Added quinto secrets and deploy-ssh keys

docs/hosts.org

@@ -1,4 +1,18 @@
 #+title: Hosts
+* Setting up a new vult host
+** Generate a password for your host
+#+begin_src bash
+pass generate samfelag/<host>
+#+end_src
+** Change the password in the host
+Enter into the host via the vultr dashboard "View Console"
+#+begin_src bash
+passwd
+#+end_src
+** You can now ssh into the host with the new password
+#+begin_src bash
+ssh nixos@<host_public_ip>
+#+end_src
 * Setting up a new host
 ** Generate a host ssh key pair
 Generate the key pair (we'll use the name `id_<host>`)

secrets/consul.d/agent-token-thingvellir.json.age

@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 GWuf0Q 8KY3le+D4r6SJVPdkjL3P4fLA7rS00F+LkRieMGcrA0
-0ffzmUzTFEPiYmLG02Y0XweXTvFjEt6lao8ySE73Eoo
--> ssh-ed25519 kNjiNQ 0Hg11FGDMDrus/MA9UMRA8jt3aoJYbQMJ8vM4PrYtyY
-H9ZURqsrkmviJMpsbiKDUk8r+NWlAsrQ0OpO5U7U0dg
---- jQa7EUd7cX7AexX3FCJaOb4xVZ9/TP7WXakcgVKH5PM
-CO<EFBFBD>`<12>P<EFBFBD>g<EFBFBD><67>he<68>E<EFBFBD><45>hy<68>אꁋ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>F<EFBFBD>f<EFBFBD>ǥ<EFBFBD>@<EFBFBD><EFBFBD>AUG<EFBFBD><EFBFBD><EFBFBD>L<EFBFBD><EFBFBD>ʳ<EFBFBD>:<3A>;{<7B><><kH<6B><48> -ڥ<><DAA5><EFBFBD>w<EFBFBD>m<14>6<EFBFBD>`<60><11><><EFBFBD><EFBFBD>~)<29><>woϡ<6F>E<EFBFBD>b{<7B><>#{<7B><>T
+-> ssh-ed25519 GWuf0Q z5DKW5ikWJPBjNjrgoUuJF8be9f9naDOxZ74sOpf5FY
+kiV2yRp+BVwTInS1EMkzhGyfGGEdHcB9DGlbzTA9lpQ
+-> ssh-ed25519 kNjiNQ YLZNTRHp6sj3v0wu7WMitqBykTcqaGYcfZbJkF0ougM
+dI8B6KF6bvSONOo/dTOq6jyYIn6Rj1AMABUeOU2hWUQ
+--- V+29XmjyMdtKIFBz9VW/D/A9sM6HPLYe1HZf458md64
+'<27>w"<22>2s<0F><>IIꩧ<49>gȦM<C8A6>&<26>;X<><58>j<>S{<7B> <20><18>ŒHxl<78>y<EFBFBD><79><EFBFBD><EFBFBD>k<EFBFBD><6B>cr<63><72><0F>ܟkdZ<64><12>\<5C><>|<7C>Y<EFBFBD><EFBFBD>ރ<EFBFBD><EFBFBD>"<22><>S,<2C><>wQk<EFBFBD>@<40><>Kn<4B><6E><EFBFBD>T<EFBFBD>83G<33>^<5E><><EFBFBD><1B>2<>38,<2C><>dJ<64>Ng<4E><67><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>f<EFBFBD>d<>ӯLD<1A>]<5D>B<EFBFBD><03>fvTO<54><4F><1E><04><><EFBFBD>ln<6C><6E><EFBFBD><EFBFBD>-<2D>ZmMn<7qw<07>

secrets/consul.d/gossip.json.age

@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 GWuf0Q V6HZPuKmDsfaVVnJveBuLwLCndktAB7xudXvB9niGRg
-hEKkg2Ltbt3Ie1Ci6VabOSjp/pZeandKlZl67kqZd9A
--> ssh-ed25519 zhVGHw BwZzAbAXSX/frkhi5wFJzDaEWXOQaqNfdEC4EIZwBX0
-cbysAZi82rbqH2T+cipPPNgsnHn2aU/tQYMlmt8zpPE
--> ssh-ed25519 kNjiNQ ijvaL5MqfKqzD5X9uOAx78PfsUNSJkQ+nhC/EGyG03Y
-uq2HskFBaNjTiNeipz4H9eoHJ4KDz614DSMfW3rz9Yk
---- FWfT5xb1cTntOfVIjzbw1ZD6nFRfKunQL0k/0/xx+dQ
-h<EFBFBD><EFBFBD>q<EFBFBD><EFBFBD>sa<EFBFBD>m<EFBFBD><EFBFBD><EFBFBD>`v<><76><EFBFBD><EFBFBD><EFBFBD><EFBFBD>B<EFBFBD>xeZp<EFBFBD><EFBFBD>}<7D><><EFBFBD><EFBFBD><EFBFBD>'<27>d2$<24>rϻ0<CFBB>q<EFBFBD>KE5<45>N<07>ʮ9<CAAE><39>R&(<28>tuxX4<58><34><EFBFBD><EFBFBD><EFBFBD>
ݏqgČ<67>zvk<76><6B>X<>n9B <EFBFBD>
+-> ssh-ed25519 GWuf0Q HU052z43DHXbPh4m0Cn8YWEabVMdT9Ab9ZvnRTkiGiM
+jsGBcbgj1JeYBdvnRqKT310VnWqZmRYIE+LbkPVmDxs
+-> ssh-ed25519 zhVGHw 1oy7y5z6KQy+JYRIPyqfeCgJUbGWdo77NiGnVRA0QRk
+qNrRnats5cFFv8K3YUtUXdSwhWkgcBGTeDlhWTkrNRM
+-> ssh-ed25519 kNjiNQ IWfsJxXu1Kg6Z5p1qNBopU0RkYt7/s6jw/DJDQXpTHc
+ouzaIxV7Y+pE8t/8s4Vk/AO/MccUpgHGhn1cq6C+E08
+--- LL3bXyeMTogvYXqjhwL75j64P9bNIFG2pwFanjOYm2o
+)<EFBFBD><EFBFBD>><EFBFBD><EFBFBD>
<01>F<EFBFBD><46><EFBFBD><EFBFBD>=<3D>!<EFBFBD><EFBFBD>v<EFBFBD><EFBFBD><EFBFBD><1C>E`<60><>e*<1B>mOg<4F>J<EFBFBD>+CT<EFBFBD>
+<EFBFBD><EFBFBD>w+<2B><><EFBFBD><EFBFBD>tΫp<0E>[<0F><1D><04>^8k<38><6B>RY<52><59>_<EFBFBD><1E><><04>=8xg<78><67><EFBFBD>!<13><1E>

secrets/nomad.d/consul-token-server.json.age

@@ -1,8 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 GWuf0Q 4t1WD76CN3hhc3073abxAsobKWKDX+yemaIxHy8PiDk
-9O2cAi7MJVqGiTNnOIez4MACEYMB3/YyLSz4Z4YWe2c
--> ssh-ed25519 kNjiNQ WaXpqZbqRuLo9q241VclrLfHOQ94VRB8D0RY2es8KBM
-P6iayA+emjHOEg59EzXU32RCRKZaGS0j7d3wk4Is6tQ
---- QsnjyrQe2d1K59Q/i3/NIXaK87rsDf4neQS5sKJ6yeY
-<EFBFBD>&8"ڨ?4<0C>?<3F><10>
-$<24>!<02><12><><EFBFBD>Y<EFBFBD><59>ju<6A>*8<>c<EFBFBD>D<EFBFBD>C<EFBFBD><43><EFBFBD>!"<22>
+-> ssh-ed25519 GWuf0Q GSvUmcsNXSkoVOD8V/UP+KAGfKX4REahFDmwlROkoSw
+ruTijdplgtQZP3wjnNGemh3a0omKK95xsfXzkWce0lM
+-> ssh-ed25519 kNjiNQ zT/ticPDHAujEWqSUrPaGsgPBdbaLvLQ/RSMz5C0aW8
+JTy+b/N6yjfPtrhYXkFWb26PGa+b/M1DVKeGsW2oimg
+--- TKdmCeaBKPBBIkKvUqqqQz9DQigRuLRT2ZFto7Jtqr0
+<EFBFBD><EFBFBD>W<EFBFBD>3L<EFBFBD><EFBFBD><EFBFBD>j䯕<EFBFBD>'Hg<48>R<06>s<EFBFBD>;<3B>w<><77>ۑ<EFBFBD><DB91>ցt{E"<22><>v<EFBFBD><76><EFBFBD><EFBFBD><02><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>17%&<26><><EFBFBD>(<28><>{˝<><CB9D>E<EFBFBD>.<2E><><EFBFBD>3<13>S<EFBFBD>zNc<4E><63>
Vҷl<D2B7>ˆf<C288>W<EFBFBD><19>u5d2

secrets/secrets.nix

@@ -2,12 +2,14 @@ let
   id-reykjavik = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwwpKfxNmUyBoPZqz1jYc6arCdHPvJrEsBN49m/P3By";
   id-hvannadal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICy1ocZywBvFHpIj+FvaC7QspRWuLXjy6fwakq9t+0Ev";
   id-thingvellir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7";
+  id-quinto = " ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxgIT2+aoP+ZLMPupV8M0UwCLX6A3s+H6z3BJPCjJc0";
 
   # --- Host lists ---
   # Since we want to be able to manage/edit all secrets from reykjavik, we create helper lists that
   # always contain reykjavik
   reykjavik = [id-reykjavik];
   thingvellir = [id-reykjavik id-thingvellir];
+  quinto = [id-reykjavik id-quinto];
 
   samfelag-hosts = [
     id-reykjavik

secrets/ssh-keys/deploy_keys.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+
+set -e
+
+read -p "Hostname: " HOSTNAME
+read -p "IP (leave empty tu use hostname): " HOSTIP
+if [ -z "${HOSTIP}" ]; then
+    HOSTIP=$HOSTNAME
+    echo "Using $HOSTIP"
+fi
+read -p "Username: " USERNAME
+
+PRIVATE_KEY="id_$HOSTNAME"
+PUBLIC_KEY="id_$HOSTNAME.pub"
+
+echo "Deploying private key ($PRIVATE_KEY) to ($USERNAME@$HOSTIP) ..."
+scp $PRIVATE_KEY $USERNAME@$HOSTIP:.ssh/$PRIVATE_KEY
+
+echo "Deploying public key ($PUBLIC_KEY) to ($USERNAME@$HOSTIP) ..."
+scp $PUBLIC_KEY $USERNAME@$HOSTIP:.ssh/$PUBLIC_KEY
+
+echo "Done"

secrets/ssh-keys/id_quinto.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxgIT2+aoP+ZLMPupV8M0UwCLX6A3s+H6z3BJPCjJc0 marc@reykjavik