staging: Use a static ssh host key

This commit is contained in:
Tristan Daniël Maat 2023-12-29 16:10:00 +01:00
parent 4e5379eadd
commit 920e0eb28a
Signed by: tlater
GPG key ID: 49670FD774E43268
6 changed files with 92 additions and 31 deletions

View file

@ -1,7 +1,7 @@
keys:
- &tlater 535B61015823443941C744DD12264F6BBDFABA89
- &server_tlaternet 8a3737d48f1035fe6c3a0a8fd6a1976ca74c7f3b
- &server_staging 7762ec55a5727cabada621d961e53f94caa314e4
- &server_staging 2f5caa73e7ceea4fcc8d2881fde587e6737d2dbc
creation_rules:
- path_regex: keys/production.yaml

View file

@ -16,6 +16,17 @@
networkConfig.DHCP = "yes";
};
# Both so we have a predictable key for the staging env, as well as
# to have a static key for decrypting the sops secrets for the
# staging env.
services.openssh.hostKeys = lib.mkForce [
{
type = "rsa";
bits = 4096;
path = ../../keys/hosts/staging.key;
}
];
# # Set up VM settings to match real VPS
# virtualisation.memorySize = 3941;
# virtualisation.cores = 2;

View file

@ -1,28 +1,28 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBAAAAAABEAC32/CXnt4LDPdPZppQ0GcJAxVFHFu8SCl5WnU/PVPEnwgRkV8V
ZeyQN4qgT5LPWgPYyDyAqUHBUwRxvVcguw0fOlDBZ3nECKQxZ53OVlay7xfhgXO1
luNu657u5VYtxfLqx7lVHfY/TWp5DBOOEpOtoKfz031Zbg11+kdxW5eEg2ypCTvn
+MVQgRH9AQI+0+jegQ9On3X9UaVdc8etuY/F8BAEwLCCbYpLUEUXwOo4YLB36Kg3
P27q15Nl6g5P/oFEdS3fhHbh9636lJnxJcTTjAfJaDoQJ5rGDASiT8HJnkNWfrf/
yzLMOiy6fRRIz8HTXKeZNeRvCPu1uHaWYi0RprWMu1HZ0cLzr5N2lHKcWgL8En5b
fPyqldFfJBlY36L59F7hTk10QBgqFhibcXB44iK96jnYw6LgSuFkbfrJr7fx67JN
lM2Xi4WXvzkp3gboDxd2Xy3ChQrQXmXcVAl8XNs78f5AQh5MJP6iC7ayiIsHq4aH
rGVLhbncfKpw4OL9jVNTyRinwpvl5qibLAJbDA7arn8XqT6FT0KjeLa91jTFLHGn
9IkJol+L0/zYrpyiid5ZKNJMousxJoXymzRkeYllr+nLjKNLv0L3MCnsiPEZ23iL
y2/UZ6Vcjrs50L46VuiewCEaVbBp1H9Ps5eUa2YoJ65sfe7wnscXI8oOpQARAQAB
xsFNBAAAAAABEADFaVmT5Xt4+nCM2hZ+Zq7Uybg26TISSrpU/3nZ+qxZSC65mqfB
qWNR1kCpJpDvhwUhaTC2x00L/ckRoPcF60AqYR632owQ0AgyuG+xR0HJR5rpWzRs
cMINk1NOLQ4Vw9IaRykfx5YtKL3mPo8iLNQom6SkFG1hPqwoAzzWNLBLKMfKrDtW
uBnsbGLrkAB/2eJBw9xDmpMpLV5f2lJDA89RQYV8YQhe4TBL9B0WSSc9CqX9TP6m
30zY6jCWvfYL+Hi+YiR2K+dp9qXB55ViYcw8hRG99n5fSyZSB0hyttnIV76G0I27
McFueWu6LzZ/lMEJM8OeFVgyMJFMVXHCBxLYHLqlJvxk4tV43Jkl4IOn4gBgG2oS
7Sk1woz57UNug/AGcGAHL/YAbk+WcEut2RiwoTUEyQpRrP4QPnZivEkeTs0H4lf3
3SHW6snMdcCDkjO6VCo9DTsSpX8eNLj9hW8UMuUMsU3jLtV4L2TMoDnqRHO7icbC
r+3CIi/yA5EWry/AReOPTFY+etX3XrVUUdA/SJL/OXLB8QD2jW0XbVeaHLgdhlt5
UeDwSWDYHn4LXYr8SXa3YKC2OmIAU8yNInPCGizHPm8IZVG4zjzPNjM3BihxpZjj
IVajFe07INd8sM6RXE+YA0QTmEDoGW2QcltRyHdAPz5XVkRypbV5ONZLTQARAQAB
zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
AQgAFgUCAAAAAAkQYeU/lMqjFOQCGw8CGQEAAEKvEABZo9JRHnwrKr7UGmynctmF
aR+1KApeWrqahhobgfvMjJLfnUV7UDSeiuf3juoZC+L1d8LqEp0czcqU1YuGtjTT
Yk/4WDwc7G9MjHDgVXPZlQ/qxSYBFwowbUkfhj49UA4Np2PW3yLtoZnBHLz6tmaD
mTtdNjzEw+L0GQ9Wi2pQYSUV4I9URF/NH7NGmurNl8Y5SHb3rqFQ4CPGXk5UQYL5
s0ZdArwgWNH+ceC1Kq0baKu5WJINFfCIJbJajATBqgPy6FPEmhUdgt8awOp01oEc
zs2930sc6YY5GJVEGnxR/qBLTA5lANS1mpqHd9s4YF7jj8h/q8SV4iegTeKHrLox
v1bP+QzHquCn7BpO9V6GD/eaqBKfx6k6+HDb5YmKnBvBV/c3yJ6wiv1H32nauWs1
CgiJNYV+A/+YnWf0uPRqelAzT06JUtnSBZ0ppKLR68X3IKisXVNzW/3pM/ZWWfFM
uKHCoppH2iuStn2wPkdjJD4UHduAFyF1oj1jFwP9r+EuhhPH1qr40405jRdOR98P
RuPhrSkLBdWiUlNintDOyFzNbKXMZlreZeATeT5y/H+IF3CDvgAhBo7KqhfBfgUK
6P/1xk8DozTmlsKY/cOsK0aL47CJcg8LU6tHrxa8uP6qV2HbUD31WbCRr1eL8k2G
xszxEVPuKG8ckw58WpT4vA==
=kJ/7
-----END PGP PUBLIC KEY BLOCK-----
AQgAFgUCAAAAAAkQ/eWH5nN9LbwCGw8CGQEAAM6kEACsZmMOZd5qMOOJReo/cu5p
8JcXZ1c3wAUGm/Nw7xN68AGxHHWqUJqs5hGqICqSxnjtDD95H5tb9ahrEIxszfVd
fj/CR1XRu4Scu7MZ45u4q/whLIwe1vqROmL1G0bR52WVvaHjcS+2h3NlxauO8bld
uCwwQrCEBv86XjCZNtcVWEjqBffIfJQYAywyprqL3LGB5ypuW1tb/fnTZSd/1k9D
3LZ26FRvPd8XsBAZ5zSilpTdE9yhDPQb49VLP4iVwPkIjbw0us1KxlGJapU1nYfx
pX23F1f3tRGah/QOuZYa9J2dnr8A9FJQ+x616nrxnJ4DIRsS/mG+ES1HiVKa9u+2
ZHxXqRHY+eb2QYaWI25F4BYrADOMcDLHvNL4T8E21Nt7QJ0hUeTeMCROICoVOtF9
JNaHwD7AhOIwZHA28WNcrDoOpYmXXeRd+Vohvx5LO0loq/3dQdr5KMH/VGVP0VzK
YgPjh+z7HT66oMUz1fOeWtIqzLj7Un6rfodfq50OouDwhkAGseupDHnY2MBrfi6v
fexpttnBuOx5NSeuYYxkWK8cUfAFVFO5bFCb3MW1e2waaiceS1vq3dXiZx3l23Pr
qOs7Ahdz5P4/GZGjIDKNrdLid5tfBI12hxFOSuXoF7G9Ak24a77A9qks40NL6TMi
hK7IB8p3wuRzngwa0WY3QQ==
=6Ym/
-----END PGP PUBLIC KEY BLOCK-----

49
keys/hosts/staging.key Normal file
View file

@ -0,0 +1,49 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEAxWlZk+V7ePpwjNoWfmau1Mm4NukyEkq6VP952fqsWUguuZqnwalj
UdZAqSaQ74cFIWkwtsdNC/3JEaD3BetAKmEet9qMENAIMrhvsUdByUea6Vs0bHDCDZNTTi
0OFcPSGkcpH8eWLSi95j6PIizUKJukpBRtYT6sKAM81jSwSyjHyqw7VrgZ7Gxi65AAf9ni
QcPcQ5qTKS1eX9pSQwPPUUGFfGEIXuEwS/QdFkknPQql/Uz+pt9M2Oowlr32C/h4vmIkdi
vnafalweeVYmHMPIURvfZ+X0smUgdIcrbZyFe+htCNuzHBbnlrui82f5TBCTPDnhVYMjCR
TFVxwgcS2By6pSb8ZOLVeNyZJeCDp+IAYBtqEu0pNcKM+e1DboPwBnBgBy/2AG5PlnBLrd
kYsKE1BMkKUaz+ED52YrxJHk7NB+JX990h1urJzHXAg5IzulQqPQ07EqV/HjS4/YVvFDLl
DLFN4y7VeC9kzKA56kRzu4nGwq/twiIv8gORFq8vwEXjj0xWPnrV9161VFHQP0iS/zlywf
EA9o1tF21Xmhy4HYZbeVHg8Elg2B5+C12K/El2t2CgtjpiAFPMjSJzwhosxz5vCGVRuM48
zzYzNwYocaWY4yFWoxXtOyDXfLDOkVxPmANEE5hA6BltkHJbUch3QD8+V1ZEcqW1eTjWS0
0AAAdAO1rPtDtaz7QAAAAHc3NoLXJzYQAAAgEAxWlZk+V7ePpwjNoWfmau1Mm4NukyEkq6
VP952fqsWUguuZqnwaljUdZAqSaQ74cFIWkwtsdNC/3JEaD3BetAKmEet9qMENAIMrhvsU
dByUea6Vs0bHDCDZNTTi0OFcPSGkcpH8eWLSi95j6PIizUKJukpBRtYT6sKAM81jSwSyjH
yqw7VrgZ7Gxi65AAf9niQcPcQ5qTKS1eX9pSQwPPUUGFfGEIXuEwS/QdFkknPQql/Uz+pt
9M2Oowlr32C/h4vmIkdivnafalweeVYmHMPIURvfZ+X0smUgdIcrbZyFe+htCNuzHBbnlr
ui82f5TBCTPDnhVYMjCRTFVxwgcS2By6pSb8ZOLVeNyZJeCDp+IAYBtqEu0pNcKM+e1Dbo
PwBnBgBy/2AG5PlnBLrdkYsKE1BMkKUaz+ED52YrxJHk7NB+JX990h1urJzHXAg5IzulQq
PQ07EqV/HjS4/YVvFDLlDLFN4y7VeC9kzKA56kRzu4nGwq/twiIv8gORFq8vwEXjj0xWPn
rV9161VFHQP0iS/zlywfEA9o1tF21Xmhy4HYZbeVHg8Elg2B5+C12K/El2t2CgtjpiAFPM
jSJzwhosxz5vCGVRuM48zzYzNwYocaWY4yFWoxXtOyDXfLDOkVxPmANEE5hA6BltkHJbUc
h3QD8+V1ZEcqW1eTjWS00AAAADAQABAAACAFMv1CQK+U9e9UudYQotufGH+V0GQmfL3p4P
s+jDhZnv3WSwA44Lk4M6TjAZRMzysBpGqdTzwgdSD8cidcWkPvs8xsWBzjENgM7iwopJNT
Mcve4k1T/2+gbfdKTGPp+0T1ZscytlnuZzuyYJaaZkjph4EdZklzz5vHD2AE5hkIJzclF4
515hIOdsOvj5ywQVLA87ehdwzR92c0TgCncb5WJfwmDJwM2+hewTt6ga9nJ2CMFnDw4Bne
/wK75x2PttXnAXijbTxGX2Hh5KOLxm6rn79yB9/P2p/MFnOUPBwp72Pp6vxnHCAzlK6Dbi
S0xSwk9e5Uk5xFsN9URd4xx4f5scwxyk8RQCh/sMqn3JIOwodNwVjv+AWc3YNFR+aP+qXR
wggXSypKDbVIAp2+cGKCobktNBiM/fEPMHe20Ssn+SBclUSeAYMpjRrn8Kxwb2oSMASrsV
1ykyY+/j+Xb3jC2V+/XTV+5WtKt4SW4RV45g/+C65H+zy+56BoyPqJKyI8d3FB0dp/ICwo
zfrmo/X00XF77d3ZThLoapSnOVeaNIiFtG5Ia635gNUyr/81xNhOeX5NMBUHSqdxrtZfC2
PeuBcspWOg2tp/6UPjBppwrT3VnM/K27lqmDx9jPE4tMY4kl55KdSJ4uBr7H5Lu6w2zNnZ
zGYToWbhXNDHqm9PqPAAABAQCCBatZmvEyP+7+qBFkvU1t8nseupa/Lu6Va5qV9ZLvUI0Q
8nMYMZ/lMMB6TROyy9OJY59srkCjyF7COqNH6A/eo2XBCVdkAEBpUta8gzbLTtzRaDY+tH
64tzDJYTLPumfE1M2IfztVwVgJuwrz/t6eAtakXfjNRG8nKVlTI5UALRLIIqVK5ReDs5NU
7FbO5MwYtrsVHmpiXqNA8d1pZkjXNmU+I67DblPTCWraNnEC6mcIgau9n+mGuQjrHzpUqn
kbQF3GSJTwgJSlKhkNGLyH4qrFsK0yemCkxKtzi1fXy/iLKXUG2A1uovuugXwQZmV7nHRM
+oDKZz13CWk14kDtAAABAQD07kRtO22XTklTf3w/cC67aVj+Ltifl0bVwbsFgY9zu0F7yl
odYYfxV/rDn639V80JoAaTZ3lSuBvOwgtGWr298rwkkkV4CLKu7+bTLdS2L9YScKmKL8N+
FGoYgVCTZZxaUe49eUdLaUcjxYTPC5FWGFCztLG7uAvydIbTFKG6++j4poow6q2AwejC8f
ZiO2r0srZM1ouYW5j+6YCbLCKKcgJdZvZFBhDXyHwQXF5rCtB8htg6BgsTu3Fx6oZR3PXc
RoO5A2CmoZ3bUSAzUOH4g80yB6Fq0dvpFr1CtzzNCda5TLNS6ediLqlP62NEez+wduv+Rs
Xd+EhFect0lmETAAABAQDOVU7PqTLZFTxUx++JVFmdrd5FqTHwOrnEYWo8Hzx8X4RomIBg
kY4oIGLXsBfZINyWKOKjQqhfh+nRgsCR7OQ9IjeWh/0eRma6b9kjBQT4UKYvylBjchoVci
6DrxXWhwbRTCV2Vxpn/+Bx2JexUJx5oQ8yZ7a/H/w9J5GjgT3OR6d/ogzHr3FqdeAnvUle
PBlaCZUQxuI2ADmdWpzxwmCalAxrLQiUCdRtY6X8TWYi35DWvGgVU1nz5VWYRvI1/+pQdt
Qe9lP4uFNOpc05G7xcloEe+wE4aIqL4fLGVOrOqtHOps1W62Owk8iU7OFXw6Aoc4yjNWcj
SEsRv2HtGI4fAAAACnRsYXRlckB5dWk=
-----END OPENSSH PRIVATE KEY-----

View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFaVmT5Xt4+nCM2hZ+Zq7Uybg26TISSrpU/3nZ+qxZSC65mqfBqWNR1kCpJpDvhwUhaTC2x00L/ckRoPcF60AqYR632owQ0AgyuG+xR0HJR5rpWzRscMINk1NOLQ4Vw9IaRykfx5YtKL3mPo8iLNQom6SkFG1hPqwoAzzWNLBLKMfKrDtWuBnsbGLrkAB/2eJBw9xDmpMpLV5f2lJDA89RQYV8YQhe4TBL9B0WSSc9CqX9TP6m30zY6jCWvfYL+Hi+YiR2K+dp9qXB55ViYcw8hRG99n5fSyZSB0hyttnIV76G0I27McFueWu6LzZ/lMEJM8OeFVgyMJFMVXHCBxLYHLqlJvxk4tV43Jkl4IOn4gBgG2oS7Sk1woz57UNug/AGcGAHL/YAbk+WcEut2RiwoTUEyQpRrP4QPnZivEkeTs0H4lf33SHW6snMdcCDkjO6VCo9DTsSpX8eNLj9hW8UMuUMsU3jLtV4L2TMoDnqRHO7icbCr+3CIi/yA5EWry/AReOPTFY+etX3XrVUUdA/SJL/OXLB8QD2jW0XbVeaHLgdhlt5UeDwSWDYHn4LXYr8SXa3YKC2OmIAU8yNInPCGizHPm8IZVG4zjzPNjM3BihxpZjjIVajFe07INd8sM6RXE+YA0QTmEDoGW2QcltRyHdAPz5XVkRypbV5ONZLTQ== tlater@yui

View file

@ -1,5 +1,5 @@
gitea:
metrics-token: ENC[AES256_GCM,data:J4QdfI1wKyM=,iv:8fqCbftyhj90eIVFxjEp9RXKC1y1IaLnV1r2MOdY15M=,tag:8W/juv1OZh4hJco02qXO6g==,type:str]
forgejo:
metrics-token: ENC[AES256_GCM,data:fy+RsphQT9E=,iv:/7dvDv/VLZHceTijRXJ69ELna5PbyVDmW1rVS7hquZI=,tag:dL2OBUshmoQafyExrjJwWA==,type:str]
grafana:
adminPassword: ENC[AES256_GCM,data:dYfaxUpQpzA=,iv:j5wSem8C5+V4c5qRzXQJhsU7/FOtpvrnaEyFBmW6zJ4=,tag:oc8n3TkEbjF2gjuOobZuLA==,type:str]
secretKey: ENC[AES256_GCM,data:Atruvh2MsNY=,iv:y2MaCUCEzGIydHp6G0DJHfk289S1is0twKm2oUYwDhM=,tag:nAWeg+YqaYqk6k22oBkAhQ==,type:str]
@ -26,8 +26,8 @@ sops:
azure_kv: []
hc_vault: []
age: []
lastmodified: "2023-10-07T02:17:50Z"
mac: ENC[AES256_GCM,data:vZDq33YIn0Nf1FQ2+ySezox6igiw6zNFCu3l3kaIsBKo1797pohmAxj2Lcc+OmlBjj98khaBIlbQuA5ULM+uPN5ILaz3NuXD5PZtsV+rL2PsLNMW9FBSmJ0m0YQrt0nZ0tpzifn12XghcSK2IXv+FnxlfrAJCxDvr5tRm90uUwU=,iv:ct8CzIWjaoJ1UjZcdFSr8lZ626vA0RvM883V6H5plWc=,tag:waJNtp/UbRDOfyzNElrung==,type:str]
lastmodified: "2023-12-28T00:07:15Z"
mac: ENC[AES256_GCM,data:WRwC7ETtL5yUIgmNk+ktxtHTnDcS7dx07KAfgn8w8V/OAaNDaaTeNU99V2Sgk5emhlSr5PyHaAARpJk8SBYhmJZo/iIcG65yhsnv9D7/JFzBMjuoin3qIeGCZ2Yzagpospd1e1YB/cDATfPug3+iMxLysQSKBd5zRgeYPACZwMU=,iv:iSj+J239khh5PS5ZK6vqgHpD/SSJ+DYMeledOEXhcB0=,tag:UkK3/aoTBquY1cGlxjSGOQ==,type:str]
pgp:
- created_at: "2022-10-12T16:48:23Z"
enc: |
@ -65,4 +65,4 @@ sops:
-----END PGP MESSAGE-----
fp: 7762ec55a5727cabada621d961e53f94caa314e4
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1