diff --git a/clan.nix b/clan.nix index 27c5716..611a4d1 100644 --- a/clan.nix +++ b/clan.nix @@ -11,28 +11,24 @@ description = "Management node 1"; machineClass = "nixos"; tags = [ "cloud:amarth" "region:oss" "nodeType:management" "criticallity:critical" "" ]; - # deploy.targetHost = "root@192.168.1.223"; }; c1 = { name = "compute-1"; description = "Compute node 1"; machineClass = "nixos"; tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; - # deploy.targetHost = "root@192.168.1.224"; }; c2 = { name = "compute-2"; description = "Compute node 2"; machineClass = "nixos"; tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; - # deploy.targetHost = "root@192.168.1.225"; }; c3 = { name = "compute-3"; description = "Compute node 3"; machineClass = "nixos"; tags = [ "cloud:amarth" "region:oss" "nodeType:compute" "criticallity:medium" "" ]; - # deploy.targetHost = "root@192.168.1.226"; }; }; @@ -59,6 +55,28 @@ roles.peer.tags.all = { }; }; + # certificates = { + # module = { + # name = "certificates"; + # input = "clan-core"; + # }; + + # roles.ca = { + # settings = { + # tlds = [ "amarth.local" "amarth.cloud" ]; + # acmeEmail = "info@amarth.cloud"; + # }; + + # machines.m1 = {}; + # }; + + # roles.default = { + # settings.acmeEmail = "info@amarth.cloud"; + + # tags.all = {}; + # }; + # }; + zitadel = { module = { name = "zitadel"; @@ -66,10 +84,11 @@ }; roles.controller = { - machines."m1" = {}; + machines.m1 = {}; settings = { hostName = "auth.amarth.cloud"; displayName = "Amarth"; + emergencyAccessPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE+TFkjJ8p8fMOddvg/waKAjKJ6DRvvouj1MdXc1Taj"; }; }; }; @@ -80,10 +99,77 @@ input = "amarth-services"; }; - roles.server.machines."c1" = {}; + roles.server.machines.c1 = { + settings = { + crossplane = { + enable = true; - roles.agent.machines."c2" = {}; - roles.agent.machines."c3" = {}; + resources.composite = [ + ./resources/composite/app/definition.yml + ./resources/composite/app/function.yml + ./resources/composite/app/composite.yml + + { + apiVersion = "example.crossplane.io/v1"; + kind = "App"; + metadata = { namespace = "default"; name = "example-app"; }; + spec.image = "nginx"; + } + + # { + # apiVersion = "v1"; + # kind = "CompositeResourceDefinition"; + # metadata.name = "container.resources.amarth.cloud"; + + # spec = { + # scope = "Namespaced"; + # group = "resources.amarth.cloud"; + # names = { kind = "Container"; plural = "containers"; }; + + # versions = [ + # { + # name = "v1"; + # served = true; + # referenceable = true; + + # schema.openAPIV3Schema = { + # type = "object"; + # properties = { + # spec = { + # type = "object"; + # properties.image = { type = "string"; description = "OCI container image"; }; + # required = [ "image" ]; + # }; + + # status = { + # type = "object"; + # properties = { + # replicas = { type = "integer"; description = "How many instances of the image to spin up"; }; + # address = { type = "string"; description = "The app's IP address"; }; + # }; + # }; + # }; + # }; + # } + # ]; + # }; + # } + + # { + # apiVersion = "pkg.crossplane.io/v1"; + # kind = "Function"; + # metadata.name = "crossplane-contrib-function-patch-and-transform"; + # spec.package = "xpkg.crossplane.io/crossplane-contrib/function-patch-and-transform:v0.8.2"; + # } + + + ]; + }; + }; + }; + + roles.agent.machines.c2 = {}; + roles.agent.machines.c3 = {}; }; customer-portal = { @@ -92,7 +178,7 @@ input = "amarth-services"; }; - roles.server.machines."m1" = {}; + roles.server.machines.m1 = {}; }; }; @@ -103,6 +189,24 @@ m1 = { nixpkgs.hostPlatform = "x86_64-linux"; networking.domain = "amarth.local"; + + # security.acme.acceptTerms = true; + + # networking.firewall.allowedTCPPorts = [ 80 443 ]; + + # services.caddy = { + # enable = true; + + # virtualHosts = { + # "auth.amarth.cloud".extraConfig = '' + # reverse_proxy http://::1:9092 + # ''; + + # "amarth.cloud".extraConfig = '' + # reverse_proxy http://::1:8080 + # ''; + # }; + # }; }; c1 = { nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/flake.lock b/flake.lock index 3215096..6f6209b 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1758634522, - "narHash": "sha256-Y5J+yCAbNZnPhrCvrTjhGUTD5amONxH/R/MGqwm0uIc=", + "lastModified": 1760537258, + "narHash": "sha256-aWhDQjVsMQz15JMgKOX3Q9Bmau8bGQIi2OVTvYj107w=", "ref": "refs/heads/main", - "rev": "e7b0307690730781d9908cf3a48b9081b9ffe87c", - "revCount": 23, + "rev": "c485a0ac1ac0a4c4a0614682466f3cbf2fc66728", + "revCount": 66, "type": "git", "url": "https://git.amarth.cloud/amarth/customer-portal" }, @@ -29,11 +29,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1758734637, - "narHash": "sha256-L8aSzKDCFPTOY+3JnaiPFv4ytk80/YcHCp823zOPv3w=", + "lastModified": 1760969527, + "narHash": "sha256-rDn5MwQpKUf9AE2xgpbDXkqwbPnxp7ZkGy3sYviPwyg=", "ref": "refs/heads/main", - "rev": "f98b30b904895b96b029458741c66213187e4598", - "revCount": 47, + "rev": "d911f4d9c14d705feb7a95aa24668f42a977c1ef", + "revCount": 117, "type": "git", "url": "https://git.amarth.cloud/amarth/services" }, @@ -145,11 +145,11 @@ "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1758642849, - "narHash": "sha256-t6fn1DuP8acTIUJ6uQuNJojT4pjMcjC6aiEZRljiyQg=", - "rev": "3171512f30802ada403d47c9d7a19b5350aa5565", + "lastModified": 1758672338, + "narHash": "sha256-GuAaXGsvGD6jiFGeYxaq/Z7v7DkpyC28xRzQJ7hd7IA=", + "rev": "fde05adbd68f9a2f8374f576affa88c5073803d5", "type": "tarball", - "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/3171512f30802ada403d47c9d7a19b5350aa5565.tar.gz" + "url": "https://git.clan.lol/api/v1/repos/clan/clan-core/archive/fde05adbd68f9a2f8374f576affa88c5073803d5.tar.gz" }, "original": { "type": "tarball", diff --git a/vars/per-machine/m1/step-intermediate-cert/intermediate.crt/value b/vars/per-machine/m1/step-intermediate-cert/intermediate.crt/value new file mode 100644 index 0000000..59870d1 --- /dev/null +++ b/vars/per-machine/m1/step-intermediate-cert/intermediate.crt/value @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBvTCCAWKgAwIBAgIQd7BR+E7FAGHQpzOSs1ad/jAKBggqhkjOPQQDAjAXMRUw +EwYDVQQDEwxDbGFuIFJvb3QgQ0EwHhcNMjUwOTI3MDA0OTA5WhcNMjYwOTI3MTI0 +OTA5WjAfMR0wGwYDVQQDExRDbGFuIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABK1ifI3+PdN5pdkFrpu5aYS5W+WleRXWl89iQUB8N5s+ +DMcTYoFK8sKyA8DPVx1nU8twzthKcVchEKaWI1TxH7+jgYcwgYQwDgYDVR0PAQH/ +BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJIc3NZnq7rEykEX +FJTAyCQn9F2BMB8GA1UdIwQYMBaAFPuaLAFJLYB6FAvVnaDQ6r5XtW0PMB4GA1Ud +HgEB/wQUMBKgEDAOggxhbWFydGgubG9jYWwwCgYIKoZIzj0EAwIDSQAwRgIhAPHF +Hzvg04opKFVhOqybl8ZUCY9fByKG5oIiZ4Fk9Az+AiEA7Qmjik3LjokUiLt/GZcs +j7w+b5KeioRSpvRHhqzg3Lc= +-----END CERTIFICATE----- diff --git a/vars/per-machine/m1/step-intermediate-key/intermediate.key/machines/m1 b/vars/per-machine/m1/step-intermediate-key/intermediate.key/machines/m1 new file mode 120000 index 0000000..9be3644 --- /dev/null +++ b/vars/per-machine/m1/step-intermediate-key/intermediate.key/machines/m1 @@ -0,0 +1 @@ +../../../../../../sops/machines/m1 \ No newline at end of file diff --git a/vars/per-machine/m1/step-intermediate-key/intermediate.key/secret b/vars/per-machine/m1/step-intermediate-key/intermediate.key/secret new file mode 100644 index 0000000..339a3dd --- /dev/null +++ b/vars/per-machine/m1/step-intermediate-key/intermediate.key/secret @@ -0,0 +1,19 @@ +{ + "data": "ENC[AES256_GCM,data:S3lcB/4IuNeXb7Knt+OUqRRGOyft1mZ/HdsM/mag4yrzBgsetVHj5kQnYMwvCfWFmzbwXpI8e3Y41YFGiLp4kjyYCTwhumUPpzchGUP0fRCcrzUzEkNOS/V4oYDWEoQW8weP18L1bMfVz/TH9aNNMuWmDGHmi2cPyM7stDMaqxy7W0B41stUPeXIuALTxFAkLgAChDhrep77Pz/qEfZovTBFW5cKKJF6U6Zj9oV7JSx9gC3sfGgUwtUo+Aavh/D3EepbRvuuAONcYWzrR1bWbweY/Ymhcm8HUZcrCIpihZMJTDk=,iv:Rau4XG40LjOGtmdC9QHsvAHYxSRw959HRk2w3mHdXVY=,tag:JkqsHiylvCmADemuhGQ0vQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1fhp67dkmewwv8murjd8274svktl6zhfm8cgy8tx3mf265kgnn9yqa6kftt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKeE5xZU5jNis3N3FDVDRy\nY3ZsdW5wa2lqc1NBNFFpWUxIM3VQSFdKQ2pNClVZaVJjdFJJTGJFSllhYUJMQ28x\nSk9YZ3BpU1c4K0JRVEQ3R0hJUEVYVTQKLS0tIDlPd1RpZStRLzZ3bTJVT0JNajRH\nMkVJalBVOGxJTlBNdWtrOHUyeVFmTjgK0GzZMQf0/b8sv3ldIH8LNYn9YhFEw92o\nfn5bnCOOdCC7AgA7jHpP3DKmQOHjCse7FNJu+S0BqSU4bwu8U5mz4A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUVnNhdGJZN3hxbHdWczNm\nRktwbEIvb1pvSXNFZGhXelRLSkgyUDUzMVFJCjg0bmF0OWpVU1ZZWVd3SWR6aFlu\nUGlxcGNCQWd0RDkzRHdCSjVQa2FncXcKLS0tIHkxVDhEM3BjNGx6QnRYQ2ZsSitR\nZEtlUWMxZTJSbjd1RzRBejlySEN5MkEKevtIa3/V5rX803YUfYHv/cVAkykrqbXc\no+6GeW4GWN+pgcBfs0mNxsHOIkaz9n0sFrDgh58DJ9Agg1pZ8HKmzw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-27T12:49:07Z", + "mac": "ENC[AES256_GCM,data:nD+IE1+r36g7a5jm+PCarhpnTLHS8VokKC33/f6kvML3f75+uqeG7KkFs/XWR5LXGrcBHHuU+hZ7NUw+K16D+DgcbDmzDKjr3TKZSMVyZAw6HxhtN6qAQzqePEk1WtxCwn30kecLsGe0vj0SQzieAoy6larzwJr9ZLtpI634RAY=,iv:6JXoWAq7A4KniBvP3exp+O1CHDuMXh19oMMmqgNmt0o=,tag:C9Sv5v7HuI42ViQG81thkw==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/m1/step-intermediate-key/intermediate.key/users/chris b/vars/per-machine/m1/step-intermediate-key/intermediate.key/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/m1/step-intermediate-key/intermediate.key/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/emailPassword/secret b/vars/per-machine/m1/zitadel/emailPassword/secret new file mode 100644 index 0000000..ebf7c7a --- /dev/null +++ b/vars/per-machine/m1/zitadel/emailPassword/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:WTStH0KBcJLTv46t7ApbgNQcEQM1NUYb8zVrwgFrbhw=,iv:Y+Aq5t/SVhr8AIy36TTXfWGckkc0xCuAbN59xhwrFF8=,tag:CdsSwdln7WoM0pLI/NYiSA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6N01ydzJTb3ZmSnVTTVFo\nRXdRTDlyS3Q1cEJOUi9zYnkvbVloVGMyZEhjCjJCNHZuZ2E4ZGJuekZjemhIay9Z\nUUFNRDhsZHluLzhqWmdhK3l2eXd3b0EKLS0tIDc2eWVjUCtQMndpRGZiQXpFbmgw\nWFh2OXZGbzl5aXZ5U3RxT3dGMEZiazQKbmV+VcU4f0U7r8rqHmUC0QHZSsBMC6cZ\nDtoYU7L64QLQo2rnXUrVnxgTkj+htXQIjSeJ1ctMB5atgusvQkxBkw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-20T07:45:01Z", + "mac": "ENC[AES256_GCM,data:oOajJTjndfpHDJcnfWaGrVjtAEygioIVeVTVOuQFg2CUVNO6Zg5CCEIWeEvhB/LiyvtDDUa9ADuWL4OYYvYEIp8+FIWucISUWLtKBW2yNWGwvqQ+AnE3tLb0t9pcJBaqRZlNbo1JXrCxCE2jHq9nqXLB4EDRTWcUH4Wmjr34+0M=,iv:f9e4VEJoOUfvuHKPz7z1yP8AWqPBy7Er3bwXxwKjLnw=,tag:PWFiLwFlH6LAFARh/glDxA==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/m1/zitadel/emailPassword/users/chris b/vars/per-machine/m1/zitadel/emailPassword/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/m1/zitadel/emailPassword/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/secret b/vars/per-machine/m1/zitadel/initialAdminPassword/secret new file mode 100644 index 0000000..84434d3 --- /dev/null +++ b/vars/per-machine/m1/zitadel/initialAdminPassword/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:zaPb640sx4RiOmNjQUAe/b76wnXpJcaoXjEZcRfVezGw9X8btRI267n3UQlrnk9gFdVa,iv:eMKPcw2AGqcAW47zPpD18lemBKm9IUGBIUIXPHrFt9o=,tag:VgKjbom3P6uNb9G3uxhwoA==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVkRVbjgrY0ROeUVhdEQ2\nVEoyYnIramFYTFZ0TEtJRlg1ZDRId3RnUW5nCmlsTDJnUlFaanU2WEFKK3Z6aGM0\nNFhSNnBsanpVdDZld3ZpUmhaUTJjOUkKLS0tIDJDQktML3cyUXN5ak94T2tBa1RV\neDVFeDdrNlo1aXRYK2Qxa1B0SlhkTEEKtiROFuFgZL+a6ilt0x3e6eO0z1Dwp1oS\nYhABmnWc2UI2d4Ku7xeUaUlz/oWpch5m5K+fuJt2imfWfD1z62/XOA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-10-20T07:44:09Z", + "mac": "ENC[AES256_GCM,data:FWoPeR7xCXdtOvyXn4K0wAnu7luq5jbBIKnDGeDD9bz8A0xll4MwNH75LLisZraXQucedb2V5pq1RQRRqairs+5M166m7k2tmD+Ao2V0UvnU/WVGJ4Ug3iUJ7BIp2cRFhqmAZ2Dhk1lhT2bHNttjKKcz7bp3kamQ996ROALbMRM=,iv:euKutSpWFyeJj02WFNJiGQvCR0S6gyeLbXKR1yDcCe0=,tag:6YDqOJKucdFasDG15+y9uQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/users/chris b/vars/per-machine/m1/zitadel/initialAdminPassword/users/chris new file mode 120000 index 0000000..91b7741 --- /dev/null +++ b/vars/per-machine/m1/zitadel/initialAdminPassword/users/chris @@ -0,0 +1 @@ +../../../../../../sops/users/chris \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/initialAdminPassword/value b/vars/per-machine/m1/zitadel/initialAdminPassword/value index a3b44e9..ac7cc27 100644 --- a/vars/per-machine/m1/zitadel/initialAdminPassword/value +++ b/vars/per-machine/m1/zitadel/initialAdminPassword/value @@ -1 +1 @@ -aah2eire3Uth3eo8jui7oogh7Si8esah1oL0feito2QuieW7ox +aah2eire3Uth3eo8jui7oogh7Si8esah1oL0feito2QuieW7ox \ No newline at end of file diff --git a/vars/per-machine/m1/zitadel/masterKey/secret b/vars/per-machine/m1/zitadel/masterKey/secret index 4806d18..8db13bc 100644 --- a/vars/per-machine/m1/zitadel/masterKey/secret +++ b/vars/per-machine/m1/zitadel/masterKey/secret @@ -1,18 +1,18 @@ { - "data": "ENC[AES256_GCM,data:84DxM80CE5ytsU8uK93R68/NAVyMUuI569YrMkvNvCM=,iv:p97QNFe2Djrqe8NaZX/jrdukoAucgxUxhNbKzQgJ62M=,tag:UJ8xGIdINgLn1b5Uo3B4aQ==,type:str]", + "data": "ENC[AES256_GCM,data:cugXqfJ8L8vKNMmmm05s5TI1Li7mJ8VGab3T+244iiQ=,iv:RTRhY79qFD9F3S9jpaZXBIJL3P2Sk9NAdW5BFNA5b84=,tag:oytcs+C3H9RfT1r1rbm3kQ==,type:str]", "sops": { "age": [ { "recipient": "age1fhp67dkmewwv8murjd8274svktl6zhfm8cgy8tx3mf265kgnn9yqa6kftt", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLRkQ1WjhEQTBQK2pJN0hj\nS2RCZEVYQ01vL3c1TGVoR3A0aENiR09seDE4ClBrckVhWjhmZnN3U0kzY1luaEpn\nVnFQYkd3bVBIa3BxWC91NzB4M0hoeFEKLS0tIHM1TnBCcGtFai9jMTdBWFdqU2Rh\nbk9IQ29WL0Z0ZTlIcWFQNGtINWNEQzAKogUWaIkKoNnmeFxkUFQoHW78m6I3eiG4\nn4LQojHwAfno+mZeOdVDcsVEo6SmWZqZFIEDWB0PoA6xD/FvlrNdoQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPYkVIOWoyamp5bElrMUhM\ncHZzNEJDVXJWWWxoeVhZLyt5N0hLR0ZWZncwCkRqTEZybmMwZk1UeWdSbXF2TzY3\ncVZEdFIxcDA5NnBHc0VpcnRPZUhoRlkKLS0tIHlTdW9hQjdXK2treGtMTVY1WjBv\neE9TNVRtNDViOVlxUjdtaktNMGRnbWsKhccgVbSVHVdYGiy01iuTAht9Ql5UnQ7w\nDPsgb+i9w/1nFxiRU0ihC+6RuP/ZfZDoYP0IfyTB1+j5vyttwk1vZA==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTGF3M1doU2tIWldINDdF\nSE44a0FNbFVhMzRMSVM2dmRhVXNRMWRoK1Q0ClVyQkZRazUxcmM4cjUvSzdDTFBl\nc2JmSkNjYmZhVXNacnNHY1UrRXQ4UHMKLS0tIGx3Nnp5R2VQYTdad1NOMzFzTHpn\naGpuL3dLUjVBU1JIWTYxeFhCdVdLK3cKk2gjg7o+DJnJD0GY3WoV9zBfvOWUQ02e\ns95E3BPabWyK3qjcdxQhvgEqlAlMA4DV9v8D6UHXelJnPr6zUN04og==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxcFRlazJoZzJvYWc5Q0do\nZDNjRGNhQ2gxVUFDQnpLN0FMWk43OUxLVVdVCi9sV3lNVmNJRUpuS2NzZjJDTGlD\nQ0IreEhSRVI3TWpMTk00MVh0L0Fwb1UKLS0tIHhxRDJWeURYSEdOa3hUU3hUMnlV\nQVdYNEJQZU5qWjVBSDBBc3FwbzFwbG8Krw64d1IVO6Ouy6IlZyrscT/j0HSsff3v\nVCtvyTB3m8qi/Qd9yzvUvecqAKB/pAnHTzZlvX0qiGomljp3bgJ6Dw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2025-09-18T13:51:19Z", - "mac": "ENC[AES256_GCM,data:iSfQZniN3T3at+/DxU3ZpkwxC78dUsCTL2pqgKaRUbNf6aPi7vaOojnpmQE28q5XXZhbGgDam/jogj9iJJjRQ95l7UktQW6fEQ4xej1ynIA+EkRYYSUYD9QR80skvQ79uBIwvaNKez2px0ylSR06VVd6QeMWbtrLv+HS9x7Omu0=,iv:akBnFMIuuG7pbPd7UHTEwsgmuODnECytr6M1S2bYFQk=,tag:7+x3iZoJDepfFeaND2fWKA==,type:str]", + "lastmodified": "2025-10-20T07:44:10Z", + "mac": "ENC[AES256_GCM,data:x3+ZiU+Jj3fb9UMMZ62vpOJdSSc1B4FSpPVn83b4eczwdQfV/e0wSpZg+sN+FMl3lBkrAn/bDROUVp2rxEjHt2ZOqXEasj/t6u2RHqHhrJ0XfdTwY9pJWE+P2RjX7YJ83gzzHqngubP/TUeghK7N0ewZsicSrRTHmTn2OxRQS3g=,iv:X0D058qIEFue/G1W47spssNhiGoX2U0FouE1RyElL2w=,tag:cBzs7pqR5rZy91eXn71+Dw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.10.2" } diff --git a/vars/shared/step-ca/ca.crt/value b/vars/shared/step-ca/ca.crt/value new file mode 100644 index 0000000..a1d169f --- /dev/null +++ b/vars/shared/step-ca/ca.crt/value @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBcjCCARegAwIBAgIQUR8nSJFMi7Lto1C3aYvQKDAKBggqhkjOPQQDAjAXMRUw +EwYDVQQDEwxDbGFuIFJvb3QgQ0EwHhcNMjUwOTI3MDA0OTAzWhcNMjYwOTI3MTI0 +OTAzWjAXMRUwEwYDVQQDEwxDbGFuIFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjO +PQMBBwNCAASaMxTsuwxxCWyhqPxU112WyVKGon3kgk55efpVFaPqN8S+OOnSsnVY +YusgpULNB6vfXaqPH8alsuTouZb98Krho0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYD +VR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQU+5osAUktgHoUC9WdoNDqvle1bQ8w +CgYIKoZIzj0EAwIDSQAwRgIhAMORa8wEwfhdADa2oOup5mtGhQNPEDncagtjQHBo +5FVrAiEAyByQFFZPVkSc2YFI7lhRoIQaAxzBpM2djIn5JfQYqL8= +-----END CERTIFICATE----- diff --git a/vars/shared/step-ca/ca.key/secret b/vars/shared/step-ca/ca.key/secret new file mode 100644 index 0000000..bda4338 --- /dev/null +++ b/vars/shared/step-ca/ca.key/secret @@ -0,0 +1,15 @@ +{ + "data": "ENC[AES256_GCM,data:c9PTx0Xl11524ib8wyj2my+9oVrUL9GOT2pRXxt4St3fN+aLVfMrK7LnsmiIzS2dc6CfO8uLfq4Z6FKRT2rc7JDotffQ2JzkeS+INSDZVvqIlTxAKWjx9sT96TeKZ4iu6xD4crkFlEmK4hxudszmbQBdhgOrbZU4QqfYHcXbHLsGasUCYX7VnyaIXRhmomNr8MxC90cBZwtrOLEL18IncnzlPqkUfCfhYVbjE4ij/zZNY4U5NhAzv8WVFXQE+svTESFu4mKT9AY/d8IA7TeNGqpmRyvxo1Te2ki03l2YxjnvaLI=,iv:RM100508S98GBIvGNFZXQskMxPibG2hyvxD1eH/G6dA=,tag:Ncxd3JA7MwDx6YMS/97Cuw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1jmrmdw4kmjeu9d6z74r2unqt7wpgsx24vqejmdjretsnsn8g4drsl3m98w", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBINnpzTzQ2c3E3UmVzOVhi\na3lEVE1uN290bGtDS1B0Sk1NYVN6ZS9mTkZRCmVoR1ZZK1dsNGxIREFYcE1SL1dO\nTmZ2RTVidXJORlUrcHM5SWVtMW9uckEKLS0tIE1tNDZwaVRod0FFbkNQck1aamdR\ndEpOenpFOEE4V3NOdmFyQmdBdlBUQlEKoDmS94ocOlNlRbn12d+FwuhoVt5RxoZO\nGKSH3yj4PpToF9BLdQhe6kru5Timqf3HeTLX1od+ATang6/0ir320A==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-09-27T12:49:04Z", + "mac": "ENC[AES256_GCM,data:23DLUaQC0CwjVVe+7YV98VvaESYE4pc8D+2Bn0MoLtKh1u1M6YzyKQpvet+nTmwq4Kz8y+wfHdv5bvWbwku5rfhFOpQMmnwgaRn6wIuoYceOFwGH6pLqC4f76UglKbIjJ0BopjBHsVbJYqasGS+vDUvtTxYAUuXqYTVJCe+mO3k=,iv:LhvdDNN0XfsIdP89+EFAZdVGkCk4QWaQvTyA1DUTYnQ=,tag:kjDMP9qKsGtOSZ8kJg74CQ==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/vars/shared/step-ca/ca.key/users/chris b/vars/shared/step-ca/ca.key/users/chris new file mode 120000 index 0000000..6f0c267 --- /dev/null +++ b/vars/shared/step-ca/ca.key/users/chris @@ -0,0 +1 @@ +../../../../../sops/users/chris \ No newline at end of file