diff options
| author | Timo Wilken | 2024-03-20 11:10:28 +0100 |
|---|---|---|
| committer | Timo Wilken | 2024-03-20 11:10:42 +0100 |
| commit | 8dee5d5372920516181da14983f9c5118bdd0ad6 (patch) | |
| tree | ef7e4106b640a171eafbf4a2e38963b77720f7b2 | |
| parent | 66690d1aaa31b0b34983e0f4477a593b96809700 (diff) | |
Re-encrypt frm secrets with SSH host key
| -rw-r--r-- | tw/services/files/wireguard/frm-btl.psk.enc | 12 | ||||
| -rw-r--r-- | tw/services/files/wireguard/frm-fp4.psk.enc | 12 | ||||
| -rw-r--r-- | tw/services/files/wireguard/frm-lap.psk.enc | 12 | ||||
| -rw-r--r-- | tw/services/files/wireguard/frm-lud.psk.enc | 12 | ||||
| -rw-r--r-- | tw/services/files/wireguard/frm-pi3.psk.enc | 12 | ||||
| -rw-r--r-- | tw/services/files/wireguard/frm-vin.psk.enc | 12 | ||||
| -rw-r--r-- | tw/services/files/wireguard/frm.key.enc | 12 | ||||
| -rw-r--r-- | tw/system/frm.scm | 5 |
8 files changed, 43 insertions, 46 deletions
diff --git a/tw/services/files/wireguard/frm-btl.psk.enc b/tw/services/files/wireguard/frm-btl.psk.enc index 0fe5c4aa..01786766 100644 --- a/tw/services/files/wireguard/frm-btl.psk.enc +++ b/tw/services/files/wireguard/frm-btl.psk.enc @@ -1,8 +1,8 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6Rm54QSA2Y3Bi -VnUvbXN3SEUrd3cyUjBVNFB2OUQvcWtyMkxiZUVQQ3J3TXcwNGxBClk5aXpTekg0 -SE9mVnNYVEgyU3Z4alg4NnNvRGVVTnYvOEVreWx6bUxidkUKLS0tIFVTRDYvS2tF -d0U3UjVHQkExcm5kOW1zOXpkNSt0dklCcmhoa09JTThlRFkKR8O+0uttXZMQNUA/ -b9IP+GF3TK43hr0PERfsO27HRSc1AlsM9z6UbWtS9ylujvQVa2770uGyXHly0wPe -7Q9iOhIgafOjrefuNlL9wcM= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6Rm54QSBINDVQ +aFZOaFV5QlYrRnZpN2F5MnVpMGQvOXNvUE1CZ1EvQWU0MDFJbkdjCkgzQ2w3M2lI +UGR3OTVxdG5sbWxNSUdiUkFsclU2cnZMRnVTem1uTUZrdzAKLS0tIFUxL2o1VVc5 +MzlBRzJkWUFTUDY2Zk02S3R5U3FoN3EwbHFQZFlqVFpTODAKhi7PsiNO5kkf9PED +sCpJnu8C978aH91xpzSii1Zft5ofngWE0XFXXfpjuopdrcqEtfxDA0070ZTBcY8G +VDg/GjaECc9OiTAJ1uNRwqg= -----END AGE ENCRYPTED FILE----- diff --git a/tw/services/files/wireguard/frm-fp4.psk.enc b/tw/services/files/wireguard/frm-fp4.psk.enc index 9331caa0..10ee7b6e 100644 --- a/tw/services/files/wireguard/frm-fp4.psk.enc +++ b/tw/services/files/wireguard/frm-fp4.psk.enc @@ -1,8 +1,8 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGdWRZamxwdTJ1ZjArZVZa -TngzTGpualZiRDZPTlNBcW5hVGlFQTNWTVgwCndlQ2x3UEpjYkJqU25YRThMb0Uv -d250OWJWbVZ5S3l3eHB3cGVKNWhBMFUKLS0tIEZDK1hveWk5QzI3OTBmZTRoMDZz -c1MzRWNYbkc4MXluZ3lCK21ScndaaEkKx4a+8MdoHqDBdmkX1St7qa5zG2CQ4R+z -3HWUtAI3woUWoC+S2FM31glN5ZFKqWCmU2oUJKrvc9H338hvMgYneY3vzDIU4hoE -oOyau8c= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6Rm54QSBZb0Rm +aFFzVmhIT0RHV3hWNHpEOHRDbXJzT2JlaW5FS1MyQzZkdkZTcG1jClkweStxd3pV +UHoxRUNrcnlucFNQM2w3YXBubXM1RVBsRFZmMnZ6SW5IZ1EKLS0tIEZHNjZkNk9h +MHlNK1BkN042UEZ1czlsU2VpeFo1bS9pM0JCVlM3Y2RYTmsKhExdVjHG9zLij5wF +c1JlVagHuGt0o7DJ4fubLJchmC25d3BL3Nh7PQ5DHdf6Ezj8upoCJBW4oiHNjVs7 +U+rgXjpjk/6EhxIx9TzkelQ= -----END AGE ENCRYPTED FILE----- diff --git a/tw/services/files/wireguard/frm-lap.psk.enc b/tw/services/files/wireguard/frm-lap.psk.enc index ea83fdee..502fb117 100644 --- a/tw/services/files/wireguard/frm-lap.psk.enc +++ b/tw/services/files/wireguard/frm-lap.psk.enc @@ -1,8 +1,8 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxM3RJM0ZyMzZVellNb2w4 -dWpnRlhWNy9Od3FjL051WVNYMVVhc0tQMEc0CjlCamtxUE9uTHRrSkpLeDJYSE1C -dXo3SFFaTU5ac0tMUnpIUHdnN3FiTXMKLS0tIHp5NHR4enNPR1piTHRRUjJVbEJ6 -QmlRWXhRU2VSNTFUUWUvQ011SFE0MkEKpyz/6Q7UEZhqbrtJlsx5g7irZ94BeGCj -Xo5VWUFXv2IHpDBP8TkQzPyJo+eDXOERumLeAWt0/Vx6I//VxsJgAj4v+sgRdDDM -mnZ7Hv4= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6Rm54QSBxOUdj +MUxsWEZVVUNIbHp5aHVOQkZkUHl2YTdGL09aTGU5Sjg4b3FBSTBrCnZtU3dqMHpv +a1Nhck9GVGFEOUFGMVI3alRvcVpFdnErRzFQeTU3OXRwNFkKLS0tIG9naTdwbDBF +clgwVERFNC9KeS9yaU51Z056OGhwM3U2M1I3cFkvdTQwb3cKHV8NWFutgs4bzYrl +/cgXgQqWa+NR6M0LrtJc96tXq3rX02Y8jbHz/r2W1no3rDwgSCAgYKty/ObCyx9S +ycv9gLvDpfSMDlhUpr0byPY= -----END AGE ENCRYPTED FILE----- diff --git a/tw/services/files/wireguard/frm-lud.psk.enc b/tw/services/files/wireguard/frm-lud.psk.enc index 025c2501..7dd59d69 100644 --- a/tw/services/files/wireguard/frm-lud.psk.enc +++ b/tw/services/files/wireguard/frm-lud.psk.enc @@ -1,8 +1,8 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvdHc3MitWWjlHcEhGR1l2 -VmhLNklqMkUvRng3aHNUMktoZlZ2ZDliV3pzCkVYTk5TOXVNcnIxalNYbHBlbm9K -MG4vTmFuS3NVbEVyRjVzZnRVTmFWZTgKLS0tIFFWcENXdDNVU0Y1cFBJcFpGRlR5 -UFlQSW8vUWcxWmlWRWVIWVQwZlEyMjgKHpjhFm/yzFzw76a+FyV1bwQyWzQ6fQxM -/F4G+JtFyrTla5C7MKXlyXStpXRjXV+8lHJSfgbCQbLRGCJFG84eCsv8AJIaVtDV -8XnHZms= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6Rm54QSBtL21n +WE1HM2NFTTduWURFbDhhdlB5WTgvenR6UUN6NXdCTjM3UHZPeVZVClpxc25yTnpv +alU5cWtld3dBZ3Noejd3S1hoQWpnYU50LzZWRnJaNDhvZjgKLS0tIG56bnExVWpN +MzB0YmNzZDN0Z2prTml6NHo1eVlzRDhxT2E4b3Rtc2hOUzAKo8XoUXIZ+y4/0MQu +APM+uu9No0g4jLgTOyy4UJ8A7pwtPTH2LzkvdCSMEeq8tU6VONZnXmoPhsrBfSUi +fYjdlT2kSRosOi1GtUn5C6E= -----END AGE ENCRYPTED FILE----- diff --git a/tw/services/files/wireguard/frm-pi3.psk.enc b/tw/services/files/wireguard/frm-pi3.psk.enc index 119a7b99..de9042e8 100644 --- a/tw/services/files/wireguard/frm-pi3.psk.enc +++ b/tw/services/files/wireguard/frm-pi3.psk.enc @@ -1,8 +1,8 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQM1Y4NXNmVFBhOVZFaDRO -dy9ZdU5rTHk0T2JRUFBqVnFTNjBDT25PbUNZCmdGTHYzU0RET25mWkZGa0hwUHFK -bmlxajFoci83VjZGWndCMWo5K0RUSVkKLS0tIFdOdFlCa3lvMXhGVEV1VU91eHly -UjRtbUNvUjBDbEo1aW14YXI5MmM1TTgKjS13mwy5dY2fx1boKstTbqb4QjIFMo8j -eToNx9Lq6KWyOEqE84oQHHgOxzYGKCerrxwTRcaTCKKaxeUwvau5VkbzMeRdRUMj -iWJXDj8= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6Rm54QSB3ZFNE +Vi9acEhIa0tmeUZJeTZEK2JpNzlBejF3eVV0TE5FNWFYL25PNm5jCjN6cWwwZk1s +aHhLd0YwMVJob2NFblEwaW4rUjYwaEhkODZBZHEwQ2dXYkUKLS0tIFlnZ0x3OWw1 +TFBQZitTMFYvZDdPc21TbFZyby9QaEJGQnlTdWEyaER3dFUKyicqPHZvJGpTFxtE +nZyP1vK/iIRdt/gR0wdxAV76UahmEgTFA+/PCyzSclG4oRIqcbaUBo6qLWcFKAdH +rUUElr06EtY4lrKtccWARNE= -----END AGE ENCRYPTED FILE----- diff --git a/tw/services/files/wireguard/frm-vin.psk.enc b/tw/services/files/wireguard/frm-vin.psk.enc index 0d08ec3e..a6e8f668 100644 --- a/tw/services/files/wireguard/frm-vin.psk.enc +++ b/tw/services/files/wireguard/frm-vin.psk.enc @@ -1,8 +1,8 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRjlZMzlwakdIQmx0Zzk2 -TjJWelFQK1p0YUYrS1Y5djd3TEloME5SS1NBCnlLMkg1WHRVZ2k5T2VORzlpaDZI -RlNmQWNDK0s5dVRNVjRjQnNOOVBWM0EKLS0tIFVhL1ZJT1lveVd1OW16YkVuWUtr -OW55WHFUdGd6SGZUSll5MjcvYSsrUkUKoEYFPmE+gx2Jzsn00pceiN7mekclWPTf -xwQiX1qkST3+KjYd1wNCvv60eU2OCKE2LpdELYGXn6FTV7EiK0QZEBQHM1xNqyKV -kjx+AvA= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6Rm54QSB5U2Ew +U1BnciszeDFPMWNEMm1QQTA4K3ZjWmtEeGVMNXVVYVZwVFhRdW1zCnJWQ0hhT0do +Q1hSQUhrYXBNc1ZYWVpyOUR1SmVJUjhvMU96OCtWWEhQUzQKLS0tIFZSVzg4RW1i +OHhaTW9ydGpUUjNXS2lVT0hTdGFtWHgvSWRQL1V2RGxaNmsKrwITOkZCqYHGfqk+ +hcFI6Wwdz0I1kFr//ViXCMDs3g1rRHIaZiwrWo5WApPYS7qXa+Qx8fP+QhfHixo0 +yr4FbermRP2c3dBc9moouQg= -----END AGE ENCRYPTED FILE----- diff --git a/tw/services/files/wireguard/frm.key.enc b/tw/services/files/wireguard/frm.key.enc index 8e2a1f82..8b91a1b2 100644 --- a/tw/services/files/wireguard/frm.key.enc +++ b/tw/services/files/wireguard/frm.key.enc @@ -1,8 +1,8 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNdU5HZEViSzNYYTB5NE93 -eXZ0VVRESGozSlFvd2pjL2M0Ri9CbmJ3bUNrCmgwUnQzejVaLzIzdDUxTVRtN3Jj -aG1oUzRHb0ZBL3VvTkp1aHAwMytIdUUKLS0tIDdlREVBTnd5alBYVGJmRmNRNDky -Vnl2eFg2VmZjcEpOd1M2eFhFUDNOTXMKn9BhStBgbP79DPvU2RXUmyZnFf8QY91J -HcM+3r9rfFeSfGOE4Z2UEmy+k83LC1tam1KRS9ak7CEVCRCMWfRmTeI3BfS2QCl5 -9Ab7lzs= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6Rm54QSBodmFq +VzNLMTJnaWN2T3J3UUhQK3Jqak1wMXI5blFmYVo4ZXhnV0RyVndBCjdBR2swcHpa +b0ZvUUtOZzk0aHBnZ2MwREJTaGZ4Y1JmTmh5ZWVwNXdOUFEKLS0tIHVRNGFIdzNK +d3AzUXp3QTh3emdGRHdYWG5QaW4zMVVNdkx3a2lTZGRyalEKIXfGbCwfhKX0iHCk +Y3OqGNX7fsI7rO2c2WKiv2zQEYK4T3XqdmVN5pDNWfDNxI4vkdUa3GtZo/Yw0ZE/ +gbs2SWWc15PRyQ5CU5mhBuo= -----END AGE ENCRYPTED FILE----- diff --git a/tw/system/frm.scm b/tw/system/frm.scm index 0a688f78..3303f461 100644 --- a/tw/system/frm.scm +++ b/tw/system/frm.scm @@ -159,10 +159,7 @@ '(syncthing-timo earlyoom tlp wireguard-wg0 mcron)))) ;; Set up a secrets config for WireGuard to extend. - (service secrets-service-type - (secrets-configuration - ;; TODO: reencrypt with SSH host key - (host-key "/etc/secrets.key"))) ; we have no SSH host keys, so use a custom key + (service secrets-service-type) (modify-services (enduser-system-services #:host-name host-name |