From 48c3f9d98eeeedabdf6edbf8355beb433d5b22d3 Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Sat, 16 Nov 2024 21:24:51 +0530 Subject: [PATCH] all: switch to new bifrost --- .sops.yaml | 2 +- hosts/shared/wireguard-peers.nix | 2 +- hosts/wynne/network.nix | 5 -- secrets.yaml | 90 ++++++++++++++++---------------- 4 files changed, 47 insertions(+), 52 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 0faaed1..6cf1474 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -6,7 +6,7 @@ keys: - &host_rico2 age19uy6xerll6st3s3ftfpy7075m9eetm2288l2w07k7ek6z2l3ef6qfw34cf - &host_wynne age1jyaf9rn5d5pqjh60shs2q5hs98fwugak8z6cs6qs7yuc3wntugmsumxmv0 - &host_layne age1k2wpm88wms6hx3ldvu0n2je7pag9fexs9eq0e8hlkfcs2dx9eg9qlkf95d - - &host_bifrost age1jt8uleg4auf0h8ftl4ykq73epvgqml29q8ty0lz6kasta5h6td3shgxvrr + - &host_bifrost age1d2anhmqdewykt3mgz6azsyz0yh7wc9ap6ga46myzwg84c9rpspws9ze3l4 creation_rules: - path_regex: secrets.yaml key_groups: diff --git a/hosts/shared/wireguard-peers.nix b/hosts/shared/wireguard-peers.nix index 2a2d43f..d1a1513 100644 --- a/hosts/shared/wireguard-peers.nix +++ b/hosts/shared/wireguard-peers.nix @@ -4,7 +4,7 @@ let }; in { - bifrost = mkPeer "165.232.180.97:51821" "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4=" [ "10.10.10.1" "10.10.10.2" "10.10.10.3" ]; + bifrost = mkPeer "128.199.30.141:51821" "NNw/iDMCTq8mpHncrecEh4UlvtINX/UUDtCJf2ToFR4=" [ "10.10.10.1" "10.10.10.2" "10.10.10.3" ]; skipper = mkPeer null "ob8Ri5fYBCkksRnpbkq0kBlU0Ll3xjIPpMk8e9TKpl4=" [ "10.10.10.2" ]; kowalski = mkPeer null "ZgtftftDNAnNsOKo34cgaP3lQim2HMmoCXayALIVsFU=" [ "10.10.10.3" ]; rico0 = mkPeer "192.168.1.10:51830" "9mfgKUM6hXllEUunvI8szlni9OFpKSbaLVZRAhAh51Q=" [ "10.10.10.10" ]; diff --git a/hosts/wynne/network.nix b/hosts/wynne/network.nix index 9236b0c..ac5eb71 100644 --- a/hosts/wynne/network.nix +++ b/hosts/wynne/network.nix @@ -9,11 +9,6 @@ in owner = config.users.users.root.name; group = config.users.users.root.group; }; - "wireguard/wynne/psk" = { - mode = "400"; - owner = config.users.users.root.name; - group = config.users.users.root.group; - }; }; systemd = { diff --git a/secrets.yaml b/secrets.yaml index 4174348..88146a8 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -2,8 +2,8 @@ passwd: root: ENC[AES256_GCM,data:sT8S6EgqlUTOj8wx/FWde1ht/LCfhnnJW8aLNR3IawGcjbWh+JCKnlQ/1FpuGuVF7Qm8qScRcl7FPUZPFpBtj9OJ3984S9DtFJachwSNEJ2TRU+9YdYB1WsXx9ZunMQcTLK9MIyWfIVzqw==,iv:1qfkkj3NMvS50Q84BtqYTiNIMVjdxPh1k52MudEK/5A=,tag:HUwaVYDwjKmnHhEIejnfxg==,type:str] adtya: ENC[AES256_GCM,data:xBr14ZVeblPbgO2YT+6DPrENsJElj+UkTJebv3/x0U/u+srx82G2Lloda5zZwVBIEc5f6ZPSS4Oko3dM2PW9KUNO7IjDa+Wsm5MQogSjGT+aNtjlub2PkVts5gp+TtCOd6bUQjnf95VXNQ==,iv:ytKVRBsQWJWwXn6DpCOTDYJOVI3N/KnWtyp/GkSs7UQ=,tag:zbPtMMH6MFE6LpBga5X1GQ==,type:str] wireguard: - biforst: - pk: ENC[AES256_GCM,data:tEdYwVK18IiuctAagNnamqtQqRcUzB5CIvdaH8Of7KGJlmAd9dRZJXcgfw0=,iv:56BpKlIKz8227Fun7lmulnznJJ1CBeX047VBaRkSpWg=,tag:CHoW4IKWTZXy2EEGrsyc0Q==,type:str] + bifrost: + pk: ENC[AES256_GCM,data:X5FbbtekQAns5nWAACBZDvxArxRjulr3gpHOOLMJI/a8G1YHUurJnihc0WY=,iv:y/RH/H7yUClxauIzYjCZoyusu1rn4bar9Rx1mvsfmS0=,tag:e+heeN8D397oSaOyS9uHzA==,type:str] skipper: pk: ENC[AES256_GCM,data:by1Cqt1IYK1+MTGrj8Y6JQcKGuUun3b4XNDi6+eyR2bviRhfEQdxHEEA+ZI=,iv:V8dZy4iWe7t54aDgn22pGYaqf+tN1drt3nFo0ctoUlE=,tag:x4GfT9kY8+fGrM1ELOMbRA==,type:str] rico0: @@ -29,77 +29,77 @@ sops: - recipient: age1w5rvr4nl8xvjjxpct4e2a2eajvm79v4r9nyxrcn40fm8d7h9l9cqkk0jtt enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFZ2NPRVZxUlFZbVArSlNz - aGxBMCszb0JRbWJFNFhkcVJoa00xV3BJQ1JZCmcvZUpRODBkLzVWTDVqUWtCR3V3 - ektBTkprdzFENTIxaEZZQ0RpZGRrUm8KLS0tIFc0aVhuZVh6dW4wbnZ1ajNDazdk - aXRQZUI4RVlEeGdUMXoya2RCRnMxRDQKWxogRGGH5dP8w80xBBchjxs0Hhw0o+BX - uxNQZoSYENIPESR7ydO7642r8xjLdQdfMEjKz/rnooCgB1Zy7X7kGw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMHVtdzBwTFZ1Wk0vZnJ6 + aDVTcTFTaElaWW1BcVlwa0FBUlBtVERjbnhBClJ0c3F1S0NwM2lqSlRyd3JWcnpt + dWlOV3VaWEFiN0I3U0dmcmtCTkdQOTQKLS0tICtoczZvN1NFaDBqTS9vQzNuVk44 + aHlwWlZYSElMeVZCbXdoWkxjMGZ3MFUKYSqnaxaJzeDXsWPmo8hocgIyKvFLR0+O + A1Axsokssk7qkx3k/5sHOl/HGJ9gQ8yamBiuIJxAJPYuhzIO7hMhhg== -----END AGE ENCRYPTED FILE----- - recipient: age1mhks8qmhjrtc2u5ufvp3pv2hn7tkadvmscnp7wd0ywmnse0szctqsnpy0a enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxeDZYeTNtczE4eWVYcTcy - ZDZmeU8xZlppMHlQUlkyb3h2cWRGbXpBeUFNCjUzNGs1endaZ2tzTzE2SE1CYWg2 - aHU0dnlpeU9aRTYyc2hCMU1YYlBFQ1UKLS0tIERsS2VUSVllcVhUNzExOEJqSlF4 - SVNNaHl0ckt4bmtSazloUnREM3VWZ28K2/DfdwYi7iMiNrHn/9FMEJX5aaL/PLoR - GYtO9JpFHFWngDSVsJm013NlsvAtCY1ep382EWK8Z/I+QahkoyBW2w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPYmZCMENwNVFHeFNkUlBs + bG53UmRsMzBvN1cvNE0xNVpHUU94K0thKzJnCjIrN3g5eENXcnNsYUZjUUFxclp2 + VS9zT05HSFBrR3Bmb2lGbmJRemVGQU0KLS0tIFVLSlVsS1lSQVpTcEZNbllDeE9Q + dGN2cUpHWFErb0FNWjlRZGZmaW1QYXcKeAe2bsynzdtlKzXDplmbY1WYSZjIJtQ6 + Vz1iUUFdAol3qs8VbUdrc6vASxZT5MAWGbe+cSl/D3XWizspVyGblw== -----END AGE ENCRYPTED FILE----- - recipient: age106k9u5ns9h7smh3gqc40k9fft5emknvq669qdv8a29ak3ah4j38s5ng2gt enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZOVBSdllDeWlaSWIvbWNq - ZVU3SDAvUlhOK0NXZWpDK1g2YlhBbnJoNEZZCnVMb2lRVjlIZDdQaDZONVRlSUJa - VElXOGl1T1ZseUFBY3ppUUZocGwyR3cKLS0tIG0xZE9BSlcxazRHQXZnNHl2RXRm - bjVsNkk5MGxHVW15RHF0ZGE1czgrQlUK43DGYjIydqND7bSG/9fE8HMm3jzJ7KzI - tS94Djek5QSY2xQxXVdLQ3g9Rnbm7HF8bTjDlOhBM7drryuraLEBlg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGT3VRcUpRWmxSZDYvMnBQ + cCtheTNiempOT0ZOdzZmcE5vcEk2Z0dVMFRzCktmODRFamRGbWgrLzNCTFlRNHdn + cjNuOThPV0xuYUIzbVMyUHhwUitOblEKLS0tIDV6d2lhcHR1UmRrZGYrdGxrREhY + TktweVg3KzlITmJYS1drZG94TDNycVUKliVvdGzIWfQFglMF7OgfvE77PT8cXnWq + +lOBhJZV57EFxNUaQ7B4HEzTSrs7cXxpoTfww4xELgVGsXidRdP9zA== -----END AGE ENCRYPTED FILE----- - recipient: age1829x4l8vdhcn97af0zq898tupll0smrqywxka4pswkt6mtn8qp7qqnnnl4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVW03RVlVUlZYOW5VdWdT - K1NjaWswK0xSUzduUHgra1ZON3dsTVBFSWxjCkt0NnRVVXA3TnYwTlBQNXZTdG1t - YVRQTWcySVRrQitOQjNlc2JBWmNXME0KLS0tIFhUa1IzY0dSSWJRR0FIOGZ5QkQv - dXQzNXkyTlVPdzhGMXdjRS9ENnFHL0EKB4YiqGAcL0VlRRj0TPwfgSKHKTEnGBsO - cbSd3iKO9TDxWQwz46cpY6NmRTORlq4j0kzPAm4k5JLHUVwulgwb0g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTXc5VDJyTVlvYzRpTjFm + M2svWVVmVlE0bkJGS0NtWGpKckoxTnJxWGl3CjZlZXNJSFJtb0ZBY3dobll3UDJG + RERlaTF4RTU3U0oreGgwNVhVMkcreTAKLS0tIGpCN2lLUFozaC9tSWZZK1lhaHBh + aU5Qc3NQcEl4NUJTQVZwTFd0a2pxc3MKmDqrWH8QcJoSmco+Wv6sFvAABxb4BEqV + 0zYwJvu8WJfyZM9fjXwbiSThX3AmheHYmvu8D4N4TDPXh1vPduK9SQ== -----END AGE ENCRYPTED FILE----- - recipient: age19uy6xerll6st3s3ftfpy7075m9eetm2288l2w07k7ek6z2l3ef6qfw34cf enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSU40amdyMzZ6Wm9TUHc2 - VXcwN3Q1azQwaEtxZDZpdW8xemMwcVZJb1E4ClVHRjY1TEFMZXdtWVExYmRVWkJk - NmhHZysyUkI4VnJOZzVSQlRwbXI2QU0KLS0tIFJpbmRFRUM5MzlSNDF2RC9Fd0dY - VlByaWhmemc1WWxCQmkyQUxVOEc1SDAK42kD7infmLQKLjZUcsu6EHAMV5zRzGRb - E6hv2YYUHF7uLgEcPEq4hJZ72kjMyyqyebv0qLQB5VIylifrMJrO2g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTaDdHUmlxT0hBazduNi9Q + ZXlhNkMzcEE3bFFIUXhieVMwRGFRczJOY1VVCnhKV3RDTG9yRjIrNEl4UHpQSDd0 + OFk4NXpuNmVWQjZjZHVINjUxMG1NYzgKLS0tIGt4RGJudENhTE5zMnVlWG9yaHd3 + R1JtRWR2cXh2RjZWeXFOWXI4ZVRJYjQKcxj4IYW0N67chn3nvkVD4fpaPLG4pIsA + NSHHuUJVkyWzagfr7KwlTNy732Pmo+Z0/tsPgU6tujEJ6UZHCV990w== -----END AGE ENCRYPTED FILE----- - recipient: age1jyaf9rn5d5pqjh60shs2q5hs98fwugak8z6cs6qs7yuc3wntugmsumxmv0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQU3ZTOGtIamlOQzNrTDg0 - SHUzR1F6RTBtZU1zNDVFUFFFejBlUFRYUkVJCnkxZWFuVGJCV1Nzb29Sa3lxU2x2 - bm4zSFp3Q0hHUEJUTEpuem9rYmE3YnMKLS0tIHUxSEZQV1B3ek5KYUZjbG03c1Rh - Zm10bjJwWkQwcVVVVjVxWGFRVGwrOFkK/LmuPpecWWHnTa4DXY2UiCUOfsxUG04Z - dKZ9GAyA6QPsBJgrEHxNd/PHmLIEA/Vhw12ZsSKCksaFD2at8q513w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIckk3VVNWcWFtRG1NSHlu + bWR2MTRCM1hBM0ZFNk9UL1h0OWRJQVFlU0RjCmNKcmdIZWhEeVlySkF1dDZUSUpM + bHlVOW1SMUNZcXVJa2QrOFdyc053djgKLS0tIDYxSVI5MGhLQ3N6NSs5empjSFRK + bitpYzl1cUxrb3pSelFDT1h6RDlWL0EKjXmQt08XgxJ6JBjjXmrtEqFqFQH9HG1j + d1uWcoKE1lYJifBtGUL1/U26RelucSYpBf09czN1DcOqGziyhlRg0g== -----END AGE ENCRYPTED FILE----- - recipient: age1k2wpm88wms6hx3ldvu0n2je7pag9fexs9eq0e8hlkfcs2dx9eg9qlkf95d enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaaVpYU3JJQ05iNGdYNHMv - MjFIcEw4bk9UdWVaSnhncUJkYmlaaHlxSnpRClJMemtIcklGUzE0ZzZaVXNiS0dO - SGdxWVpjRzdHSDROcVl2bTNxVzlwTmsKLS0tIFE4cHFpOWpSYlRLYnZjVmlTc1V2 - UVV6WlpRbzk0UjZVL2RMQmNnNnlvZ1UKhrTqF6vq1c2jsrvjtMv+03fwj5MZIVTn - uPY7OHqm0scOxARNIW7nVYeTIxNYFEPvfZiriydrOtXfrVZB4u82IQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGUHgvZHcyVkIxc2NIWCtk + OEZkMFE5VFdKQ0NuSjBzdndsTit4YWpHdzE0Cjl5a09KRDA4aUtXTGpDTkJZRnJn + RXhLSXhoTVFwa2NRU3hUTjdQYW4vN28KLS0tIE5XRSsxN3FqbGZmTkFlY0N5NkdJ + OXJsTUkzeFpCd1NkWkNnaUZRKzFkeVEKhPv18blHw8cJpF63eo1yulMB5QFLRfZB + bsWMe8pVgM/9uuYb8cpDNulYL8caIcbLoAiIg1xMBqlsiSBgIlF7Zw== -----END AGE ENCRYPTED FILE----- - - recipient: age1jt8uleg4auf0h8ftl4ykq73epvgqml29q8ty0lz6kasta5h6td3shgxvrr + - recipient: age1d2anhmqdewykt3mgz6azsyz0yh7wc9ap6ga46myzwg84c9rpspws9ze3l4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4ajFvYVJxejJkcTM0Rm5n - a0tOWFE4Q1R6ZS9qZE1BTVZybnRSTS94Y0NFCjJIUjRwODMvcmFKN3VvYUNVOFB3 - V1lJZW56STFra0JsRXF0RVM3eWtLaTQKLS0tIC95SmtrRTFRbW0raCtZWTN4RkFJ - UXJhWFFnQnFvOEF0M0JFb3E4UVB4UU0KSUq4d8eudY03p/fd8S8f1wk0OU4BlNYB - tldkOx2DhSvcVr/FcIJIR2PFbU8o50kYj9R0HR2sHJ5C5fJ0cDXY4A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUT3NKclcwaERiM3gzV2o1 + SGw5MVY0SjhNZ1Yyc0dFbm9DMFdseGU0UUVFCkVXd1IvU3ZPWm5pVnFOb21kbWVr + emFFVGg0MXFienlHd3ZmY2p2Yyt2SjQKLS0tIFpZWGNINnFRdUJZQW9YeGxrUnN4 + WUc1Tm4wMkxUM2xybjFKK2VqWU9GSFEKVhMLzPF5CT/W0PC5jsNzpIE8wtRrUdfH + QHKId9QbaEaz8c85iXppJwONJJ2eTWUElj4ZVLUacgiqyS+rBiyuFw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-16T13:28:44Z" - mac: ENC[AES256_GCM,data:HSpdXpDRlP7IamrmvQInn1coo+T59r5AowbH9uEr6cntWhOVjI6xJb91dd647uhnl9RQ4KN6QjNiBU3u4/9ie/hHAOzuX4vzYHjaWV0iO1pAHVOkT5jmker767je7rKVOu9BdtDgckGWQfC599bEL2PzS5megjo5Jbg/trZXHx0=,iv:EmnH2nwuBHdrtoJXSvOUdob0YKzl88jyJbXN+qFX0zQ=,tag:kUicG4NTK8DiY7OUvOgv3w==,type:str] + lastmodified: "2024-11-16T14:09:27Z" + mac: ENC[AES256_GCM,data:jadem1cX0PbeWeCUxZy8svPB0PbthNfKKomvsEILTbl99rlsQJmeiFtA5eaewu4qjC+UUfJrrLrArJDCDweYrCGMyCnfwh5+xN+q5SF4dCoWon1DeE4G+OZ3R6Kv4XPfdg7l/mDblndIp7WbhlsCEoZM4Sl2e7VheXfnFtacpK4=,iv:v/vEBnnLirIItGiUqAHs5CYzMduw7u3TK5UpiaNCjmE=,tag:t5fKPnJYg9Zm0uAOsi9N/g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1