move encrypted secrets near relevant files

2025-07-15 06:00:13 +00:00 · 2025-03-09 17:09:33 +00:00
parent f59ac536a2
commit 37d1d7724a
60 changed files with 27 additions and 94 deletions
--- a/hosts-by-platform/aarch64-linux/flame/cloudflared-flame.age
+++ b/hosts-by-platform/aarch64-linux/flame/cloudflared-flame.age
@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBYY0c1
+bldPMVdwRGhia0xzNm1mSGQ0eVVZZzFLMWVUdFhYVW1KY3QwTERJCm1UUDBqN1Jr
+VjRlSjROTFZEQ3UrME81Y2FyRkxjZHFvUFN1eEZNa2cwWkUKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIFM4ZURETk0yQ1NKN3owaDB5S3djeThtWkphS0xUaVd2MnBlS244
+d0V5bUUKKzE5UzZYUlpwTy9ydFQ3L2NmWFZBMEZCWWppYlFZQzhTVFhUc3BBRlpR
+dwotPiBzc2gtZWQyNTUxOSBuanZYNUEgbS9HaVFFRjU4VzMvSVZ1SlExZ1BBNWxK
+RVRESEVmeWxyMW5Pclk5UU4xOApaZ0hHMnlsb1BuMThsTG82d1k1Rm94VEFMcTBH
+TFoxRWpRSXJWQUJVWGN3Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBOK1AvRW5nNUlK
+NnB1UDhKdmFibTEwV2JhOGxKRGg1SnlMdytXaVQ1eW1NCnVIcjNnclVMSEJ3eDVk
+eExnY1EvbWg1OW4xR3FydDlzeUdLQW11UGRmclkKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IHNxbDlpSkpPdEZVRGhwV3NKdTNJV0NTeUZoVVg3b0ZlRWdqelNaTDRWamMK
+N1czMXlEcWZzQ1g0dkxBTnNUQjdTdnZMUE9VRGphTjB4SjJyemJiU2w5NAotLS0g
+VlgyN24vMGl3a2N6ZGs1SjhOZmttWEl3WEFOK29EOUlkZ0N3blBBcHZQOArP/uJx
+SBFvBV0rLzRbo/8nhhizuT2TtKsJSJDIsFJxAOtF8ZwIbYwauBt1tJudtJaXgbv5
+JIk53sS3lelOwH11yx0aGcBNCR2UwpuYn1IwoW0qrt3ugi8rmQPRG8c8gSyNn2u7
+PnAj/NdAjieLGGLltwdq2wJhkbv800WmKx5sGgPNT1AdBS1b84h5ipQFnFf3Fi0N
+FJa9/j5qc7JtWEy4ecU6D03zcZD+CTCoN8SIW4+fldos1u7N2v2X5/YUw7T6jQ==
+-----END AGE ENCRYPTED FILE-----
--- a/hosts-by-platform/aarch64-linux/flame/default.nix
+++ b/hosts-by-platform/aarch64-linux/flame/default.nix
@ -52,7 +52,7 @@ rec {
  nmasur.presets.services.cloudflared = {
    tunnel = {
      id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
-      credentialsFile = ../../../private/cloudflared-flame.age;
+      credentialsFile = ./cloudflared-flame.age;
      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
    };
  };
--- a/hosts-by-platform/default.nix
+++ b/hosts-by-platform/default.nix
@ -34,7 +34,7 @@ in
  ];
  x86_64-linux-hosts = lib.pipe (lib.filesystem.listFilesRecursive ./x86_64-linux) [
    # Get only files ending in default.nix
-    (builtins.filter (name: lib.hasSuffix ".nix" name))
+    (builtins.filter (name: lib.hasSuffix "default.nix" name))
    # Import each host function
    (map (file: {
      name = lib.removeSuffix ".nix" (builtins.baseNameOf file);
--- a/hosts-by-platform/x86_64-linux/staff/default.nix
+++ b/hosts-by-platform/x86_64-linux/staff/default.nix
--- a/hosts-by-platform/x86_64-linux/swan/cloudflared-swan.age
+++ b/hosts-by-platform/x86_64-linux/swan/cloudflared-swan.age
@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBuU1BO
+ZGdOVFRTekN3SFRhQWYwcWt6OHpLZXM0aENsQ3d1VWpxYUhXN3k4CnNwNWpQcU90
+elR0eWVyMWFUUkhORFRQeVdsdTErWUgzNW9mN1BWS2szbUUKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIDRRS0VESG5NNWpxbm1DTjBkY2ExR3I3aE1PUTNVTXBFZ2wwVC9j
+WDIrMTgKaXkwWk1xRWp6Z3c3NFZZS0cybHFqcUVRczNMZ05tSmxPNjBlVmRHK2h3
+SQotPiBzc2gtZWQyNTUxOSBuanZYNUEgYWI1SkhBZ0Jrb3hzbDRwcnRMeHhGSlpB
+aWt5ZmRxaGhmbXFDQWdNamxRbwpXMWo0TjZhbHM3ejFYNVU5WlkxWTJSbVBPOEhr
+MUt3akxMU3QzN3Z4M0lFCi0+IHNzaC1lZDI1NTE5IENxSU9VQSA1dmdFRE1QSU55
+WUVuOU9OTHJjM0RxVWhmTlEvdk1mNU1iUEwyNlFqRFZvCldleVNGQ1RZdU1tU2J2
+dWxGZlVkaDBWNEZRUFNBcEIvTEdkODdDS25GdGsKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IG5SbVpVZldPSkJXYm9BZ3B6OXZXMlB4T2Z5RHptR1pqbVRVUS9LVEZyUzgK
+ZlVTZWlUQ2VoWVNuOGE5Wk5vZGdVVldzbUZKRERyUFN0eVJ4TWpmL2gwcwotLS0g
+MlJmTlVkdHhHQ25JWm0xVmdjVDFYM1lHaE9WdnJSVkVMMnNwV0c4eXc0QQpYTchD
+DCiEm4rOav4/IwK26gSgi2B4qq4RETyAbF4oa87cvFM8zVXo7W8nF+eWzeWGNZrc
+yRFfOYf4gtlNCVLc+UAapvM1rKuw1IOQeJLAwGCHygXKWY7zSXdT2ERACXESvCCz
+b7W62NVx0Pc4mAAQB3QU995HFVFuHLa939PPPlkgxqepNWCKrmUFl/qjRpOoVrV6
+GwRgIo36PhcfZVCswyVXgcc4M3CCG5ZuWInuuljqTB70OzBVkKCaUeiRaRIZJg==
+-----END AGE ENCRYPTED FILE-----
--- a/hosts-by-platform/x86_64-linux/swan/default.nix
+++ b/hosts-by-platform/x86_64-linux/swan/default.nix
@ -85,7 +85,7 @@ rec {
  nmasur.presets.services.cloudflared = {
    tunnel = {
      id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
-      credentialsFile = ../../private/cloudflared-swan.age;
+      credentialsFile = ./cloudflared-swan.age;
      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
    };
  };
--- a/hosts-by-platform/x86_64-linux/swan/root.nix
+++ b/hosts-by-platform/x86_64-linux/swan/root.nix
@ -0,0 +1,39 @@
+{ disk, ... }:
+{
+  disk = {
+    boot = {
+      type = "disk";
+      device = disk;
+      content = {
+        type = "gpt";
+        partitions = {
+          # Boot partition
+          ESP = rec {
+            size = "512MiB";
+            type = "EF00";
+            label = "boot";
+            device = "/dev/disk/by-label/${label}";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+              extraArgs = [ "-n ${label}" ];
+            };
+          };
+          # Root partition ext4
+          root = rec {
+            size = "100%";
+            label = "nixos";
+            device = "/dev/disk/by-label/${label}";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+              extraArgs = [ "-L ${label}" ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts-by-platform/x86_64-linux/tempest/cloudflared-tempest.age
+++ b/hosts-by-platform/x86_64-linux/tempest/cloudflared-tempest.age
@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBMMDZj
+dkdOSTc1bHgybjAwcUVHUXFhY0I0NE45K1B5SEh4NGN4T0tpREhjCnViQzVXTVk3
+dzB5ZEY5d1hvcHVDSXVubElOdEVQQ0Fja2dnL0ZnVG4wNEUKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIHRiVkNzRCs4V3EvL2szNG8zSlRYSVloRlVsSTk3a0hnSFMyUzRN
+K0lyMzQKWDhIOTVzMGJkaGpVQmNtS0pPQnNTSjRmK1dYck1SUFd5VnVvYnJSWkhs
+YwotPiBzc2gtZWQyNTUxOSBuanZYNUEgUy9kWmxsc0p2L0pFWDlPMGlzeVBHNjJ2
+a05ycmZtbUJrOXRBVVgxVjVtZwo4RVM3Sms2M2krdjU0K1ZHREhhRkdMcENTbTJr
+UEh6cWcvOGNIRUNJZUFvCi0+IHNzaC1lZDI1NTE5IENxSU9VQSA5d0FwTWJzZEpJ
+UEJaZi91YXZOOFhGVlVVekEvSVRnK3Y2VFdhL216SVZrCkRURE9OYnIvSGVtMWNl
+MWFGSTEwUVBITTlnaWVXc1hpMFpqdFdMcFY2NHMKLT4gc3NoLWVkMjU1MTkgejFP
+Y1p3IDhkUk9KTE1UMysvajY3WEx5MFdLeEdlVnBmSUx6TTlnYWdqaWorYm0rRGMK
+SlhaRFNLaTZHVkpRR3U5eE5JOTBPWWM3OTFka1ZWSHJMaFFhZG1CSzNVTQotLS0g
+THNSTmNzK3JvbVN5S3RaVlQwdDRiOWFkVGZ3WUtyT2IyMWtPSVNtajF5YwoCUWHU
+KSe09W6BaVEW2x0ieBXN6KkL4FNPAP8zCom8fNVjyjAZpxd2t0kisJjJ45xg8eG4
+x9sj+hG9EsWIFvVpnF7LUIEXcRMjvRlNXED8HmYR0qzUhc89VQ9N4EoQPJYN1dME
+kxAzH8p5HBidxfJLpACaG5QHGb97chJXTDrT+ZKt+hPfZ16OhsKBj2s0gvHbcCQH
+sdqQT4+FlJshDiRiauTmqF/umnCnzl4+H4Xe8kLVrZxDOAv1iwuTX8zcaNOFNw==
+-----END AGE ENCRYPTED FILE-----
--- a/hosts-by-platform/x86_64-linux/tempest/default.nix
+++ b/hosts-by-platform/x86_64-linux/tempest/default.nix
@ -98,7 +98,7 @@ rec {
  nmasur.presets.services.cloudflared = {
    tunnel = {
      id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
-      credentialsFile = ../../../private/cloudflared-tempest.age;
+      credentialsFile = ./cloudflared-tempest.age;
      ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
    };
  };