diff --git a/hosts/common/initrd-ssh.nix b/hosts/common/initrd-ssh.nix index 49389dc..0dbb0fe 100644 --- a/hosts/common/initrd-ssh.nix +++ b/hosts/common/initrd-ssh.nix @@ -1,10 +1,10 @@ { config, - name, pkgs, + nodePath, ... }: { - rekey.secrets.initrd_host_ed25519_key.file = ../${name}/secrets/initrd_host_ed25519_key.age; + rekey.secrets.initrd_host_ed25519_key.file = nodePath + "/secrets/initrd_host_ed25519_key.age"; boot.initrd.network.enable = true; boot.initrd.network.ssh = { diff --git a/hosts/sentinel/secrets/initrd_host_ed25519_key.age b/hosts/sentinel/secrets/initrd_host_ed25519_key.age new file mode 100644 index 0000000..7347af8 Binary files /dev/null and b/hosts/sentinel/secrets/initrd_host_ed25519_key.age differ diff --git a/secrets/wireguard/proxy-sentinel/keys/sentinel.age b/secrets/wireguard/proxy-sentinel/keys/sentinel.age new file mode 100644 index 0000000..e3cdb79 --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/keys/sentinel.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 R0BWQpNL1KthhDkSVQAiBfWYjtTzqFE1z2DghrRlcTw +pDHtB7GCSgDkoM+fLfT2dxGLXSftymzgqFkevpF7SHM +-> piv-p256 xqSe8Q A4g9r6vrKIkkspnL9JB6eIRkPJUVZ6cdI5JZS2AsmBra +HyImy6ANI5aWNY6PMiDRWf+3/i+OH6nGk0mgiwTUOJQ +-> &;=R-grease rRQ 9=`dvmXY +VHbvEGjHD8QA7F8PCkGZAoumfzxN6F96CjiI7TM +--- i30EqOnaKdiLykI9hF0ja0H4djS2qbcIPpZFbwV2MUQ +6Pۓ,_\&P jJb(pǞCj$t nQ +jC2jV \ No newline at end of file diff --git a/secrets/wireguard/proxy-sentinel/keys/sentinel.pub b/secrets/wireguard/proxy-sentinel/keys/sentinel.pub new file mode 100644 index 0000000..9602ebb --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/keys/sentinel.pub @@ -0,0 +1 @@ +Av2TURDY3ea9f2eYrMVdBaoX4nug3/q3J2VffT0jOWE= diff --git a/secrets/wireguard/proxy-sentinel/keys/ward-nginx.age b/secrets/wireguard/proxy-sentinel/keys/ward-nginx.age new file mode 100644 index 0000000..87590d8 Binary files /dev/null and b/secrets/wireguard/proxy-sentinel/keys/ward-nginx.age differ diff --git a/secrets/wireguard/proxy-sentinel/keys/ward-nginx.pub b/secrets/wireguard/proxy-sentinel/keys/ward-nginx.pub new file mode 100644 index 0000000..4a153dc --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/keys/ward-nginx.pub @@ -0,0 +1 @@ +Sif8dqFiuHTZXE/jlE05m4sYEGvacNllyHgpzU0Fdl0= diff --git a/secrets/wireguard/proxy-sentinel/keys/ward.age b/secrets/wireguard/proxy-sentinel/keys/ward.age new file mode 100644 index 0000000..b869d1f --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/keys/ward.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 A+ZW73Cq7yv0UeeoLezJYLfajzRX6Unne3HYQqrXJVM +SNvhyeDlkidu5VJgrQXbc0FejQq2nwzi3wgUdMMvkHs +-> piv-p256 xqSe8Q AykCR/1obSil+7NK+MOjVqnKi6n4Lf6BqDJZwK5TyUHD +1Umb/VTLnFkRl89tEWpPaa/44viOYlpLJGe6dylTo8c +-> #&Oc-grease \R3|?= +ldj7REUjF96z4/qU4ItcJzPBIQMMc0/OGFlP1CGN/eOsmtu8/e3wMFLKDcueDsZk +tmGlJsDxT5VxM/Rhc4hNzZPAv3w +--- RzNxhPetNvNYFfjzTUYh00VQIFp5LQNOxsABQ/bmuGk +i/{3 p$}cC74yleۑ0JK;zA0*PHq5{wOm \ No newline at end of file diff --git a/secrets/wireguard/proxy-sentinel/keys/ward.pub b/secrets/wireguard/proxy-sentinel/keys/ward.pub new file mode 100644 index 0000000..406f92b --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/keys/ward.pub @@ -0,0 +1 @@ +oRsehyU4lVtvTsCRepv/UiHzCJl95ShnRSbKx028hg0= diff --git a/secrets/wireguard/proxy-sentinel/psks/sentinel+ward-nginx.age b/secrets/wireguard/proxy-sentinel/psks/sentinel+ward-nginx.age new file mode 100644 index 0000000..b164e82 --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/psks/sentinel+ward-nginx.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> X25519 0QoyNblIglbAKE89tDFlqs+kslnGF9cOMPHlrwha0Ew +wBW1HNQb+7UiFNX/sSp7kjyTEzdXONvGRVQ/OPJSQro +-> piv-p256 xqSe8Q ArcdVwghvkI/rqWPsWV8AJA9h9xtAY+J0kiztDquPGEA +RiNgvvkfYzfOakTB4wOGbZ9rep0bHVv5nG06HW91gug +-> /-grease v ]TVv5 AP#z\ M&zvw*e3 +2gFdkIV9dkmsTVsSlHREHSc +--- 0XNJIPnIlq8cPla1MYEwjVIiUrAsnzwfHIatDncMU7w + Լt?7B>ңg2V0ٝn\=Q!kw3G"q:VMEҝ!焸3`!^!G \ No newline at end of file diff --git a/secrets/wireguard/proxy-sentinel/psks/sentinel+ward.age b/secrets/wireguard/proxy-sentinel/psks/sentinel+ward.age new file mode 100644 index 0000000..27221d1 --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/psks/sentinel+ward.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 PB469BFFieyNcDr4YeyYNMZnmXUKiKrevFe/PpUz7w0 +m0oXaMDpLG/tc+HPQ/UIuNOhRyTWJO3d99GDuagYMAQ +-> piv-p256 xqSe8Q AkH+SCuULC//07OonIbA8rea/JtUigBsa0/N9qFjzpzm +tj6gVEwFWhwMr55FRR6bl868zBMuuEZId/w296eIBuE +-> l|!Za6b-grease k. 0v=7Gp6 PD)9iq +zBA7hST9hKE2YonUiZBDfbHGe3JMocnYr4aGDTPZW7mBcy0oLJn/5YGh0m94+97y +3TyNFZWU6/TCrIxQqEhiaBN6U1zmUpPXFjI2YwQ3f4K2PO4337M1nE4 +--- mZkEmWC6YNqKM8gNaLYuhs0VyVWoDyjlayPeJ3s9M/E +;/2Go/os/?KeshAH~@pOzElnoOטT *3 \ No newline at end of file diff --git a/secrets/wireguard/proxy-sentinel/psks/ward+ward-nginx.age b/secrets/wireguard/proxy-sentinel/psks/ward+ward-nginx.age new file mode 100644 index 0000000..f1b8903 --- /dev/null +++ b/secrets/wireguard/proxy-sentinel/psks/ward+ward-nginx.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 g5UuKXrjEeEonc4YroPe/qo7ZUJGHmSiIDp9BPPwv3k +4Gri0dg/2QQdy/4EOCTOqL3MmykdsSFZTd6Xmxm0dOo +-> piv-p256 xqSe8Q A+yx0k+Us2tPM3Uo3Yb6/AD8JJNXf3ZUaSspTTTkRKXX +k13pcgX4n9MBbEO8REqZ4a2hwmJOMw+tao0Jkrl+z7A +-> )-grease +S@3 E4" 6{ +7d4/jNX8YKqnXeK3ObtIK+UUQMbH+/PaFJDzAL6OLToiMQkwgnWQjH2xCXVIqLN6 +furrMt+kjg +--- dzxezolbxIGerzuZuz8SYISBUu6ZQW1WGAHTgMl8nsY +o\g~PM@`CV)xD*sA`NjY˚ef5 _5:= \ No newline at end of file