Added quinto secrets and deploy-ssh keys

2024-12-22 16:05:01 +01:00
parent ab380782c3
commit a59c52a2a3
14 changed files with 60 additions and 21 deletions
--- a/docs/hosts.org
+++ b/docs/hosts.org
@@ -1,4 +1,18 @@
 #+title: Hosts
 * Setting up a new vult host
 ** Generate a password for your host
 #+begin_src bash
 pass generate samfelag/<host>
 #+end_src
 ** Change the password in the host
 Enter into the host via the vultr dashboard "View Console"
 #+begin_src bash
 passwd
 #+end_src
 ** You can now ssh into the host with the new password
 #+begin_src bash
 ssh nixos@<host_public_ip>
 #+end_src
 * Setting up a new host
 ** Generate a host ssh key pair
 Generate the key pair (we'll use the name `id_<host>`)
--- a/secrets/consul.d/agent-token-reykjavik.json.age
+++ b/secrets/consul.d/agent-token-reykjavik.json.age
--- a/secrets/consul.d/agent-token-thingvellir.json.age
+++ b/secrets/consul.d/agent-token-thingvellir.json.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 GWuf0Q 8KY3le+D4r6SJVPdkjL3P4fLA7rS00F+LkRieMGcrA0
+-> ssh-ed25519 GWuf0Q z5DKW5ikWJPBjNjrgoUuJF8be9f9naDOxZ74sOpf5FY
-0ffzmUzTFEPiYmLG02Y0XweXTvFjEt6lao8ySE73Eoo
+kiV2yRp+BVwTInS1EMkzhGyfGGEdHcB9DGlbzTA9lpQ
-> ssh-ed25519 kNjiNQ 0Hg11FGDMDrus/MA9UMRA8jt3aoJYbQMJ8vM4PrYtyY
+-> ssh-ed25519 kNjiNQ YLZNTRHp6sj3v0wu7WMitqBykTcqaGYcfZbJkF0ougM
-H9ZURqsrkmviJMpsbiKDUk8r+NWlAsrQ0OpO5U7U0dg
+dI8B6KF6bvSONOo/dTOq6jyYIn6Rj1AMABUeOU2hWUQ
--- jQa7EUd7cX7AexX3FCJaOb4xVZ9/TP7WXakcgVKH5PM
+--- V+29XmjyMdtKIFBz9VW/D/A9sM6HPLYe1HZf458md64
-COˆ`ÎPØg‡êhe«E™ hyÖ×<C396>ê<EFBFBD>‹‚õø‡ƒFùfãÇ¥<C387>@ì¥AUGý ³LÑêÊ³Ý:÷;{ø¹<kH±í -Ú¥âŒÈwËm›6Ù`ÅèœÔé~)øÄwoÏ¡šE‚b{÷’#{çøT
+'”w"<22>2sÿýIIê©§çgÈ¦M£&”;X±éjŽS{Å ñçÂŒHxlôy¼¾úîkóòcrÅÏ½ÜŸkdZÑ”\ÜÞ|¦Y²¥Þƒ¸û"ì˜S,íwQkÝ@¡ìKnÕùªTÞ83G˜^€ŸµÇ2ð38,¼ˆdJùNgüûŸŸ¹µ¸f–dþÓ¯LDÍ]éBÏîfvTO„ºÅýèŸlnž÷ŽŠ-ŽZmMn<7qwé
--- a/secrets/consul.d/consul-agent-ca-key.pem.age
+++ b/secrets/consul.d/consul-agent-ca-key.pem.age
--- a/secrets/consul.d/consul-agent-ca.pem.age
+++ b/secrets/consul.d/consul-agent-ca.pem.age
--- a/secrets/consul.d/gossip.json.age
+++ b/secrets/consul.d/gossip.json.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
-> ssh-ed25519 GWuf0Q V6HZPuKmDsfaVVnJveBuLwLCndktAB7xudXvB9niGRg
+-> ssh-ed25519 GWuf0Q HU052z43DHXbPh4m0Cn8YWEabVMdT9Ab9ZvnRTkiGiM
-hEKkg2Ltbt3Ie1Ci6VabOSjp/pZeandKlZl67kqZd9A
+jsGBcbgj1JeYBdvnRqKT310VnWqZmRYIE+LbkPVmDxs
-> ssh-ed25519 zhVGHw BwZzAbAXSX/frkhi5wFJzDaEWXOQaqNfdEC4EIZwBX0
+-> ssh-ed25519 zhVGHw 1oy7y5z6KQy+JYRIPyqfeCgJUbGWdo77NiGnVRA0QRk
-cbysAZi82rbqH2T+cipPPNgsnHn2aU/tQYMlmt8zpPE
+qNrRnats5cFFv8K3YUtUXdSwhWkgcBGTeDlhWTkrNRM
-> ssh-ed25519 kNjiNQ ijvaL5MqfKqzD5X9uOAx78PfsUNSJkQ+nhC/EGyG03Y
+-> ssh-ed25519 kNjiNQ IWfsJxXu1Kg6Z5p1qNBopU0RkYt7/s6jw/DJDQXpTHc
-uq2HskFBaNjTiNeipz4H9eoHJ4KDz614DSMfW3rz9Yk
+ouzaIxV7Y+pE8t/8s4Vk/AO/MccUpgHGhn1cq6C+E08
--- FWfT5xb1cTntOfVIjzbw1ZD6nFRfKunQL0k/0/xx+dQ
+--- LL3bXyeMTogvYXqjhwL75j64P9bNIFG2pwFanjOYm2o
-hµôqÂâsaƒmîíì`v¸»öíŠãBÙxeZp „}§àÏÌý'’d2$ürÏ»0ÚqßKE5‰NÐÊ®9®£R&(–tuxX4¶<34>ï–ëÝ<>qgÄŒŒzvkèŸXän9B Ò
+)Š‰>‹ÊóFÚâ®ö=»!‰Ëvÿ•½ƒE`¹Æe*ëmOg¸Jö+CT‰
 Õèw+ïºÖÍtÎ«pû[ÝéÏ^8kÿ RYœ°_”ôýã=8xgîö–!ƒÇ
--- a/secrets/consul.d/samfelag-server-thingvellir-key.pem.age
+++ b/secrets/consul.d/samfelag-server-thingvellir-key.pem.age
--- a/secrets/consul.d/samfelag-server-thingvellir.pem.age
+++ b/secrets/consul.d/samfelag-server-thingvellir.pem.age
--- a/secrets/nomad.d/consul-token-client.json.age
+++ b/secrets/nomad.d/consul-token-client.json.age
--- a/secrets/nomad.d/consul-token-server.json.age
+++ b/secrets/nomad.d/consul-token-server.json.age
@@ -1,8 +1,7 @@
 age-encryption.org/v1
-> ssh-ed25519 GWuf0Q 4t1WD76CN3hhc3073abxAsobKWKDX+yemaIxHy8PiDk
+-> ssh-ed25519 GWuf0Q GSvUmcsNXSkoVOD8V/UP+KAGfKX4REahFDmwlROkoSw
-9O2cAi7MJVqGiTNnOIez4MACEYMB3/YyLSz4Z4YWe2c
+ruTijdplgtQZP3wjnNGemh3a0omKK95xsfXzkWce0lM
-> ssh-ed25519 kNjiNQ WaXpqZbqRuLo9q241VclrLfHOQ94VRB8D0RY2es8KBM
+-> ssh-ed25519 kNjiNQ zT/ticPDHAujEWqSUrPaGsgPBdbaLvLQ/RSMz5C0aW8
-P6iayA+emjHOEg59EzXU32RCRKZaGS0j7d3wk4Is6tQ
+JTy+b/N6yjfPtrhYXkFWb26PGa+b/M1DVKeGsW2oimg
--- QsnjyrQe2d1K59Q/i3/NIXaK87rsDf4neQS5sKJ6yeY
+--- TKdmCeaBKPBBIkKvUqqqQz9DQigRuLRT2ZFto7Jtqr0
-±&8"Ú¨?4™?¬”
+ÈëW†3L®<EFBFBD>þjä¯•¤'HgçR’s†;•w§¸Û‘<C39B>¿Ö<C2BF>t{E"Üævó‚Ÿè©Š•÷õÍ17%&Óü(†ô{Ë<>õŸE¦.§Óô3ÇSˆzNcÅçVÒ·läÂˆfŠWÊ–u5d2
 $É!þÈÄëYíêjuÌ*8Éc¿DÖC°Á–!"<22>
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,12 +2,14 @@ let
  id-reykjavik = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFwwpKfxNmUyBoPZqz1jYc6arCdHPvJrEsBN49m/P3By";
  id-hvannadal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICy1ocZywBvFHpIj+FvaC7QspRWuLXjy6fwakq9t+0Ev";
  id-thingvellir = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEIvWEwYayFK8iRb4g2+cnQXlqiMBu3aWxTahXkaCNG7";
  id-quinto = " ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxgIT2+aoP+ZLMPupV8M0UwCLX6A3s+H6z3BJPCjJc0";
  # --- Host lists ---
  # Since we want to be able to manage/edit all secrets from reykjavik, we create helper lists that
  # always contain reykjavik
  reykjavik = [id-reykjavik];
  thingvellir = [id-reykjavik id-thingvellir];
  quinto = [id-reykjavik id-quinto];
  samfelag-hosts = [
    id-reykjavik
--- a/secrets/ssh-keys/deploy_keys.sh
+++ b/secrets/ssh-keys/deploy_keys.sh
@@ -0,0 +1,22 @@
 #!/usr/bin/env bash
 set -e
 read -p "Hostname: " HOSTNAME
 read -p "IP (leave empty tu use hostname): " HOSTIP
 if [ -z "${HOSTIP}" ]; then
    HOSTIP=$HOSTNAME
    echo "Using $HOSTIP"
 fi
 read -p "Username: " USERNAME
 PRIVATE_KEY="id_$HOSTNAME"
 PUBLIC_KEY="id_$HOSTNAME.pub"
 echo "Deploying private key ($PRIVATE_KEY) to ($USERNAME@$HOSTIP) ..."
 scp $PRIVATE_KEY $USERNAME@$HOSTIP:.ssh/$PRIVATE_KEY
 echo "Deploying public key ($PUBLIC_KEY) to ($USERNAME@$HOSTIP) ..."
 scp $PUBLIC_KEY $USERNAME@$HOSTIP:.ssh/$PUBLIC_KEY
 echo "Done"
--- a/secrets/ssh-keys/id_quinto.gpg
+++ b/secrets/ssh-keys/id_quinto.gpg
--- a/secrets/ssh-keys/id_quinto.pub
+++ b/secrets/ssh-keys/id_quinto.pub
@@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxgIT2+aoP+ZLMPupV8M0UwCLX6A3s+H6z3BJPCjJc0 marc@reykjavik
		`@@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINxgIT2+aoP+ZLMPupV8M0UwCLX6A3s+H6z3BJPCjJc0 marc@reykjavik`