diff --git a/hosts/sakotop/configuration.nix b/hosts/sakotop/configuration.nix index 69eb77bb..05cf4bb9 100644 --- a/hosts/sakotop/configuration.nix +++ b/hosts/sakotop/configuration.nix @@ -117,12 +117,11 @@ # homelab sops = { + # we need to setup wireguard with this soon age.sshKeyPaths = ["/home/sako/.ssh/id_ed25519"]; - defaultSopsFile = ./secrets/homelab-cert.yaml; - secrets."homelab_cert.pem" = {}; }; - security.pki.certificateFiles = [config.sops.secrets."homelab_cert.pem".path]; + security.pki.certificateFiles = [./trust/homelab.pem]; # Enable the OpenSSH daemon. # services.openssh.enable = true; diff --git a/hosts/sakotop/secrets/homelab-cert.yaml b/hosts/sakotop/secrets/homelab-cert.yaml deleted file mode 100644 index f0239bb7..00000000 --- a/hosts/sakotop/secrets/homelab-cert.yaml +++ /dev/null @@ -1,21 +0,0 @@ -homelab_cert.pem: ENC[AES256_GCM,data:NwGlxxgE/47zNb/kokc1Rt1dN++C5v79JFQMRFtkHKErCm+ws2Z00+GTOBAj+Tt2JouX/D8SjDKL7B3vD0J7pT4sIA61xLbFaN+drnTvJiSGtM/FmqiKEHjEThyUMf4OczogYcNill/R0Cb4Iw7qUSwT8f2/0LexBXrYl02e7rAEZF78X82gaAwco3e1nDPvk51omKjSMfRiycdZTBT7sjYUmkhR7otaawVOwbnBL6rd+ala66nj8Ig6nLH5jt1tuZQ85ckS5LqMpp76djUUiFlTCCTVRw2AVpVRPdLWjzkWK41RepyMFiucgEGONSVMm9EwZIOrHoNLU9heSjN+VH9dELg4Y1tudTQmZV02zc+yrHYFai9gPT/fKgw+j1JXKR7C5Rurw9JY0933QHicPRgLKyG7JxNowzZnZsTstgKRB72Ye7gUR3s9CaWEKURiBMmDLNW/41EeISe39rRTc4klb2z0gesUrrpGWHWkZJ7TALtF/49JxqT5jdMEt0AQgkKuJUV7h/pI0UxOBRR4MMMbE0IV+vjEOoGiV1xRmW9RNLtwQO2p2dsVxyo9EsgpxYsL1/bcH+TcZ5WmqQZ6htR2D5G7UQUoV247w7W4CVAfQLEthdnFCsFhzA3dOJepBKfJPJv+nVhjIxYxZesSgsCR6UA4bLoIFbUwwrTMbqyhKxK9WLDMsoIi/v7jmHKYoe7B4tRAsx7z/56LaX3wcl0hLzGInx3JX71qXdlD/Zal/63gLBDKGPo+byDQlWC6lO8LBFf+18kzhfzTr848JLHudu03k+g4Qmnjo5hTA0qRcG5feYjq7VxTEei+WPfVvlmUYuprD+QuQc5H0IeQ6ZpuyTcEwJbpTg39onkFLSaYAY/+uDenx4KzRjcfdSJqedGM/hSmnckBZXFHeW6BFkrvODxusQZPq5gkizGP6SK8XAFODFx3M2U9zkhdDTY4+UH42H5X52jndjYhf91f0AtnHYv7jBjZdPxXZgGT989Z/kJD3zHk3XkVN9uVyob6EWmF2AzBRiacpD/cEMg5Gs/pDXTmoa+I36k0jLCOaCL31wIopjUxyocpmReg3jvGHnnNrDWECBPuiClW+egGQla4bL4hRbdvUloqdZeMntiEGQRsOjmgbMoyMfR62CXtIEjZ/CO+MulCWvUAqCdUYh74vGYADnsc03RUFLZ8Ul8NrSXiNK0yEJJ3F4WJvs7WFN+Kpak+U69f8ThZUw1Kird1xlyBBMpssG96zaKgKbM0Rba5I9/zePeXfq2juci0HPlS6/dCL8nsxAzJStNqYJ6/T1nvP25wXJ5ykthMq8V9MyL3+gwG5+Qc1MgJxJPdGpuN/0D5LEGKlfX6968t8+bfL/ZGXOKw7Bj55rUWW05rMDCo2MU3ddDmUmpe8VH3+bmnKcCaUF4xcaURuzZUNMA4V5xtzs9pcAO6i57q+QKK5xRJ/dQ5CvCQ2e3GkQiReAm2wMNXgC/1xSlk8+v42l2cCZLrHQuKz6Hhhs974oJ1Kr1lue7G+dDUBPshM6NTQKQ/Rc8RmLEVg1XeAHEHPXlIUZbz6smca7tTlckMM4AIM//S6MFlftzyJfenWth+MJQ6GGHgjv/bhmNTL5JrCH/rbrOm35S4spMyvB6gNQPj1Cwa/Hxiqq4k41waGwSPcSeZV1j2agnbdfTbF8o5bLlzlrBtdPZXhRnXzHGFvfw+rOApzkonDGEgU3Mkdw==,iv:jamng39UQk9xK4+Uj8QYFrZ+sfcOUQyHCNK8dO20Rgw=,tag:yY5YMqzNyprUGoglnRrKhw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1nhj5fz9cakgd6rrkwpjkndra6fd4rqxgfvcrap5g0anwxgmh4yqspvf22y - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNWhWTy9PNmgxMngyeHM1 - cENCdjBCWVp4cXM5ZE85ZzVOa0ZvWTEyWGtnCjE2VThuQUNhVFN2dVYxNFZrMkhZ - S0VBQ25ySUNNVng3VXozOWw2QzN0UFkKLS0tIEttSVJnTzVPMHRBV29FZHI5Ulc0 - MUVjQXNsYVM3V1BwMUlPL2sxeE9kVnMKM1tAh5O7qn2o+q+j0AZNqGlLH/90enOJ - /LYnLLWL+kWL92kO8YdTLLmdcR8XMoq9JqGRxHku7q7phhc/ZYvFag== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-05T10:14:21Z" - mac: ENC[AES256_GCM,data:12BTEoMl56c5uggKCaN46qagq428ZP1DAOqpu5ne0H7C7oJMTOvXtZHrLypmp2JnLXnKlqEa3Ca0VUrNotdPTDP6GYAn9J7YWIFEoUqIhV10hTYOlSkAFtMeI4KD0srw99xnUnWNc3wIXHlc/YPdCwxCdMgHXAmLcq/BeIoPQ4I=,iv:/iPreYenymr9KvkWzbpPrZ1japOI6jN5ioPfOTldVY4=,tag:E8JHZB5R/wjTFlqecCrejw==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/hosts/sakotop/trust/homelab.pem b/hosts/sakotop/trust/homelab.pem new file mode 100644 index 00000000..cf67031a --- /dev/null +++ b/hosts/sakotop/trust/homelab.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDjTCCAnUCFHMHoQwSTvnFMmBpncLHmiB5gITGMA0GCSqGSIb3DQEBCwUAMIGC +MQswCQYDVQQGEwJBRTENMAsGA1UECAwEWm9uZTENMAsGA1UEBwwEaG9tZTERMA8G +A1UECgwIYmFzZW1lbnQxDTALBgNVBAsMBHRydWUxETAPBgNVBAMMCHNha28uYm94 +MSAwHgYJKoZIhvcNAQkBFhFzYWtvQGlzc29jb29sLmNvbTAeFw0yMzA1MTMxNTIx +MzdaFw0yODA1MTExNTIxMzdaMIGCMQswCQYDVQQGEwJBRTENMAsGA1UECAwEWm9u +ZTENMAsGA1UEBwwEaG9tZTERMA8GA1UECgwIYmFzZW1lbnQxDTALBgNVBAsMBHRy +dWUxETAPBgNVBAMMCHNha28uYm94MSAwHgYJKoZIhvcNAQkBFhFzYWtvQGlzc29j +b29sLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIfsXZqAG12A +oQsMP4TU3rTFhwjprHqau7LLg9vGEWaKmmTSnBDB0gTAMahPjdUflRBPi8n/j5kS +i2MddUbLl3FE6bAqh9GZDgXk/527TBTHkp2/UpruE60yr986rFrVqf1u/gKlZtog +cPCqgGiT4WZs82ArS8jfLIOf2PeZWAUbeyWS4EWsiAv2RZLV9RRvQdUejAKa6OGT +0qogzlorpl4PRlmAVN9LSqbA94WJoVZ3XNSoy/Q5IRxzvwlcSAZw6UJbHI+h8fzO +CyIVC5OXP4QmCqEGxI9F8XTL1ys1NlonlFqKgvwn0C2xqOB/bwlZYxF04ibPlrGO +y9OGMkhE170CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAezUjdsMRGId1d/Q/uQmV +1LBdIcfmzac6p9rWR5ky0j7ukJBlOz8p6/YFmzgjCFaz8urBJ1z+H778vYkg7qih +RRIVOVZtOy7kXS+sJIMlAOSFKUXup/tG373ocVow/TZUIih37Hv9zt67DDVKlESh +/z3Ffqtnk7rKiHOBnVrczfnahCu6cnnlcszvYR2+UCXubH02cJPZfnv91aM2YQCb +DNhCMgnOSnPi3DAW/EU833mh6IKk9ZXNHdqVuEuR26qdSYg1KCeBNSvxFAh3J8VC +ZSnE2k5wzMfkGZrJT7P0q1HdQ7Zv91aqQQcxoV/ezTeXwKDNd/YRcOvWnpBtSdiH +/g== +-----END CERTIFICATE-----