From b61d69b55dacd673fd8948df11288089226a61e1 Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 23 Sep 2025 06:45:38 +0000 Subject: [PATCH 1/8] Update vars via generator state-version for machine m1 --- vars/per-machine/m1/state-version/version/value | 1 + 1 file changed, 1 insertion(+) create mode 100644 vars/per-machine/m1/state-version/version/value diff --git a/vars/per-machine/m1/state-version/version/value b/vars/per-machine/m1/state-version/version/value new file mode 100644 index 0000000..115ab7a --- /dev/null +++ b/vars/per-machine/m1/state-version/version/value @@ -0,0 +1 @@ +25.11 \ No newline at end of file From 7ecefd97dd962c617ca1582be02ed17fda1d89a6 Mon Sep 17 00:00:00 2001 From: chris Date: Sat, 27 Sep 2025 12:49:05 +0000 Subject: [PATCH 2/8] Update vars via generator step-ca for machine c1 --- vars/shared/step-ca/ca.crt/value | 10 ++++++++++ vars/shared/step-ca/ca.key/secret | 15 +++++++++++++++ vars/shared/step-ca/ca.key/users/chris | 1 + 3 files changed, 26 insertions(+) create mode 100644 vars/shared/step-ca/ca.crt/value create mode 100644 vars/shared/step-ca/ca.key/secret create mode 120000 vars/shared/step-ca/ca.key/users/chris diff --git a/vars/shared/step-ca/ca.crt/value b/vars/shared/step-ca/ca.crt/value new file mode 100644 index 0000000..a1d169f --- /dev/null +++ b/vars/shared/step-ca/ca.crt/value @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBcjCCARegAwIBAgIQUR8nSJFMi7Lto1C3aYvQKDAKBggqhkjOPQQDAjAXMRUw +EwYDVQQDEwxDbGFuIFJvb3QgQ0EwHhcNMjUwOTI3MDA0OTAzWhcNMjYwOTI3MTI0 +OTAzWjAXMRUwEwYDVQQDEwxDbGFuIFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjO +PQMBBwNCAASaMxTsuwxxCWyhqPxU112WyVKGon3kgk55efpVFaPqN8S+OOnSsnVY +YusgpULNB6vfXaqPH8alsuTouZb98Krho0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYD +VR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQU+5osAUktgHoUC9WdoNDqvle1bQ8w +CgYIKoZIzj0EAwIDSQAwRgIhAMORa8wEwfhdADa2oOup5mtGhQNPEDncagtjQHBo +5FVrAiEAyByQFFZPVkSc2YFI7lhRoIQaAxzBpM2djIn5JfQYqL8= +-----END CERTIFICATE----- diff --git a/vars/shared/step-ca/ca.key/secret b/vars/shared/step-ca/ca.key/secret new file mode 100644 index 0000000..bda4338 --- /dev/null +++ b/vars/shared/step-ca/ca.key/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:c9PTx0Xl11524ib8wyj2my+9oVrUL9GOT2pRXxt4St3fN+aLVfMrK7LnsmiIzS2dc6CfO8uLfq4Z6FKRT2rc7JDotffQ2JzkeS+INSDZVvqIlTxAKWjx9sT96TeKZ4iu6xD4crkFlEmK4hxudszmbQBdhgOrbZU4QqfYHcXbHLsGasUCYX7VnyaIXRhmomNr8MxC90cBZwtrOLEL18IncnzlPqkUfCfhYVbjE4ij/zZNY4U5NhAzv8WVFXQE+svTESFu4mKT9AY/d8IA7TeNGqpmRyvxo1Te2ki03l2YxjnvaLI=,iv:RM100508S98GBIvGNFZXQskMxPibG2hyvxD1eH/G6dA=,tag:Ncxd3JA7MwDx6YMS/97Cuw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBINnpzTzQ2c3E3UmVzOVhi\na3lEVE1uN290bGtDS1B0Sk1NYVN6ZS9mTkZRCmVoR1ZZK1dsNGxIREFYcE1SL1dO\nTmZ2RTVidXJORlUrcHM5SWVtMW9uckEKLS0tIE1tNDZwaVRod0FFbkNQck1aamdR\ndEpOenpFOEE4V3NOdmFyQmdBdlBUQlEKoDmS94ocOlNlRbn12d+FwuhoVt5RxoZO\nGKSH3yj4PpToF9BLdQhe6kru5Timqf3HeTLX1od+ATang6/0ir320A==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-27T12:49:04Z", + "mac": "ENC[AES256_GCM,data:23DLUaQC0CwjVVe+7YV98VvaESYE4pc8D+2Bn0MoLtKh1u1M6YzyKQpvet+nTmwq4Kz8y+wfHdv5bvWbwku5rfhFOpQMmnwgaRn6wIuoYceOFwGH6pLqC4f76UglKbIjJ0BopjBHsVbJYqasGS+vDUvtTxYAUuXqYTVJCe+mO3k=,iv:LhvdDNN0XfsIdP89+EFAZdVGkCk4QWaQvTyA1DUTYnQ=,tag:kjDMP9qKsGtOSZ8kJg74CQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/shared/step-ca/ca.key/users/chris b/vars/shared/step-ca/ca.key/users/chris new file mode 120000 index 0000000..6f0c267 --- /dev/null +++ b/vars/shared/step-ca/ca.key/users/chris @@ -0,0 +1 @@ +../../../../../sops/users/chris \ No newline at end of file From f29f3bf239e9fa79b54b4482c35f66dfe45069f3 Mon Sep 17 00:00:00 2001 From: chris Date: Sat, 27 Sep 2025 12:49:07 +0000 Subject: [PATCH 3/8] Update vars via generator step-intermediate-key for machine m1 --- .../intermediate.key/machines/m1 | 1 + .../intermediate.key/secret | 19 +++++++++++++++++++ .../intermediate.key/users/chris | 1 + 3 files changed, 21 insertions(+) create mode 120000 vars/per-machine/m1/step-intermediate-key/intermediate.key/machines/m1 create mode 100644 vars/per-machine/m1/step-intermediate-key/intermediate.key/secret create mode 120000 vars/per-machine/m1/step-intermediate-key/intermediate.key/users/chris diff --git a/vars/per-machine/m1/step-intermediate-key/intermediate.key/machines/m1 b/vars/per-machine/m1/step-intermediate-key/intermediate.key/machines/m1 new file mode 120000 index 0000000..9be3644 --- /dev/null +++ b/vars/per-machine/m1/step-intermediate-key/intermediate.key/machines/m1 @@ -0,0 +1 @@ +../../../../../../sops/machines/m1 \ No newline at end of file diff --git a/vars/per-machine/m1/step-intermediate-key/intermediate.key/secret b/vars/per-machine/m1/step-intermediate-key/intermediate.key/secret new file mode 100644 index 0000000..339a3dd --- /dev/null +++ b/vars/per-machine/m1/step-intermediate-key/intermediate.key/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:S3lcB/4IuNeXb7Knt+OUqRRGOyft1mZ/HdsM/mag4yrzBgsetVHj5kQnYMwvCfWFmzbwXpI8e3Y41YFGiLp4kjyYCTwhumUPpzchGUP0fRCcrzUzEkNOS/V4oYDWEoQW8weP18L1bMfVz/TH9aNNMuWmDGHmi2cPyM7stDMaqxy7W0B41stUPeXIuALTxFAkLgAChDhrep77Pz/qEfZovTBFW5cKKJF6U6Zj9oV7JSx9gC3sfGgUwtUo+Aavh/D3EepbRvuuAONcYWzrR1bWbweY/Ymhcm8HUZcrCIpihZMJTDk=,iv:Rau4XG40LjOGtmdC9QHsvAHYxSRw959HRk2w3mHdXVY=,tag:JkqsHiylvCmADemuhGQ0vQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1fhp67dkmewwv8murjd8274svktl6zhfm8cgy8tx3mf265kgnn9yqa6kftt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeE5xZU5jNis3N3FDVDRy\nY3ZsdW5wa2lqc1NBNFFpWUxIM3VQSFdKQ2pNClVZaVJjdFJJTGJFSllhYUJMQ28x\nSk9YZ3BpU1c4K0JRVEQ3R0hJUEVYVTQKLS0tIDlPd1RpZStRLzZ3bTJVT0JNajRH\nMkVJalBVOGxJTlBNdWtrOHUyeVFmTjgK0GzZMQf0/b8sv3ldIH8LNYn9YhFEw92o\nfn5bnCOOdCC7AgA7jHpP3DKmQOHjCse7FNJu+S0BqSU4bwu8U5mz4A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVnNhdGJZN3hxbHdWczNm\nRktwbEIvb1pvSXNFZGhXelRLSkgyUDUzMVFJCjg0bmF0OWpVU1ZZWVd3SWR6aFlu\nUGlxcGNCQWd0RDkzRHdCSjVQa2FncXcKLS0tIHkxVDhEM3BjNGx6QnRYQ2ZsSitR\nZEtlUWMxZTJSbjd1RzRBejlySEN5MkEKevtIa3/V5rX803YUfYHv/cVAkykrqbXc\no+6GeW4GWN+pgcBfs0mNxsHOIkaz9n0sFrDgh58DJ9Agg1pZ8HKmzw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-27T12:49:07Z", + "mac": "ENC[AES256_GCM,data:nD+IE1+r36g7a5jm+PCarhpnTLHS8VokKC33/f6kvML3f75+uqeG7KkFs/XWR5LXGrcBHHuU+hZ7NUw+K16D+DgcbDmzDKjr3TKZSMVyZAw6HxhtN6qAQzqePEk1WtxCwn30kecLsGe0vj0SQzieAoy6larzwJr9ZLtpI634RAY=,iv:6JXoWAq7A4KniBvP3exp+O1CHDuMXh19oMMmqgNmt0o=,tag:C9Sv5v7HuI42ViQG81thkw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/m1/step-intermediate-key/intermediate.key/users/chris b/vars/per-machine/m1/step-intermediate-key/intermediate.key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/m1/step-intermediate-key/intermediate.key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file From bbd6bce2130a70285a94d972547a6da645541b38 Mon Sep 17 00:00:00 2001 From: chris Date: Sat, 27 Sep 2025 12:49:10 +0000 Subject: [PATCH 4/8] Update vars via generator step-intermediate-cert for machine m1 --- .../m1/step-intermediate-cert/intermediate.crt/value | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 vars/per-machine/m1/step-intermediate-cert/intermediate.crt/value diff --git a/vars/per-machine/m1/step-intermediate-cert/intermediate.crt/value b/vars/per-machine/m1/step-intermediate-cert/intermediate.crt/value new file mode 100644 index 0000000..59870d1 --- /dev/null +++ b/vars/per-machine/m1/step-intermediate-cert/intermediate.crt/value @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvTCCAWKgAwIBAgIQd7BR+E7FAGHQpzOSs1ad/jAKBggqhkjOPQQDAjAXMRUw +EwYDVQQDEwxDbGFuIFJvb3QgQ0EwHhcNMjUwOTI3MDA0OTA5WhcNMjYwOTI3MTI0 +OTA5WjAfMR0wGwYDVQQDExRDbGFuIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABK1ifI3+PdN5pdkFrpu5aYS5W+WleRXWl89iQUB8N5s+ +DMcTYoFK8sKyA8DPVx1nU8twzthKcVchEKaWI1TxH7+jgYcwgYQwDgYDVR0PAQH/ +BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJIc3NZnq7rEykEX +FJTAyCQn9F2BMB8GA1UdIwQYMBaAFPuaLAFJLYB6FAvVnaDQ6r5XtW0PMB4GA1Ud +HgEB/wQUMBKgEDAOggxhbWFydGgubG9jYWwwCgYIKoZIzj0EAwIDSQAwRgIhAPHF +Hzvg04opKFVhOqybl8ZUCY9fByKG5oIiZ4Fk9Az+AiEA7Qmjik3LjokUiLt/GZcs +j7w+b5KeioRSpvRHhqzg3Lc= +-----END CERTIFICATE----- From 20831cd47eddacef1810384a74c31550e91e69af Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 20 Oct 2025 06:47:34 +0000 Subject: [PATCH 5/8] Update var zitadel/initialAdminPassword for machine m1 --- vars/per-machine/m1/zitadel/initialAdminPassword/value | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/value b/vars/per-machine/m1/zitadel/initialAdminPassword/value index a3b44e9..ac7cc27 100644 --- a/vars/per-machine/m1/zitadel/initialAdminPassword/value +++ b/vars/per-machine/m1/zitadel/initialAdminPassword/value @@ -1 +1 @@ -aah2eire3Uth3eo8jui7oogh7Si8esah1oL0feito2QuieW7ox +aah2eire3Uth3eo8jui7oogh7Si8esah1oL0feito2QuieW7ox \ No newline at end of file From 6e8cb36e00004f4906b84f08183d88d9bc2f6d15 Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 20 Oct 2025 07:44:11 +0000 Subject: [PATCH 6/8] Update vars via generator zitadel for machine m1 --- vars/per-machine/m1/zitadel/emailPassword/secret | 15 +++++++++++++++ .../m1/zitadel/emailPassword/users/chris | 1 + .../m1/zitadel/initialAdminPassword/secret | 15 +++++++++++++++ .../m1/zitadel/initialAdminPassword/users/chris | 1 + vars/per-machine/m1/zitadel/masterKey/secret | 10 +++++----- 5 files changed, 37 insertions(+), 5 deletions(-) create mode 100644 vars/per-machine/m1/zitadel/emailPassword/secret create mode 120000 vars/per-machine/m1/zitadel/emailPassword/users/chris create mode 100644 vars/per-machine/m1/zitadel/initialAdminPassword/secret create mode 120000 vars/per-machine/m1/zitadel/initialAdminPassword/users/chris diff --git a/vars/per-machine/m1/zitadel/emailPassword/secret b/vars/per-machine/m1/zitadel/emailPassword/secret new file mode 100644 index 0000000..bbee149 --- /dev/null +++ b/vars/per-machine/m1/zitadel/emailPassword/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:cXIJz0w/km3YqM2pX46ol1dpKw==,iv:33dPlBGcZ5SmzceaS3byI30dr6b8mcOKSm85gHSm21Q=,tag:EY/rxLcOxtysOLcsq4hAHw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOY2YrdWtabHV0dVdybTBJ\nWkE4MnlQeERuQXZ1dHNoQ3ZCTUo1SWc1ZFhnCmQ4M01Vci9lWk9vZjhOcm9BVGw5\naVQ1N0RkTW94NlJUcGJTTFdHQU5ONFkKLS0tIFhWOElwdlFSSDNlT3BzL1NVb1pr\ndzh0MUYrQ1JaUjlGbWtJQ0xmWUdnRGsK5Hnt8p5HbD0WbY82aCsFXDW5iXx/Afs1\nB42UYH6EW2SebE2q5PgMKSZQIr/Zp63DgrpxcsaX2iiy+yBylTnssQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-20T07:44:09Z", + "mac": "ENC[AES256_GCM,data:CvUbPTDy30aptxt4ZJwqF59T+jTcwBFg8yj00FTjdYaEHR5jDBN8xVA/KGh3hupwMe2cMpChsunRAwXQb9TGYbgiL8l0xwcKePenHgsoshnsoOZlhBUlLx8/z4sF39HyXqkeutNb0aJOLfsTGBS6Hoz1cHwgZg9QvnSn0qeYvGY=,iv:NcJNQipM+3GzuV/NcJuBEZbTbF1umoUzi478c78RW2E=,tag:CI/CqprgDTgMH7YIy9A+Dg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/m1/zitadel/emailPassword/users/chris b/vars/per-machine/m1/zitadel/emailPassword/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/m1/zitadel/emailPassword/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/secret b/vars/per-machine/m1/zitadel/initialAdminPassword/secret new file mode 100644 index 0000000..84434d3 --- /dev/null +++ b/vars/per-machine/m1/zitadel/initialAdminPassword/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:zaPb640sx4RiOmNjQUAe/b76wnXpJcaoXjEZcRfVezGw9X8btRI267n3UQlrnk9gFdVa,iv:eMKPcw2AGqcAW47zPpD18lemBKm9IUGBIUIXPHrFt9o=,tag:VgKjbom3P6uNb9G3uxhwoA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVkRVbjgrY0ROeUVhdEQ2\nVEoyYnIramFYTFZ0TEtJRlg1ZDRId3RnUW5nCmlsTDJnUlFaanU2WEFKK3Z6aGM0\nNFhSNnBsanpVdDZld3ZpUmhaUTJjOUkKLS0tIDJDQktML3cyUXN5ak94T2tBa1RV\neDVFeDdrNlo1aXRYK2Qxa1B0SlhkTEEKtiROFuFgZL+a6ilt0x3e6eO0z1Dwp1oS\nYhABmnWc2UI2d4Ku7xeUaUlz/oWpch5m5K+fuJt2imfWfD1z62/XOA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-20T07:44:09Z", + "mac": "ENC[AES256_GCM,data:FWoPeR7xCXdtOvyXn4K0wAnu7luq5jbBIKnDGeDD9bz8A0xll4MwNH75LLisZraXQucedb2V5pq1RQRRqairs+5M166m7k2tmD+Ao2V0UvnU/WVGJ4Ug3iUJ7BIp2cRFhqmAZ2Dhk1lhT2bHNttjKKcz7bp3kamQ996ROALbMRM=,iv:euKutSpWFyeJj02WFNJiGQvCR0S6gyeLbXKR1yDcCe0=,tag:6YDqOJKucdFasDG15+y9uQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/users/chris b/vars/per-machine/m1/zitadel/initialAdminPassword/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/m1/zitadel/initialAdminPassword/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/masterKey/secret b/vars/per-machine/m1/zitadel/masterKey/secret index 4806d18..8db13bc 100644 --- a/vars/per-machine/m1/zitadel/masterKey/secret +++ b/vars/per-machine/m1/zitadel/masterKey/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:84DxM80CE5ytsU8uK93R68/NAVyMUuI569YrMkvNvCM=,iv:p97QNFe2Djrqe8NaZX/jrdukoAucgxUxhNbKzQgJ62M=,tag:UJ8xGIdINgLn1b5Uo3B4aQ==,type:str]", + "data": "ENC[AES256_GCM,data:cugXqfJ8L8vKNMmmm05s5TI1Li7mJ8VGab3T+244iiQ=,iv:RTRhY79qFD9F3S9jpaZXBIJL3P2Sk9NAdW5BFNA5b84=,tag:oytcs+C3H9RfT1r1rbm3kQ==,type:str]", "sops": { "age": [ { "recipient": "age1fhp67dkmewwv8murjd8274svktl6zhfm8cgy8tx3mf265kgnn9yqa6kftt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRkQ1WjhEQTBQK2pJN0hj\nS2RCZEVYQ01vL3c1TGVoR3A0aENiR09seDE4ClBrckVhWjhmZnN3U0kzY1luaEpn\nVnFQYkd3bVBIa3BxWC91NzB4M0hoeFEKLS0tIHM1TnBCcGtFai9jMTdBWFdqU2Rh\nbk9IQ29WL0Z0ZTlIcWFQNGtINWNEQzAKogUWaIkKoNnmeFxkUFQoHW78m6I3eiG4\nn4LQojHwAfno+mZeOdVDcsVEo6SmWZqZFIEDWB0PoA6xD/FvlrNdoQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPYkVIOWoyamp5bElrMUhM\ncHZzNEJDVXJWWWxoeVhZLyt5N0hLR0ZWZncwCkRqTEZybmMwZk1UeWdSbXF2TzY3\ncVZEdFIxcDA5NnBHc0VpcnRPZUhoRlkKLS0tIHlTdW9hQjdXK2treGtMTVY1WjBv\neE9TNVRtNDViOVlxUjdtaktNMGRnbWsKhccgVbSVHVdYGiy01iuTAht9Ql5UnQ7w\nDPsgb+i9w/1nFxiRU0ihC+6RuP/ZfZDoYP0IfyTB1+j5vyttwk1vZA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTGF3M1doU2tIWldINDdF\nSE44a0FNbFVhMzRMSVM2dmRhVXNRMWRoK1Q0ClVyQkZRazUxcmM4cjUvSzdDTFBl\nc2JmSkNjYmZhVXNacnNHY1UrRXQ4UHMKLS0tIGx3Nnp5R2VQYTdad1NOMzFzTHpn\naGpuL3dLUjVBU1JIWTYxeFhCdVdLK3cKk2gjg7o+DJnJD0GY3WoV9zBfvOWUQ02e\ns95E3BPabWyK3qjcdxQhvgEqlAlMA4DV9v8D6UHXelJnPr6zUN04og==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcFRlazJoZzJvYWc5Q0do\nZDNjRGNhQ2gxVUFDQnpLN0FMWk43OUxLVVdVCi9sV3lNVmNJRUpuS2NzZjJDTGlD\nQ0IreEhSRVI3TWpMTk00MVh0L0Fwb1UKLS0tIHhxRDJWeURYSEdOa3hUU3hUMnlV\nQVdYNEJQZU5qWjVBSDBBc3FwbzFwbG8Krw64d1IVO6Ouy6IlZyrscT/j0HSsff3v\nVCtvyTB3m8qi/Qd9yzvUvecqAKB/pAnHTzZlvX0qiGomljp3bgJ6Dw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-18T13:51:19Z", - "mac": "ENC[AES256_GCM,data:iSfQZniN3T3at+/DxU3ZpkwxC78dUsCTL2pqgKaRUbNf6aPi7vaOojnpmQE28q5XXZhbGgDam/jogj9iJJjRQ95l7UktQW6fEQ4xej1ynIA+EkRYYSUYD9QR80skvQ79uBIwvaNKez2px0ylSR06VVd6QeMWbtrLv+HS9x7Omu0=,iv:akBnFMIuuG7pbPd7UHTEwsgmuODnECytr6M1S2bYFQk=,tag:7+x3iZoJDepfFeaND2fWKA==,type:str]", + "lastmodified": "2025-10-20T07:44:10Z", + "mac": "ENC[AES256_GCM,data:x3+ZiU+Jj3fb9UMMZ62vpOJdSSc1B4FSpPVn83b4eczwdQfV/e0wSpZg+sN+FMl3lBkrAn/bDROUVp2rxEjHt2ZOqXEasj/t6u2RHqHhrJ0XfdTwY9pJWE+P2RjX7YJ83gzzHqngubP/TUeghK7N0ewZsicSrRTHmTn2OxRQS3g=,iv:X0D058qIEFue/G1W47spssNhiGoX2U0FouE1RyElL2w=,tag:cBzs7pqR5rZy91eXn71+Dw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From d5f74bd79230350462b39b75f37e868a1fc46ad3 Mon Sep 17 00:00:00 2001 From: chris Date: Mon, 20 Oct 2025 07:45:02 +0000 Subject: [PATCH 7/8] Update var zitadel/emailPassword for machine m1 --- vars/per-machine/m1/zitadel/emailPassword/secret | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/per-machine/m1/zitadel/emailPassword/secret b/vars/per-machine/m1/zitadel/emailPassword/secret index bbee149..ebf7c7a 100644 --- a/vars/per-machine/m1/zitadel/emailPassword/secret +++ b/vars/per-machine/m1/zitadel/emailPassword/secret @@ -1,14 +1,14 @@ { - "data": "ENC[AES256_GCM,data:cXIJz0w/km3YqM2pX46ol1dpKw==,iv:33dPlBGcZ5SmzceaS3byI30dr6b8mcOKSm85gHSm21Q=,tag:EY/rxLcOxtysOLcsq4hAHw==,type:str]", + "data": "ENC[AES256_GCM,data:WTStH0KBcJLTv46t7ApbgNQcEQM1NUYb8zVrwgFrbhw=,iv:Y+Aq5t/SVhr8AIy36TTXfWGckkc0xCuAbN59xhwrFF8=,tag:CdsSwdln7WoM0pLI/NYiSA==,type:str]", "sops": { "age": [ { "recipient": "age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOY2YrdWtabHV0dVdybTBJ\nWkE4MnlQeERuQXZ1dHNoQ3ZCTUo1SWc1ZFhnCmQ4M01Vci9lWk9vZjhOcm9BVGw5\naVQ1N0RkTW94NlJUcGJTTFdHQU5ONFkKLS0tIFhWOElwdlFSSDNlT3BzL1NVb1pr\ndzh0MUYrQ1JaUjlGbWtJQ0xmWUdnRGsK5Hnt8p5HbD0WbY82aCsFXDW5iXx/Afs1\nB42UYH6EW2SebE2q5PgMKSZQIr/Zp63DgrpxcsaX2iiy+yBylTnssQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6N01ydzJTb3ZmSnVTTVFo\nRXdRTDlyS3Q1cEJOUi9zYnkvbVloVGMyZEhjCjJCNHZuZ2E4ZGJuekZjemhIay9Z\nUUFNRDhsZHluLzhqWmdhK3l2eXd3b0EKLS0tIDc2eWVjUCtQMndpRGZiQXpFbmgw\nWFh2OXZGbzl5aXZ5U3RxT3dGMEZiazQKbmV+VcU4f0U7r8rqHmUC0QHZSsBMC6cZ\nDtoYU7L64QLQo2rnXUrVnxgTkj+htXQIjSeJ1ctMB5atgusvQkxBkw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-10-20T07:44:09Z", - "mac": "ENC[AES256_GCM,data:CvUbPTDy30aptxt4ZJwqF59T+jTcwBFg8yj00FTjdYaEHR5jDBN8xVA/KGh3hupwMe2cMpChsunRAwXQb9TGYbgiL8l0xwcKePenHgsoshnsoOZlhBUlLx8/z4sF39HyXqkeutNb0aJOLfsTGBS6Hoz1cHwgZg9QvnSn0qeYvGY=,iv:NcJNQipM+3GzuV/NcJuBEZbTbF1umoUzi478c78RW2E=,tag:CI/CqprgDTgMH7YIy9A+Dg==,type:str]", + "lastmodified": "2025-10-20T07:45:01Z", + "mac": "ENC[AES256_GCM,data:oOajJTjndfpHDJcnfWaGrVjtAEygioIVeVTVOuQFg2CUVNO6Zg5CCEIWeEvhB/LiyvtDDUa9ADuWL4OYYvYEIp8+FIWucISUWLtKBW2yNWGwvqQ+AnE3tLb0t9pcJBaqRZlNbo1JXrCxCE2jHq9nqXLB4EDRTWcUH4Wmjr34+0M=,iv:f9e4VEJoOUfvuHKPz7z1yP8AWqPBy7Er3bwXxwKjLnw=,tag:PWFiLwFlH6LAFARh/glDxA==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } From 09a17c4d30b1b0adb3fc8b07bde7acef13750314 Mon Sep 17 00:00:00 2001 From: chris Date: Tue, 21 Oct 2025 14:17:34 +0000 Subject: [PATCH 8/8] . --- clan.nix | 127 +++++++++++++++++++++++++++++++++++++++++++++++------ flake.lock | 24 +++++----- 2 files changed, 125 insertions(+), 26 deletions(-) diff --git a/clan.nix b/clan.nix index 2f4d463..611a4d1 100644 --- a/clan.nix +++ b/clan.nix @@ -11,28 +11,24 @@ description = "Management node 1"; machineClass = "nixos"; tags = [ "cloud:amarth" "region:oss" "nodeType:management" "criticallity:critical" "" ]; - # deploy.targetHost = "root@192.168.1.223"; }; c1 = { name = "compute-1"; description = "Compute node 1"; machineClass = "nixos"; tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; - # deploy.targetHost = "root@192.168.1.224"; }; c2 = { name = "compute-2"; description = "Compute node 2"; machineClass = "nixos"; tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; - # deploy.targetHost = "root@192.168.1.225"; }; c3 = { name = "compute-3"; description = "Compute node 3"; machineClass = "nixos"; tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; - # deploy.targetHost = "root@192.168.1.226"; }; }; @@ -59,6 +55,28 @@ roles.peer.tags.all = { }; }; + # certificates = { + # module = { + # name = "certificates"; + # input = "clan-core"; + # }; + + # roles.ca = { + # settings = { + # tlds = [ "amarth.local" "amarth.cloud" ]; + # acmeEmail = "info@amarth.cloud"; + # }; + + # machines.m1 = {}; + # }; + + # roles.default = { + # settings.acmeEmail = "info@amarth.cloud"; + + # tags.all = {}; + # }; + # }; + zitadel = { module = { name = "zitadel"; @@ -66,10 +84,11 @@ }; roles.controller = { - machines."m1" = {}; + machines.m1 = {}; settings = { hostName = "auth.amarth.cloud"; displayName = "Amarth"; + emergencyAccessPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE+TFkjJ8p8fMOddvg/waKAjKJ6DRvvouj1MdXc1Taj"; }; }; }; @@ -80,10 +99,77 @@ input = "amarth-services"; }; - roles.server.machines."c1" = {}; + roles.server.machines.c1 = { + settings = { + crossplane = { + enable = true; - roles.agent.machines."c2" = {}; - roles.agent.machines."c3" = {}; + resources.composite = [ + ./resources/composite/app/definition.yml + ./resources/composite/app/function.yml + ./resources/composite/app/composite.yml + + { + apiVersion = "example.crossplane.io/v1"; + kind = "App"; + metadata = { namespace = "default"; name = "example-app"; }; + spec.image = "nginx"; + } + + # { + # apiVersion = "v1"; + # kind = "CompositeResourceDefinition"; + # metadata.name = "container.resources.amarth.cloud"; + + # spec = { + # scope = "Namespaced"; + # group = "resources.amarth.cloud"; + # names = { kind = "Container"; plural = "containers"; }; + + # versions = [ + # { + # name = "v1"; + # served = true; + # referenceable = true; + + # schema.openAPIV3Schema = { + # type = "object"; + # properties = { + # spec = { + # type = "object"; + # properties.image = { type = "string"; description = "OCI container image"; }; + # required = [ "image" ]; + # }; + + # status = { + # type = "object"; + # properties = { + # replicas = { type = "integer"; description = "How many instances of the image to spin up"; }; + # address = { type = "string"; description = "The app's IP address"; }; + # }; + # }; + # }; + # }; + # } + # ]; + # }; + # } + + # { + # apiVersion = "pkg.crossplane.io/v1"; + # kind = "Function"; + # metadata.name = "crossplane-contrib-function-patch-and-transform"; + # spec.package = "xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2"; + # } + + + ]; + }; + }; + }; + + roles.agent.machines.c2 = {}; + roles.agent.machines.c3 = {}; }; customer-portal = { @@ -92,7 +178,7 @@ input = "amarth-services"; }; - roles.server.machines."m1" = {}; + roles.server.machines.m1 = {}; }; }; @@ -100,14 +186,27 @@ # machines/jon/configuration.nix will be automatically imported. # See: https://docs.clan.lol/guides/more-machines/#automatic-registration machines = { - # m1 = { config, pkgs, ... }: { - # environment.systemPackages = [ pkgs.asciinema ]; - - # nixpkgs.hostPlatform = "x86_64-linux"; - # }; m1 = { nixpkgs.hostPlatform = "x86_64-linux"; networking.domain = "amarth.local"; + + # security.acme.acceptTerms = true; + + # networking.firewall.allowedTCPPorts = [ 80 443 ]; + + # services.caddy = { + # enable = true; + + # virtualHosts = { + # "auth.amarth.cloud".extraConfig = '' + # reverse_proxy http://::1:9092 + # ''; + + # "amarth.cloud".extraConfig = '' + # reverse_proxy http://::1:8080 + # ''; + # }; + # }; }; c1 = { nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/flake.lock b/flake.lock index 96fe62e..6f6209b 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1758634522, - "narHash": "sha256-Y5J+yCAbNZnPhrCvrTjhGUTD5amONxH/R/MGqwm0uIc=", + "lastModified": 1760537258, + "narHash": "sha256-aWhDQjVsMQz15JMgKOX3Q9Bmau8bGQIi2OVTvYj107w=", "ref": "refs/heads/main", - "rev": "e7b0307690730781d9908cf3a48b9081b9ffe87c", - "revCount": 23, + "rev": "c485a0ac1ac0a4c4a0614682466f3cbf2fc66728", + "revCount": 66, "type": "git", "url": "https://git.amarth.cloud/amarth/customer-portal" }, @@ -29,11 +29,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1758657712, - "narHash": "sha256-j1jbJ0PD1k4FQoHSmbzAteF1euLc1ChAIDyOsJc4Qns=", + "lastModified": 1760969527, + "narHash": "sha256-rDn5MwQpKUf9AE2xgpbDXkqwbPnxp7ZkGy3sYviPwyg=", "ref": "refs/heads/main", - "rev": "ad2b96180f00d45e4319d1595b948bba38e3915a", - "revCount": 45, + "rev": "d911f4d9c14d705feb7a95aa24668f42a977c1ef", + "revCount": 117, "type": "git", "url": "https://git.amarth.cloud/amarth/services" }, @@ -145,11 +145,11 @@ "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1758642849, - "narHash": "sha256-t6fn1DuP8acTIUJ6uQuNJojT4pjMcjC6aiEZRljiyQg=", - "rev": "3171512f30802ada403d47c9d7a19b5350aa5565", + "lastModified": 1758672338, + "narHash": "sha256-GuAaXGsvGD6jiFGeYxaq/Z7v7DkpyC28xRzQJ7hd7IA=", + "rev": "fde05adbd68f9a2f8374f576affa88c5073803d5", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/3171512f30802ada403d47c9d7a19b5350aa5565.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/fde05adbd68f9a2f8374f576affa88c5073803d5.tar.gz" }, "original": { "type": "tarball",