From a89ccd752a39e5ab9ae7ddb16db17b5b93e61a29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Wed, 28 Dec 2022 01:45:10 +0100 Subject: [PATCH] Add machine-id's to config --- .sops.yaml | 19 ++++ hosts/hydra/default.nix | 14 ++- hosts/hydra/secrets.yaml | 5 +- hosts/server10/default.nix | 8 ++ hosts/server10/secrets.yaml | 202 ++++++++++++++++++++++++++++++++++++ hosts/server8/default.nix | 8 ++ hosts/server8/secrets.yaml | 202 ++++++++++++++++++++++++++++++++++++ hosts/server9/default.nix | 8 ++ hosts/server9/secrets.yaml | 202 ++++++++++++++++++++++++++++++++++++ 9 files changed, 661 insertions(+), 7 deletions(-) create mode 100644 hosts/server10/secrets.yaml create mode 100644 hosts/server8/secrets.yaml create mode 100644 hosts/server9/secrets.yaml diff --git a/.sops.yaml b/.sops.yaml index cdfb3e41..1046c743 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -56,6 +56,7 @@ keys: - &riscbert age148d87gqw59lmst5jv3vynhsu3tv4t4sj49s4lktvnplfcrjq2y5sjcwsu8 - &scrape age1p60rg45qrzpv2hcfzxl8d8k9afkk7dtrhr98cngeyuhlega83ynssmtx5k - &sdrweb age1makkpv2t74lxmw0nk6m89nespva7j700pmt83pl5a4ldtj2k8fzqakw8h7 + - &server8 age12jcu0jtw7m96evxnd0vu6lvsm8uswslrdhxd2u655vjrwhljmqdsptry37 - &server9 age15vrlmtckjf4j242juw7l5e0s6eunn67ejr9acaztnl3tmvwpufrsevntva - &server10 age15qj8latetnrmgzd7krq02y65kn7lhq2pcwv8cvzej2783u5a9scqs79nmf - &spaceapi age125k9uyqw5ae5jqkfsak4d6c6rcx9q63ywuusk62pmxdnhwzqxgqq2jsau7 @@ -238,6 +239,24 @@ creation_rules: age: - *radiobert - *polygon-snowflake + - path_regex: hosts/server8/[^/]+\.yaml$ + key_groups: + - pgp: *admins + age: + - *server8 + - *polygon-snowflake + - path_regex: hosts/server9/[^/]+\.yaml$ + key_groups: + - pgp: *admins + age: + - *server9 + - *polygon-snowflake + - path_regex: hosts/server10/[^/]+\.yaml$ + key_groups: + - pgp: *admins + age: + - *server10 + - *polygon-snowflake - path_regex: hosts/storage-ng/[^/]+\.yaml$ key_groups: - pgp: *admins diff --git a/hosts/hydra/default.nix b/hosts/hydra/default.nix index 6bdd6fb0..04ed49c3 100644 --- a/hosts/hydra/default.nix +++ b/hosts/hydra/default.nix @@ -239,17 +239,21 @@ in sops = { defaultSopsFile = ./secrets.yaml; - secrets."nix-serve/secretKey" = { - mode = "440"; - owner = config.users.users.hydra-queue-runner.name; - inherit (config.users.users.hydra-queue-runner) group; - }; secrets."ldap/search-user-pw" = { mode = "440"; owner = config.users.users.hydra-queue-runner.name; inherit (config.users.users.hydra-queue-runner) group; path = "/var/lib/hydra/ldap-password.conf"; }; + secrets."machine-id" = { + mode = "444"; + path = "/etc/machine-id"; + }; + secrets."nix-serve/secretKey" = { + mode = "440"; + owner = config.users.users.hydra-queue-runner.name; + inherit (config.users.users.hydra-queue-runner) group; + }; }; system.stateVersion = "20.09"; diff --git a/hosts/hydra/secrets.yaml b/hosts/hydra/secrets.yaml index 8a2e3280..aea0290e 100644 --- a/hosts/hydra/secrets.yaml +++ b/hosts/hydra/secrets.yaml @@ -1,3 +1,4 @@ +machine-id: ENC[AES256_GCM,data:/DmTA1InXn2MWnqmhkHYWaI504qnT0dFoQj2gganMqA=,iv:bBDMsChgDqVk47MHlP3ZeGq8pxurTwMxHDhXTWOXNB0=,tag:mlAljtHyp6LsK/xtnpBfYQ==,type:str] nix-serve: publicKey: ENC[AES256_GCM,data:sR5wk7yvH5+lLpSIP0zNqCLvDRRvR8ws4Q8rVcVJx8YkrywwPcvIsJ1h6mVEu3nc6SLoZlQsuxOGCyNGD98CBNY=,iv:fFV2D27hWoxGtqVt3EnS4hMlrqW5LnIZ3LB5k4xmFWs=,tag:g7R1ossy2On6B2nVfKC9iA==,type:str] secretKey: ENC[AES256_GCM,data:cm84sA7E6AnzpVoYuaYepbHGWkRigLdD2RxN21UsXCe7FXQxeTQTxxbzVxJ3G9Lt3kRXuZnODntOo5EQKhs46+wzpO8YLKQxkJXrdluXoGVIWl3/6QFVq66XLJ2i6G4eBK9IH0DYJ+anj8/i8Q==,iv:GEM8Vmx0A8LfJo7QOl0N67Cgk+JqHpp7r+41VivmTg4=,tag:O4Kq4WKgbyt354HSa/7eQQ==,type:str] @@ -27,8 +28,8 @@ sops: WkRmWkpEYVMrZ0tKQVgrRk5YU0grTFEK3cX9v11MK9LIw4w51hr2zyLP3biGxkdf dl77D0IS9m2u0HipmzUs95m+z5j47hiX4Qo1Uza/sshwDBYyia4upg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-12-18T17:49:41Z" - mac: ENC[AES256_GCM,data:oQGsk4gJ4dGCr3zCanOpSsKQyx/OuWiYe0ef8pvWhqFq0+YvwUzoiF3jQmqahLWGLHUl1yb1kb91GEr7q47G83Z9YXVVtTTzJUWpKZQL1WD12f5ERPSlKnT251fvoMtqNqKrRirGA9ao8OxVpeh3/SQCAGTqWAcpz1J7dxvL7E4=,iv:td9t1MKcXH5RYZxsD1wA4oG61AfLLGSiVIEq/sPRZG4=,tag:UqHGkKqXeeBYXQYtvplCdA==,type:str] + lastmodified: "2022-12-28T00:46:32Z" + mac: ENC[AES256_GCM,data:iAGu+wOfSh5kYlwonk3DTLQPHEuOfXExv54vHikIRQbk81VNN7GKferJo9uB8d3fos461zGFulsL/Zw4j0EX1X7jr7d4PGybtb1oWIqi8D81TTeBqvfsvgrHfozeQCSIF6xzmXpulTmrTtuIAzMuHRXkV+i85YmYVBKFBi0g2jE=,iv:wafAqiOzpRREVfp1D4+/kB5g9kjd8786XosnrGmtUi4=,tag:OzUBTZ5L7wK47R5axF3N+w==,type:str] pgp: - created_at: "2022-12-26T19:10:03Z" enc: | diff --git a/hosts/server10/default.nix b/hosts/server10/default.nix index 5fbbdb54..d5a4a97b 100644 --- a/hosts/server10/default.nix +++ b/hosts/server10/default.nix @@ -50,6 +50,14 @@ }; }; + sops = { + defaultSopsFile = ./secrets.yaml; + secrets."machine-id" = { + mode = "444"; + path = "/etc/machine-id"; + }; + }; + # static list of microvms from other sources microvm.autostart = [ "data-hoarder" diff --git a/hosts/server10/secrets.yaml b/hosts/server10/secrets.yaml new file mode 100644 index 00000000..dbf66c2e --- /dev/null +++ b/hosts/server10/secrets.yaml @@ -0,0 +1,202 @@ +machine-id: ENC[AES256_GCM,data:Ix/XS0rRXZhWePe41VmMarJ39a/f1kjz2ZALwWGzKa4=,iv:36fENZzal9gR/3DD4CVDq3yMmLr0rxtbMKaRDGH1Kpc=,tag:M/UmDJD0obr2wh8AnjrMSA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15qj8latetnrmgzd7krq02y65kn7lhq2pcwv8cvzej2783u5a9scqs79nmf + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaMTRibThLazNCVnB5R04w + Y2lQM2QxVUllUGsyQXdYcG9lY1V3QnZ6V1JFCjhuNGpDa3lqOTUwOVM3akdXdWtZ + NGMvbmYyYytROHZIN1MxTHJDMUt4SjAKLS0tIHRNZ3J4OGtmamxOU29yUDBYaU52 + OTVFdGVWRW5haGxMUjEzajhyaW9UeWMKLFuPXze1UelrLI3DQSOwWh7nLLnvdlgc + XYrJ3nZXaQtu9zqCzK37d3Ukw0uuNcFsVcAd5fm7Q4cppHma/pmOqA== + -----END AGE ENCRYPTED FILE----- + - recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWFd5N0lPekFPcjl6NWNO + SFpvank4YlJ6SkY2VkVvWjRZTSttbWR1SzI4ClREYXVLc2lqRk8vU3pPM0U5Y3B6 + aG16QXg1aHAzUnkyNE9Ib2oyTk9pRU0KLS0tIExCMHlpbmJ4ZmZqS25OT3FGYjNy + UzVHYmRsUlhpeGJUQXlXOUUzRTdwNDQKhA6vI08t3YIYVO0Wi/gvJ62RYSym+gsh + HKGo+MeKg+gRTDi7LQAPi/DYIiXoNJFuRj1OxFKsqCin1wElEiRmdA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-12-28T00:41:54Z" + mac: ENC[AES256_GCM,data:tXurnfoPGW/4T9CJVTKL0R30Z4evl4lEabOZQbXjkbpS1bisaQ5b3s02mYwrv38NDaxgxxolUn0ol6Tbdi1UF/FxQInG7nM0FU0s+yVOhhJR4dFsR37UXAh+mTWxk1leX8GH4N1dfDWtHpOnaGqydZ9L0BlB7iQaEBvNK68glwg=,iv:zB4NK/n5QrWlalFvafAAaTAw9YWaN9b+P7r+vD1EapU=,tag:3QHjMhj9WbO70E3qFUK/kA==,type:str] + pgp: + - created_at: "2022-12-28T00:41:47Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA6j84+xkv3y7AQ//TD4DJ37OJxo6i5YNFJYcjZ3nZI1TDKlc63k5nqCWzsrU + 2qICW36YFRvVt8QDtviyWcGzrb+YnOPmlp3H7l1Ec5+dr4fIGUYf8C7s8mXO6VF8 + DXeiGPj6sMXNi3I/qbQtpnAGu+eamoa09UCPmExOwaQajmvpbbj7PbaI7MH7A48G + CTpuYFOjK649ydcEDdedWCgFKWGFx+q5WeqOOYNnUHTLmOcEMXRXdLSuAmjJxypq + LD5mRv+vCdoMNOw6iyea84uhaZsEcLJNsq5d2gAfmgWqRYAdS70NdlNCti1lGulN + 4AFgqCii4aLijIbz4P9nk5eNeRWisIbcJXTPaM8vc7vBVCzyk7ihG9KH/UdybamB + hp+igWYYGI52UYJFnj+yRKAqZILuNGyCYYjASjzVChowH0vo41OrmBRNBlVT2uK5 + 6CugKyUqCjKW8HLuJYGOgOi7ciuQiGzEyFiV0vldVN+veJi0/KqcpC0WqYeEocNY + ODXKM4WLqma5W9gypg2UJtMr/dz5mq5TA2B6YRj3F96UwheUbMVlO4niq3TyHVIe + oaPWuLBnt+4nA0bfCnPv5Bdzg3nw3/XJSGua8SOLPZI0yGkP783OTSEMQZzbkecZ + zFhZcaRV9wInkNhQTtReqfsQzw3/3eCbXls9UGTsuwcz5dMhFrS7TxypBNBoMoLS + XgEi4TpqzImLazivFONiiBvuLWDT9rvU68b2+o1l7pZOlub0lo0ZcP+WlQNGNNpd + Eu+Pg3Ysxr178+nL9G3s3diJ2GY1bqhxztVgW1llRSv/VWh7zLYTAWNiPpIB++A= + =tcUV + -----END PGP MESSAGE----- + fp: A5EE826D645DBE35F9B0993358512AE87A69900F + - created_at: "2022-12-28T00:41:47Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA8zMZ+ak7y/zAQ/+IDBpZXcoFydBFcH1yvYhl7EJ4n/GDAxbRzTUgy0UAxoG + uSKwLPa2cFlEoO1MZKDP9ufNgMtNK8tKVs9haPCzflDhA0FQKHd2f2NJHm1bH1+i + ubGVUlnmFfPAd3m2WElOmqM9yyrkbfH4NUhn2EULuuvf2CNuafMLnPyEyYVG2fxC + BU1QwXAgUmIYkS2iw0Ao0hh7dX7DVjJOcxIVlWPlWmXfDjXc6Z6CO5/tviX79Ti0 + fvLUGO6Q93kgnHiNzunHbAqM8Yq2KQmHR+QG+lfEEkma3YWrv2CLnTG0X13qjdnz + nm/QMGBSYD4kLEZp/D/nM83eJI6qbchTXBZGLYdSGTUvQac9xB6hhWTP+g2Tfqzl + 3MDJIhQGXtRnlNG04JKYzmhOO1q2PdhmjGnZZav5LEIZJOeGHoDwqck18zeTzNzI + 2w1EjuSx7VgqIuynFXiBYhHshIsEs1FuWIYhuxyFUG+bkTXfSyEEAyovNOX64ei9 + QQVXw+CM+V7r8XAQxXCve9iH6eevktLzJO80Bgm/+ls0B4ErCOfNTgj7D3ELPqxF + /9TuCVNrmMCDM1hyt2f00wk6Un74NC8ptVXALwXg2IQfUE8cQjrxdTAcz238zX+w + /HAwLPWKJgCpkrL7puxSJqbYm+8P0oerXfaq9vVC2WslFPDZTZMFktyhlUsXmwfS + XgF7Q+xSesGJyqbYLvLWVCM0WZ3hAfHjXD2Hzw1fFrRfXxqYX2yasKtC1XsSvJiK + 94VxA112OPM29r9lPZjp0KLtya77Tgov0F6MA6VpmUqSwYE5E0lx8EAIGE3ispg= + =M1JB + -----END PGP MESSAGE----- + fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A + - created_at: "2022-12-28T00:41:47Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQEMA45bZkLXmBFpAQgAq3NrLpslwZ2H9Gu8tTT7VyBrzI8eypHkvT7LTvGsEOsm + zDW4NT4ANHCCYfwMfpsRRBQGeWpVyk6WB6LxcjH8CaB4AfHS/wBXh4/jGdHNZTe/ + 1qjWNALoKyEpcUKRSadNErhcdlr2SuZZqB0UFr2emvtC30UkZiEPbFRmBJBQdQiU + T/4qHxIy1movEFhOrv6mwDZBZaokp9DG6G86x31YB1fNgl7t8zoeWCIZLRcezgvv + L92EY3ooEUwmjj6ElcyflHB8xoWzFbbACr0uUrwfrTLP4XKV2ollqUsbAzOLmaJO + tSWkOJ6niP9bzWkxiGdyCgAVQMUt5Fys9z0q2RCLLNJeAWdLyxd3r3VYeSgbSfap + j7XFxj4HpbzH/IlNS4xae6csx5lZxdsZXTvxjXYRYiJpBXV9Zqj205L4mFE2iOwC + 5jkjXkaN+1W+X4+8UMq9HypsR5JdSKr7QQEtF4Q0uA== + =Sx6w + -----END PGP MESSAGE----- + fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9 + - created_at: "2022-12-28T00:41:47Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAwMCBBrc/JA6AQ//UqoiZUr0+i0biAp71nUJb/erNTxfPrxdbUKsl1PhbNMo + d+wlqpnKERVLrd+8gtlZRlkQxC5LuVHPTHSgmoyzkeN4KDJC6VXcwQyoJkGgVzny + TJYZ791WxFqQ+yiIjiOoAY35GdwkJjZCRK6+2iPnSKy49wB+SCxiWbja58xOEpGa + +9XylK7ifIFujnR4C96jrxK60CTx54qco0mkdug2Sht9X821+OvlL4knPQG//rX8 + +OEMkzPGWn7fLmTfcp9iTSvqKvjDU7R4MUpSZwxCn4atkH42ty1d5oLwgXhCs+U7 + 5K/1/irTuJIri/v15acKFVcuL2yeMLIGolOdUF7l7kd2yHgqr/9wQsLD3/e3eG/m + 9YnqA9Rlm4kvusGNzMVxbrwUtik7ycII/BPuCiItKiKhBfOjFHgbcfdtbSieBNA6 + 52z9VIOz7l3BPOQy/ksF1R46wrfHu+mu+9KamZKxEnPu+0N/Fprr/0x3rzB95JSB + 79wmYbEhFYO+cdH6jApXvJL3/Cy5pAUEfOfA6bfvCbAtt3SEnGvlnoIv3coLI8nB + yw0EdY2M+W68dOyY/iyZzLSQWjTjAWU8m575jfAl42zMhf0nH1wiEF1CN+EQrk5B + UAybv6URbzhgg43/gvQJgbH96+P6c15mOHe47g0Ymf6rVriH0GTWqCltLx2yaa3S + lQEhoRSdmPxFuf6V6GQT94naMTMBNj+5+TMv2SNSFuX3Mrg3JFT65tG4Hd2DMqzq + a7i9yXekjrL0/rR0Ur6t6LW/nD1ZQV7nKJlyKoEJxDGXKrQ8RztW5YilLCobmWCv + 4amwnPx/bB7FPPN0NbqIv+EScyUyaVOXPCF3Hya+qp7OUoGGzWS5XE7vqrBDito1 + ru+syqol + =s1m5 + -----END PGP MESSAGE----- + fp: 4F9F44A64CC2E438979329E1F122F05437696FCE + - created_at: "2022-12-28T00:41:47Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA9XEenRNYVGHARAArPObnYxzSIYRGyCe6lW21Q1PYXBNW7pr29v0BvKqr+kE + sYkpg/ZqExkUr3W/Yjf6zZatCZabrzNH8wO9AWeanc1F3UN/4LdDXGGN1UDp4Ep7 + JYJ0RuRxv7qblRWR3S2UPfIWbR/ml1buJKxDJpN0JjBOfVFMd09J0SRJamV0aRgw + 7oBDNEHbem3XpG6ZzZzhBBrOcXOQ0kK6Bv19sh1GcgwF6n9Q5VjrVZDnu5ZdwAUZ + Hu88Md4eP7Qi6gEVwKrxgLyvnobPow7WNoHWh3CKm/wFKpxjrCmfGm0jmxhuvU3i + xb+eOYNVPvjzh7+E1S9yzpT8B69vbvN6H3/Qo85PEQKTpsyGDye3XTyGFQGK2TWo + 52B+TgkfKPgvWugla8zRDif+IYN9RXWbJMVrgBnxcbXUjgqwWqx4yKB2KYrJ5bVk + gsQKcpIwfPon/2/VE/+fQ5EGZir9KeSF5bPXQsDBCz0E2tiBuYpETVtdNpDOp0Yq + /v5TiDjxd0Vyg3FeD7Ho0AdsOWwmonZtzCOqaebfeH4VcWqFHxplQhRc1AviRiAV + siPcTXbD1SyOAfWfErFd4GKRjwou0q47tCREgD3bhmkBWIHgVfQRavfkTIimlC7P + l/ehdjSZesbZTP/uxFVpRCBvyXDs4doYzX8KCqXvu49cySr0nkpW9tZ6ClH0FvPS + XgGSd4HjLiYB1f/gM9YlmLFW8XKKcULxNOEpqm0+wLPXdOxMBtZ/zbKdh0ifvq3c + QuYAZt+AyXfkKfm1JNPLLknNDGa//c+TLMiEMu2N+pyKNApfZuqmjcPBHA3hGX4= + =SyG9 + -----END PGP MESSAGE----- + fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA + - created_at: "2022-12-28T00:41:47Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA/Z87ylQaotQAQgAlc2eVbK7l2a6dL/ctj4yeJqDEGdOeMKpFvBdfww+GPoC + 0t3YNwKNBYI5giunY9vPX8By0ErCDdMiAoqlCgL0k/x0vod9Olg8YIzeWnzJvRdz + S5feurQLsnTzX7lH2lomNwqfmvC49L8FmKgO0XhuUAf9h4H298xPdiosm31S6VWO + ONHm7wiWldpvlawwZGPAc56zcVAVUWtOC34JaFgxL0Ee9EV8FHeBYSz3gQ4Mk3q7 + aaufLaXGRdrYbn3zV6UNOEx0waYiCoi8kIM230idhGoGcnW9bkR4YoY5cVLkVcs/ + 9kmDvRIlHNmfAMFpQiN4xwErPAUxaAvESqpKwft71dJRAbPZkoo1/uh96zEghVAl + pnjBYoleKQLcdeGBehCkZ2rmo1ukpODPYUPLDYIzvgJp2unB2PaNeBdL8yKBOJtN + tVTTgscgx+K4x5IbK2JrpibO + =DeEH + -----END PGP MESSAGE----- + fp: 9EA68B7F21204979645182E4287B083353C3241C + - created_at: "2022-12-28T00:41:47Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA9qJIVK2WMV7AQ/9HMfi65yIDXtCsFsplQDZpLIijXJQaV8HYccH7J9/6/BS + xWT2wzexi5ejy8I/faBPu8Azb+N4S46EJGqyJa5wJx/Q1b+ZNv6tetjZjoDamGu+ + e+8o1VbZboSRc/nsCWt44xfdsUUj7rpB/kx38EXCGtvNVYfu0UU4rrmBqGacQ6bG + 7ojCBGhMZ5mQx9bRIvwxDRBxOtku959Bei6HnjKmcRSw6QgVwRoOLKUfOPR/wLWg + 1jil+Tv5jT0V9g4lPYyw+Xt40jkEknPjI4klD8hYjnSmp0ER+6tJL9vz6ZRYBves + cLQjqxYMFqqAF4knnEqd8HDIEMIwikKLLf9hA+dDQRzdE44iZFVRAxj70uw+x4xy + DzdZ61aobpBuHWPiouImUb22mqWewEUCgbIrkCAewxTSMcNsjjdhSWm5L+/OcT7m + ZAhUGhf8qR0WZEtA2RlwDAxgMcqorOVfuzIwLpqsO6w2lRog2ALbNqxVAaE3pKf5 + LLC88v4icbsRCbNjNR5oMZz6WjdP+3gujIT31IByXlMjtLbjEC4+boDapUsPK0LW + ZoTio5LmPa5iDTlwErDV7teDy9lvrRj0BdXJbhv8FWH9GNnB5fmixhf8dEXrunFw + DR9Hf+auBPmI0Aip2dniKcmP6Z6RxHbJPjARUuNkmH4aFtCkma/33fGRVTnnl4XS + UQHbdQ2dv86aHFniWhtwCRiVliHfpXkcn0uSNh/QTl8Zlvx/DarvVdFCAway6bYd + rqI1W88eWg2aSlDe0URPPXq/OVXrTaPBluHvwjATZCu3aA== + =egcP + -----END PGP MESSAGE----- + fp: 53B26AEDC08246715E15504B236B6291555E8401 + - created_at: "2022-12-28T00:41:47Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA/YLzOYaRIJJARAAuPMWqlRav3n97Fsws+Y+vBoDsvpBcmymTVvOtjimkpOw + LLU8CU54PLFo7b1lquxS5+6effkVzIh2CRcG++4T+FxZRQx5oMFJ0Zhfr9pb84Az + TY1slCRpBbuKTtGc0zpb6nnL+La6zOxm1Jlc7MknwhhdKWxZLlXguIdmGfxFFXzn + ECro24hMNzj4Htdt85WDtmvZZRFK8GkpvQejOv2uuTdktpMncTUsL13eGmPThjI+ + gmRo2/ymzXUluqJLkMCmq1pGn3mZk/YufnfkDDL6dT1izTuUrBOyD2lic4U3wHDw + 7WETkIAzKzBILix2e6jkX4Jgx07EJ/J2tLeYr+E9Agm+p3hDd2VQUKphtYQMcmw0 + u9kXroG0AAuC0wPA8OA7nlxb5weyDBwQ1z9irUHf4PgEPDmbxoVAwiayTTw8+37V + mrOwXlFEBlPUw8kkHFymZhaDHw/ofd0oVX3Rn8SvfbJWHlrI/jVIvHZ1sZdFSxKv + LIcI8mSvmdj+nKhAEZpBaYmEYTuVAmTac3wwg/WhtOuDGx7dvd6ucrSYWG1JwyYX + hej/NQDJwTIkpGsmZptNObdCvcuj/avpm1AODLqcdwh9a5m7Jiev9lEAyqqcqnKX + a6lF1Qo1ShdgaSqDsBGddvVmkQg1lva2IwQ0SJytcNo6homccVSQcJP5G+uhTuHS + XgFNwk9XSR7nvhOao+GNgcoL/lq0ZKn7+kdc12R0uB915mYjkW4J5c68kR2/6KTE + zavt6ckcgNFNLZeaf7zKyH16KmIZMMOitgQp05dT0YPnBsU0L8ZjmS1hcjk9m7Y= + =upoR + -----END PGP MESSAGE----- + fp: 91EBE87016391323642A6803B966009D57E69CC6 + - created_at: "2022-12-28T00:41:47Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7zUOKwzpAE7AQ//XpQl+DTT4sHrpevknOgCbD1yOMpR3frEu4+B0Op5xm8S + LI1WhuuWOAkwEC9qlJ7BpuaAezcX0xXXXPP9xThIxLXwYmxen16YdOd8CANr4gzU + U0094Nz8b6Q8/VcKC/KOxal3xBVmM0h3ySoVj/UNsip6eNWA9buIKlAiygwehzcY + duULcjgtN30yQcArsqXZ5BUdIZxU9djtd5eUPvVst3llfFm9saO/w5+WxiPKiJg2 + 9S1tQNrzQGysSXCjUKeuxAq2YH2hCJWmJ1IuftGvtGyyeK6Kj4M0s5W4CSG8WoVZ + bsgJ/LgOgrse/nwaLteVpU29o3bZN+oAv2vDw6WJI7MNLPn6/Fc4Du/IbelZeh2d + YGczOvUfuBrQ+QqfbnRoKP9eFTbnoE8Wr1i6ou9lWyf0928MKVQ842IF4bz44VXI + 8SAN/WUmy9syQOeNNLYhQ8O02DTqDIckWDXf/Un4JAWqhDKG3U0Qc1hdd+08V/Fw + uvB9tWfYZdGGZINRM3coJ1+9NCN6lzh2srggZCrFzvTg84+rh7idVy4NAOknGv/r + TnnxnMan3lwavjIlaB3I09RY1RC0ekBGjp/hbdR16XV7Ou4Grc3V0BPcpTidP/b3 + z6HFB3fzm7nKFBMys5CcA/R5lelN9xRotXgu7DujfBnWVrhfJ3FO0uItYoVzO/jS + UQFWjkW+eWGLXmf46oJzRDeMqPjgOTM7aD0MMKXB9BEAF3Jf8nBSBKXisoSyP0L/ + YEpJ/89DfOZkkL/d9WO4NSBORchroBQHzPfLW+ydRcTslw== + =e0t9 + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/hosts/server8/default.nix b/hosts/server8/default.nix index 5dd90169..d9354a59 100644 --- a/hosts/server8/default.nix +++ b/hosts/server8/default.nix @@ -38,6 +38,14 @@ zfs.autoScrub.enable = true; }; + sops = { + defaultSopsFile = ./secrets.yaml; + secrets."machine-id" = { + mode = "444"; + path = "/etc/machine-id"; + }; + }; + skyflake.nomad.client.meta."c3d2.cpuSpeed" = "3"; system.stateVersion = "22.11"; diff --git a/hosts/server8/secrets.yaml b/hosts/server8/secrets.yaml new file mode 100644 index 00000000..a30f0771 --- /dev/null +++ b/hosts/server8/secrets.yaml @@ -0,0 +1,202 @@ +machine-id: ENC[AES256_GCM,data:Ko/LrndeWRgHEhDKMC7k/6nRbZWowjA/fJXBzW2jLTI=,iv:wdexRj+zlYZ1NkS4MjQvbh28iE6UCUgDqvTeEfxyY3c=,tag:GSdZ0FhBS7PBfG4OfNiCkA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age12jcu0jtw7m96evxnd0vu6lvsm8uswslrdhxd2u655vjrwhljmqdsptry37 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWZEZhTVFMNkNSNUJoeTRI + UzJybTZYYkdlTGFpVnQ3cnQ5TFNaNDJYOUQ0CjBaY2xzMnpsdHlCZUNCanF5aTdh + TzF1ekREbzZ0cXlqY3lrNUh1YUNJaXMKLS0tIEFCL0srdG9mcE1vMSt4OXduL1RU + UTd1R1NWM0hMS051c2NXeGQ1WGNUWEEKZfjNvvKEtvYWfQESKBYMWL8e9avJJBHf + U9UmDpylyO5HbaXb9R5CqwTroxMurr0hfBJ5RSguVWT7VNlBA9w0sw== + -----END AGE ENCRYPTED FILE----- + - recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEVlV2ekcyYkVkYm1sQ05p + ZmFSYmcvQVZDMDJnek5TOXRUVm5vTmEyRDN3ClRObTlNRllJUmp0anpqRjhkQ01U + Q1hHTUh6WjRFWWdsM3Iya253ZDlmL0UKLS0tIHliTkF6azZLNFhxbVBYUGM3YW42 + bWl4MTZUak1Bb0JWRXhRQkR4ZUFnNHMKvKQnoxb3IC7jW0P/zewbR68yJI8Uzz7U + iPaL8MoOlmXPu5dHBSTwn39CpFR6bPxIDMHUn+y9gtCUrbIIJQAaQQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-12-27T23:54:21Z" + mac: ENC[AES256_GCM,data:XKBsQ2dhGT+ifU2EoCONcFpPtVzU0q+GkRn52EfwfjnGSRWggv2CZT5CE8vWpM0oDtsv7FYClmyXxDssBLCY3KmkGW39BXf4uTjg1WQItlfcK4iRqBwa/2xdVZEXhs+PvhnBBe+nzHMVGz0l8tKgK9SSt8GooaJjrugZbcLPg2s=,iv:AgHjkh/pTKRcczCMnMlKlY9X/LWHp5oiImcA1MH1Ei8=,tag:L6OFg3Vu9G1Lec0LkdjpHA==,type:str] + pgp: + - created_at: "2022-12-27T23:54:07Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA6j84+xkv3y7AQ/9FXgFJ4wEqh7/YWban9RoQIpdtJffGG12QRJZRi8Il8LJ + oNPND8vOa2v9S4pVu0mJXnAloFNqsMBnuE2Y6mwq3q7pfc3IMONfAaIH1JQFhOLf + ojcuKX4cq9O6SpjzYPy1Fe3nLNqf3ZgvsZQTJ0kEnIkaGeX+xbDMUfQK+TKNAd2S + 2ZXJ0csje5kXpwHqrMGqKTAnwXW/5gR5QAwW4a1dWBPJGQBaqxjadzL6wl0iPY3u + x4f/pJc1xI/yLKMsoPDP54eobRbXqGOkn+kuSB5WOR8nQoQ7aL52YSL3qclcQYdB + hvuhYOYaz7zQ7mKLzIo3Rbqd2gqMQW1Qz/Jf9CbMgmZyNCEGHWdS/Gfax+kfEUPv + ZkU7jgpw8pUJlNt4nNuLZX7evIc/zQVJPcy9CpG6IUZA5kH90gr0IZEMxTDzw7wX + Dx5DaI9qSsx09UnZ2bqXaPdcygdJNsE6R/JvHGlr/zm25M70j4h8wG389pVQ/xOu + LEhM20YuaA054mtWU+MD7f6RuaijU2VDvi0zYaF0KY+dkCB634Ob4XT8qv3Bt9fk + AFXFtRz59NTUCy9rpONvsN99YMa2eahr5NODDE6PZehqYeHvmyzVGVkkPrPrvagY + sUylQ+HfPfqiP7ohzAPYLhU6bnryBd28o4ki5C5RZkDTFQQSt+v952rMU5BokQ/S + XgFxVn1OOvxuZ4HVph6R377gLdFk4b2W3dN1fuR7HscUW+HtAyDwe8y3Lq0zDEQs + NHEbS1T3th5Q9u/wKrmaczRDG0OB4t/tLpbyJiIPZ8PMXF/R3gL//78gTFDpZc4= + =Z4gm + -----END PGP MESSAGE----- + fp: A5EE826D645DBE35F9B0993358512AE87A69900F + - created_at: "2022-12-27T23:54:07Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA8zMZ+ak7y/zAQ//SGQaslxQn4ZHMEIRcTMDu1qnw0Rnj/7BO1xwbG0svA1G + wHo3Sf+K1oVIoXGNl8Vhjzt3plqVx8yy8kd6vWyWHjpKVUE0+IsZ3lMXmbzoAKYg + WD8zJz5wDM0YNAZgyy3i9APPFIYPROxayT5GvkwkmmDBtjx6vySxknuX9noVcTI3 + T6A+CAS2iqhAfXUtV4ri4MooYpvJHy8yMcMI/JRwvTMioiee8MFLIGoGXVdxLSFi + 0EjPCNp3JcduzS7TS3f1wHhYv7hOhhOcThV/IIRsrKazAvkFAPa8ML3jjYxTy1Ye + KmffLcGvYkiiFGAfYGAucpxF9pTOd1qaFso/mYvmPVjzQ8sq0g4ItA7CZbnKgM36 + IZDywv1Dl7r4E6VCRMdpW64rHSlxbxlVTwIrul2GmIt9YqoH/oUFp543CrHQ/I1N + +2JvarQ8DJS0Ozc7+GoPq9/eCI+dBWcnQahMko1uk/Fu1sRsPTiClfuAo17tFows + wZSYZBqNnxl7ymfU+o9MOGYOTT6vZBKJDx8PrCb03GnJemQXuKDL9fPdTWN6RY6e + i9i/Fn7T33LUC+yNEsIjbAOgq5GUm1NWQUWC9cTWL72FOy9eUCRjC+0C4t+RNYXu + wakHI0nUFjAraNLqAuUSzTFs9ChC30Q02w6cmial7s6lPY+8Fuqp6o/kZnrft7DS + XgFsf/kKMkKH9v3FiIBSwy0p2bymPQDw8paM3p62Kt693gNVg18vvP+Ivh7HJ5aT + cyrIwlA2rRaloVZZcmS/EzN1H7Uu1HCYm9M4y8Vnx3i+rJwMo1I/iQLK7B3x/Cw= + =1Nlf + -----END PGP MESSAGE----- + fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A + - created_at: "2022-12-27T23:54:07Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQEMA45bZkLXmBFpAQgAq8xRSm70hqYtuWeMKEucRVkOlrC+zC6AErrg/nhU5rDv + XvCudRI13m6RpkgbEO5UyGJB3AviNHQTt1/2plpsqsDWnF9r/CNAN2nuPiRK2yuU + nR+hocOdIGQYpZ58lGmb1MmCbT9aNmZIYm2o+T9qktWTbw5w3MaAIQjAsV6tq4o0 + Ma1ddOzMTj2z+hVUmUG2kHuDGlLOyRJDF2xT4c2y4mnQwHt5jL3pkmmM45k00Woo + 6EtsSWAHdIm+uNzO4TCIOmopHFyePCY/DJ3gldE02hVvyBJ3wa3Ca1AzYSBfuYeY + rUEFrtIvlJLoOuvBvU6mUfIJSD/xy177KOYqbifYfNJeAfHnJLPrh8RSpUdZtAil + iMFd3zNdRCs/RN4kq2GX1viUJgSECxcNX5Jmn1DQ2gkX9EhN1zdSLM5rhhNMMYe8 + ma5AiafxHdAfLw2J0q2+/x08OeEbS5celrLtIhqboA== + =9yCk + -----END PGP MESSAGE----- + fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9 + - created_at: "2022-12-27T23:54:07Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAwMCBBrc/JA6AQ//Z79WDPkv8v7XLaHyevqLpSc6qh0GHtRyQQ46DgGcb15q + FnOzD7OTkAfr/5F14VLTXoEiXoVUwOoYWBolwAM70iDMA7+DL1rJlrEZ+e8Ze0sW + kjMTMpf3PmsU22v8UxwIIs6FhbXh7S6KX/mg9YjQRxYLZlteDrq85Jwbg+xTzSeD + Mclmvuffu9mC0GpOICAW8xFddSqJhjCrTzdLNXcmfgGlYELA2i/zbpOkJuWoX2o2 + u78I7x+4/F01BfY7I44DsWQVA2RoYdthho7kuZ/vSD4pbtwC9HQQ+dxOUpgxhCS0 + C3bD8K2eGTMwY2O5cCLru76vt/fb1UqTlhWStxeX0KWpyOmlWdrhXcNXbkQEZSKV + jhHFpQjj9tZvNj6zt5VVWD+mhdUK101sC5X5GHz9fNvCcrL81AFNij/eduASfAvx + UIlzws9jUJUrTfUMkSr9fYfz5zbNYg6utQ3iSrlnRlbst+N8B7XGaTZmn8F5IGY0 + jtAHxQWxSB3ZAr0GX/hZiu5Qj6hD3sS1N5kHJ/Ha9wQyWDdyOl3T99mW+sxvwDS9 + 7H7Q7wRCmNNFEgE3pQ0FxDcAfczAyjCLFen8hOkhJiM6GJeBDGMX1agBUp8o04kJ + k4sSdHBX6pl2z1tor7p3RRNXApuJhRfZQq+Z0wzXoYsfxWSL8HwO+fKoPzTyMr3S + kgH05lxFLYhE0CBxNp4dLcknHAxS7KMSejVGQALcMdjugjheoy7G6uTOSdE4v/Cb + VrFXMPRWShRSmYx2ODvimUZjD0Cb8YjyqYAnaEibUeZBS/Qz2876/9eBu8AWIn8V + LNNc4HkaJnOTZzwnzF4MGoCPAkrBQIMkNkZk1k22NG2vu4iKeJU5LX3PBSQscZqh + Oon3 + =/SQL + -----END PGP MESSAGE----- + fp: 4F9F44A64CC2E438979329E1F122F05437696FCE + - created_at: "2022-12-27T23:54:07Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA9XEenRNYVGHAQ/9GjiZ0oHSeK9iCGT+PW+5bi8Kisd5OdtBXeihIq6W99sl + xfNUsUukUIqgP2ef9Pnz8IyWxBr8Njx16XGbNEv5NQddpx+d/K5ZSGZy1QGNBTLv + lsngqm5bg7oZzqm4XFUgvF4AlTkCMoYnRtmI0xP9CJzM7NPvGQoB6Fck7HdDfHkv + 3i7FtyZeWk+YQ0kpDSu+XyFSB3WFFDlGn2wntYM4LCyhQvkA1HeArrKETPolK2/p + wiYYBthV8L2ZuEyhC5YPbplhFWtN5mPcKNhT5XHcPkdNT5E3BE2DspyJ/U3xh44V + 5Tyuy/NchALj8v+GNBc0C0dNhYswtLjoSxPeg9Ab+jomOX6Uh3mIA9O9YydmEAc0 + LD+H0IP5pKRze7FUBU7lluTMFCaQPAlBsUsr9zqKQtA76SEeaJ+aFoEZi+LDJQZr + 9Imd81bv0hyXaaVW41LvTtuz48Kuv2liELrZZ+uK8zvzcXz0q6awFa3AogJwUcE0 + exohJ6RiUdXOVUdhKFihu52U1bKPpRBmzpHHuK2M2suQVyK6DVMwMhwHbBVDXATt + ewDFVJ/vBOFdisPOq72Lplc5Km5Ch+UkoeNxkUxho0JTXZFoPgx/T0ELcwUOfdNH + bmCRXsaV0RibN+JaOVHJU1esYgamMXHdBTHS/0K/1JyegevPT0L680ER9is/MS3S + XgGbxMF7o5+1FeemI+pLVo0+fttKZ4D33JssdGi71vEWsynA1jMFAI92ZAO/oB+U + wB5X2Uud3uaUoI/Gfbw2k+JUlc5wOVABqthk7KThnNp6aEHovWq1z5e3Tj/ZBr8= + =KnWf + -----END PGP MESSAGE----- + fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA + - created_at: "2022-12-27T23:54:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA/Z87ylQaotQAQgAgXlokBtKUCEngNc1G/FjaNdwjvElB+H/XvS8LbAr0f0o + sMlwjoYND5DEqcR6fLOPoIwcI5gjkocEfMf4VjSAs95XXwOLs243OnwU2IElWIOG + 0KMoXJJPjQdpq8Benl9nd1j6ZTf/4mTGQ8YRhSWU8AlDNUvoZTPI7U+8I3ni6mZ+ + tUP3dSX4lSTDjr1GzFD4P8dRDfQBCl1R+2XJPCG16rs2xlcxXDnDRC+EI8Ot7Ksm + f5jrDTXs49DGDZ/FWFyOtG8IrI/TnXZcFtfzip+/dYMBJhurFoVbzEYXOV9qs37D + GJGdEuN7jCw1y/HroB3nfO2xeFZuERcISKYT+rgF1tJRAR4vZwnrzNSNCQxQCals + bJYHYLnX8nD2m7cbUx9YDKWHBaZ3v5BT6OaRsXIBBanbYmEW5OLP/eSsMPio6qnI + WAwwpVL1KVnEGxvyNJf6gX1I + =0IIs + -----END PGP MESSAGE----- + fp: 9EA68B7F21204979645182E4287B083353C3241C + - created_at: "2022-12-27T23:54:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA9qJIVK2WMV7AQ/+M4+3aN/m7vjcfS+WMK//unQLn4Jr/BEa4Pefx0SZxM++ + JFIL2fxkHkHl173x2g7br/J1olZ+V6L3wChLrwjpA/g767urBIm3ynS1vxqm/xP1 + RWqsuwZjqTqM63T9EubuI19w4DBpLQhUmqk4Mz0E6vigT9n3AJvMHM/MICo2D997 + F0HGHoFD19o9B32Qn5m/nQOD6Ha4tl1ezzYesOrebbvUMh+7Md3MKsRsS9id/TGO + 3LvF1ndeBPznKbc8Tf5dtI7CsLs8WmEXvAYLA5o0LxUHHV4clHc1qKkylbX6SBoO + VPz9UKJHKbLeAig7d9AbfOFdVX3dvFQIe7YDIo/7P4dpgxAOvZz9P5UK7JpMwLLP + 6G3wLIdAy/HCSCaJrIrLtXrUVMea8s4vyPa8S6zgf400WW8Kzni0yeKlTR6gJHXQ + rRXEmh/3XHfYvhroB8BXJXo8XlUAouJ8MRgPtfPmhaRGR0mUu4CvK783L4/zkMrv + 6nXyvA2jGSt6C/dWyQJO6nyAe2nFIk+y0GUSFdJRmrJsuU95d0MNLhgGaF9NwvOl + tT9QBdAtWRQFIspUQIoVZH9lQY7M1a2wQEavYn1g+9P4ByB36fcZPrZ+MkQKewX+ + vLOaFs9sQ+VYO7SPHgB7uWudesKoG67t14U2MxrLIvEW5boYwLtVrhdw+o18a6vS + UQH0R6frZHgTp29FLYwbRWdtK6Yii9/NAyvNwyniomhJMeyOQZ5d4Tu/YImhhfzn + 2hZvUlVEvcaQgAyom7msiNNJP8yd1nd9R5mHwuZcQI+x0w== + =SDo2 + -----END PGP MESSAGE----- + fp: 53B26AEDC08246715E15504B236B6291555E8401 + - created_at: "2022-12-27T23:54:07Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA/YLzOYaRIJJAQ/+JWR0e1bh3d8oLP5zbMK8sde5lJtCgTfFfzYZA2yDJ0L7 + ytJKizgEc3VlDEOh9DeAmnb7xY+7aNQtOwclN8oYSfk4V1QfaTl28Jsh8c6g2KFH + kBAy+sz9HP71OYoK4IxkIkUCb7qnTE5b/4xnfsc/EbXAPlLtB7z+Y4MltojnvuKM + Z50CNqMgKFkx+B1isb0n8+mBCTilwGxYcR2yE06Za3DKCStVJL/RLgm3e48n7wyC + cR11dS19MRmYBeRxxyG/pOoaTBQ6KJltZ2E0Nk/i5n7fQoW/931otEwv4x0qGY/K + KsMEmyV54Dew3Cjmtu60RHfP3IuFBSvFiuz4JAHYGeVm8SA7soIh25jj/dVo4MEt + jOInLwydBCzRFgyEzmBQPfe5luSn96A7vE2cncSkjiIaF+PoxeWFp0QznLFSb6iZ + /xQGXHX4ZT6R9A6a/nU836TI2s9NOEtt2z0kiMoPYlqeFZiWv022zPqMECG730zt + WqAv2do+8oCdDJKO5d+6FvCuaTSbB/g3FLapdB79lk1A0kJfhwHVvk7QLY3GJgKJ + ok18QcMKyqh72qthf1w1vw7fuXvSEm+J5MOLMHwlbAjXmnMf7eVPoGgisr3tQlfx + ptPVJhxQHKEKT+t9+iwFbClsf+jt9Bh494x5UJ+W3dsnrTWmQmokj/L/bJr/ACjS + XgFIgcePAhqkd0hiNM7JZVgzejXLDBYdc81nDJUR19jig1Yy14J2ywf2DPTaFZCO + BaqgRvx794I7LSM9+s28mVH4xr2IIdVC/TPU1d9CNMrMGDCnM9VVpIgPTJ+Vp7s= + =K8eo + -----END PGP MESSAGE----- + fp: 91EBE87016391323642A6803B966009D57E69CC6 + - created_at: "2022-12-27T23:54:07Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7zUOKwzpAE7AQ//QyFiPKyykkqTP4mIDndepTuzZRx6g3Le3rBccLzj3w+y + JJYAJqdJhjMZ7pyv+T4kdrLzC0oy3ukoCtt4HyN0iKy46Yvsp8O8z39qq59KwSvV + Mz4Yw/3p6v5/oc8fEHh6PT+j49qGKydh/IBrE0hyiJjl+oZSJvTOSHcmHxbMo73f + Zwm3PovwLjgfaQdGWIIq9Dxu3khAWahtaHePbddwFdJG1yLsdHICzq2E5sugZzfN + GjUpurCYxEHjxj6VtQZ8La1Zh3KLT/qIhEe5oYnTfLZQ4UK5RB2DYHkx0lx6prIc + 8GLoHPBWySSgA7Lb7GO19Q47p4/BNXIk2Pob415xSShVnwpqIEG07wYQ5OFeQkkE + 0Np+2CenrFfb+3rmOGYenCBypcPq5SzbA74mNZmoKb0NpvVrMQLKHPsXA5P+qJR8 + n9fyKE2EeudewGd+L8T5UEJvZbattyZr3teqRniGfnFY32FLVXpWAg0S3hgzpKBU + Vq6TYW3khoznH+faFvjN3knzUIbRYp92X8Qs+A/qIlfckkGeAaRbsprQ0Pp+vmWj + F+vIMOfmJPnwPTZrjmnXjNOwtBcWX8Y7UdwF4efHwAWoCsXruFiV6ZsXRKrhkOG9 + twDOdRoAdUQV6wSxYFpudQPgbLs1M22REeYujcrdMmhDw9c7xCETmpkDxT0k3PTS + UQG5d4gWggcXz/NUr+Z3hUGetAf9wvhcPIOpaIe0SHDBNLRd3hb8XACPsyKtqi4j + WgYB7DfkttcwdSa8ClN6KCWtkjptoma9cl2C9C+tIpYpXQ== + =u80S + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/hosts/server9/default.nix b/hosts/server9/default.nix index 8e79ceb5..deed4b26 100644 --- a/hosts/server9/default.nix +++ b/hosts/server9/default.nix @@ -46,6 +46,14 @@ _: }; }; + sops = { + defaultSopsFile = ./secrets.yaml; + secrets."machine-id" = { + mode = "444"; + path = "/etc/machine-id"; + }; + }; + skyflake.nomad.client.meta."c3d2.cpuSpeed" = "3"; system.stateVersion = "21.11"; diff --git a/hosts/server9/secrets.yaml b/hosts/server9/secrets.yaml new file mode 100644 index 00000000..32584f34 --- /dev/null +++ b/hosts/server9/secrets.yaml @@ -0,0 +1,202 @@ +machine-id: ENC[AES256_GCM,data:YIOQJ21rswp+TE6sEKdNu0gP4iJ7K9ohrdXJRi5POoc=,iv:0Qd5ukdhpqQxrE60I7AVX7/U7oOsMvE7lDVXsB4d290=,tag:JbdNljkMRgjvPdxyUhXuIw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age15vrlmtckjf4j242juw7l5e0s6eunn67ejr9acaztnl3tmvwpufrsevntva + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKR3pPUDJPeHpyRWU1UUNS + ZEhFaUI1UENQcEdBL3dzTWVCenIrWldBZG1VCjNBQlpyR1BBMVIyV3RUZTAwTFZr + QllaMllGcDVMYjdtejBGVHRtZTlieDgKLS0tIDZOLzlrNkxRMFFXT2Y0Y2RhUTd3 + TGNSUWxmQjR4WUVqMHY1YTF4RytqTGsKQoY1PKashXKl1zDWv8tyLCab/8lwLvou + 5MiGLakKziUiXiVHg0+G7h6IdjD7xY22AH9vfgxSlHHSeyt5UWOCTA== + -----END AGE ENCRYPTED FILE----- + - recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUmVzKzI0K1AyeFBZUmxB + dzdpNENTbmJteFZSVHBOUkhvaGtoYXpnZGg0CkpWajFVNStYaFBRVHM0Z05raERx + V0RsQ2R4ZXFoamI3VjZzdUw1YUI4MHMKLS0tIDMzWjVLTmhqVHdoOEp2NGhhdDBV + dU1TaURPUWFOVW11bVNtd2J4OFhDMVUK6YIU1s2aPhY3HL9EFrzcuRoFObiLjc/t + HOFh/iFJd6fFPia7HYLYyJ1bv6Blcz9K6I5i9Ptb1AM8RUrBWC7BGw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-12-27T22:16:28Z" + mac: ENC[AES256_GCM,data:HYNf9KMRrLu+o7KuV7OQ7ixz0LDjy5YdHywNYBpkSuCaTp5RXgjJWnuHA5E3lqZmXj1gm6wUmZPA0fsvmBfXVNhdkMVdn2WSk5H8ED/ayMw1Th6g/0MlVYYMWOPvGKY7ZgydiexBJHuqBMznCkSyT1AzGxDu9yVaWXUTkMiaHFY=,iv:iBT9vCi/K8Go85/6Kgp294h2R4QXFKNZJX8yGW2MfU4=,tag:z+Xu9bnLxtqfK+G9e+o9nQ==,type:str] + pgp: + - created_at: "2022-12-27T22:59:15Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIKA6j84+xkv3y7AQ/wxDvM9EQcGvA2EVhft7ztJqWn4ruMxj0oR0x+kSPY4gDO + y7LpEwE7t/vMgUZ6QGqs4gUffJKU0NZkF7P3Tf8qhACLErBwQ+s8RSHznfnPKCNl + sV4lNV4R/M3OQqoc2AyKpeSIAKrxvD77vwYGDm0GbfzWJH8GIyLxOJWvOZ3r5HVl + UTxD92E62GOKgtxhVINquM6cUDwXHdeEnWnuiuXXLLumApdEvdOmJw5QDFmh/9hF + B82s1HF0FctgZPuK5BEhfGdyhmILBhAZaBjfr0lqLgpcUolFnIUq1vkCrk0XLpAR + zN8zQE7abrJr/V5h8VrrL2/GKmiY3hDgS4YbvK41LO0h2V53EwS/kvPOAezevlRD + ocZ3L8uLjXnH1VlfJhZbGivVKLMEGKgvCVzhEgYj0KtlZrJYPCUAVv+EbKoDTZBp + 7wDX0lq4JYVkkY2odkWrFoHoJpyy0bxJoOAnoYKrHqrg3uJP97MmyK8HVp2D+0+p + 6wxlcxe4Cg5b13jZBNQta7rGLuPlSK+y7GJwWcQLx3BZ+XyYJDZ7lJBJA4bYNv9+ + YhFMbOlKAf/dQLfw+N96+zgZZAPEr53lL+tLZSb1apPw0kB1wQxncrHlAIkofIny + hvCF/jUr3tk8lI7Hm8SMZy5K5ys9Wde60P7oGUo8mGzzTRSzF54a0fNioWKz0lwB + vFx1TqAA88Xp+898QvizrIWeFzI+l2jJuMQ5HitIP7bkU51SL2jrf1Qxhmk/AwCk + 1EEHzNV464CNMEJAGVRUdjpR08124WHUkQHIpCRrJu7dE5YhucnxYKBiPQ== + =s6Sn + -----END PGP MESSAGE----- + fp: A5EE826D645DBE35F9B0993358512AE87A69900F + - created_at: "2022-12-27T22:59:15Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA8zMZ+ak7y/zAQ//WnAvgqpgeIW6qqrcF5FSdpqbdKkoQDFVqUhkhDCpUhR7 + LtdPH/GVMQifUQYkwm63dgfEZ0HD3StS62G9lu+hZSmHvwZiRCZMglkSKQJfSFgj + JuiXABvqGEYLcd3uFriNgtng8lckAHv800imlw7PwQWpiM8MziyNcOsmBrHmCT34 + UkfoEn0qtP1V+WyHexb9YI/juWMrqNy7wDdblWe3AjLEhrALd4KHpgLZKUD03djx + oHfhzeVfZ7FQBM5j5i4MtVG0eZjUAYfmf6zmWajJbx7VmOaWaJMk7uHzUP31syL7 + V6FVCv1hK1QV6NESnvgkD7q0zvE8AJQ0yjAeco0KwWgJFB/GS8p+9VrSAPNhQnes + C1pdsoBE+jQVC8vBeBErJqFN++wu5+OlTBXa0vEkPovOUP3IGZS1JDbd2+uha1CI + LSYdLDJSZ49k6iRgJWjymoc49QOs6g0NfaB6nX3bDiIYYxQWVOl72mox89BR6FMK + iKncZIOyLmSB0DaPKSCe+cY9aJm6zFWHytlT96Wp7nmi7zoxiIwJjuqI+FF9SOHF + x9/y5QywrVpQg3m2mPb2T7fSZ18ZNHhXMMK8cAE96gYfU3HL6+5E5UOgTqKYmjW1 + kv9JREmQpscdYi9FALcVm2JRQqSXrbyJTnnfJkmfVqW1wIB3C5maJGcQijIMnmLS + XAF5NYrzcz6mOe0A5Nu+r/RNfZsqB61uebptM8PX4pkIaRH+IZE8qvKfwdCPnpYm + Tig4JHAlETAujV5koS2aolWJe0xDSfuYdws6c8dq4QSIqDSCKk1rfR6MC7SY + =rWN1 + -----END PGP MESSAGE----- + fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A + - created_at: "2022-12-27T22:59:15Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQEMA45bZkLXmBFpAQgAsVIrc1SKnVukuy61FP9PvkPQpnxOlqjjE+b0q3GkBQcC + JJQx4UryqBE07lF/hs/7MiLetWtgaV5kn6AEYrw9FNpj0+qYmwHbRXeJqjqi7Mri + 05qogE7dYYrY40JdLmvYsqbJQis7ULS9EZCFyCziEBlrZjYeqUTW3Lj1q+ZiZ14a + Iol3/CzaYsZLuw6syeNtQEEGkgE3uVkOLipMT4sCNa/kR+MDz+Ao0iyoIr034KY6 + CMIU0nvyqDprw5mhqFosAZAbp/adOLyTBfCH/X186uX3mbnsrFU0ow7kBzslLg9J + YVoOrm9lwX7pPeWrBr0zJyD/0+KcfPUvjQsqNeyF09JcAYTVgIC5HDkTJWxCIrxT + nAFbfr6vVGst45al7AYGT9G7WDLct7B+BmgZ/4NCAx+oAvu/d0PKv5SToTdBCc5g + Q/XFOqK9CRj38jvc6edgR6WZnj/faiZIOzSArBc= + =d6Gh + -----END PGP MESSAGE----- + fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9 + - created_at: "2022-12-27T22:59:15Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAwMCBBrc/JA6AQ/+PaAdk+yN+rTnyhsI1YNfw3k6D9+1kyLXS9HfyHXVppAA + WqipuAwYO0pKcRaVssARzumSlaAYWjbEt3d/FlaNMXBGyL8wgWQPdmgTRiwplqKS + uxhr2wlGgB+iDsF2kuwoGD4ugpY2HDzWkzbKMx9veIXbvQVTu2wpuhk5osfzLCeV + hHdByh+h8hl8jQ5E99cc5l2B57h/XuupxcQw0cvhBAazr1yIUU9yNNthv3ToCRVt + CiTOREVpx81pZDjuT0eWEtTrnTKmnRc7n8xVBfzAD7H9Y+B6qZYkjyXwzd307UPK + PXuT7/AHz/JaruuoLsOXJqnPwXMu3RusDOcpB619TdbFGfokmz2+Le/itkfCh6aS + RptAK4q2gxK0NsHx0aZPUwiz98FDgWeWXoMnyTQo52ervoz32nFyVpk1LQWl5ewY + 9SV/W+RlAEdcr1/xNdV6xqnJ7YLYnRLj0uAApPMllubdyHX8PbzwUfQgbIBuDFiT + MdL/D5r5AMBtUxsAn93FJgi5AzriYwzGtCDx8LUbD7g3RtWxGfHCiHgX/Pj7QFW9 + wZAMkvg7KzmeDTxTRcgCsIwvAe65TrwbeePkna1RY2ID/8JJL72yfQn9wXRjfTFq + hqj4C9PvGlCDJ0UEEiJp+hkS1DaOgPZtqDozgHvP7cd1C6A//u5ia1ilPLaHK//S + kgEJeUERsYctipOYQQHj/icIgk0Wu8955tn8Ce0PjeaT5OfhHOT0FKXT68LxYWis + 1gNdQnHQC2GaK2wM2YARUmWqZ+qIJ73j53Al8/3cD+e5wxwj59nuMtvbJbRuwSFf + x7qXxvrmcsnO2h7HmZ/4HSpbD5Cvf76QNpalSA+kwIdIRkiT6wuOQ/VGTleVufqO + +djv + =xfeP + -----END PGP MESSAGE----- + fp: 4F9F44A64CC2E438979329E1F122F05437696FCE + - created_at: "2022-12-27T22:59:15Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA9XEenRNYVGHARAAmBW2eDCgIyl4CYtTzxiIqPhmC2EI/t5TScFTtxEQaj4S + b4psHOypZeeZkPYHSGr5685n6fJpzxnu+GGc1lwEdG5HCiOMBCtqTIQzovVfiboO + zkbjQ1M6T9HqXyhPO1XZwLHh/OUm8Uny2WldnDdCStzTZb1i4azWg0UXyoGPLnm/ + fZWBkjDcmLGrjbddc1fWrOkGCfl4iQUQvKdRMWhx2pu2ADDaodiAS3VWD0kgnqKj + k85wRS419RsnNZGtCB0gWshf6FrlTnMPi0fp4ewYzf020yMoH4rNRICpme+tIJej + cFBvzOoFhLBU07CCpoUZlGn+ALZSN+tNr5fyiB7KRQ/KeMvuTWzck7uDYlV1qeE9 + xp1DanE6cUXAvJWr5GLzaxR2m2i8DDQMynEfO0g9mwgQ+jIkk4ke09F6Y5iQsBUz + xfqYvzWNB/7FM1drq+hqe25Fk7gsj0kyZDsRNzImOYZX9CbRd3GQ28LW8i9QToa0 + ELLvvQ/nRDgplkeWifkTDbB63G7to62UiNYGysxcPsAlsqOeGWZ7MP2ev5vjAn2d + mjmCDBhYKFudppYYytXKQ7hCYi3GX/CURZUU7E/qVYFnwxtluZm/9XhKHgahSy3p + ZEvC0NT4VUnqv4zxUrnx7K475MAytgNIXkX3/UTVMMLL/tmo6h7Lff5RS697q6bS + XAGC+7eVNH4C4m44wqjyR2H/+8I799Eobq2Q0iV0hf871ptHDD3YadaoPeAuNKW5 + V0HEw7eTg6oTyuIvWSKdxN6wWOXFArG/4CSilCITtPQAIXi6cx2wFkXyXYy4 + =5IU5 + -----END PGP MESSAGE----- + fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA + - created_at: "2022-12-27T22:59:15Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA/Z87ylQaotQAQf/TnnS0UHk3IzZ8rMHewTSAX6wgU12fyPKHPH6ryPaSkWL + bH62/yrCc1ZpkUnt5OINjZZag9Lw+jwIlDiV1iGCN8GDfFRob4vO8e3Qb8JjUgRw + xQsLzd6EkcAdsSYxG0GWnHTlCu8m09lF0acurMZlhE7qtle9X1ZDOHyBrWqzPcnT + /cyLylzOzDjdcG/r2ZdSMjBsxMC0ZwoBmBhYSfQpmNYHMQQ9FybWO1/RxEcsvi+S + 7rB2HWKZ4kdtmnH5//KZMiQ/8pUknCJx85sAeYqkpNq3IngG9zEfmwoJir25Xm78 + Eh0c5iIn4OXnwSKuWQCupycwOeoOHUJwfM4oVGg3pdJRASeaBzzglSQyqMmDAwBY + QiWgzlU5Qc4UMgVLKDZDGLaG/8ACLQEIUaGxlKoG/WmIs2MryvTRXJYDLDttlnd5 + 0fvLxyBxMgPzIYKIx+EOS4qB + =VPFp + -----END PGP MESSAGE----- + fp: 9EA68B7F21204979645182E4287B083353C3241C + - created_at: "2022-12-27T22:59:15Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA9qJIVK2WMV7AQ//eYQN29btNFphtGMGBQWYGV6TH4LxIoGZ8fF7djV8zfWK + be1LDZcroqu8yooFd5NaJOnZYekAvcz2ISeDfZW2y4rdMKIJyjtk2cGJCtq3q/Ry + Nk826sodBOo3YpgA/CHU+7NnVv3jtnFh9n9W3hGZKtUs3cl6xP74jDBpt6FPW2I9 + CetMvhhIqsfj9L648dd5oW5tPGVxvLFrst1XoNOtxBYadbbwfJqn+PbudeCBj9rl + 9zKEQvoKmz7heGd7z9p0mv8fx5b1DA4Fq/VV1YiAJp3Pm8jdhkdmNoUcH+SRugNw + WknyEgZDkQI0ZFicGCs8u553c0IemAudlIuIzt5a6jtwcvTBj5hQsI+nbBVRPU/b + lkNFCDnr/dSsfn6FW3Fx2PA0FcAfEIQx2dUuPkfi/CcZn2UuKGv6lYQjdaXJ7kVl + nyXje8HRb317ibbhjWY50Fhr69dS02t2HIF04MWLY5pktB0E03sMDHLbZnkWoEnB + ZusMBf2puOaw3KxRdC9QyKwhjFgYnn8Dkh23J34yhGc6rCNQpZ3cD+jrwDcg1WfL + TtnYAwpU4s/RiSL0mD7exfodb9GEtGpaj3EM9RWbSkNdIAoL+0tclnXr9ln9FNOe + A9E48BxDg2GhNElts6Vt0dKBwxYjCquy0WjPWa/sfrOM9z85WanLmgTFC3ybdhrS + UQGxYAA+GuiNUQIxVUuLmlXxYGD77SLouUhTYXnvcL/K0/BPu/YQMWBE2JUJtbgU + tD3EtkQxuaWtJpyjCxPujPyFiizWhtznje83mRwxm5sgqg== + =4SBA + -----END PGP MESSAGE----- + fp: 53B26AEDC08246715E15504B236B6291555E8401 + - created_at: "2022-12-27T22:59:15Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA/YLzOYaRIJJAQ//SBOpDkA6/S/M3WUeo4+aoOqZ2YygN+iv7M4M8KCZZ0Y4 + nk0+HB9hEMf19OkntJ6/lt3+b2xL3XQYU1pJ7q7f62LZ2KENDCNRQmNYYMgP4xYX + 1FJbiVb1TZNxEyqxsiN0Y+pqWFsaXSyfhfcKlLLPbtmmHNuJpWX8dXG85PPhi1Cj + nkiuZD6F/5L39MG00jURqAScLWSU++30Kuh6wIHBK+fPAfAvQmQkJWoaLKWYnDtJ + SlQAHi4O8Inq6wVSOKokTY0DX78q0Be04NQUG8i41f6YNYAIrJxu+t5amRWSBmql + gpkpx4YGHfws+IAKlxpAfZ5nhq8G5vU/VybBQlAFGfY0X3Gzpx6kOb4ngG0orHWN + KZKpMlBEbP6hCrdRzfZ6XGugAV6me0GfrJDbFumn6D/BQ+WdinNR52gyHye96aSv + 22hZmCo3st+Fq30uilBL/3g8kcCAi+bexxDu1zNaKAySg4nVvpZMH76toRyCCw4l + FtjxJt8v3E9LTgntEJbbYUqBse5DxsUksPF4wmfUyoisJrbaJ3q0agRdWQfq+uBE + 7kNvwBgpUfVeoAxXqlm+0LkhKSqBV+If0axDICBkCf6634x5KIfXckBf0K3itMyd + H7QBldJp6w3DYKU7fV62DcYcO6iFqdNOUCdw2oLJXzuOovJNiym/hQPEYwxX5w/S + XAENZqeZryc5HU+XhKxPZ26DTEDNAgvZONxQfJLItx+nj3K/9uEn8zCmUGDIWY2Y + T0jFltGebDnUNYnTj/j+/UwMOsHn1yyfrKlsm78zeLSwfIRNvc+TJ1iQx/f3 + =IcgK + -----END PGP MESSAGE----- + fp: 91EBE87016391323642A6803B966009D57E69CC6 + - created_at: "2022-12-27T22:59:15Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7zUOKwzpAE7AQ//VQR8lp5KcDlTVSPdqsBhb7OlCVA6x9gzpnqI4sYABjYc + OvcQ1WJ3Vj1dCbsWi9Gs60vboCub/H9TCaXYgk3Zgc0vNbISD1SPwy0OTPc/EsCj + BgZ1paZ3iWVFmBGqtwOqAMDivw3N81RfH6Gyj566VIrsjKnAdrOWX6GjVc5WzU/B + jrKDz+eF71/+XrViLc+59xrqgTbjBoKkd+RxpjbvHChvcV2zpwGM19daH5sKKwLU + xEsFz0aqzTM3wXdACUcIGkSCF+PzBLBku3zlObuYCugsyhWxxt4rmKrWXvVQSZVK + Fw5z4IbDx87PF9570eCcwfQ7Nr1lSk0AUosPgot+fLYRmrQg3kQ6PS6fb9zJhiLW + rK+QfDedoP3eeH/H+nKSZnGVy1WURqC56FSgnfplIxHbD27IXe+D+rIGlAus6mxd + 9bn+xKdyv8OUxhUnjx3AuuL1H2weGa7XCSdM7qz9buJHBC5MPDpxF2/yBX6CDGz5 + hwlZbVzZLU/k+BzMZ+xJijlDdJHZyNcHZXB+qPVXsndqFMSrTFq1O1vhyzD5vC+J + I7wH2l8IXeF3LlnsvPJyfxF3PM+vTwBYYvgMFEsDk/1Dp0Qwm/3GXTPMknFYdUMd + XkeLJ61bCgDgEt7VkOg6HaBdcGiiOkyPp8MaSmX472r2cv+o8+yv23z4dKfrodHS + UQH+4S2/851leNG4LgdSUtwxOeuu0leKm81KAY052YWdl/QKZIyVwO/ubbD6oLSp + xR98gOQqtEYdX9e2I1h9TD7HkfA8M36XGnJM6WfMWn5j9A== + =XAdk + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + unencrypted_suffix: _unencrypted + version: 3.7.3