Commit 768db7d1a465

Vincent Demeester <vincent@sbr.pm>
2025-12-22 16:59:50
secrets: rekey everything once more
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 26df56f
Changed files (32)
secrets
demeter
mosquitto-homeassistant-password.age
redhat
2022-RH-IT-Root-CA.pem.age
AMS2.ovpn.age
BBRQ.ovpn.age
Eng-CA.crt.age
ipa.crt.age
krb5.conf.age
newca.crt.age
oracle_ebs.crt.age
pki-ca-chain.crt.age
RDU2.ovpn.age
redhat.pem.age
RH_ITW.crt.age
RHVPN.ovpn.age
win-intermediate-ca.cer.age
rhea
exportarr-bazarr-apikey.age
exportarr-lidarr-apikey.age
exportarr-prowlarr-apikey.age
exportarr-radarr-apikey.age
exportarr-readarr-apikey.age
exportarr-sonarr-apikey.age
gandi.env.age
jellyfin-auto-collections-api-key.age
jellyfin-auto-collections-jellyseerr-password.age
webdav-password.age
sakhalin
grafana-admin-password.age
homeassistant-prometheus-token.age
ntfy-token.age
shikoku
aria2rpcsecret.age
minica.pem.age
systems
rhea
extra.nix
globals.nix
secrets/demeter/mosquitto-homeassistant-password.age
Binary file
secrets/redhat/2022-RH-IT-Root-CA.pem.age
Binary file
secrets/redhat/AMS2.ovpn.age
Binary file
secrets/redhat/BBRQ.ovpn.age
Binary file
secrets/redhat/Eng-CA.crt.age
Binary file
secrets/redhat/ipa.crt.age
Binary file
secrets/redhat/krb5.conf.age
Binary file
secrets/redhat/newca.crt.age
Binary file
secrets/redhat/oracle_ebs.crt.age
Binary file
secrets/redhat/pki-ca-chain.crt.age
Binary file
secrets/redhat/RDU2.ovpn.age
Binary file
secrets/redhat/redhat.pem.age
Binary file
secrets/redhat/RH_ITW.crt.age
Binary file
secrets/redhat/RHVPN.ovpn.age
Binary file
secrets/redhat/win-intermediate-ca.cer.age
Binary file
secrets/rhea/exportarr-bazarr-apikey.age
Binary file
secrets/rhea/exportarr-lidarr-apikey.age
Binary file
secrets/rhea/exportarr-prowlarr-apikey.age
@@ -1,11 +1,11 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A0xn3psfevMmGmVS6QSxpglWSzNlJZiDYG4fLxqmR/pG
-a4AX6MlKP/EPzUSLlSqenlrVIJXC24N9yHnYv1yV5vU
--> piv-p256 ViCCtQ ApOaK38PQNSSjtkiUHjysooFiRSw2YEkuXxU96TdIiAv
-2drMfAH+r7TP2jqv7UdbqqqKu1y6REAZgdtl7ijTXf0
--> ssh-ed25519 EboMJg YLkOL8/zZ6shLDA90XhMinA+8YgwvcnUtOyZhdth/kc
-0rAqdrHV9KOjnJMRAL3Wix3oQQylJJiIow6cThDRIG4
--> ssh-ed25519 5bXRbA GDhSECaka8aHNBrgRAfzzpk6DSuw235a6f5SzurXwEc
-GgQkU6O/drJYnKLi6Cz3/cwU00Qm6Kmd2pAaSxSBiyA
---- 0FbNx0zE6A0jf9oNCAhE96XqdQZJI+NGGnTxF4ngg+I
-�T������f�[K�FEMhW��G�y�Nmgv�62[�!�%�9e��M1kڇB��,�|:9��
\ No newline at end of file
+-> piv-p256 ItIHHA AnWAPLsU86715iNzf7kw964vkhxZI8k00NUvKn1tFVd7
+CP2mstsYdgtvFRum4pa4LDlC94ZislRFkB+erJng8ag
+-> piv-p256 ViCCtQ A5KaiLIWtLJV/lfu1hCQqk38sp8GhLTNDO4edDDCmCeZ
+AGn/CbZflZ2RzHY1D6rMQFRketjLS7fnsdwlezamykU
+-> ssh-ed25519 EboMJg 9dJc8HglqhHukPbnHrFGhI+wmMJQVJzahU781UNJGBs
+0qn0MF0KbHNaZ3QI7kaYy3C+p55Gcmg5uQ+d3Cr2AlU
+-> ssh-ed25519 5bXRbA j/6Ezf1dCDHBFqtgU4A53XMwb6lgHxuhuOd0iMqPUkA
+bsReJYHhHJZIkoMEgwBo7/rBJT1JYyLagrpNkwuiS9U
+--- QkbXx0c3gICoOLrYdnk8e/HJPRdmjvz9lee4v8mg4PA
+a���Gݘ���جȏ������H�v��@�]�֫8����x��6��Y�"�>��J(D��L�p5l`P
\ No newline at end of file
secrets/rhea/exportarr-radarr-apikey.age
Binary file
secrets/rhea/exportarr-readarr-apikey.age
Binary file
secrets/rhea/exportarr-sonarr-apikey.age
Binary file
secrets/rhea/gandi.env.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A28IWIaJfT3CgTFaTx6CTWNM1COC8NADWmQbThdk6TLe
-2YAy1hO56GJLombYwz9pvztJa1BWdbuuozybxyhjXXY
--> piv-p256 ViCCtQ A/8vd1SA/MjVwhqh32/rwebYZ9u8nkSvZvf6ATzKplx4
-b0Ea8I4QtzMHxMiu1OEy3LBNssviIkxq8LZqejJ981U
--> ssh-ed25519 EboMJg mxVQAJV6vS26MG05MRgDw6vlO35ryLwcie/CyaJpEA4
-AbeDdqWwvZeP3zOOg7gFKvUyLbw9Bygul3XzG1uZRpI
---- O4E8ae9Z+M3xJDuoR8tnC2+qr4cDvC2KTJYwRxtC8RU
-G�D�O�����I6�B������ے�NM#�$G7��Y%�a�j�?t������wϋKa��G�ߦ�S�'f����K�f	F�,�X}�+#���|���e6#O0�d
\ No newline at end of file
+-> piv-p256 ItIHHA A45/JQjGuNNB9sljGYZLY4MTx/6Gu+EQCtyAfadeI/HC
+j52YkvbENSBRXY85lfeyY7GNoKZRuqwEUCDCcfdJ32g
+-> piv-p256 ViCCtQ AyrX/DJnNWa+nMhg5HPOwpJBvzIJPmXI/Js60bzl8XF0
+PAoyVjCk75Xsaf0ayM9dItuX225Y2Pnz+knsLw8GYbs
+-> ssh-ed25519 EboMJg d2CEGxVKCkAjbijhoUnmOml3sv8VRJASC8xPwPZ3zFI
+oQyYEefWtoFua5A09d6CS3+WIylXnUozJ29DgQ/uYOM
+--- z6pn7xa3ehsZ9CjcneGiwJSVDxTfXpMskLXBat1yaOk
+�t�O`h7J�(��5	���]m�O��5�����T[Y;���$1d�M�[q�PeSl@B��4Zw�T�5�|(��Y;�}/���j�.�6��|M�($�O��m�o�4�
\ No newline at end of file
secrets/rhea/jellyfin-auto-collections-api-key.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA ArpSTeUArSBgHic55lBAsJvbWwIrf0x1HT6wsooyoj3+
-31cmSyQEnBqO1R7vt/OMoHrU3eUFMM5OpGDGtK0hJHA
--> piv-p256 ViCCtQ A/bSOsSxn6fD1wTOVEzb+lAbK99iKU2SeZb2jk1X51M7
-HpxSdJqU/3SI73k1pKZAeUjpVCFAz6Ng2gubLFTJzDs
--> ssh-ed25519 EboMJg FVSEAlE/A/a2WTv25puW6zZwM30Dj+9Nif5MpAx1DBE
-Y9N1q1l64uABIbOmCRig24XWYR7x9TnXpVdUOBwWzV0
---- 0H7dZrTkJ+g+rHo7gMm5WjVH4JyQ+lWzyR/7DNmteYM
-;qM��>Hf���eDњ�&2QYc�י�#��e1�����pB������m�Z�P������7�SU�h
\ No newline at end of file
+-> piv-p256 ItIHHA AhZlkQ2c4esieg2EPR+DsAG3M33F74oqCLbbCfVkGgA/
+pFS/C89QX8x3GNpFxFNrGiaJ43Ah85uiZAsy6JwIxuM
+-> piv-p256 ViCCtQ A9pLiOanfqq2N/k4z4owXtNteCTN5SKqlxHhEgsgVAXt
+u/ynPKt88+SytrqVBZ7MtuWG1hjuV1F3ZBdoTXbrxqk
+-> ssh-ed25519 EboMJg vXYojUwV/iSa59K04l7NbThZvtLR55BaU77jntRwr0Q
+6J4DuGxu57o2nWf2/8OVKU87Zp9jnu70FLuAZL5NOD4
+--- pGzctrcxP+1HQ4R8jUt1mTOMYb1A92Q9BFY/PnE3m+Y
+$��@��DT��9,˃�lG`b
���X�Ǎ*2�˿��ގ��s����e���׌F+0�Е
\ No newline at end of file
secrets/rhea/jellyfin-auto-collections-jellyseerr-password.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A1oguMGTcE02YYcZBjqc3lSysUChoKUabizYk1ok+Tbt
-h9y7K7YTFlugLZ+nN+PMiBtfdWLVQTYnEpm5qUI5Fz4
--> piv-p256 ViCCtQ A376cC1vDhrYP4GFrZyWRZ7hmNOSdOBgZ9BEB4e5mR6f
-zEqkV9zxToOYgzMTdg4lDT37UPoiwsNOEx0WSJDiz+s
--> ssh-ed25519 EboMJg gs1eF1Wo/6Op8P0ysl/gVORhvqJmYRtkvlXm1rxz2n4
-3YaXnXfm6LkfRAXQA9jFkAyYvjWKNW8lvmE+/DNwYf0
---- VFedBU8zH3TJwBcxUBdsuDOPLIqkmD4+P6dg2eAsmWE
-�*Q�YE�}bPc�*��,b�y�9'U�oaZ�b����"c�'�
\ No newline at end of file
+-> piv-p256 ItIHHA An204aYudA8ff+xQaIvXQ8YP/VNhZmS8GLMK1SZid6vc
+I1cZ2Fg8HCkhe+0pHcYFMpfkHDk2NBqTA84GG1tN7NA
+-> piv-p256 ViCCtQ AowVZApA0Zr5fZp8BCIcYljM0l+45UBBluvfQXJw9qO2
+VanAatYdgmX4dCIZR/7SOBr1COuDjK+4+/lAeFx30Yw
+-> ssh-ed25519 EboMJg oscaDQgIYiGL17QRzDOPjFJnHEZqkaCM29AHPRKVGjc
+pabVWLdSpmFVjbnXEGy4HDRIhVPlzp+T8sRkudrbMnI
+--- Js6MlH1F43nkhBB2J9LKcwjwzX2KxwAuz3DcysVxCEU
+X=�.r�O�����5�&������4
�J�p�Teij���a�
+5$0
\ No newline at end of file
secrets/rhea/webdav-password.age
@@ -1,10 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA Ark1VnA0250nPzA0Rv9WX5KQNT+zKIE8qC5ZuqOdWMVR
-PIDcwnJWLjvlq7xAYSuxPBd61yoGU2EnAcK7Ao699r8
--> piv-p256 ViCCtQ A8LS5WrSy2jZGzkxIfLccLDWEUU69A42f8dLndpbCN1J
-mciS22DmE1KtycAUzlRrTB+SwIlz97BxYfQtw4cWEWY
--> ssh-ed25519 EboMJg 1ZqKGBMxss0RY9sNnvfzOiCVgJnjMrpO6RZ5FMXJcV4
-mpY88hJQLLQtGDgLMrwNsNBQgTWUnfGyPGPGyQrdK2Y
---- ojvf1oDIYF2Uyp+IbLtB4PgSrPhM49vVvEnwc+Lm8/8
-Gj�Yx޲m�*߇�]E�
-1���*l9�\56���8�b�J@��!��ŏ�]� -+,Mf�S�8�Y�.Z����GԸs9VL�,r��+���������P�Ϗ��
\ No newline at end of file
+-> piv-p256 ItIHHA AhHnofVOYksITLxrC2AbmEqe0NbYLlyBlIFdxUo2d5Pn
+7y1ccsguOWLkpdZLHkdkAY0TsyP9FY35usPoStUKqW4
+-> piv-p256 ViCCtQ Alc3sqHzVJ15lcRaw669DAFAacECGnHWYB5HHyG7YLf5
+yFBixVQwHoo4dSgfP5n7lad9jHZBjmP8EIIMpQ9aX9k
+-> ssh-ed25519 EboMJg xdmyvTMbkTE5ctCvXXR3v+fhJFvQ1f5Q/JO2usLJWW0
+9RHKIUvtvoze5nVReiBSIVf9EKMsEqcNmVoo59sOjGQ
+--- i3FumzeeQhdBL8b05qEu+er2i+mhhLxLdKYjwrBmw48
+��)����)Y�q��q=.�����A�S�<;
�*�\��v����p��o��)q�!��}*���悋e~�f�I��ĵ�'N�t"�e���U�4)a08Yw��S�71%���&y�
\ No newline at end of file
secrets/sakhalin/grafana-admin-password.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A/oO7e3UDuPsrHmTTxMA1zAf64YbKFoFsPwAQhH8k29K
-pHOO+UdR9nHOby1Y04gehZVhHLbxU9+ldbqnEPXKYk8
--> piv-p256 ViCCtQ A0d0VEzUU2svBy0P9lg/h3oDrfSBe9gq2mrjt7AvDsEp
-yLmiTbrMkcJSi62dRottG1f8b36TOHZ5my4M+bcvT8U
--> ssh-ed25519 /TxA1A LH93itoqYoEBzzH46ogxDB3oQ6axGpgE2vQtXBrtS30
-nnbGI3eBb6Lz+XOe6mTUTOybTC90Y3POYukQdOIOYxM
---- iJ+Xh83Hppkanhe7uRA3bk5vGw1V8aC9cYgi3rI76TU
-hs$��
1��U�݊�����y�p�����[�)	�P��Ubq�P\��
\ No newline at end of file
+-> piv-p256 ItIHHA A3/ZAzOJJoW4ljwsBoimeUIvANLuvLXPDKBl/Y5qHiIj
+MGp4dOnZg3B0JDLMCzGLjfNOipELPUohcSLQWlnDuLU
+-> piv-p256 ViCCtQ A4mtLHnfz5YkQK4UI3paeHH8yW6vOcW0JoYIarFKKghO
+MB4QV//gk0SPbJDR32ZODgOqt3i/xE6oSoF+xDlm9T4
+-> ssh-ed25519 /TxA1A dJq/bKMX4IhuW7b79VoZz3vLBkVMsSthAhZlVtNNdmw
+lwJet1bAe9YXw79xczln0rLTXe5PdK1PAChblibTFHI
+--- b9ZQGFiNW2Oo0OahmAvOgJVqH0DvSN9JOwPY/8hUzB0
+G�!�`ߨ%�`������,���E����L�4���!��9��4T/F�
\ No newline at end of file
secrets/sakhalin/homeassistant-prometheus-token.age
@@ -1,10 +1,10 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA AoWfnTpq+AwkUv0i/RIhDOdFf194G1fB2w0pd2CsndE4
-8Sbdc//lGv7UGR8dZ27/mqUBzIyCYnpH4ngaxFI65t0
--> piv-p256 ViCCtQ Ax95vZoEgPUE1NeGFRALA45UHGCAAKl+OkG/KiMlhRME
-d1LnwHawJ6Iux7cxaFnuntySu9Vb3N4oCLP/GTE4E5o
--> ssh-ed25519 /TxA1A VLNC5JbyIxPCTA1w3Brrjb0ynXyc8kJ7uSYqUjnIOBo
-ZS742m7s4anEVQsYo2nGwXyforyizEqarcurRfS6tyI
---- ymeUuZ9diY7hq0oJIt2nOme9Qz7N4CQE7BgIHJOK1t0
-�%j=��J�r�=)C��tw>'�{��}O*jal@gs?J����vkH��ɿ�9Z#ղ��թپeT��|���4�[:�
-S�S9s�0�еd��7����ݴ�ٮ����5��X։S,R��м�9���]'�}�������|«F5=�4��{�˭���nJE19{N��$F����:�h-"�y����T]�Ae�_�a=���S�ׂ4���
\ No newline at end of file
+-> piv-p256 ItIHHA ArKpR7/s4CTJs5myhXfhWg3MhBIX2/jGoz/FlOto1K4c
+/g1rIzqtaHniG3HSrNsbsE5zI6nQTBo1MvK3ZWwtax4
+-> piv-p256 ViCCtQ AjyvkZC/vJJvYOsFEcHTD3E9X93IcwesgnWtm+n28fX2
+6+BWSS7qTBgufT36FnJxHMAUaTtmnW6IUUpxl2wio54
+-> ssh-ed25519 /TxA1A PEy5I4gD5KaUYhm3bXqGpwpI6NoV+UOohGhLaXsGfVo
+1XKkQih2AdoXRMyt5djJrgiqsn5ntzAnEOJu8ek9hNc
+--- s9X5V+CcOEBosBKG/wygyHAPuKCgQ+V7fVAkV2E0SqQ
+z@O�0/S�fuՁAˤl�:7�ϩ
+�p?�����/��0�2i�O.�����nzt=���mK;J���{~���E��7��1)��>���R��X��ez(<(�(� �mOц�Ņhg,Yad��xL�C���ז(�0��pX���xSg1���#��7�j�Z�Z��4n P�I*w�O��7���`,���Ř��جg���Vjg�h%���Z��Ѩ[A�1�n�
\ No newline at end of file
secrets/sakhalin/ntfy-token.age
@@ -1,10 +1,14 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA A+znT+h/XoYX16AaRXZiu8PCTlNCVCLUkTHrdBgYTfwM
-YyjMx7WsYpop9SaC22tB1acmQlZJUWW1EKl2nPaVokk
--> piv-p256 ViCCtQ AqxoHbakHPsLk1kTh9TtaP1t2iBUTdNi40BTWAgOPji7
-B7GenKVLCJZ/RNGQb8OwcuWqIawQZmZ+OhWoyFbrhcI
--> ssh-ed25519 /TxA1A YocX05V/ECOGPplirXj5W2ZwT3LFzZ4NPSIDSJMx0ws
-esTPb+DvdDfLjS6KmaHNAI7bF6LPPPCHMbZXrMR5l+Q
---- SvqQ4lQ/d15fGdgSVNy88NvXULRDb8ftHt/M9sY2K8c
-*��
-�m�����3� �U���<�����V�.����R�S�|Ko_+�|�E��U��xU��
\ No newline at end of file
+-> piv-p256 ItIHHA Aiaq5Tic6bA48WUSPeRlLme4+iFQs9O1ppVl2WYCi71Y
+U0oX6PAMNihNHygJA8GmEK+ue9GoJPW6QkNaDmC3r6U
+-> piv-p256 ViCCtQ AoOAXNiUCwtSLKx+rIebnmfst6qnLeW3StoPL9C1zGdc
+Jc7cqMWTpfnFf7BLwMtn5hC1fGAhfb+p0/nuKOTPtac
+-> ssh-ed25519 /TxA1A KJ2lI9qGIRb0NabIupT3LwVwHysegHZ/9LSSU0hwWko
+044nN02y231ulV/Bpu/vZx5d9+FLC8dV4JEAWBSegb8
+-> ssh-ed25519 5bXRbA syTwY7tZScJaxRyhaEcx0vFy1Q+cBHjnHs4uEhlAmC0
+50YdlnqtrwzrT9Owulgv+OMihq8QHANZ17u6983Ggaw
+-> ssh-ed25519 EboMJg tUMMIuW+ZmFfJeLJJdcCkcE06nkqTXmBFg/YPbSXb18
+gZMHpusF0CwjLe8pJFJiUymsaJ53AcDYhCLsvaoi6O0
+--- SLxUIipsRxVaa1892tYM/Nzg2fX0nAAGGJlI316ds/s
+����!��kȚ_;������T��]Q�<ܢH�
+y�����1�	Pm��ZO�a�*�=2�v1>
\ No newline at end of file
secrets/shikoku/aria2rpcsecret.age
@@ -1,9 +1,9 @@
 age-encryption.org/v1
--> piv-p256 ItIHHA ApOBm6WQ33kJLF0nqIqnOW0QGniUq5h5PmW/oND2GUaa
-XuPGsT3PQOwfdKXms6uVCd8HG3IMmyMJHKov0L1Or2U
--> piv-p256 ViCCtQ A/sskaUHe+W9WkuvCEcyOUigLdahLgFY//JuPj5+GdJl
-xNp5EMbEUKmS0q8DXy+Trx9uH5tKkx741LkVOuPaOjA
--> ssh-ed25519 WaDo1g C+4xfTWMZDkO1WK9ILVOvfrht4xxwiyLm9RoTAdCB1s
-EHzsd+/53y1/MXHaFz/b9dwC4zdU+VbtMIDcWL+rM4Q
---- Om6164+HeDuof4XXcx2ScDFFK4LQvGvVleb9vmwZfvc
-���V}�) >��C �}�A���cL�	�^�t��mQ�C@��
\ No newline at end of file
+-> piv-p256 ItIHHA AyNmdebs+I0FQlBTABd6uzIDlSRqec2NIun7myXj4Epm
+lmkXhCMjMgf5Os2Rvy30sv7Uq3b4+cbw8ohZVpZiWis
+-> piv-p256 ViCCtQ Akh33CU0H5vd3ZAvbUDSaIv7Hrhhr/AXZLi3to68ejKn
+Onk1B4TntMhPv5MJjAfnwCfq+jcB9EgSZN7XdRfPakY
+-> ssh-ed25519 WaDo1g aASzBzv7l7YITOglLiCwiW/iNc9Hq8DjUGq2RsE4DU4
+EbLOmftVvjzYXT7YUGavgF2/po6U6aon1hRNh7BMHYM
+--- R7sKtJ0cjxkqjSn2CLH3P7NZ6gtmC02G7CfcK2LoRZ4
+-UAFHBoB$��~�����O��3��[��>c�A��7���r�
\ No newline at end of file
secrets/minica.pem.age
Binary file
systems/rhea/extra.nix
@@ -117,8 +117,8 @@ in
     name: _cfg:
     lib.nameValuePair "exportarr-${name}-apikey" {
       file = ../../secrets/rhea/exportarr-${name}-apikey.age;
-      mode = "440";
-      group = "homepage";
+      mode = "400";
+      owner = "root";
     }
   ) exportarrServices;
globals.nix
@@ -511,6 +511,7 @@ _: {
     radarr.host = "rhea";
     lidarr.host = "rhea";
     bazarr.host = "rhea";
+    prowlarr.host = "rhea";
     transmission = {
       host = "rhea";
       aliases = [ "t" ];