secrets: re-key all secrets for tahoe

author: Franck Cuny <franck@fcuny.net> 2022-04-13 12:17:50 -0700
committer: Franck Cuny <franck@fcuny.net> 2022-04-13 12:17:50 -0700
commit: 91e4f61348d870c61329655aa55adc770caf5f19 (patch)
tree: 962973c57e1f41a97d88bf2ed5f6745456206069 /hosts
parent: grafana: try to configure the domain with acme+dns (diff)
download: world-91e4f61348d870c61329655aa55adc770caf5f19.tar.gz
8 files changed, 27 insertions, 30 deletions
diff --git a/hosts/tahoe/secrets/acme/credentials.age b/hosts/tahoe/secrets/acme/credentials.age
index 5b79f73..1a3f92f 100644
--- a/hosts/tahoe/secrets/acme/credentials.age
+++ b/hosts/tahoe/secrets/acme/credentials.age
Binary files differdiff --git a/hosts/tahoe/secrets/acme/gcp_service_account.json.age b/hosts/tahoe/secrets/acme/gcp_service_account.json.age
index 0f99905..d90b0e5 100644
--- a/hosts/tahoe/secrets/acme/gcp_service_account.json.age
+++ b/hosts/tahoe/secrets/acme/gcp_service_account.json.age
Binary files differdiff --git a/hosts/tahoe/secrets/rclone/config.ini.age b/hosts/tahoe/secrets/rclone/config.ini.age
index a017b29..1c4f7c0 100644
--- a/hosts/tahoe/secrets/rclone/config.ini.age
+++ b/hosts/tahoe/secrets/rclone/config.ini.age
Binary files differdiff --git a/hosts/tahoe/secrets/rclone/gcs_service_account.json.age b/hosts/tahoe/secrets/rclone/gcs_service_account.json.age
index 982dd30..ff5260f 100644
--- a/hosts/tahoe/secrets/rclone/gcs_service_account.json.age
+++ b/hosts/tahoe/secrets/rclone/gcs_service_account.json.age
Binary files differdiff --git a/hosts/tahoe/secrets/restic/repo-systems.age b/hosts/tahoe/secrets/restic/repo-systems.age
index 79363e6..cd39590 100644
--- a/hosts/tahoe/secrets/restic/repo-systems.age
+++ b/hosts/tahoe/secrets/restic/repo-systems.age
@@ -1,12 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 wtownA Rv+TIuyxDf6bsdVH4W1inxwvbTNPAoIfBGDLQvyhaV0
-qZ6JAZq5P0WGdCLJ5scQl+mlOJ3fwkwMtlEEB1wIMlc
--> ssh-ed25519 +LF+iw TqTfv9yx+6yOExJ151o03d0VsWQ8jm5KQW1XmmYoqlY
-AeXv4e1APSIgoPR7Ty0ysrC/fowp7ACA6+nKqsrFFks
--> ssh-ed25519 dtgBNg giDZ+PMXQd98UsIrGM4bqSOBWEK071PuVcd326imbB8
-AplnAox8y+b34fC0vlshoh6KCfhJP9LPGyfF4o2cUCo
--> 6o>-grease )}i\s<hC Qhde N p4=H
-kTdnW/JPzgMexPznHQWhH0hXgwgxCxJCTePD1HYTEeebXic3FL0/CNJ2sjcrl/y+
-5XdlBPc
---- fn55JPZabkZRlf7DsIw7O46mis6C6fIqx5KEpTyXwak
-½ïç‘H7'ß\„®Ì¹ý€Œ”_¨ÆO÷ð˜Ø™˜ÀY©¥[&Ûàš ì•n.LÚT{ö¿"
\ No newline at end of file
+-> ssh-ed25519 dtgBNg I6aC5eB9FuJuQh0qEtjJ6Ho6UrybXBCIqeqErJtsOEc
+uo23S1l1Fb2G+vG7GI7Nc+SPCl3d0Obc3tHPeDESAuw
+-> ssh-ed25519 wtownA NoFRHiQRgQrHmTLJ5wi/rORy4J1Wf4iU6Hr+FlaFfyE
+gZsVc9ptglFYrvE4gRl+L/RpkB9uVDOeAr3z9Dk4J4I
+-> Pz-grease
+iWN7
+--- t14q3Wr5y4TZFZmwGEf6ARvo63x2AEQhU4tnhdRrLa0
+·S+›sHtÇ=@Æ}ÁC“ŸÑ¦¤¼O{©¶ìäéˆ<‰jM=;ù*Üæ+9çtÉÙ±Æ&:4
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 71b2bd1..ce1fd4b 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -1,15 +1,18 @@
 let
   fcuny_aptos =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl";
+  tahoe =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEq1IQRvj2jofCHOO6M28w2SRdgtHU06NJvwAwv/b69F";
+  all = [ fcuny_aptos tahoe ];
 in {
-  "wireguard_privatekey.age".publicKeys = [ fcuny_aptos ];
+  "wireguard_privatekey.age".publicKeys = all;
 
-  "acme/credentials.age".publicKeys = [ fcuny_aptos ];
-  "acme/gcp_service_account.json.age".publicKeys = [ fcuny_aptos ];
+  "acme/credentials.age".publicKeys = all;
+  "acme/gcp_service_account.json.age".publicKeys = all;
 
-  "unifi/unifi-poller.age".publicKeys = [ fcuny_aptos ];
+  "unifi/unifi-poller.age".publicKeys = all;
 
-  "restic/repo-systems.age".publicKeys = [ fcuny_aptos ];
-  "rclone/config.ini.age".publicKeys = [ fcuny_aptos ];
-  "rclone/gcs_service_account.json.age".publicKeys = [ fcuny_aptos ];
+  "restic/repo-systems.age".publicKeys = all;
+  "rclone/config.ini.age".publicKeys = all;
+  "rclone/gcs_service_account.json.age".publicKeys = all;
 }
diff --git a/hosts/tahoe/secrets/unifi/unifi-poller.age b/hosts/tahoe/secrets/unifi/unifi-poller.age
index bd71926..4fb0e7f 100644
--- a/hosts/tahoe/secrets/unifi/unifi-poller.age
+++ b/hosts/tahoe/secrets/unifi/unifi-poller.age
@@ -1,13 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 wtownA 0VcUc7jKvTUSaSN8mj5DavrRh5OOu9tmlESZTZM1vy0
-YLbthCfZpcqKlUj0SKEvaczL1bWepXo6pTpurP4pyRU
--> ssh-ed25519 +LF+iw L+QyJtlQS7KGsWafQRTSfWbX13pb8Vl0skQsX+yVNjo
-7hhNe1E3ctyLCfYjSHH9RuB220x368Ut312Ql+0E8MM
--> ssh-ed25519 dtgBNg h0M/tnUsWja+Y+06eBnKJYcLBX5RSRn19B+idfnTtGs
-To6JQ/h7ag1H+xLkC4/tWnWGf0cjvq6NGBPqNeqExAU
--> #qx-grease ie.h
-gEn12esIeUQ7g/SwgEiw3TH1Mqd3IZ/iyn+OJt16UIIUCi3ox7MgDLyS8ngicmOj
-idBj8DS72toie9iG5rt9IDzV
---- 9jnTt5KR/MIJfT9s6gLP4cgqFZD2W0UQf4FF8HOBPX4
-ìn,ù0c·‚‘C]ç¾KfNYpÀ¨Rùn±uI÷j
-_{/kë™£
\ No newline at end of file
+-> ssh-ed25519 dtgBNg uqkCRrdoOMyrsbpfK8+7LwHZ9HAtZVmPMDHMT24mHXk
+BooBKT31kAEjWOHvx5B4g82R/Wl6f/1kp0BiEn6X6jE
+-> ssh-ed25519 wtownA 7TZMv8CNmwIbYh6tHu5hzI+YmXem+u6Ni4dJ8brAyj4
+CUPF2SgqA/Rz9bnA2w1jvoZpWKTmFrKYACySbzXHrqU
+-> *"=7-grease >"jI\ )%!Hr*2 }Br{nQX
+Zo1RbBeC8QYmLO7rPbQCxe0YUGCYsf5xN4lXpqBNS42ZPg/oeIE1ZvYTU47p5SbE
+CjuxcicfzgPApwp8o9s
+--- M8GY2JUWDT87vxiZ4RrYjJp6yUW6Gz993Ens/65PPQo
+´~sÂmwÞa´i¾!Ñ=ËÏÑIŠy¡å>F}Sób¾*.ç’ê1¼&KcŠ±
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/wireguard_privatekey.age b/hosts/tahoe/secrets/wireguard_privatekey.age
index 4304cfe..edd8bee 100644
--- a/hosts/tahoe/secrets/wireguard_privatekey.age
+++ b/hosts/tahoe/secrets/wireguard_privatekey.age
Binary files differ
author	Franck Cuny <franck@fcuny.net>	2022-04-13 12:17:50 -0700
committer	Franck Cuny <franck@fcuny.net>	2022-04-13 12:17:50 -0700
commit	91e4f61348d870c61329655aa55adc770caf5f19 (patch)
tree	962973c57e1f41a97d88bf2ed5f6745456206069 /hosts
parent	grafana: try to configure the domain with acme+dns (diff)
download	world-91e4f61348d870c61329655aa55adc770caf5f19.tar.gz