From d09952fcd5ae3b73ea91f0f308527f70c0dc5c21 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sat, 18 Oct 2025 14:46:47 -0700 Subject: move keycloak and forgejo on rivendell I had to rekey all the secrets. Updated the documentation for both how to setup forgejo and keycloak. --- secrets/cloudflare-nginx.age | Bin 363 -> 363 bytes secrets/do/host-ed25519-key.age | Bin 611 -> 611 bytes secrets/do/wireguard.age | 12 ++++++------ secrets/forgejo-fastmail.age | Bin 339 -> 339 bytes secrets/keycloak-db-password.age | 12 ++++++------ secrets/nas_client.age | Bin 364 -> 364 bytes secrets/restic_gcs_credentials.age | Bin 2661 -> 2661 bytes secrets/restic_password.age | 14 ++++++-------- secrets/rivendell/wireguard.age | 12 ++++++------ secrets/secrets.nix | 4 ++-- secrets/ssh-remote-builder.age | 18 ++++++++---------- secrets/vm-synology/wireguard.age | 13 +++++++------ 12 files changed, 41 insertions(+), 44 deletions(-) (limited to 'secrets') diff --git a/secrets/cloudflare-nginx.age b/secrets/cloudflare-nginx.age index 6800d5b..3dca56c 100644 Binary files a/secrets/cloudflare-nginx.age and b/secrets/cloudflare-nginx.age differ diff --git a/secrets/do/host-ed25519-key.age b/secrets/do/host-ed25519-key.age index 69510ed..ef10a90 100644 Binary files a/secrets/do/host-ed25519-key.age and b/secrets/do/host-ed25519-key.age differ diff --git a/secrets/do/wireguard.age b/secrets/do/wireguard.age index e959862..19dfb0e 100644 --- a/secrets/do/wireguard.age +++ b/secrets/do/wireguard.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 pFjJaA iOwZlej6WOezWYg6Ny3rTKZ2sBeWI9i6EzUzyBvxqzY -VxAoCn7/jPLEl6CPrRlgRLKXRiPdtvUQ7uouC10O4xM --> ssh-ed25519 8Nmf6A zCM/oBDQYgMHShRN4Ot/VY230ojHuobZDoueu+3ITnQ -MtblJtdI6uHzHjIBudIFn1hrJDRa3lyM5HjXs1BJGnU ---- zn5OUqFqPe0iT1rkmy5CxZlURLb5ao8soPpTVo5jIFI -ܑ;f1ra NF@7B5.bxj{FKw!$jj#)I,ㆂ .L  \ No newline at end of file +-> ssh-ed25519 pFjJaA Y0Rjr5u2uGI790/JvO7VoQSxF2KpS67e3ff0s1pXj3A +7Lk30Dwsa9TfbxtEpZFWeDSRPRN66IXu2mFCWaXZIsA +-> ssh-ed25519 8Nmf6A n76CvLiAh4fjWtRx/DPRJUeazkUMxQ0Oc2qSGj0fDgk +D7ULUEBjuzmUTzIEC8bzet7SJMJC0cHYgQoil8Q3/3c +--- o9Qerf9m8XuzxQ1GzPZVumNlE4kBZzABb4PbriMXeNQ +̛%U/:"|X8(0S~zoO:4?Y?!H$ls~ \ No newline at end of file diff --git a/secrets/forgejo-fastmail.age b/secrets/forgejo-fastmail.age index bad24e6..ddb69f1 100644 Binary files a/secrets/forgejo-fastmail.age and b/secrets/forgejo-fastmail.age differ diff --git a/secrets/keycloak-db-password.age b/secrets/keycloak-db-password.age index 6ac0e85..21a1a7e 100644 --- a/secrets/keycloak-db-password.age +++ b/secrets/keycloak-db-password.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 pFjJaA cmAZbTltBmkWqUjWnr57vyxGl+5c96bxME0SS6w7ozs -7bu8taoNlffYBuhKAhQ4bid2fRs45IYKgIZmiJKX9xk --> ssh-ed25519 qRUWSw 3c8Lqxx5rVaUBG3J05ffcNHP7I4Rq4kEvKQQgC29nxE -R9EojU4XpWpBnTCWEF4p94SGGQ0TZwI8BBxRlg+/6hc ---- AK9ErFYwVcMqqejL/qAHVt7se+s9LSdiMBarumrwRZg -y\hGprO֭bb4A{`\.b){ m_ \ No newline at end of file +-> ssh-ed25519 pFjJaA u7eibDVH1zLVbZkW2/cJcKfHwUvSjAL41nhZ8lb/TF8 +fQ1C/6A7G2sOmS3YyORQ0tJgmgxSkZFdq+LmkJuLuh4 +-> ssh-ed25519 Y5h84Q ymkfeS/fq1BfAievpj2UstwWSSW+IRCqXfuPy8zX92Y +wSd280jyTsOOAxxkBhNrHQ6xfd/RjcIWH0QP9RtEJeY +--- RoXe7h0yyYK/QAdlKQp2ucIK2lsaxmb9tbxZ0DU61kw +k_Q``cQb)'IuCuNl6+^CZ2 \ No newline at end of file diff --git a/secrets/nas_client.age b/secrets/nas_client.age index 4118f9f..f24a6ed 100644 Binary files a/secrets/nas_client.age and b/secrets/nas_client.age differ diff --git a/secrets/restic_gcs_credentials.age b/secrets/restic_gcs_credentials.age index 0a7b689..101a7aa 100644 Binary files a/secrets/restic_gcs_credentials.age and b/secrets/restic_gcs_credentials.age differ diff --git a/secrets/restic_password.age b/secrets/restic_password.age index 9062156..8db89a5 100644 --- a/secrets/restic_password.age +++ b/secrets/restic_password.age @@ -1,9 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 pFjJaA FE3RMgUxVGFCI1wI6YBz1QbZS1MTgTfMlDdoWzOpKlc -sAA4/6VYI+q8xwo3DMDA/70t4Xf57hZmW6Itxi6relY --> ssh-ed25519 qRUWSw DbEKBuyCDRAdlTrytJx1UuCSbA82SStTM5V5YrvGkn8 -JX0393noMLYj6qUCDH4y686eOuPQPVIdK44sjw8ul9w ---- cVmK2XpBhsnM5qgHZjdR9PLnUpi5m0pj2a6zVbK2WZ4 -D8H=t&f} ssh-ed25519 pFjJaA 5KWfhxNk3FAF68Iry4yvyPIxF5AfDvPZUj4paHQGBQA +j/TPillAQNbuqvaudO2SRH+wRmJlcwwrW5cGKBHk3bw +-> ssh-ed25519 qRUWSw AHkeUh1rsr6ddoH9Z3g+mG6rmHPMIstn+Ln6dRr/eS8 +PsVdJkliyr0OhtLwmtnfzR1s8N+oMHpToGkq6l5UGPo +--- cf9ExBbs2M12iIrTMUengqVgLKJD00nhPaLVbCVGN4I +W!o˛&lTƁ&NğTv*s[ź bT+; \ No newline at end of file diff --git a/secrets/rivendell/wireguard.age b/secrets/rivendell/wireguard.age index cedc155..e9c7308 100644 --- a/secrets/rivendell/wireguard.age +++ b/secrets/rivendell/wireguard.age @@ -1,7 +1,7 @@ age-encryption.org/v1 --> ssh-ed25519 pFjJaA yX115u9bhmWSBuvkwd94kOuuz7I1jIViRfX6GqsNOGg -AF+GO3PXF2YUh/Q0HdrSgmwycrmWwEp+jJtk5sd+UY4 --> ssh-ed25519 Y5h84Q CvmWwsgwFJkdBpkMsb10/QjR1l5hBxAFs3mqsHjgjwY -XoXKK3JH6bdWfwKsaoLTK2rK4f3uuPOieLb/IwtV/Gc ---- mSxeIgzkrqgnyeUm52rvVRmaGLsqyIVv7dEBTXRNBSw -\jP[(GǸkhCA`1ztHvsM7-WPQvct^#l=Q\04 \ No newline at end of file +-> ssh-ed25519 pFjJaA ZTzkRZ66+yhHksE9WVFCkRVRgB45t0wNd2pUE66VmzA +7eggYsHXV9i4U+rU+gfWaW0TvwokmXBPNQSa3NebpFo +-> ssh-ed25519 Y5h84Q HuwiTMDWku0ZHKorfgksv0duG8zJL742AerQIvAPHms +Es4hk20knqHdQv2KZBDMFednDzd/Zvkr1RfqOPLfMyY +--- FrE5GOxQwCBJwXSzMJF5hgx04pmz54jAWun5YpEfD1Y +05mx >b毹OK'N!V<62@}S-)^N ?bUYE \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 72bd62c..658da54 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -12,11 +12,11 @@ in { "forgejo-fastmail.age".publicKeys = [ users.fcuny - hosts.vm-synology + hosts.rivendell ]; "keycloak-db-password.age".publicKeys = [ users.fcuny - hosts.vm-synology + hosts.rivendell ]; "cloudflare-nginx.age".publicKeys = [ users.fcuny diff --git a/secrets/ssh-remote-builder.age b/secrets/ssh-remote-builder.age index 14f343c..d10ac6d 100644 --- a/secrets/ssh-remote-builder.age +++ b/secrets/ssh-remote-builder.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 pFjJaA kz8dUf2Qkw+XSKBCp/0S8INQg+CEa3MXhzLfZfx3FHo -R7vbSTkDWLLQbiRoCZWIxirH2gfGkBUzYUQYVq4WoxM --> ssh-ed25519 qRUWSw e0S9joQotJ2yBHClnZNkajjV+fQ14K4cyH7MuUPZM0A -XppDbDmyLfQ0CjD0iGRovNjNLXDySQ0xuBtx7v2qnOA --> ssh-ed25519 E2Yu8Q kWHQZgcHT+cBPoT4AzFmeRg/5YOdbyhlkvss+XKdM30 -QcHvmCaiWJY8NGWSHoK02tJ0CAW5bowsar96r/tR67Q ---- vrFHpETvMrLdoebIcPdOUxcDf2gMnfUtjpYVeUmd000 -) -_d<3A6pe&B[pOӀ8dBúĆMfw_xy]U߮[V6WGw]m{}*X+|ޭJ^PݾB%c]2̚N*JLC]#`B= -5 HeTlnKkL׈.V;޵Uŋ%`59olD,0,Cyo -0ǫri =#3=1m)ݖ8lmFQ~p1>~ʒȏ{dDؼQZK IҜҐN '6)`rću^[lD-_v`$cߐt+N6~̡͎l !5yR{p[2&H2xu6xI2^*j2 \ No newline at end of file +-> ssh-ed25519 pFjJaA 84O2SPCUx+QVlQmLN7fdDmfgClYXHvYcUuKTQVIVaxY +eBnck8bhHN7xvpogTjciztNrgaiwfTrygF2R2LgmZ6Q +-> ssh-ed25519 qRUWSw oh0qeksN0bzOADFq79bzRFPHvgJIysWrKIin+aJonko +Cb052NA2jRTpmp7J4ubCGEn9NWdcHXQtDmZik5gCDm0 +-> ssh-ed25519 E2Yu8Q 0NCgJMvW+YFdKNWPvec05WRi63/adKvyrisyqW59JB0 +lE99gvBokfXkwKmluCtoy4hbh8Jk/k5WPDs0WHccYoM +--- 8d0KnB6sOB92oKS4jEDMsJ+q/R+kw7YSLOhLz1vKA2w +k)?OB6*C[?W꡻eր\Eɟ9&d2:w{vxZ#!n-Pq VMѣݝkr*x[dd0tz8(\/gW;6~}` i~ڥsWKތ?.㲹ʲTRBf+NJH )oX`(Bݗ 0MCx%ҕغ(ز;JLԾP-oƛ#tgAjR@{+\7߇= Id?Ԙ?4QB<٬'#[pc@ۧtb4 ssh-ed25519 pFjJaA 8sS1TpcBjcc0+Up15kXuS14b1iCmk4lxmkjWdxijTU4 -4AWYQoFymg+GUUOBQIzc2YWgX/p/VY45PA6aMFeTWqM --> ssh-ed25519 qRUWSw kfUXP5B9JRVccoqStdMkj81qYoEZOrVcLr2YTtnV6SE -hDAY3gXyfhYxKPZvIiXIJoqJOK+2qKzxmdXjjNVy48w ---- JvXubYcS99y0WWBD9T6ByQdawMAp9RoyV0kbE6ya4zQ -Q5Ժ w"j[oϐDS(L4@)XvOS܍˕ŊhJpVhߊ` \ No newline at end of file +-> ssh-ed25519 pFjJaA +fvsiaJMb18gU/QCaD9yHhOO+2XKznzOrYW2sX/NwE0 +iBLuUNGccw/rU294GUPW42LsK7x8tCLmD0Hlb9Jy1+E +-> ssh-ed25519 qRUWSw 6DQndWls6IHZCXuTBJDoEQ/M7Z1Ahr61oJviPP02Ln8 +18nr/YXPC1II3eV2Qdj5kSYPa+WeyXL3k6zJ9g10rl8 +--- KP/xhZkn1tNxbRanbGzryFXwEgdGj9UJWGWeYF0uuOA +]2`v >ջpgo9j +"yvBh.D:GW\]`G Stnx0ūa \ No newline at end of file -- cgit v1.2.3