secrets: added syncthing key and certs

2024-11-22 03:33:55 -05:00 · 2024-06-09 19:25:55 -04:00 · 2024-06-09 19:25:55 -04:00 · d0c2409ac1
parent 233e9ba5b0
commit d0c2409ac1
15 changed files with 97 additions and 0 deletions
--- a/hosts/fallarbor/default.nix
+++ b/hosts/fallarbor/default.nix
@ -25,8 +25,17 @@

  networking.hostName = "fallarbor"; # Define your hostname.

+  age.secrets = {
+    syncthingCert.file = ../../secrets/hosts + "/${config.networking.hostName}/syncthing/cert.age";
+    syncthingKey.file = ../../secrets/hosts + "/${config.networking.hostName}/syncthing/key.age";
+  };
+
  services = {
    fwupd.enable = true;
+    syncthing = {
+      cert = config.age.secrets.syncthingCert.path;
+      key = config.age.secrets.syncthingKey.path;
+    };
  };

  alyraffauf = {
--- a/hosts/lavaridge/default.nix
+++ b/hosts/lavaridge/default.nix
@ -25,8 +25,17 @@

  networking.hostName = "lavaridge"; # Define your hostname.

+  age.secrets = {
+    syncthingCert.file = ../../secrets/hosts + "/${config.networking.hostName}/syncthing/cert.age";
+    syncthingKey.file = ../../secrets/hosts + "/${config.networking.hostName}/syncthing/key.age";
+  };
+
  services = {
    fwupd.enable = true;
+    syncthing = {
+      cert = config.age.secrets.syncthingCert.path;
+      key = config.age.secrets.syncthingKey.path;
+    };
  };

  alyraffauf = {
--- a/hosts/mauville/default.nix
+++ b/hosts/mauville/default.nix
@ -25,6 +25,16 @@ in {

  networking.hostName = hostName; # Define your hostname.

+  age.secrets = {
+    syncthingCert.file = ../../secrets/hosts + "/${config.networking.hostName}/syncthing/cert.age";
+    syncthingKey.file = ../../secrets/hosts + "/${config.networking.hostName}/syncthing/key.age";
+  };
+
+  services.syncthing = {
+    cert = config.age.secrets.syncthingCert.path;
+    key = config.age.secrets.syncthingKey.path;
+  };
+
  alyraffauf = {
    apps = {
      nicotine-plus.enable = true;
--- a/hosts/petalburg/default.nix
+++ b/hosts/petalburg/default.nix
@ -25,6 +25,16 @@

  networking.hostName = "petalburg"; # Define your hostname.

+  age.secrets = {
+    syncthingCert.file = ../../secrets/hosts + "/${config.networking.hostName}/syncthing/cert.age";
+    syncthingKey.file = ../../secrets/hosts + "/${config.networking.hostName}/syncthing/key.age";
+  };
+
+  services.syncthing = {
+    cert = config.age.secrets.syncthingCert.path;
+    key = config.age.secrets.syncthingKey.path;
+  };
+
  alyraffauf = {
    system = {
      plymouth.enable = true;
--- a/secrets/hosts/fallarbor/syncthing/cert.age
+++ b/secrets/hosts/fallarbor/syncthing/cert.age
--- a/secrets/hosts/fallarbor/syncthing/key.age
+++ b/secrets/hosts/fallarbor/syncthing/key.age
@ -0,0 +1,23 @@
+age-encryption.org/v1
+-> ssh-ed25519 c7E/gQ ++8AjXZiIIGiUo3TFYrqL8RiSkCPF96//teEM84omn4
+M3UagDv8Jbzk/LcO6sMPZ3CbretJH4wd5FiUnJv/1NM
+-> ssh-ed25519 d4UErQ fW76KhMamJtDe0Nq4B6WL21eQqXaN7XHVpuog4qFsDI
+tJqOwgEmqMPrvyH6HZiMkDlql5V+ZzxgvxS6v+UVGGE
+-> ssh-ed25519 1mX44w X36PTBvd1bVRrdNResAIYSYKfcE3dIhFystP70DF6D0
+oiHoZMcynbkDVkXvEHGrvVIiQQRhXC2QP6o1GBF5Pw4
+-> ssh-ed25519 nrny8w aZlui8I0dwdKs7THXo8OnhugUZ01rakFLsgpqTewZxA
+T4e8ZEgBrwOyXXtE7pdyN/iT2Z4yqVAfQuO13K0mlm0
+-> ssh-ed25519 W5caqg L8L3k4ztt3gH6uITQjz1iiHOgj2C+HQc5CsTg4eC4i8
+GtCwFtMsPT3ATHzhJmptEIraq/7+OOLSGiQ12vnTyWk
+-> ssh-ed25519 xIeYNQ KGEftyrahw5t1sivLb1iTIFNUWfR0GntCyr58908KSc
+s7Yg4rPCHu2BGzTvWFX31wh7mDpaCKmj2ds7lZWx884
+-> ssh-ed25519 GrlIbA Cy53lNMapjnenklZqKafkn2gfKhDlWYl+MVX/bAtMmg
+rIjGSCzoCKU4tCerC3TXj8L7rhknqhEp7oWT4TyTXrE
+-> ssh-ed25519 g+apXg QX4OHTDhjdP7Z2caOQq9t3jZeliUFdjAQRJs7BElEnI
+mMxCxwGbx1E09RbDvAxaAxdCPf16st7qqPF0JMJF8M4
+-> ssh-ed25519 osHDzw IKMSHzvHgsvZ5nowqti3uLrDiDWLEGEfLploPbNcUVk
+LzCEn0NED9g7taGoVCT/ViiOLho548FC07eaqOsiges
+-> ssh-ed25519 s3sc2Q X24GfGbe+7cXvBLx348Lxe2aTRJvtu/3x3UVeSKwABU
+SKRH5S+l8haiXHDV5x023StxueWEu04j4WudQHmgvGo
+--- CDDsK6rXzWkDpIIn8wQ/C7qdCq1Z8jezMXx9NeGrQDY
+@_	*‡`úVfÙ¥»<îÚð\PŸ|"‰©‚Ùä$g§D…E8¿an34¬ÒN”%BrŒVÉD–¼}Œ·!Ýþ»HÞ&[ê‘¾û[¸óÇ w3Ë¶_ …WaâÎëB¬ª;iJqÌ¸ -þ™Êòœ]Ñ ?Óª¥A]Ùv¬	Åˆ)ªpƒô4&2uÝ8*´2R´ÞC?Ë|ÞÑl|aÔú<C394>Î£Ê¢W|~¯º¼e-*Ì¡Ê;VÒÐk;e$o[ANôý~dlcª¸<C2AA>¥“Òzÿ<7A>˜Ô[ª,Cê¿ Š-¢±TÐ¨—f<E28094>_ÌÃŸ_ª4ŠOB–ºiçfl¹Î|ØN†ºá%Wy/³Ñ™+Â\W‘Ç‰@K¥Y>ý<>u6€£ÏþØæ²öcÑ²Ý0_“m¹]»a
--- a/secrets/hosts/lavaridge/syncthing/cert.age
+++ b/secrets/hosts/lavaridge/syncthing/cert.age
--- a/secrets/hosts/lavaridge/syncthing/key.age
+++ b/secrets/hosts/lavaridge/syncthing/key.age
--- a/secrets/hosts/mauville/syncthing/cert.age
+++ b/secrets/hosts/mauville/syncthing/cert.age
--- a/secrets/hosts/mauville/syncthing/key.age
+++ b/secrets/hosts/mauville/syncthing/key.age
--- a/secrets/hosts/petalburg/syncthing/cert.age
+++ b/secrets/hosts/petalburg/syncthing/cert.age
--- a/secrets/hosts/petalburg/syncthing/key.age
+++ b/secrets/hosts/petalburg/syncthing/key.age
@ -0,0 +1,26 @@
+age-encryption.org/v1
+-> ssh-ed25519 c7E/gQ +Pq8MtD8bJgttPmcembKUZnjgiB7I7V73ZBlXoO2klw
+uiEu12D+oEgij+PJKBylAeQofWNIPW2EvQ8FsNZKdj8
+-> ssh-ed25519 d4UErQ Ks0YlzBYirRp9Cmr8GfKY5RIjSQ379Yxst4ft7AgUT4
+WXqiZ+Ltz8oTayOwL1BD6Y4p4XFz+ohK0OSe6TDEWbk
+-> ssh-ed25519 1mX44w KapaksEmtLRCRoR9Bppx5+HChhpkIIpAvqvlldP85FQ
+P3weMwfL+vA0Zd1G5f1WvCNzj47AgAKcEQqQCVBpG1Y
+-> ssh-ed25519 nrny8w gjIoqILh5HZ+/teBexkNnNmWBrevf+7nZxZGw++rASc
+0CBotGme8t0aYIob7p2hQFLLTZ+kGZDNg/yfsYBnR9w
+-> ssh-ed25519 W5caqg gakyqUNzrvEXup0oKbk0s8Ys3Y57PKtc7cc+pPgDClU
+tA3T1VNY5t1i2nHAcf3LR6ssu23IEhOD2ihBPtO85B8
+-> ssh-ed25519 xIeYNQ 2Gr3vqkkgX/sFjyFIvEB2mnZeVGia1gPVWcZJcWucHc
+o/Zfz4FZxJfUdkKyJwur9dM2DvhIxO/rpB7J0H7PZyQ
+-> ssh-ed25519 GrlIbA 4mj/zNhSi3qzIOuNt+rH599f5Vn7Wq3yCTI0wKSyYVQ
+RZRwxzgBKuEORn7qNx/qKiYOpRDAPIGy7wJllHeOYIc
+-> ssh-ed25519 g+apXg rCw5RCFEwxvYeTEF4iZw2fIN2F18ROOnBtUQvM3XfgA
+r1hv8/E4aR5uTFWMA0iw1aZH84lSF8y0VJJmFdWOT+s
+-> ssh-ed25519 osHDzw Hvktgyla+u32Lm40ebpFovckTq2wDMVUZIfOkYg8L34
+9r0n0hEMd6jpyfgI1+Q786PB/pB0QiGKyBp+IQlTzrQ
+-> ssh-ed25519 s3sc2Q rgoXVTJDcRxekB+jfOhL4Qn64g55rgPpMwWhGlFb0AA
+5U+Jf3DAWCPaVwxuXIufAzNMSvqfgdauwQseMqdghTY
+--- B5WpheUYBu1Y9WcucM7b8Sx52o+jE7qFIqHChSa/3DY
+³úÀæyg°Ú:or°´¹¸˜(;`$z‹5æº¸Ì^ArTz˜~6A“žÕ™5ë .êhÛê*ôqr¡·BþšÀ¯«|Þ«d6Ê¦ Tu–
+ƒ7b«>Ÿ§hY
+
+Õ^Tfÿ*]àbZƒü°	”ý…Ðˆò	×<6-a<>;*—¦OèÉš–*x×GÌèø¾‘cAžm, _X^Ëº(V'i£`çHúÓÚÕGýØRàZY<>Ð¾:pjd|æ+ec4†ˆÆÓ@«Ia‰HsqPêÞˆË¬$Ou¨^Èè&"yçk ÌÃl‰PŸä*åABh+‘ð.'i,›~ù<b-–Õ†s	²ÚR¼c_d^¨Š4C\…‚bŸÐ8¯Îqò¢ö|p<>Ž¬âëV!}^¥»cqŠO¦‘¿Zmµ Üq¹WþBš¼?a
--- a/secrets/hosts/rustboro/syncthing/cert.age
+++ b/secrets/hosts/rustboro/syncthing/cert.age
--- a/secrets/hosts/rustboro/syncthing/key.age
+++ b/secrets/hosts/rustboro/syncthing/key.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -15,6 +15,16 @@ let
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMs1oChR4z/gzFkuKddB+1XrwfG2znlWbdnP+hNAdNdN root@rustboro"
  ];
 in {
+  "hosts/fallarbor/syncthing/cert.age".publicKeys = users ++ systems;
+  "hosts/fallarbor/syncthing/key.age".publicKeys = users ++ systems;
+  "hosts/lavaridge/syncthing/cert.age".publicKeys = users ++ systems;
+  "hosts/lavaridge/syncthing/key.age".publicKeys = users ++ systems;
+  "hosts/mauville/syncthing/cert.age".publicKeys = users ++ systems;
+  "hosts/mauville/syncthing/key.age".publicKeys = users ++ systems;
+  "hosts/petalburg/syncthing/cert.age".publicKeys = users ++ systems;
+  "hosts/petalburg/syncthing/key.age".publicKeys = users ++ systems;
+  "hosts/rustboro/syncthing/cert.age".publicKeys = users ++ systems;
+  "hosts/rustboro/syncthing/key.age".publicKeys = users ++ systems;
  "spotify/clientId.age".publicKeys = users ++ systems;
  "spotify/clientSecret.age".publicKeys = users ++ systems;
  "tailscale/authKeyFile.age".publicKeys = users ++ systems;