From ee810527660bbf01518219a9acca6d9e71f49bf6 Mon Sep 17 00:00:00 2001 From: catvayor Date: Sat, 20 Apr 2024 00:40:44 +0200 Subject: [PATCH] fix(ups): Password is a secret --- .../vault01/secrets/eatonmon-password_file | 30 +++++++++++++++++++ machines/vault01/secrets/secrets.nix | 1 + machines/vault01/ups.nix | 8 ++--- 3 files changed, 33 insertions(+), 6 deletions(-) create mode 100644 machines/vault01/secrets/eatonmon-password_file diff --git a/machines/vault01/secrets/eatonmon-password_file b/machines/vault01/secrets/eatonmon-password_file new file mode 100644 index 0000000..7abadaf --- /dev/null +++ b/machines/vault01/secrets/eatonmon-password_file @@ -0,0 +1,30 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA Ja6ye8ABH4ueCSyJhFGU+TeN8RPVGSeV2IYFljvM7UI +FcvDIOBcKel4Y6DoMmmTuSCzp+3IrWEqhBO87l26dC8 +-> ssh-ed25519 QlRB9Q g8LVlo+1lgQU8zlCnMj5TjhGIlxiSvB0cDRkjVzY3i8 +gB5qfOtFKhZoOuAtsm3X5E5hHUCI6B3Byet7WnQMQRk +-> ssh-ed25519 r+nK/Q HKHlHM+cPfRkwWp3bc8A7fov+RT9C+9dvCpd4daHFmI +EJbSVhuPCwqfijFw4HumpFAg+q+2B4gh4pDHjCf+p94 +-> ssh-rsa krWCLQ +i6ZVdAWq5siE57dP4vz8JYXGO7QiAqQ3+MPSms5pkPktlgQKZGKk+A5S42lAh1K7 +vILNCuvzrQUO4jUNk9RhRnaDoMLBus0xqQtE5vwTbtqGI4P/M5IttyRQ5PuAHNgc +QSNDRetp0QvAcx9I9v0LxArxkGtBPUyICLKYYQcyttie4lfQbfu4jyjZ2Bqix8a4 +/jFQ2GZgfIdjxfV+45DU3TCwFx0mDnNzHXZsI7u4qul+Z9tm2fYcIeyXCFK+GLa3 +TUY46IeVElqDpBMIOQbnLXcivpbEQS8LAOvYSIAXUTNKs6WukXktLfo1Juc1YPcV +vSTcyV9EBV3DfcozPVdy9A +-> ssh-ed25519 /vwQcQ Obd9qr3rphOc9qK+nhSiR1j0Em1uv6OlKt/e76elEHs +PjjWoGeDiGVNyvPsQx7KvoO7hRL6wbgNN543tQp0+lQ +-> ssh-ed25519 0R97PA FPENiklw5FmKS0G0aqF4K8EEfzOSn+xiaDhb1jCm1l8 +fswVo+JUSjAK/6P9XTDCRox14AJ25C2H6dqFTqY+UWk +-> ssh-ed25519 JGx7Ng CdsdUVx536gu6qYWBJY1jC/zfvuR2vgtDtfI0MJ+mRc +zgDkkN+N0Ig8D02t7/jS7KxYXToDa45pX8GIb9/8ax0 +-> ssh-ed25519 5SY7Kg chOHq4oZGnaq9xRr2lzDBLI3ID90MC6aunlEWEBpgVw +ne/EgtRHYbCaiM8RyDJZMPheXhh2Z97zff/zs3oW+mE +-> ssh-ed25519 p/Mg4Q S3knEgzoT+1sgvAWAdx7sWwoaxlZY2DObgzAoQE/RDc +IXXxmzYKPvaNqFoJjs2278y4ZOfT3ErmZU3C0Fh7EC4 +-> ssh-ed25519 5rrg4g n1Yz6UWkAx9lJfnx7e2kZWIlZNRvvdl8llZpf4yo8AU +kcmQ7mklyqGHulC35JY4ZaF6HE+uAWUClA6SapffXeY +-> ssh-ed25519 +mFdtQ 8UW9TtBphutHIMr5Cq1rfMBo2h/VgIAL5YsH4FrCU0U +F+ouCDOo9SyuIomV2Qmgv0gBBKukgHNmqLCJWH3+hfA +--- fwMG1ZjFgN0FFKM0KgSoJR+Zttxkwz+GBKasO0EXBn4 ++G[Њe**B`jV@MIמ4yt|)^V)qI7>I%Rx/ _](]5ԝOBr xIM]|.nz oN;h% ." \ No newline at end of file diff --git a/machines/vault01/secrets/secrets.nix b/machines/vault01/secrets/secrets.nix index 58377cd..e7c10fb 100644 --- a/machines/vault01/secrets/secrets.nix +++ b/machines/vault01/secrets/secrets.nix @@ -9,4 +9,5 @@ lib.setDefault { inherit publicKeys; } [ "radius-dh_pem_file" "radius-key_pem_file" "radius-private_key_password_file" + "eatonmon-password_file" ] diff --git a/machines/vault01/ups.nix b/machines/vault01/ups.nix index f607eab..badda28 100644 --- a/machines/vault01/ups.nix +++ b/machines/vault01/ups.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: { power.ups = { enable = true; @@ -8,11 +8,7 @@ }; upsmon.enable = false; users."eatonMon" = { - passwordFile = - (pkgs.writeTextFile { - name = "pass"; - text = "YFEAee2%9PuPcEKf$7vW$3a&wdvNJME%UkP2Z~RVkk4ZaQHYW^"; - }).outPath; + passwordFile = config.age.secrets."eatonmon-password_file".path; upsmon = "primary"; }; upsmon.monitor."eaton" = {