From 94436da437a9b8a46ddca5cf897ca9740b4402c4 Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Tue, 16 Jul 2024 22:29:44 +0530 Subject: [PATCH] all: update CA --- hosts/layne/security.nix | 1 + hosts/rico0/security.nix | 1 + hosts/rico1/security.nix | 1 + hosts/rico2/security.nix | 1 + hosts/shared/certs/default.nix | 3 ++ hosts/shared/certs/labs.adtya.xyz.rootCA.pem | 33 ++++++++++++++++++++ hosts/shared/certs/local.adtya.xyz.CA.pem | 24 -------------- hosts/skipper/security.nix | 2 +- hosts/wynne/security.nix | 1 + 9 files changed, 42 insertions(+), 25 deletions(-) create mode 100644 hosts/shared/certs/default.nix create mode 100644 hosts/shared/certs/labs.adtya.xyz.rootCA.pem delete mode 100644 hosts/shared/certs/local.adtya.xyz.CA.pem diff --git a/hosts/layne/security.nix b/hosts/layne/security.nix index 4fb9f7d..dde1c2c 100644 --- a/hosts/layne/security.nix +++ b/hosts/layne/security.nix @@ -1,4 +1,5 @@ _: { + imports = [ ../shared/certs ]; security = { sudo = { wheelNeedsPassword = false; diff --git a/hosts/rico0/security.nix b/hosts/rico0/security.nix index 4fb9f7d..dde1c2c 100644 --- a/hosts/rico0/security.nix +++ b/hosts/rico0/security.nix @@ -1,4 +1,5 @@ _: { + imports = [ ../shared/certs ]; security = { sudo = { wheelNeedsPassword = false; diff --git a/hosts/rico1/security.nix b/hosts/rico1/security.nix index 4fb9f7d..dde1c2c 100644 --- a/hosts/rico1/security.nix +++ b/hosts/rico1/security.nix @@ -1,4 +1,5 @@ _: { + imports = [ ../shared/certs ]; security = { sudo = { wheelNeedsPassword = false; diff --git a/hosts/rico2/security.nix b/hosts/rico2/security.nix index 4fb9f7d..dde1c2c 100644 --- a/hosts/rico2/security.nix +++ b/hosts/rico2/security.nix @@ -1,4 +1,5 @@ _: { + imports = [ ../shared/certs ]; security = { sudo = { wheelNeedsPassword = false; diff --git a/hosts/shared/certs/default.nix b/hosts/shared/certs/default.nix new file mode 100644 index 0000000..7e4be00 --- /dev/null +++ b/hosts/shared/certs/default.nix @@ -0,0 +1,3 @@ +_: { + security.pki.certificateFiles = [ ./labs.adtya.xyz.rootCA.pem ]; +} diff --git a/hosts/shared/certs/labs.adtya.xyz.rootCA.pem b/hosts/shared/certs/labs.adtya.xyz.rootCA.pem new file mode 100644 index 0000000..c64be62 --- /dev/null +++ b/hosts/shared/certs/labs.adtya.xyz.rootCA.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFnzCCA4egAwIBAgIUQ0Gn1kz+ilGQC10QVXBFAuMu7MswDQYJKoZIhvcNAQEL +BQAwXzELMAkGA1UEBhMCSU4xFzAVBgNVBAoMDkFEVFlBLlhZWiBMYWJzMRcwFQYD +VQQDDA5sYWJzLmFkdHlhLnh5ejEeMBwGCSqGSIb3DQEJARYPYWRtaW5AYWR0eWEu +eHl6MB4XDTI0MDcxNjE2NTQ1NloXDTI1MDcxNjE2NTQ1NlowXzELMAkGA1UEBhMC +SU4xFzAVBgNVBAoMDkFEVFlBLlhZWiBMYWJzMRcwFQYDVQQDDA5sYWJzLmFkdHlh +Lnh5ejEeMBwGCSqGSIb3DQEJARYPYWRtaW5AYWR0eWEueHl6MIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEApYEpiJTx9UY0xJuktxZtswi731XTKwLKL4n7 +9qitYCZVE0DFkhj19dophOAfrl+ISbANVC2XFQlxMFERCe3r6C8+sOHc8HUu3Bjf +89WYilf2AF30GlgkdEjNzPqHSjhWKqbPoXnLQqGbyl+AKVuy87eLT4YKWrz9mqV9 +vwhHAJ2X1VNpGCXuPWKjbMiply+08a+S5SGkINSLdLhMi2FxN9xodvJZwn45CqP7 +2WnjCFmCRJaDtvwdl1xqGjhcw4KiJfNYWGv6t7LbR1keJBlmBqs6yw+v82TzawYJ +P08mROF52h8Lz5hClvwUa/wjHJ3EQlJNKFZ+2U9aGw1cJtTwwL2PeEwumctmg59V +as5MT1wKt0+CwK1/+MtbHnjfc8EFEBmnwb2V82AMfSXQjhORVSS15ozhhjB0QbCJ +VOVKQctsoZxVov3xrpXmbesdDTohgr4/r0bCBXgnRJHrv21Nh1Uf58p2ZRs67rep +JTM1JdDzGIA8c3CO4c5W7fcpG3d6HaPHsWcoyP8Yb64aYAMYXKuufcfoWD4JsBFb +a82K5EJdGBUOyxk2HlZcqvW9RA1uH7ineWMo53EBr66ECZ6rw8uoWgOyzyBJpZPJ +AtH9t4nCEVPKpxofP1IkPo9BUi4mltxGUHd/l9ZYifFSJv+dxa+BgBMieSSN1I5D +/m5qwa8CAwEAAaNTMFEwHQYDVR0OBBYEFN3a/BeFBNGMdDPewT+57LhLlvvzMB8G +A1UdIwQYMBaAFN3a/BeFBNGMdDPewT+57LhLlvvzMA8GA1UdEwEB/wQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggIBAA0azmyRPr11wIFE6XzDL5VaMtkaOLRFGQx4OU0u +FJ4h3wP8ix25XMXDUPMv5BSR/fpc35GSmeKssBt31UswGMY6O5HIkzHMjTYVMylH +PTtTw8aJOLGAsF36n5zBMncYlVvxnEiZiCMimESk/rBMWobRz5xw/NT/32vuMzXC +wpYUC0/kXu9xCegInxjMmxg+LzOT8pMK7huD/kELXDgbKH/tpa4CfIZfe3xzn8gn +w+IKrpwq4PilxTqwFm/MQU2krg5VvpRZtzQmJkHqEIMeo8WhzVqVTjQlFfRZt0uN +NPv5g/BRU9aytbvI5/tg69proyzuAPNg7BO49ML3HamjJ2cl8YMVN3Ut9OQk0Kfs +oU5Eoa8KjksyQBIb06WYSLkQes01K7RpoJdcWUtSFRKi54dtyd4EEOp0gKMn0NxV +6edajGGL9TTYHd+/N1XhIhzjY1TeEfysvDip9HTfibH5oKk9jtdYpYn47Z9znj+b +oHoQTc7aoEvbXalqZgv4Ysj/go71+AG5eGMrS4xh9FC6ays84KECzkFrxu23dXJG +smYVSshNpdp2pGnnH8iOEVrpLnpnBF9odhnkkcYeMMI45zKVvQvgHbeV7iBWEnFH +JGWdJGyqwCpLUFmemKwsrvZP48/NPO/CwguEUc72REpUjqIWZIXsy4aYaxxsFPMt +BtqG +-----END CERTIFICATE----- diff --git a/hosts/shared/certs/local.adtya.xyz.CA.pem b/hosts/shared/certs/local.adtya.xyz.CA.pem deleted file mode 100644 index 2416c7b..0000000 --- a/hosts/shared/certs/local.adtya.xyz.CA.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID9zCCAt+gAwIBAgIUKehz8dBJL1Bw1zBPWQlPVonGHmIwDQYJKoZIhvcNAQEL -BQAwgYoxCzAJBgNVBAYTAklOMRAwDgYDVQQIDAdOb3doZXJlMRIwEAYDVQQHDAlN -aWRkbGUgb2YxGzAZBgNVBAoMEiBBRFRZQS5YWVogSG9tZWxhYjEYMBYGA1UEAwwP -bG9jYWwuYWR0eWEueHl6MR4wHAYJKoZIhvcNAQkBFg9hZG1pbkBhZHR5YS54eXow -HhcNMjQwNzA2MTY0NzIzWhcNMjkwNzA1MTY0NzIzWjCBijELMAkGA1UEBhMCSU4x -EDAOBgNVBAgMB05vd2hlcmUxEjAQBgNVBAcMCU1pZGRsZSBvZjEbMBkGA1UECgwS -IEFEVFlBLlhZWiBIb21lbGFiMRgwFgYDVQQDDA9sb2NhbC5hZHR5YS54eXoxHjAc -BgkqhkiG9w0BCQEWD2FkbWluQGFkdHlhLnh5ejCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBANLgKvPvfCTe4uRvMGKfrg+RzPpkgvyM/1HY47QMRZjNw7DL -dh8xtE6Boms4/oRFglFvlo3zOCbpCrvWK8HBzt+jqmpuP+4lpjgo8hHP+0ALwtUv -jTW9yorg7CHjloiehgY0HFzs6ZMmqB4DVuZv5jIifLQx9i6S+bTqxfp4n5GqNlZe -gfKph0/M2kK0fXMcdS/o4hmRxk4Nh3gg2AJxhdHfVdUVp1gBBW3K5GIYZcS5+LbH -YB61i7+Zk2ytPHxhgBR3jASVy4ecCVgvAG4ab30bVq0f+N/7jeN5OBKiHZ+8lo09 -tW7TT8Maw1YTgDpVvlxGTQd6soq1uO2dzce6vakCAwEAAaNTMFEwHQYDVR0OBBYE -FPN92mUdRebQsb8/iPLYlGCasX0wMB8GA1UdIwQYMBaAFPN92mUdRebQsb8/iPLY -lGCasX0wMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAB9vKYGg -YIwny0DhBkEnnGgxAe+uvK/ozS5hBBYQ1utLVeFLQ/jqZ0GtqPup762j+4ME9beh -IcwhuxQXG2GxBdjzgW8McuEEYR+uCphuKKvjq/VPmHcIqPske5LYtv3uk1t6/oOq -4jYyZqbY64i7yBAw8AFKUF/JQjxHuuXS4osKMHCWCoTKerWHZtOTVjH9o62wNwky -IytV5Mg6xGhdJKur2HmcojIsx1UyRqZJcKkJtayof89ZkoEz8rcbSyJQCWDVuFUn -MdXfjsO/yWxc3iFQEKTJtY5bMo+SOh18UDvwAgj9p9qsMOsfjQm82JKF8/FVvqV6 -7HZvbtj1pFwntI8= ------END CERTIFICATE----- diff --git a/hosts/skipper/security.nix b/hosts/skipper/security.nix index b9f974b..c0072a6 100644 --- a/hosts/skipper/security.nix +++ b/hosts/skipper/security.nix @@ -1,4 +1,5 @@ { pkgs, ... }: { + imports = [ ../shared/certs ]; security = { pam = { services = { @@ -14,7 +15,6 @@ }; }; }; - pki.certificateFiles = [ ../shared/certs/local.adtya.xyz.CA.pem ]; polkit.enable = true; rtkit.enable = true; sudo = { diff --git a/hosts/wynne/security.nix b/hosts/wynne/security.nix index 4fb9f7d..dde1c2c 100644 --- a/hosts/wynne/security.nix +++ b/hosts/wynne/security.nix @@ -1,4 +1,5 @@ _: { + imports = [ ../shared/certs ]; security = { sudo = { wheelNeedsPassword = false;