noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-15 11:50:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

move encrypted secrets near relevant files

Browse Source
This commit is contained in:
Noah Masur
2025-03-09 17:09:33 +00:00
parent f59ac536a2
commit 37d1d7724a
60 changed files with 27 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
hosts-by-platform/x86_64-linux/staff.nix → hosts-by-platform/x86_64-linux/staff/default.nix
View File

19
hosts-by-platform/x86_64-linux/swan/cloudflared-swan.age Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBuU1BO
ZGdOVFRTekN3SFRhQWYwcWt6OHpLZXM0aENsQ3d1VWpxYUhXN3k4CnNwNWpQcU90
elR0eWVyMWFUUkhORFRQeVdsdTErWUgzNW9mN1BWS2szbUUKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIDRRS0VESG5NNWpxbm1DTjBkY2ExR3I3aE1PUTNVTXBFZ2wwVC9j
WDIrMTgKaXkwWk1xRWp6Z3c3NFZZS0cybHFqcUVRczNMZ05tSmxPNjBlVmRHK2h3
SQotPiBzc2gtZWQyNTUxOSBuanZYNUEgYWI1SkhBZ0Jrb3hzbDRwcnRMeHhGSlpB
aWt5ZmRxaGhmbXFDQWdNamxRbwpXMWo0TjZhbHM3ejFYNVU5WlkxWTJSbVBPOEhr
MUt3akxMU3QzN3Z4M0lFCi0+IHNzaC1lZDI1NTE5IENxSU9VQSA1dmdFRE1QSU55
WUVuOU9OTHJjM0RxVWhmTlEvdk1mNU1iUEwyNlFqRFZvCldleVNGQ1RZdU1tU2J2
dWxGZlVkaDBWNEZRUFNBcEIvTEdkODdDS25GdGsKLT4gc3NoLWVkMjU1MTkgejFP
Y1p3IG5SbVpVZldPSkJXYm9BZ3B6OXZXMlB4T2Z5RHptR1pqbVRVUS9LVEZyUzgK
ZlVTZWlUQ2VoWVNuOGE5Wk5vZGdVVldzbUZKRERyUFN0eVJ4TWpmL2gwcwotLS0g
MlJmTlVkdHhHQ25JWm0xVmdjVDFYM1lHaE9WdnJSVkVMMnNwV0c4eXc0QQpYTchD
DCiEm4rOav4/IwK26gSgi2B4qq4RETyAbF4oa87cvFM8zVXo7W8nF+eWzeWGNZrc
yRFfOYf4gtlNCVLc+UAapvM1rKuw1IOQeJLAwGCHygXKWY7zSXdT2ERACXESvCCz
b7W62NVx0Pc4mAAQB3QU995HFVFuHLa939PPPlkgxqepNWCKrmUFl/qjRpOoVrV6
GwRgIo36PhcfZVCswyVXgcc4M3CCG5ZuWInuuljqTB70OzBVkKCaUeiRaRIZJg==
-----END AGE ENCRYPTED FILE-----

2
hosts-by-platform/x86_64-linux/swan.nix → hosts-by-platform/x86_64-linux/swan/default.nix
View File

@ -85,7 +85,7 @@ rec {
nmasur.presets.services.cloudflared = {
tunnel = {
id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
credentialsFile = ../../private/cloudflared-swan.age;
credentialsFile = ./cloudflared-swan.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
};
};

39
hosts-by-platform/x86_64-linux/swan/root.nix Normal file
View File

@ -0,0 +1,39 @@
{ disk, ... }:
{
disk = {
boot = {
type = "disk";
device = disk;
content = {
type = "gpt";
partitions = {
# Boot partition
ESP = rec {
size = "512MiB";
type = "EF00";
label = "boot";
device = "/dev/disk/by-label/${label}";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
extraArgs = [ "-n ${label}" ];
};
};
# Root partition ext4
root = rec {
size = "100%";
label = "nixos";
device = "/dev/disk/by-label/${label}";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
extraArgs = [ "-L ${label}" ];
};
};
};
};
};
};
}

19
hosts-by-platform/x86_64-linux/tempest/cloudflared-tempest.age Normal file
View File

@ -0,0 +1,19 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBMMDZj
dkdOSTc1bHgybjAwcUVHUXFhY0I0NE45K1B5SEh4NGN4T0tpREhjCnViQzVXTVk3
dzB5ZEY5d1hvcHVDSXVubElOdEVQQ0Fja2dnL0ZnVG4wNEUKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIHRiVkNzRCs4V3EvL2szNG8zSlRYSVloRlVsSTk3a0hnSFMyUzRN
K0lyMzQKWDhIOTVzMGJkaGpVQmNtS0pPQnNTSjRmK1dYck1SUFd5VnVvYnJSWkhs
YwotPiBzc2gtZWQyNTUxOSBuanZYNUEgUy9kWmxsc0p2L0pFWDlPMGlzeVBHNjJ2
a05ycmZtbUJrOXRBVVgxVjVtZwo4RVM3Sms2M2krdjU0K1ZHREhhRkdMcENTbTJr
UEh6cWcvOGNIRUNJZUFvCi0+IHNzaC1lZDI1NTE5IENxSU9VQSA5d0FwTWJzZEpJ
UEJaZi91YXZOOFhGVlVVekEvSVRnK3Y2VFdhL216SVZrCkRURE9OYnIvSGVtMWNl
MWFGSTEwUVBITTlnaWVXc1hpMFpqdFdMcFY2NHMKLT4gc3NoLWVkMjU1MTkgejFP
Y1p3IDhkUk9KTE1UMysvajY3WEx5MFdLeEdlVnBmSUx6TTlnYWdqaWorYm0rRGMK
SlhaRFNLaTZHVkpRR3U5eE5JOTBPWWM3OTFka1ZWSHJMaFFhZG1CSzNVTQotLS0g
THNSTmNzK3JvbVN5S3RaVlQwdDRiOWFkVGZ3WUtyT2IyMWtPSVNtajF5YwoCUWHU
KSe09W6BaVEW2x0ieBXN6KkL4FNPAP8zCom8fNVjyjAZpxd2t0kisJjJ45xg8eG4
x9sj+hG9EsWIFvVpnF7LUIEXcRMjvRlNXED8HmYR0qzUhc89VQ9N4EoQPJYN1dME
kxAzH8p5HBidxfJLpACaG5QHGb97chJXTDrT+ZKt+hPfZ16OhsKBj2s0gvHbcCQH
sdqQT4+FlJshDiRiauTmqF/umnCnzl4+H4Xe8kLVrZxDOAv1iwuTX8zcaNOFNw==
-----END AGE ENCRYPTED FILE-----

2
hosts-by-platform/x86_64-linux/tempest.nix → hosts-by-platform/x86_64-linux/tempest/default.nix
View File

@ -98,7 +98,7 @@ rec {
nmasur.presets.services.cloudflared = {
tunnel = {
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
credentialsFile = ../../../private/cloudflared-tempest.age;
credentialsFile = ./cloudflared-tempest.age;
ca = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
};
};