshRegisterUrl}?registerkey=$(cat ${config.sops.secrets."freifunk/ddmeshRegisterKey".path})&node=${toString ddmeshNode}"
|
||||||
'${ddmeshRegisterUrl}?registerkey=${ddmeshRegisterKey}&node=${
|
|
||||||
toString ddmeshNode
|
|
||||||
}'
|
|
||||||
'';
|
'';
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
User = "nobody";
|
User = "nobody";
|
||||||
|
|
|
@ -1,9 +1,11 @@
|
||||||
wireguard:
|
freifunk:
|
||||||
vpn6:
|
ddmeshRegisterKey: ENC[AES256_GCM,data:fXayGd5/Hx/soanZ11/A3R+YWo1zLOYnXm9UmYp20DFI4e0JwDhHYB0/1lnYaKMkSR1HhT91PwSnIZMEB5PW0ugwhZ+c9LV/9dmxIMbD4ozAdw5MyTa0uwNG12dgEDc=,iv:aiN8M97P9JIiY7httRisBIEXUY8IeM/UoFcdu6pD/rE=,tag:jzHl/OJ3ReYAMPDqUACzDw==,type:str]
|
||||||
privateKey: ENC[AES256_GCM,data:5xvDSbVz2r1D8MZVMgKxIeXD5oRTfXD1RfBukHaOxBz6QaDiUjK7IfZRFlw=,iv:jXZSguJofezFvOplCrRokH9vUGP67fQPkb3fea9uKYU=,tag:JXCD+ngAtAFRmf7NhP0wCQ==,type:str]
|
|
||||||
bird:
|
bird:
|
||||||
ospf:
|
ospf:
|
||||||
auth: ENC[AES256_GCM,data:a3lfAIOZhm8oD2bcOsb3vfIh47EqRVsyuPp8EbVYqzCbTLDADj2R0D7C9E0a/vxIXa0ibrBHdFliLG8=,iv:91lsSop8QBT/rlmxE11gcU/voKkV8HJ9ESZEco5i2DU=,tag:ytzqbP75vzt0JiHW1mvD6w==,type:str]
|
auth: ENC[AES256_GCM,data:a3lfAIOZhm8oD2bcOsb3vfIh47EqRVsyuPp8EbVYqzCbTLDADj2R0D7C9E0a/vxIXa0ibrBHdFliLG8=,iv:91lsSop8QBT/rlmxE11gcU/voKkV8HJ9ESZEco5i2DU=,tag:ytzqbP75vzt0JiHW1mvD6w==,type:str]
|
||||||
|
wireguard:
|
||||||
|
vpn6:
|
||||||
|
privateKey: ENC[AES256_GCM,data:5xvDSbVz2r1D8MZVMgKxIeXD5oRTfXD1RfBukHaOxBz6QaDiUjK7IfZRFlw=,iv:jXZSguJofezFvOplCrRokH9vUGP67fQPkb3fea9uKYU=,tag:JXCD+ngAtAFRmf7NhP0wCQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -28,8 +30,8 @@ sops:
|
||||||
MXIxR3JSc0tydG5FdE9rZEk3NGpsWW8KY+84QFAsVWkDLdcg65YfpQXXirrc9kD1
|
MXIxR3JSc0tydG5FdE9rZEk3NGpsWW8KY+84QFAsVWkDLdcg65YfpQXXirrc9kD1
|
||||||
lE8Bk6m6vULBpU0yRRkU4gI3xOA+f/TA+xm8cTO0frjL8Mnqsltaiw==
|
lE8Bk6m6vULBpU0yRRkU4gI3xOA+f/TA+xm8cTO0frjL8Mnqsltaiw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-06-26T23:30:17Z"
|
lastmodified: "2023-11-10T22:19:05Z"
|
||||||
mac: ENC[AES256_GCM,data:XmY5EdBpYIcg917fhafs4PyNQZU8qxAiSIf8oe8KUXl4//ZEuS8O4hUd21XExRlBa9hQEP2W6J7FFRkfNZLHF6xtYWVWo0qWWe+twwZ/tt/LEygZspYu5G+AH/uoPRmL5XWXzKhO4p80BUxIZzLT9hvgwSMNIYFnliBecP9R7i4=,iv:5uRHki4OpT+BmxtdOzpbvdBwYDLEB7sX0yvi/R9W0dY=,tag:taeVkVqSoy13dNDSduKbIQ==,type:str]
|
mac: ENC[AES256_GCM,data:i8b5efKRVgIMQ5Viop0TmOV5FaJP1Il9t54P8vM8reawL1F/+Z/9mBhuH6b/L+vgcfO1pPmEk8yNtGPXI9QsHHz9zSNXAweol0DnEFD8EOGCJn2rJrh3guU1nG3BG40AsV031YDD0wjFxW3S9thAWAKE+PfE7WiYX7gD52vwUis=,iv:wRYAiGfiiujxySX7NccTONz7LPFgZwwFaBv2ojGJIz4=,tag:ZaPi68VVHKqw/U3R4akSVA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-08-08T22:43:30Z"
|
- created_at: "2023-08-08T22:43:30Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
@ -169,4 +171,4 @@ sops:
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in New Issue
Block a user