From ca7bbeec72748df0b02caa3a2d956c32a1be97ef Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Mon, 29 May 2023 21:51:23 +0200
Subject: [PATCH] chore: add secrets for sentinel

---
 hosts/common/initrd-ssh.nix                       |   4 ++--
 .../sentinel/secrets/initrd_host_ed25519_key.age  | Bin 0 -> 871 bytes
 .../wireguard/proxy-sentinel/keys/sentinel.age    |  10 ++++++++++
 .../wireguard/proxy-sentinel/keys/sentinel.pub    |   1 +
 .../wireguard/proxy-sentinel/keys/ward-nginx.age  | Bin 0 -> 457 bytes
 .../wireguard/proxy-sentinel/keys/ward-nginx.pub  |   1 +
 secrets/wireguard/proxy-sentinel/keys/ward.age    |  10 ++++++++++
 secrets/wireguard/proxy-sentinel/keys/ward.pub    |   1 +
 .../proxy-sentinel/psks/sentinel+ward-nginx.age   |   9 +++++++++
 .../proxy-sentinel/psks/sentinel+ward.age         |  10 ++++++++++
 .../proxy-sentinel/psks/ward+ward-nginx.age       |  10 ++++++++++
 11 files changed, 54 insertions(+), 2 deletions(-)
 create mode 100644 hosts/sentinel/secrets/initrd_host_ed25519_key.age
 create mode 100644 secrets/wireguard/proxy-sentinel/keys/sentinel.age
 create mode 100644 secrets/wireguard/proxy-sentinel/keys/sentinel.pub
 create mode 100644 secrets/wireguard/proxy-sentinel/keys/ward-nginx.age
 create mode 100644 secrets/wireguard/proxy-sentinel/keys/ward-nginx.pub
 create mode 100644 secrets/wireguard/proxy-sentinel/keys/ward.age
 create mode 100644 secrets/wireguard/proxy-sentinel/keys/ward.pub
 create mode 100644 secrets/wireguard/proxy-sentinel/psks/sentinel+ward-nginx.age
 create mode 100644 secrets/wireguard/proxy-sentinel/psks/sentinel+ward.age
 create mode 100644 secrets/wireguard/proxy-sentinel/psks/ward+ward-nginx.age
diff --git a/hosts/common/initrd-ssh.nix b/hosts/common/initrd-ssh.nix
index 49389dc..0dbb0fe 100644
--- a/hosts/common/initrd-ssh.nix
+++ b/hosts/common/initrd-ssh.nix
@@ -1,10 +1,10 @@
 {
   config,
-  name,
   pkgs,
+  nodePath,
   ...
 }: {
-  rekey.secrets.initrd_host_ed25519_key.file = ../${name}/secrets/initrd_host_ed25519_key.age;
+  rekey.secrets.initrd_host_ed25519_key.file = nodePath + "/secrets/initrd_host_ed25519_key.age";
 
   boot.initrd.network.enable = true;
   boot.initrd.network.ssh = {
diff --git a/hosts/sentinel/secrets/initrd_host_ed25519_key.age b/hosts/sentinel/secrets/initrd_host_ed25519_key.age
new file mode 100644
index 0000000000000000000000000000000000000000..7347af801d3201e66a1933f3a0e145331dd2b574
GIT binary patch
literal 871
zcmV-t1DO0_XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$STZ#=F*zVKT6IY=F-t3SS9)4u
zSXMWBN^)&RK`<{uHgsk}WOFcRa&1m#dPY!0L|F=LNmO}vHg;lePEL15c{4IuPibN{
zPH<6XM^S8Za!*DwaZ7haOGiyjY%mHfJ|J*ub}eu+H8vo4aZ_bDQ6NEhVs=AsT4!iZ
zFnM@1G-`KHP+@K~Y)ErfGgV7iNJ&;QH$-u3L2Y(8Rc8uNH*q#jQ$uNbZEjgcbvb5P
zcr;^4Y%w)!Rz@~Cad$RLT4h>sO>RmxWHbsbJ|KEFEoX9NVRL05D`_@<GgK-dZy+y9
zVIXc$B|HjqXgEbVLNQ`=MO1e%S8ZcSOl&YVH!oCZRAx{zOHxT|WoTt)YcelIa8Yn{
zQ8;B(R&8N;QZZ$0c2qPrN>pVESx$3FM@4mNLv>0_Qe|;*O=4kZIaF|IWoR%;HFs5E
zH!pWdD`QY=L}fH(Ofzk0F+o#Hb3qC%EiE8eRBtymGFEF<OmKK`OfWY`Ol~-EPf}WH
zMRzY$bY)~#LPT~nXmnXQH&qHDYFMKlj;$ux*>tGt>yeoyJR*9>>^Et~mzHy=<?pP2
z<<^=~d^Z8XVan1+ZJ7rZLc}lxlm$Wt{Tk_x8=cNHl>5i(xQ2x6BwZjJ4wqOt$r(&u
zhUJoy$YRfEcHpa;IP%jCQ1~mWi`cxO08h_QQG^I0bl{e5$j`Gk6xJ31QTl{dc-%ox
z5^SY56CHB(#!Nl+y3u^MEaFE8xNM}1rUoTi^kX7jLbS!cgrr^>*i~dyXbD?cZ)!m2
ziEG&n^wZb2T}cnpQ4j?o-z@kuurCIasK}sM?3^6eVZMR;gJGe~SU&=E#_;5EPP&}r
zfg2cuqm@u^9RUi05(^CRbL+XTnP4pb!uZdEL$CMk<`)YO+Y>J1X^HN{2zn{rl;>g|
zQgkeShWHB@IWMO4?rP=c<l>kieR4&Mi^1L|gER(@??tW}TW331Xfg^Q>@&xJ5rc6R
z;EWigkX!w~OesramT3@DE?x7!RN#<Qg`~tY*@y8(3%QKW&M%M%urWLj=(HlX6hmLv
xJ1jJt$bdtLEYWAoX&9+e#^Lk`KAJ|TEQjIA=FgjkuyPEeb8H4H_fJ4Ap3MWaU}OLQ

literal 0
HcmV?d00001

diff --git a/secrets/wireguard/proxy-sentinel/keys/sentinel.age b/secrets/wireguard/proxy-sentinel/keys/sentinel.age
new file mode 100644
index 0000000..e3cdb79
--- /dev/null
+++ b/secrets/wireguard/proxy-sentinel/keys/sentinel.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 R0BWQpNL1KthhDkSVQAiBfWYjtTzqFE1z2DghrRlcTw
+pDHtB7GCSgDkoM+fLfT2dxGLXSftymzgqFkevpF7SHM
+-> piv-p256 xqSe8Q A4g9r6vrKIkkspnL9JB6eIRkPJUVZ6cdI5JZS2AsmBra
+HyImy6ANI5aWNY6PMiDRWf+3/i+OH6nGk0mgiwTUOJQ
+-> &;=R-grease rRQ 9=`dvmXY
+VHbvEGjHD8QA7F8PCkGZAoumfzxN6F96CjiI7TM
+--- i30EqOnaKdiLykI9hF0ja0H4djS2qbcIPpZFbwV2MUQ
+6P“úÛ“‹Ù,ˆ_¸\ìð¡îï&¨P„¬ûÍjJb¹å÷„¯(pÇžC¯jó£î$Ätñ	ûë™ÿÒînQŽ
+ÙjÃC2j„ÀîÏV
\ No newline at end of file
diff --git a/secrets/wireguard/proxy-sentinel/keys/sentinel.pub b/secrets/wireguard/proxy-sentinel/keys/sentinel.pub
new file mode 100644
index 0000000..9602ebb
--- /dev/null
+++ b/secrets/wireguard/proxy-sentinel/keys/sentinel.pub
@@ -0,0 +1 @@
+Av2TURDY3ea9f2eYrMVdBaoX4nug3/q3J2VffT0jOWE=
diff --git a/secrets/wireguard/proxy-sentinel/keys/ward-nginx.age b/secrets/wireguard/proxy-sentinel/keys/ward-nginx.age
new file mode 100644
index 0000000000000000000000000000000000000000..87590d823ab1b25580a2b4ba4b3dcdb5a2bdf336
GIT binary patch
literal 457
zcmWm7J&%)M003YUU5cBxIblq0x#K7l=!+&MQ2K!sdO)EZo+f;}d=!rIb(J#c;Nql-
zCQio0XxuI?#>C-%gK=^&anZz02N!iR_xyp!2_XhEuiWHyyvp`gWr(i{1iOJ+Bux`6
z8W~v_$MVPwbs=$aex<pTJg<34mBN+p^n}@L-5f0lS67jUsT7-Sv|ui$l&HbfGCcY~
z@O))$;XB9lGVS3>YCHNoIUDkLjpZcGpiQAeprTy4DE#3p?@eohZh@!v?V?f^T+LJ2
zid7;uCj7w9Mw-D1h!V*+@su9!b7{CtZFy(F<8&YxniXU&XaOi;Auyz<QPkPhKfH76
zI^4y=5;_$`W+gKq7K}O_r4US)4b#JCZZfGre@x}vG9Q>D0NluyV5?I{jw9N>1XM}3
zh!#3L+eLV>iPLe>%(E`%Wm(s;HVXv9Fm#%jLZgOkYgU0ydA+eLRRqb_p5_3&ZR{ba
z25y<}ljZ^PUf=#R`FrKp=GnWq7p^_+yn5MT%^wfTpC8X3e>i7vJ(=9wxECKYFW%g4
m<jLvj7v=Et)^G6b`=jm4um2e%@%g2@yI1djJ^A#YbMhZNwVcHO

literal 0
HcmV?d00001

diff --git a/secrets/wireguard/proxy-sentinel/keys/ward-nginx.pub b/secrets/wireguard/proxy-sentinel/keys/ward-nginx.pub
new file mode 100644
index 0000000..4a153dc
--- /dev/null
+++ b/secrets/wireguard/proxy-sentinel/keys/ward-nginx.pub
@@ -0,0 +1 @@
+Sif8dqFiuHTZXE/jlE05m4sYEGvacNllyHgpzU0Fdl0=
diff --git a/secrets/wireguard/proxy-sentinel/keys/ward.age b/secrets/wireguard/proxy-sentinel/keys/ward.age
new file mode 100644
index 0000000..b869d1f
--- /dev/null
+++ b/secrets/wireguard/proxy-sentinel/keys/ward.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 A+ZW73Cq7yv0UeeoLezJYLfajzRX6Unne3HYQqrXJVM
+SNvhyeDlkidu5VJgrQXbc0FejQq2nwzi3wgUdMMvkHs
+-> piv-p256 xqSe8Q AykCR/1obSil+7NK+MOjVqnKi6n4Lf6BqDJZwK5TyUHD
+1Umb/VTLnFkRl89tEWpPaa/44viOYlpLJGe6dylTo8c
+-> #&Oc-grease \R3|?=
+ldj7REUjF96z4/qU4ItcJzPBIQMMc0/OGFlP1CGN/eOsmtu8/e3wMFLKDcueDsZk
+tmGlJsDxT5VxM/Rhc4hNzZPAv3w
+--- RzNxhPetNvNYFfjzTUYh00VQIFp5LQNOxsABQ/bmuGk
+‘Ïiö´–Äû/{3•p…¡œ$}¡åcC74y»€lˆeÛ‘î0ÒôJóµÂÉüK;¹‰·ÉzAÚ0*PH¼q¾5{wO½”µém
\ No newline at end of file
diff --git a/secrets/wireguard/proxy-sentinel/keys/ward.pub b/secrets/wireguard/proxy-sentinel/keys/ward.pub
new file mode 100644
index 0000000..406f92b
--- /dev/null
+++ b/secrets/wireguard/proxy-sentinel/keys/ward.pub
@@ -0,0 +1 @@
+oRsehyU4lVtvTsCRepv/UiHzCJl95ShnRSbKx028hg0=
diff --git a/secrets/wireguard/proxy-sentinel/psks/sentinel+ward-nginx.age b/secrets/wireguard/proxy-sentinel/psks/sentinel+ward-nginx.age
new file mode 100644
index 0000000..b164e82
--- /dev/null
+++ b/secrets/wireguard/proxy-sentinel/psks/sentinel+ward-nginx.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 0QoyNblIglbAKE89tDFlqs+kslnGF9cOMPHlrwha0Ew
+wBW1HNQb+7UiFNX/sSp7kjyTEzdXONvGRVQ/OPJSQro
+-> piv-p256 xqSe8Q ArcdVwghvkI/rqWPsWV8AJA9h9xtAY+J0kiztDquPGEA
+RiNgvvkfYzfOakTB4wOGbZ9rep0bHVv5nG06HW91gug
+-> /-grease v ]TVv5 AP#z\ M&zvw*e3
+2gFdkIV9dkmsTVsSlHREHSc
+--- 0XNJIPnIlq8cPla1MYEwjVIiUrAsnzwfHIatDncMU7w
+Áè×Ô¼t?ªŸ7B>Ò£g2V0û²©Ùn\=Qð!åÒkw¸Ñ3GÕ"q„:’”ÜVMEÄÀÒ!ç„¸3`¹!^!©·üG
\ No newline at end of file
diff --git a/secrets/wireguard/proxy-sentinel/psks/sentinel+ward.age b/secrets/wireguard/proxy-sentinel/psks/sentinel+ward.age
new file mode 100644
index 0000000..27221d1
--- /dev/null
+++ b/secrets/wireguard/proxy-sentinel/psks/sentinel+ward.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 PB469BFFieyNcDr4YeyYNMZnmXUKiKrevFe/PpUz7w0
+m0oXaMDpLG/tc+HPQ/UIuNOhRyTWJO3d99GDuagYMAQ
+-> piv-p256 xqSe8Q AkH+SCuULC//07OonIbA8rea/JtUigBsa0/N9qFjzpzm
+tj6gVEwFWhwMr55FRR6bl868zBMuuEZId/w296eIBuE
+-> l|!Za6b-grease k. 0v=7Gp6 PD)9iq
+zBA7hST9hKE2YonUiZBDfbHGe3JMocnYr4aGDTPZW7mBcy0oLJn/5YGh0m94+97y
+3TyNFZWU6/TCrIxQqEhiaBN6U1zmUpPXFjI2YwQ3f4K2PO4337M1nE4
+--- mZkEmWC6YNqKM8gNaLYuhs0VyVWoDyjlayPeJ3s9M/E
+º÷ª;ç/»2ØG÷o†/oºs/?óïõˆ²µKes÷Ü÷œh¼AH~@þ¿pOzËEÔãl²ÏËnoOð×˜áT¹°¹*°3
\ No newline at end of file
diff --git a/secrets/wireguard/proxy-sentinel/psks/ward+ward-nginx.age b/secrets/wireguard/proxy-sentinel/psks/ward+ward-nginx.age
new file mode 100644
index 0000000..f1b8903
--- /dev/null
+++ b/secrets/wireguard/proxy-sentinel/psks/ward+ward-nginx.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> X25519 g5UuKXrjEeEonc4YroPe/qo7ZUJGHmSiIDp9BPPwv3k
+4Gri0dg/2QQdy/4EOCTOqL3MmykdsSFZTd6Xmxm0dOo
+-> piv-p256 xqSe8Q A+yx0k+Us2tPM3Uo3Yb6/AD8JJNXf3ZUaSspTTTkRKXX
+k13pcgX4n9MBbEO8REqZ4a2hwmJOMw+tao0Jkrl+z7A
+-> )-grease +S@3 E4" 6{
+7d4/jNX8YKqnXeK3ObtIK+UUQMbH+/PaFJDzAL6OLToiMQkwgnWQjH2xCXVIqLN6
+furrMt+kjg
+--- dzxezolbxIGerzuZuz8SYISBUu6ZQW1WGAHTgMl8nsY
+o´Æø\Œgç„Ä~ŸÑù‹PçM@È`ÑòæCV)xûDýúÁ*ÈsA`N³°·æjYŸµËšefñÙú5_5:ò¾=ú
\ No newline at end of file
