motiejus/config
1
Fork 0
Code Packages Releases Activity

rotate borg creds

Browse Source
This commit is contained in:
Motiejus Jakštys
2025-11-25 01:13:16 +02:00
parent db712c7bd3
commit 14de625776
7 changed files with 37 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/fra1-c/configuration.nix
View File

@@ -13,7 +13,7 @@ in
age.secrets = { age.secrets = {
motiejus-server-passwd-hash.file = ../../secrets/motiejus_server_passwd_hash.age; motiejus-server-passwd-hash.file = ../../secrets/motiejus_server_passwd_hash.age;
root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age; root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age;
borgbackup-password.file = ../../secrets/fwminex/borgbackup-password.age; borgbackup-password.file = ../../secrets/${config.networking.hostName}/borgbackup-password.age;
sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age; sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
ssh8022-server = { ssh8022-server = {
file = ../../secrets/ssh8022.age; file = ../../secrets/ssh8022.age;

2
hosts/fwminex/configuration.nix
View File

@@ -19,7 +19,7 @@ in
motiejus-server-passwd-hash.file = ../../secrets/motiejus_server_passwd_hash.age; motiejus-server-passwd-hash.file = ../../secrets/motiejus_server_passwd_hash.age;
root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age; root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age;
sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age; sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
borgbackup-password.file = ../../secrets/fwminex/borgbackup-password.age; borgbackup-password.file = ../../secrets/${config.networking.hostName}/borgbackup-password.age;
letsencrypt-account-key.file = ../../secrets/letsencrypt/account.key.age; letsencrypt-account-key.file = ../../secrets/letsencrypt/account.key.age;
vaultwarden-secrets-env.file = ../../secrets/vaultwarden/secrets.env.age; vaultwarden-secrets-env.file = ../../secrets/vaultwarden/secrets.env.age;
synapse-jakstys-signing-key.file = ../../secrets/synapse/jakstys_lt_signing_key.age; synapse-jakstys-signing-key.file = ../../secrets/synapse/jakstys_lt_signing_key.age;

2
hosts/vno3-nk/configuration.nix
View File

@@ -18,7 +18,7 @@ in
motiejus-server-passwd-hash.file = ../../secrets/motiejus_server_passwd_hash.age; motiejus-server-passwd-hash.file = ../../secrets/motiejus_server_passwd_hash.age;
root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age; root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age;
sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age; sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
borgbackup-password.file = ../../secrets/fwminex/borgbackup-password.age; borgbackup-password.file = ../../secrets/${config.networking.hostName}/borgbackup-password.age;
timelapse.file = ../../secrets/timelapse.age; timelapse.file = ../../secrets/timelapse.age;
syncthing-key.file = ../../secrets/vno3-nk/syncthing/key.pem.age; syncthing-key.file = ../../secrets/vno3-nk/syncthing/key.pem.age;
syncthing-cert.file = ../../secrets/vno3-nk/syncthing/cert.pem.age; syncthing-cert.file = ../../secrets/vno3-nk/syncthing/cert.pem.age;

11
secrets.nix
View File

@@ -46,6 +46,7 @@ in
// mk ([ vno3-nk ] ++ motiejus) [ // mk ([ vno3-nk ] ++ motiejus) [
"secrets/vno3-nk/syncthing/key.pem.age" "secrets/vno3-nk/syncthing/key.pem.age"
"secrets/vno3-nk/syncthing/cert.pem.age" "secrets/vno3-nk/syncthing/cert.pem.age"
"secrets/vno3-nk/borgbackup-password.age"
] ]
// mk ([ sqq1-desk2 ] ++ motiejus) [ // mk ([ sqq1-desk2 ] ++ motiejus) [
"secrets/sqq1-desk2/syncthing/key.pem.age" "secrets/sqq1-desk2/syncthing/key.pem.age"
@@ -54,6 +55,10 @@ in
// mk ([ vno1-gdrx ] ++ motiejus) [ // mk ([ vno1-gdrx ] ++ motiejus) [
"secrets/vno1-gdrx/syncthing/key.pem.age" "secrets/vno1-gdrx/syncthing/key.pem.age"
"secrets/vno1-gdrx/syncthing/cert.pem.age" "secrets/vno1-gdrx/syncthing/cert.pem.age"
"secrets/vno3-nk/borgbackup-password.age"
"secrets/fwminex/borgbackup-password.age"
"secrets/fra1-c/borgbackup-password.age"
] ]
// //
mk mk
@@ -94,16 +99,14 @@ in
"secrets/fwminex/syncthing/key.pem.age" "secrets/fwminex/syncthing/key.pem.age"
"secrets/fwminex/syncthing/cert.pem.age" "secrets/fwminex/syncthing/cert.pem.age"
"secrets/fwminex/up.jakstys.lt.env.age" "secrets/fwminex/up.jakstys.lt.env.age"
"secrets/fwminex/borgbackup-password.age"
] ]
// mk ( // mk (
[ [
fwminex
vno1-gdrx
vno3-nk
fra1-c fra1-c
] ]
++ motiejus ++ motiejus
) [ "secrets/fwminex/borgbackup-password.age" ] ) [ "secrets/fra1-c/borgbackup-password.age" ]
// mk (systems ++ motiejus) [ // mk (systems ++ motiejus) [
"secrets/motiejus_passwd_hash.age" "secrets/motiejus_passwd_hash.age"
"secrets/root_passwd_hash.age" "secrets/root_passwd_hash.age"

14
secrets/fra1-c/borgbackup-password.age Normal file
View File

@@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 dJyjXQ whSar7Kg61SNSRRXbmMjjz1Vqj9jOB+0vjoRtZt76x4
p0ijsfSueuEF3mh60z0im2jfTgL8KNE/vSVFOfMVLuQ
-> X25519 Q8EOYJ5/7QNQ5FKp0ylbCpDsGShjyZKlj3x/aL4can0
ySZ6JoH1rL8Gvr7fsJoQzhIy5MaGF9hb1KHmKLF2zuw
-> X25519 2yogae6JOMnxImfXR4Dk/vz+sf2NkuzFuS3d4Op7w14
3xz0BSLGAbbpxplb0vGxU15ykLPCagU+s/SIk5BoPJs
-> piv-p256 +y2G/w A3wZv7w/ZRMhSVMmaTtY4zGGHANw2qShcyqp1WRTPaWB
e2OIEwdnZgjrFlG4ysfb9EktkBL6IFJUd7Fg5nQt5jo
-> piv-p256 jNqd3A AuEcw++WwlnLh3hZCVQpIe6ipLb1KFOYqVIvT1dOOk5T
TD8YyMaFwoxrQAcofOEIuoaYmYjoZiUfv+JIOpu38ew
--- iKq7MPj9llDLuxwo0dgUfa+qJDf9bG3+U3nwAXN2cY0
J<EFBFBD>
M<EFBFBD>1>ohC<68><43>l<EFBFBD><6C>]<5D><><EFBFBD><EFBFBD>\d<>?s2<73>X<EFBFBD>׋<EFBFBD><D78B>Y<18>GH}<10><>

31
secrets/fwminex/borgbackup-password.age
View File

@@ -1,19 +1,14 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 fqSa6A mpsAV2VQdSsC/+8kUKsvnys5ic2mQz0MEA2kl1FALj4 -> ssh-ed25519 fqSa6A Ex8M7+EZThscF7Gy+P4A/PyGdr1zsUqecrQFkr7nblQ
xtUr9xAc7HlOzbew6iFNG4NCNr/GAMENGww7SUQitKg tr8fxLOCPxuFOR6QtWkYJirUkrlickaXriqA/nRAzvU
-> ssh-ed25519 lDWJbA 6Ypr62TadaVv+0PeHpN4Bvg2fhg68dkJiF4e6d+UMF8 -> X25519 rftxb8qrjAQgOpRszm/07iON5dzagJ9FJFxfkIqikE4
XrZGFXOAhaJUiFuTsc96mYda4XjL573nLwAGzl3HR0M 0P+72TYzfgtQ/nTZEZ2CDjf906iJjyoXoEJ6RrkHVGA
-> ssh-ed25519 wPuT4Q O8SGmvCJrOMYi0O0qL68DAYZG6fIY1pv1n60v2OBEEE -> X25519 4lbiq+9CgI3qYprwaQTrbmNcfBBK6sj+9s2+szkG2yY
v4+XHM2gD6+ndDkkr2qu/KFKD2vGpQ94JCP6OcKpsV8 UHyDorYhIZFWRkiesjf8z/ih+BUuiOGBp6eElZGH4eo
-> ssh-ed25519 dJyjXQ 8QfEpLbsMlTOfYNqs97GzdsgfDn1SwYulKTjRePv9XE -> piv-p256 +y2G/w AnN2FXgrnCfn8mGp6uEBHA6xKhVh2k7olPnvQF5eiJWJ
bOuoXhm6CHJGGhrTNwIOddDRrhGZwU67VkVcQkBtTe8 TxsN6WiQOtbbzgNCpMq/nQ+Q+e9elUK+PlnlitVmQSg
-> X25519 0I6kW+PIH2CnIE5FY0eujwXowGkbROMbLKzgDHRBD3k -> piv-p256 jNqd3A A7Mt2FnBxrbjJWXmEpfqDEBFYtXqysd6GfavSoMlnHrH
t7eGmUp0xTiadu1DsH4jA7iuaQQSXTuQU9+RP3hvVgI LS8lBP4la5jTNlc7qkoWvwX6sb5TbpzIUhtQPxKr/tA
-> X25519 x++V4MIL4u/kv8MLIGUuMLHFesxo+9Kf32Q9nvDrZxg --- rtEm8+fINwi70YgNeV7j0L3wK5O6pG0ztq2kLyKzcCM
xxvltRbYNAzUrdx2ZIEhfkFzQXY/PDr4WzCnosTcS6Q +.<2E><><EFBFBD>2<03><>W:l}<7D><><EFBFBD>d<EFBFBD><64>8<EFBFBD><38><EFBFBD><EFBFBD>
-> piv-p256 +y2G/w AsaphysYUxvaRo86bwBVKhqOOWzxO4zoDJ3PHzJkuiRU Z[%-<14><>M<EFBFBD>U<EFBFBD>;<3B>|<7C>|Y<>
3xCVQAdi2n6OwxcJX3GXD3ug7WKggG1QOAE4wYm8bpg
-> piv-p256 jNqd3A A2/zhLyPoYU+2tfBukElXeuxoHycm5tcfSADDi+XOEuD
pguxc2kH01hbkh7iHbiBWfEc+4d6XIMTUGx6zf+k2hs
--- yixFNTaKHDzCENJiK7XfM5mTDCu8BwVBOnhVNpM9DuU
vu<76><75>_߇cv<63>"<22><><EFBFBD><EFBFBD><EFBFBD><12>g<EFBFBD><67><1A>T<><54><EFBFBD>S!<21><05><>X<EFBFBD>J<EFBFBD>t<EFBFBD>

BIN
secrets/vno3-nk/borgbackup-password.age Normal file
View File

Binary file not shown.