fix proxy jump
This commit is contained in:
parent
42e8356d2c
commit
62414b5ce5
76
secrets/default.yaml
Normal file
76
secrets/default.yaml
Normal file
@ -0,0 +1,76 @@
|
||||
nix-community-builders-ssh-key-pub: ENC[AES256_GCM,data:WvjdlG/k+Hm8ZRaIc+6KzJvPIN6GXuepK9zwonOPbeST0IAcDU3OGxPW4as4ENZAaRdwd4ZnIUVhcTmgKlpGaBLhxTQgXYw1rIBgBP1gsSKSaGwE4/yzEIyN99E=,iv:H0ogbpBocFi+jgnKt3Jg9AkAV9YDQTbYAtejusQIBl8=,tag:XfC/1+3qd6J6LC4GKSMKxw==,type:str]
|
||||
nix-community-builders-ssh-key: ENC[AES256_GCM,data:9QNhqQS/6Cu7VMUoWEWkpDCMPu7df6dmreI3duzesonaW6F4W6vL+YLMMTvnnR6BpgmpGvHdvk1aDQnVmpneie6WRfbL4PbLARJviyh1Z/tLQhY9i/MMIADk8D+o4HXBnzLRIWLt319h5eUN1pvmGlJLrgfC0IZLRnPCQLjulIrlhDBlswkNgTrrS0VoRFSXk59JUm8/vWu2OQef2Q99Sug7wquiDZ/XJfqYYxYsGj9SeKiVpyxyuMkviuddee+IOr92KmT19UlekuXAjrYAGeRITrVj1lBSd8DSlBm1ww+0BRqzsAAFojM6N3TkyTjjoXRbVDzDcsMaoCQ7U4Ab9FVz7GdxeNKmeulZMUi4ORPlo4PQ6uDX6RjbWyLwiP33fl5VXMN9+YByVRUrpdtjkQF6jlylCBBRcWl/yOJbYcNg3zcWmJtdVu9t29SU45J2BcJ4Oi18oPf5P6QiU6dJiX1Ba8oR1QeLbFum724J+L5k64Rd84oLkxzVr5GLfXsp54sQ7FkrwEK9HWRfwN8F,iv:NTnnv0Hax/H7EoyHn0VRMG8sbb8tF23Ur2Ak4WYp8Bk=,tag:4hyGKetJ+I3zSqh1zOw/jg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2UmM0eXdJTktjM0dqMENr
|
||||
U1VBKzltUnRvKzRXSG9TOUUvMXRCVkpxMWlZCk4vZ08wNUdvS21IeDg0RkdNNUVv
|
||||
OEdNbnZtNjNnV0hsVjdPV1A5Ui91eE0KLS0tIE5Vbk5KemxGNDExbjBvSnJyKzVF
|
||||
am8xR1RqWTBFZFRhRWZidHppRGV4RDQKlv+tFquJxLIeCBuTpj9OWkiwd5kVUqJ4
|
||||
stmVpEN/SnUq/A880+g0Yt9rb89YH9gSQuDF0huZs4MwCbmOR+U8Sg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPSEVGamtuSDFXb2pnUlRM
|
||||
clB1eXlhWVJDd3o1MlN1R2x1KzBCRzh2U1dRClVIekdrL29NSUkwb0duSFVTY2dO
|
||||
ZldnMzZubC9sOE1yVUFnWitNbkd4RFkKLS0tIHZ1TFFyQ2NISkdka1lwNjBTYVc1
|
||||
TDNrcFRZMUlSLzdKZWJaUUlFVzhQSmMK4AxEHJu1v8Yv9kh95ggdqwsNUbgh9+Q9
|
||||
FSiLXWenCvk9DS2JPkpRx0w5FpMZQv0bXVVYexaI7H+/1PyNmEBL8w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zvqjaanff7x3f2a7853sd9ylna99khw4x6qfpf6am4yupsc44phsr2vfy3
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtYkErT0ptQnlyY1RSTFRH
|
||||
aTduQ3VaSjhwblA5ZXF2RkYvcEJNQ2o1U1RNCjg0Z1FCdDlBSFppbGFxMER1cU1S
|
||||
SERMSW9JUWd6WmpveUJmZHYyR1VvVkEKLS0tIGRlYnpxTG5KYjJnTXhvWTFEUTJR
|
||||
YUZuVFJDTmplYWRwY3VpRFNmcitjZTAKJXvKVZpfP0/WllSg6iKMlW/YTuhA+KIn
|
||||
r6TySJ7p2T/li4MqB0oSKlML9JwR362njriS3G+uPUpKXueI8x6HaQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1zh3nmy2a7s2v7g9t7zg56p8sjqwmvqv5s7dn2v22x5nxyl5wfdcsaf5tw7
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLejBHckRFdjVoZ09MbDhS
|
||||
K3ptSnducnd1WUxnMHdWeWE2dStPNSs4eWcwClZFOUZXU2pPWUtRZmM4TUcra2Z0
|
||||
clQycWZtUzFobGVmejc4NGpRUE9wSUEKLS0tIFBPdEZZOEV6by9iSG83Y1hYL2I5
|
||||
SEl6cGxmRkcwWkZNZkY0UVlQNXNOdTAKWAiwKCBscujcohi15KmzGdJpskSuBMBe
|
||||
NhYPWXCb3UA0ZuuSgK4VChAREjyPEyV95dcwe4HkzrS/MeQ6mx1QCA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age14d0ahjjk02jyc25hhx9ws333r0yk5e06yf4ys8xhz2um7jp6qqaqfcdksg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TmlJVkRVRjhZUk8wMVlF
|
||||
aFJYeTVtM2hmTVhtbE5mYjBocjFzV3dzWlFNCkxwZmtGcnlwRkJEWWZJWnJOWE9U
|
||||
NGdUbElZZDkvU2F4dHBhdHh1bWhmdzAKLS0tIEN1U2I5S3dncXlJeDVEc0VHd292
|
||||
ZGljSmRicmRSQThYTE1qbE81K1BxdW8KAMef+ULdxgbp9gwyKyOFOjdNozV/osep
|
||||
vusNIAIJWA21NG+jyezkSP9AR8Fv2EdEOA4uO3Ol0ej312x1/MdenA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age14qunhxz08gmw5r8ky0ez9rjf9dj3ue9hrzz580gwwj4cms46vd7ss4rutf
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLa0RuUStiSzFTemdVQklq
|
||||
eTNQYzdXbVh4QXIwVjVZZmttOEdid3FCK1I0Cm0wWUZWM1ZBWlo0dGxKVDV1REIy
|
||||
Q2ZYN3lIWVowTEhKR2tBaFJCWG1IVWcKLS0tIGFkZStmRGJWRWhKUmgraVZ4cFhL
|
||||
RjlrRGcrcTJta1ZueU9PVytKY29ucmcKWW95m49are6jH4RKGy/NmczJrTLTLewH
|
||||
xqQ6o/37eaYCC9tiLPO+tyyTFfCfiUaldcgrZgiThxBLLFb3wrtqLg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age19xrvt0gjl4fcfjyy62mrl9uuzrq9e0wgemtkykr07ewz7nqn9cwshngel5
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SU5QVG5tUU9saXpNOFM0
|
||||
dkpOUi9nT21BeE5kNE5IdzlTcVBKRFVxaGxJCnpjYllBZnM3Q29ZNmZMa1FkL0tJ
|
||||
aTNYRzNDRkJaN2h5N0NlY1JmM0xteFUKLS0tIEptZlFKRjFOSmJtWVVyaWtwdy9x
|
||||
ZHVMRTJNQW5NZldJcVBqTUlxM2J3Y3cKniYqt5SL8PcDPuBgfUYu7FYbrk4aLFWS
|
||||
gEAAHbwj3bB2LvJDHPQS07DN8MK4rGsIV4UjFC7maVxMsonC8F+F+A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-10-27T17:15:11Z"
|
||||
mac: ENC[AES256_GCM,data:P9oX5KVP/64JbHX1qLiSf68gI5VxT5Ziyz3Z9oIoWWeW5SgqBXndhUKtOrM8QKjGQtFnwqjnD7nh8VTkn8SKK5+yraNkjzdpFFLwdQF7Dm0/wNKI6LNULDUQyllHO9K27qGqDWzMtT8dOpA5u9co1/mpNjbHkTR+zT40UOlgdEE=,iv:ddvCyG9BR/ZI3HbccI9yhQUAoh2pmNaCpzxG65mEGm8=,tag:UU4ylynRMPSrv2AHvI2P3A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
31
secrets/user-pbsds.yaml
Normal file
31
secrets/user-pbsds.yaml
Normal file
@ -0,0 +1,31 @@
|
||||
age:
|
||||
pvv-infra: ENC[AES256_GCM,data:3LpXJ9k8RQpo1FhzvFqnY2Zr5DS/uyD57/EQhjZ+8rL5pcseHxefl+dCOSzcK8XBhYj8Uh0SriLy9xG6vvLv6fVsFVAu7kyHmjjc/g9J9R3h/B0b7kEluJAxGIdZX5qVZLJl6rp5l2b9tLMj31SCN3kr4iZOI86Y/NDfVMzijYuslmIM7rBR5ESJSOPvjLqXjVTGWZ78RQd/i6h26iC57AaQnR3K+ECrRgiWCbEARN3METzTXu2K70ml9oPv,iv:mNBvaInfI49MP5mlk9vL81oV7bF4mpC132MzNLArkQI=,tag:nMDyldfhHflKdp+yjzdLmw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzVlF4UXNZa3E2OWhPbk50
|
||||
MkhCZHV3N1A1MkpmQkNUbUxoNWk2QnRwSVg0CkQ3NVQwcXMvMHZjY1dkajJmQnd6
|
||||
a2hIWTRxVUxseFJTQjBNZ1FYRHZnT2sKLS0tIFpqZWNyMXBaRWJ2SXdJWTNKZjA1
|
||||
ejNaWlFBVDFvQWdYdXFaN2UrZFdZQ1UK+ogkwat1CzhZ3DoJT6mg4JkC9B3fPc3H
|
||||
G21mzWPyGS2L4LoFw8wmE6ynHzsGojAlFK+2VpE2oWM+yR40zRO8Cg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLSHowTjhHVVJIVWt3SWRS
|
||||
Y2wwaTllOG9JMHhWcW5TVnRZU3d1RjlEVXo0CkhsQXFEN3kyRFNvL3lzY2pQYmVL
|
||||
a0NMdGNxclU2ZW9rT29ucmtGdXh4ODQKLS0tIG9KYVhoSEJRdjhsWEplZVJtb1Av
|
||||
bVVVYjF3d2ZyYTdWRTI4YTZ2Q25idHMKKB3XdEYu4SDrrM372Aid0cCio+TrqCqE
|
||||
dzpIzCu9Kju4ECa7+1DwgAo37n0/YIcXCX5JrWF+qxIaetAyMkJoEA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-10-27T17:16:46Z"
|
||||
mac: ENC[AES256_GCM,data:0I5IhUaaXWXaEj3TKtLhlDN7SkhCQouUcpb6bwnsoWVibWvMX9ZrqVO35wDrU/vmY45RTuIJ0AdXlDCL0fyGIOpw4bRoizxaIH9Im8sxh47Fgh+wY4LTEa3y6rES2opuaPrPUqEQeBtS9e1WU0Vt1Wdjv1nxq+pxKKL7p51CW6s=,iv:HZn7Ehqc0fpSDx32OgwzQZ3r8ebhoE4Dy+qUeDXJgj8=,tag:uj4lX4CESO041rLgRXko7Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
36
users/pbsds/home/profiles/sops.nix
Normal file
36
users/pbsds/home/profiles/sops.nix
Normal file
@ -0,0 +1,36 @@
|
||||
{ pkgs, config, ... }:
|
||||
|
||||
{
|
||||
|
||||
sops.age.generateKey = true;
|
||||
sops.age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
|
||||
sops.defaultSopsFile = ../../../../secrets/user-pbsds.yaml;
|
||||
|
||||
sops.secrets."age/pvv-infra".path = "%r/sops/age/pvv-infra.txt";
|
||||
|
||||
home.sessionVariables = {
|
||||
#SOPS_AGE_KEY_FILE = config.sops.age.keyFile;
|
||||
SOPS_AGE_KEY_FILE = "$XDG_RUNTIME_DIR/sops/age/keys.txt";
|
||||
};
|
||||
|
||||
systemd.user.services.combine-keys = {
|
||||
Install.WantedBy = config.systemd.user.services.sops-nix.Install.WantedBy;
|
||||
Unit.After = [ "sops-nix.service" ];
|
||||
Service = {
|
||||
Type = "oneshot";
|
||||
ExecStart = pkgs.writeShellScript "mk-sops-age-key" ''
|
||||
set -euo pipefail
|
||||
test -n "$XDG_RUNTIME_DIR"
|
||||
test -d "$XDG_RUNTIME_DIR"
|
||||
test -f ${config.sops.age.keyFile}
|
||||
install -Dm600 -t "$XDG_RUNTIME_DIR/sops/age/keys.txt" <(
|
||||
cat ${config.sops.age.keyFile}
|
||||
if test -s "$XDG_RUNTIME_DIR"/sops/age/pvv-infra.txt; then
|
||||
cat "$XDG_RUNTIME_DIR"/pvv-infra.txt
|
||||
fi
|
||||
)
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
}
|
@ -28,17 +28,17 @@
|
||||
"*.pbsds.net".forwardX11Trusted = true;
|
||||
"*.ntnu.no".user = "pederbs";
|
||||
"*.pvv.org".user = "pederbs";
|
||||
"*.hpc.ntnu.no".proxyJump = "isvegg.pvv.ntnu.no";
|
||||
"*.idi.ntnu.no".proxyJump = "isvegg.pvv.ntnu.no";
|
||||
"*.hpc.ntnu.no".proxyJump = "hildring.pvv.ntnu.no";
|
||||
"*.idi.ntnu.no".proxyJump = "hildring.pvv.ntnu.no";
|
||||
|
||||
# me
|
||||
"garp.pbsds.net".proxyJump = "isvegg.pvv.ntnu.no";
|
||||
"bolle.pbsds.net".proxyJump = "isvegg.pvv.ntnu.no";
|
||||
"garp.pbsds.net".proxyJump = "hildring.pvv.ntnu.no";
|
||||
"bolle.pbsds.net".proxyJump = "hildring.pvv.ntnu.no";
|
||||
"knut.pbsds.net".port = 23;
|
||||
"nord.pbsds.net".port = 24;
|
||||
"sopp.pbsds.net".port = 26;
|
||||
"noximilien.pbsds.net" = {};
|
||||
"rocm.pbsds.net".proxyJump = "isvegg.pvv.ntnu.no";
|
||||
"rocm.pbsds.net".proxyJump = "hildring.pvv.ntnu.no";
|
||||
|
||||
# ntnu
|
||||
"stud.ntnu.no".hostname = "login.stud.ntnu.no";
|
||||
|
Loading…
Reference in New Issue
Block a user