From 778c5aac74c7205e61b09f42222f283eacae8777 Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Mon, 26 Aug 2024 00:57:23 +1000 Subject: [PATCH] chore(cardano-node): convert to using flake --- flake.nix | 2 +- hosts/airgead/default.nix | 2 +- outputs.nix | 2 + profiles/cardano-node.nix | 44 ++++++++++++++++----- secrets/cardano/cardano-kes.age | 61 ++++++++++++++++++++++++++++++ secrets/cardano/cardano-opcert.age | 41 ++++++++++++++++++++ secrets/cardano/cardano-vrf.age | 38 +++++++++++++++++++ secrets/secrets.nix | 3 ++ 8 files changed, 181 insertions(+), 12 deletions(-) create mode 100644 secrets/cardano/cardano-kes.age create mode 100644 secrets/cardano/cardano-opcert.age create mode 100644 secrets/cardano/cardano-vrf.age diff --git a/flake.nix b/flake.nix index a123a3e..4f23cf2 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ cardano-node.url = "github:input-output-hk/cardano-node/?ref=1.35.7"; colmena.url = github:zhaofengli/colmena/?ref=v0.4.0; daedalus.url = github:input-output-hk/daedalus/?ref=6.0.0; - iohkNix.url = "github:input-output-hk/iohk-nix/?ref=df1da282f996ec46b33379407df99613a1fbafdd"; + iohkNix.url = github:input-output-hk/iohk-nix/?ref=df1da282f996ec46b33379407df99613a1fbafdd; nix.url = "github:NixOS/nix/?ref=2.24.3"; nixpkgs.url = github:NixOS/nixpkgs/?ref=nixos-24.05; nixpkgsUnstable.url = github:NixOS/nixpkgs/?ref=nixos-unstable; diff --git a/hosts/airgead/default.nix b/hosts/airgead/default.nix index 5ed7eee..dc9f6e4 100644 --- a/hosts/airgead/default.nix +++ b/hosts/airgead/default.nix @@ -1,6 +1,7 @@ # NixOps configuration for airgead { config, + inputs, pkgs, lib, ... @@ -8,7 +9,6 @@ imports = [ ../../networks/linode.nix ../../profiles/cardano-node.nix - ../../secrets/airgead.nix ]; deployment.targetHost = "172.105.187.96"; diff --git a/outputs.nix b/outputs.nix index f395c7a..0d68ca4 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,5 +1,6 @@ { self, + cardano-node, colmena, daedalus, nix, @@ -40,6 +41,7 @@ in { airgead = { imports = [ hosts/airgead + cardano-node.nixosModules.cardano-node ragenix.nixosModules.default ]; }; diff --git a/profiles/cardano-node.nix b/profiles/cardano-node.nix index ec52b3a..174720c 100644 --- a/profiles/cardano-node.nix +++ b/profiles/cardano-node.nix @@ -1,19 +1,42 @@ # NixOps configuration for the hosts running a Cardano node { config, + inputs, pkgs, lib, - cardano-node, - iohkNix, ... }: let - cardanoNodeProject = import (cardano-node + "/nix") { - gitrev = cardano-node.rev; + cardanoNodeProject = import (inputs.cardano-node + "/nix") { + gitrev = inputs.cardano-node.rev; }; in { - imports = [../secrets/cardano/producers.nix "${cardano-node.cardano-node}/nix/nixos"]; + age.secrets = { + cardano-kes = { + file = ../secrets/cardano/cardano-kes.age; + path = "/run/keys/cardano-kes"; + owner = "cardano-node"; + group = "cardano-node"; + mode = "0600"; + }; + cardano-opcert = { + file = ../secrets/cardano/cardano-opcert.age; + path = "/run/keys/cardano-opcert"; + owner = "cardano-node"; + group = "cardano-node"; + mode = "0600"; + }; + cardano-vrf = { + file = ../secrets/cardano/cardano-vrf.age; + path = "/run/keys/cardano-vrf"; + owner = "cardano-node"; + group = "cardano-node"; + mode = "0600"; + }; + }; - environment.systemPackages = [cardanoNodeProject.cardano-cli]; + #imports = [../secrets/cardano/producers.nix]; + + environment.systemPackages = [inputs.cardano-node.packages.${pkgs.system}.cardano-cli]; services = { cardano-node = { @@ -21,8 +44,9 @@ in { environment = "mainnet"; hostAddr = "0.0.0.0"; nodeConfig = - iohkNix.cardanoLib.environments.mainnet.nodeConfig + inputs.cardano-node.environments.x86_64-linux.mainnet // { + Protocol = "Cardano"; hasPrometheus = ["127.0.0.1" 12798]; setupScribes = [ { @@ -33,9 +57,9 @@ in { ]; defaultScribes = [["JournalSK" "cardano"]]; }; - kesKey = "/run/keys/cardano-kes"; - vrfKey = "/run/keys/cardano-vrf"; - operationalCertificate = "/run/keys/cardano-opcert"; + kesKey = "${config.age.secrets.cardano-kes.path}"; + vrfKey = "${config.age.secrets.cardano-vrf.path}"; + operationalCertificate = "${config.age.secrets.cardano-opcert.path}"; }; }; diff --git a/secrets/cardano/cardano-kes.age b/secrets/cardano/cardano-kes.age new file mode 100644 index 0000000..ad43b47 --- /dev/null +++ b/secrets/cardano/cardano-kes.age @@ -0,0 +1,61 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBpMC84 +S09IcHB5aFVVb3pIRkhUbWNuRGRkbHlUUlZDTG5WakZFSENaVEJvCk1RUVhaNGpQ +SURDQ0YydStCcDg5OGl1NEYzYjJ2TWNHZTlHdUZRYURNb0UKLT4gc3NoLWVkMjU1 +MTkgSk00dDZBIEd4dEtMdXY1TnFNaWwwbDdURGlXNWJDb3V0SXYybURpdVZqM21n +STJmMU0KV1JaYmRXbjhoK1QvWXBEZzc5a09EMGhZZWhzb0tReGkxSW80aWFqb0ZN +MAotPiBzc2gtZWQyNTUxOSA5aEV5RFEgbVg5c1RqVHBOQUxreDg5c2pnNEJ2dzFD +ZkFiRnEvQUZ0dmFDdEhQOTN3WQp5cE0zOWE1cVhFR0czUitxa1ovOWtrayt5WG1z +Yk4vZGkzZTJoaUpNMEdnCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyBmYmQ1YTZQRmtu +bmtoalNXSFRrdUFRRVEzTHZ6YVh1Nlh2YWY2WE5Vam5VCkdtWGZWdnNRNDByL3Zh +QkpVMFNya1IwY1BkMWRlY0ovT21QN21yMVpTSWMKLT4gc3NoLWVkMjU1MTkgV2c5 +M3J3IHRKaWVuTUM1b0hoQ1ZkS29RWFVyQ3FDcXhUWWlEd0FBOGhwWnQ5a2Rqd2MK +WXF4ZmQvUU81Z0RnWTNIZFRUVTVJSkNHcDFOclUzSGxMMWpBMlpvLzZEWQotPiBz +c2gtZWQyNTUxOSBQeEt3alEgZVNudVB1UDBTd0FTVjB4andQWEJ0SXpsWUszR3dI +OFlmakh0NTZIemJrNAo4OE1lNlJpZ3NWVHdvSG8rK0laN3J3cGxKd2t5K1Jnb1lV +NmZCOGhFNE5jCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSA5TjdkL21wcmhTdE9Td2Z5 +c1FrdU1pVFRCNzMyKzIwYTNvNjBzZStoUTFnCkx5UjUwUzYyWm53dWg1ZDUrazNy +NUFLMlJwUWNhSVIwc2haenBmL0lQcU0KLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIEZG +cDZLTlA4cUxqR08xbCtDRldRZkNzK2c1Z1lBZGNvNTh3NjJwM2tpM2cKYlBTRDYz +aGlMMWxUV2MyOTVwMndBWTM0SDhKaTlTS0hsYm1kZUJNYnd3QQotPiBzc2gtZWQy +NTUxOSAwZHBkZ1EgWk9uTTM1TjdzWDZXODU3UUVZdGJ1d1c2eWNnOGRaaEowUDQ1 +clRGWkN5ZwpGd2RDYWtHYW1YTURmN1dNZEtCdFF4YWZjV1NhS0ZqdE01czYwcXkr +czRBCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBTd2pKTFptK01WZVhEQ0g2by81SlUz +MTc1eFE0T3g5TnhGKzIxbU5YRDFJCnJHWVNWV0dNUXFXaFdIRUZMVVdnbUI5TzV2 +WURGWXhMQmFYQUphMDluaGsKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IHhXUk9qTktH +NHJySXp3ZS9XVEFGUFU5VFM3OUN0NDZUOC9lY2NZbkV6d1EKVUhXQ1VEQVUralls +b1Job3BtK2JmSFZQTWZRb1hrMFc5aUNEczdZY3dRVQotPiBzc2gtZWQyNTUxOSB6 +RzMrMXcgUjlOcmg5cXVSdTlHVVJDZUE3THdjb1YybmZmSExCM2IvZ29lNVpNYi9R +MApjOEVmditLQXM0Zzd2WFRSeThBaEo4aEtnME5BQWJsYUxUUTZWSXlQREEwCi0+ +IFA1Y0w8LWdyZWFzZSAmQWogcixOK34Kc1cvRVpiandaUHAvMXJvSUZoVzZPaWpx +L1ozeTdKZkcKLS0tIGcxTi9hZVVuWDZxblg2TEFNSk5zTk00SmtmWUhKb2FHc3JV +aFMrdUFPTGsK0DCthsP/cg/SkY56up9zt7WqxzMtLvo4Bv3O+EMK2WknyR/g+QJx +QKKBkILmt07R+MpDBlHA1X8AOH5iT7tNNNplp2dztzFC6pRL/v2hBIVL+abqmAMj +pG9TEt+FISgd1PxTS55cHugUaC8LJNi7wa/4sBwTTI+Rnl4KHZBo5BiGUq61dX6j +fd6pZXSmptT4dBVV2ZETyBYoOqe74cPe5gVQfVMzXI4xnKRhe9va4qnmoEZV2YQD +MUl8JtRGVbeIPvQdM8fQjcaZNNw5rhYMMadJtuo5beqG1z+i+tAxJISBv+NU3rNv +FTaDPKXlP1UvsK+SgPFZYI6VMZiFo9ZoMYSYiirO6jHXOQutzo11qy0wzToQTpU8 +zRe9QbMzuhgGewQEfZYayQzTQa5yQDvCH1fTVqtcDeQVB1/xw9DpwLFDfV/kGN8o +T2KBv3d2hOqP74vNOoSMsBE9PxcB9hdKQ347mBueN9c245FuRH188+VV1wYG0CTD +ogd4zyt3NRT2HM06YiR5fNGo7kHLjoREPQFabiyKmpWIQ/Mpa3/fC7LaBZqQe1hS +fnhh3/STGv4kpAJN7iADrsqN/JDNAiAkTSWVHabu5zxPwOgRyQ4/HS3SpvhatNxG +TuNNiMKbn28rjaoRK2pepkw5RHbGLjtapiTqDF0uqoyQfPCL02NDToKprbuJYM7v +/4xhmREPA/FJWxMMDEGY+vvIlyYYHfaogipZpodT02+mjSLTeLIv7bTBFh+sD1M+ +el7T6bKhfZo8dXqoaFyhAj8b0yCwVMeGmDIfnJmPWTnHAHPvM7iX2Xd1Q0fshgN+ +BtU1GKIQs0g7W8JTcvtpZbxtB0phFQT0SJXdDoFbE1lQl13wcecy2QL7KHywG8/R +tSMKgSrhcb23BffId5a2xtLoYvr4EmxWHT8+4boWF0UwPArOLCH1kz2OiQb0/avC +Lm78KVqlIC0ck8dk6wDRUzGAFB4kQpsFEhfk+OHTQuhSzqFlo/AWsldNhosZF2SA +roOMZlfmabJPPPcidpnV+xbyzL7NWF5uPgJvVN4pDCcfow79g+QH2sztIjcFOLHt +5hZimXHm/0aVpxRbTKFOrEiDIthDK0QWZCxJCvl0BmeFrRzTtSNPUHlEEcVdcCFo +15kKS5BS4r4Ma7xD4Hdwn0DxjeWN69TGSrHJTNgCTiy9SG2roAp/gaB9aXHBTvRh +53kKFLNRe5yKuOeMIjH1Kbvh4G4nUoSKK0bFRbG6KUsDFh66g/OD84zQi53k2l/X +liGARABrqmmmuzUJEdfrV2EZuxj7xFAey8MBFGqdTn0ERugIPueJEM2znSkp6w+m +7fxx8JxL2B0oXLEZaV+N6jc9unBA/IhrczF3Mal1zVFx8GlrZyO+ZQmr9J1FkICc +BM6oxuMLb74J3O7gURSaSBBQJd3/bWukyGDZzSkhphiRwHQ+KAfbtEM18XknFiwZ +XG0bXNjMSGXMCDoo9z1YcD8DJRa07H4JoH2rElniTUVmussgi/k+thHojW2BURk1 +iNrtBqIbP0YWnqBsxE/UWX630qY15+OfkWW0fd+wUUtV5CYFOaLDp273VOhSYLPB +3YBFdZH0VE8YH/ZJy6Dn8xigX4EWHB1ZdslHWwyPPRMX0CWIJN0flXdnQhAtBhHe +J2an1vTb7K+H0149FP5R9pJLMZDZu+TEY972c3Td/v4A2hQkEPqLnKy5sXqajFDk +u9y25CR1i4oSVeZqI5M6cFeiVchmzeP3TPKV9duLpL8iw63uUi+hKzkxC/CCA000 +5RRvoN4+QaZnmkl3y2OuVbYVGdW1fK54 +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/cardano/cardano-opcert.age b/secrets/cardano/cardano-opcert.age new file mode 100644 index 0000000..b6856db --- /dev/null +++ b/secrets/cardano/cardano-opcert.age @@ -0,0 +1,41 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBxQWlJ +ejRsWG1HY2hHUDFoK1IrV1B6UUxSa2o2c3NiTTI1V2w5QmROR2hrCmI3OEV4cm4y +NlFVRm9BWjl6dTJkazY5bXIyRU56T3pLVnNkeDA5dXp5L0UKLT4gc3NoLWVkMjU1 +MTkgSk00dDZBIEJ5b1EwQ3RuUEZXNCt6LzJ0YW0zc040czBDbVhwdDhCSGZkVUZV +UnVjbjAKYXNnUzFUS1BCTVJvaEg1dDNRNFk3Z3IrL0pBM3BKZitpNUFzVUFnWk5K +MAotPiBzc2gtZWQyNTUxOSA5aEV5RFEgcmJKOTN6L3NaR1NzSnhFTlNGQTc1MFhn +VVI2WWdhekdvS3RNOVdmd1hDQQpLSFNwMWhZZzkrZVRqdU55QlZkd0pmSUl1WjVw +QlhhTHRvNDIyZzN4UDQwCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyB2c20yY3lWS1Zu +eDliNi9CWHZSaWxiUkFtR0tGaEZhaDcreWlnRG0zRTE4CnFtQ0tkUGxLKzhKNWhR +VFVhcHMvK2ZUVFpBV2FMdUx1NEpzcmRIMUIvU0UKLT4gc3NoLWVkMjU1MTkgV2c5 +M3J3IG42eUxQTW4va3BRbW1JbnhxWTA5NE8vazNUVzhzcEJ2SDhJYk85VGhqUjAK +Sk1LMXhSUXg0WmhnUVNKWDJyNTlCUFAxL3VpRWdkV3lqeXRwallKeU1hawotPiBz +c2gtZWQyNTUxOSBQeEt3alEgVzBFa3hjNjFYQjAvaHRZNk5qNE81OFRZLzdsUWRz +dDFNdjNXOVlXeStHUQp1Q3ZYMU45Vk84VENnYzlrWU81Uk5wTXlRaGZ2d1lwdGNN +NWQyNzdhQ0JrCi0+IHNzaC1lZDI1NTE5IEIzZFhTQSBCc1lDWEU1ajVENHpncURG +c3hERzBERStDN3BTZ1I2dEZNM3ExMDNSVjB3CkdGaGkrb1ozRjRpRmxBYmJleUN5 +ODlscXdzY09VM3pBNjluSHJ5Mk5WaFkKLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIHZW +MFYvY1hXa1YvcEU4OVlaRkdPU2dWMFJCMjdvekluV01RTDB2ZjdOVkEKYTNhaFJB +cHVpRGJXNCszTmxTVGw2c0lhM3BnNWREVDFJUTZKL2oxWnQ0WQotPiBzc2gtZWQy +NTUxOSAwZHBkZ1EgTHFuS0VvRjNrRVo4UHRLVzQ0QSswN1dUeDEvQUhTTVBNeC9C +em5kaEpSVQpQMGNxZ2xrRnpQTFZXMGVUeXhYZWEvTUdRSVZMSDhrOWpiZ0MvbVZk +VUF3Ci0+IHNzaC1lZDI1NTE5IHVsMGt4USBsZWsyNmhRRGdZVDVya0VtUFUzSU11 +bmdTU29CTmJrazl4REFMMGx4Q0JzClVtWUtJcUZ6V0lDODc5dFJDTHU0WklkT1Mr +ajMzaGtwNGRHM3FsQm1yaUEKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IHVJYnZrWnoz +WlJvWEkrVHFDSGhORC8rMWlsaUV0eTdoempCOG9yRDJ0RWMKMk5GY3FRWElYdXd0 +bVBCajA5YjNaREtLNTZLZ00yaWFPMDVwR2djWU1DZwotPiBzc2gtZWQyNTUxOSB6 +RzMrMXcgQW5iaHZJS3I5OVRHa3B4OXptQjdSbkUyRDRsNlVLVFd2WXBxVmpYeVlV +RQpONThJRU9vTHBUdWRpZTJ2UXRNL1RzNzU1cjVlMXN2RjNCeTVtcncyZ1BBCi0+ +IDxHLWdyZWFzZSBPX24yIHhCPF9WRzkgRjEkYSBOWDM4ClhTd1RGVUx4NVNCSFAr +a0RHL3lnYnNsUEp2MFFJeVJha0EKLS0tIHNVVlBNeTZESUppNW93ZmlvcmNTWFV3 +aFRhcFc4RCtzL2hOWCtabnU1K00K09y1sG6p0grkLk3YzDMSayhsnIyHVgTX7R7H +BxpIPqQXH9kvw6Bm5XkG10hmgSraLKfKN+tGceWGSZRj1AC/kicY6NmixppUpBRb +5ZrffqerYsgqPa7j2b/Cy/2ifmbT1/YfGhFHb3SImc7XeDZpvVxy4GJWDcUTkfu5 +3434k3ZHGTDAULEx47Vd0o+QLCCGBIXIAzOXpJifzPuc1jjxTv4+VI2COQdD3cw/ +2eSTQrxuJo+2iTgNkssE39xTyHxssKCZTBJ7ig1dRmI7B+xkCEGKgT33if03KvqZ +nPNJ8ul4Y6n+hrBa0LuI3suLW95wk/D5WjWouX3A8JAp+B3BN/Zl1Ov9LowccvF5 +y6yTLTqbVZsCpccVr+lasJYl6/K5PEqReoMVpoWrEO+AZA3VEPu7GA/J8NBF8/fS +I6pPVI7SDTmpnA4/05izvNJtGgfc5q2BL83xkL5yy6wsDm+YhaoxJpb1zVPPmAVX +MdqFods3EfzXTlaKihLp9GghfQsZbq15HwAF3Q3szf11YQwR98w= +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/cardano/cardano-vrf.age b/secrets/cardano/cardano-vrf.age new file mode 100644 index 0000000..464d5e7 --- /dev/null +++ b/secrets/cardano/cardano-vrf.age @@ -0,0 +1,38 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEZCOVgxUSBGQ0hB +K012ZWtYKzFYL3dGcG4zK2RCYjk3R0wyWnBNTFNQajNINDVVNFNVCkpsalhDTEtj +blJQY0MyV3lwc2p1M1dkdVAxSWpWY29IOUdoeGxFeFFrRDgKLT4gc3NoLWVkMjU1 +MTkgSk00dDZBIDNpbUQvd3ZBdlZDQzY1UU9FWk5rK2loYkNDaTlmcG5VWm00WCto +RXlUR1UKbnVGNnZ3dTA5Q3hTc3YzYlV1SkxqMFNEQmJBVU5Yd215ZmtEQTFhN2dK +SQotPiBzc2gtZWQyNTUxOSA5aEV5RFEgbGYvYkhyWlJNQzQ4NUFUbENHQlZxZlVM +UjE4d0FEN2pJUDVFVGRjTy9XZwpyRE1hWHpNZ0pMems3TnhJMCt0RTFObnFSYWpC +dFpUTEFIOEVpU3BTWXBJCi0+IHNzaC1lZDI1NTE5IHU3WjNqdyA0QmF1ZkVRR05w +cDV3TjVNWVgwTE1YSS8xbGJkaGFvZmVWZm4yWm5xRG5rCjRKQnJKbGozeUFqTmt6 +NVVqV3hoZms5Z240TU4wY1lCL1l3UHFJdnpGbzAKLT4gc3NoLWVkMjU1MTkgV2c5 +M3J3IDBSS3R2dXk3NFBaZElYWDI3d3Btai9sMjBHV2xvSnJyMXJIbDZheFZiMWsK +MW9rMkZ1UEJ1VkJJSGNCcDdVWXdZeFgraTBhbFphT21ITmVSWUpDYUJqYwotPiBz +c2gtZWQyNTUxOSBQeEt3alEgY3VKSmNaWG9uYnZaRG9oZHVCek5vQUQ1dmwzSGZC +UHhSZ21NQ292RXpqcwp6WVU1MFV4NjYxaUhkVHIvWHpQb3AwaU5zRFVRRjBSZEtj +UXN0amtncUg0Ci0+IHNzaC1lZDI1NTE5IEIzZFhTQSBxU0dWSnVPaUJEYmdpSXdQ +NW4zcjAyN2NwTUpRY0Z4OVNLTEFhczJDazBVCnNNYm9wNXpBWmJjSzVUQWw1amE4 +ZGFwdFNoUHFvVXpZTWk2YzdWakNTOG8KLT4gc3NoLWVkMjU1MTkgUWZwS1ZnIGxm +eTgvWjBIRTNUVzdlSitoZ3RrY2JpR0UxTWNBdVNmRk1VbGd6S0FBV1UKaWRnZ3hG +M3grNDN1Q2FIbmVLTGp6Vkp4YTVwSWpnT1E5WjA5M3VDRFJPQQotPiBzc2gtZWQy +NTUxOSAwZHBkZ1EgdXBucnhOVThEVFJKNXJTUXNpOVVHV0FzR0ZBbjF3V01oeG5i +NTZieTgyawpPak45UmRXOUpVREJ2MWhZZ1orWnFaVTJ0Rmc1TzlVb3BhUS9jVU1T +NXpvCi0+IHNzaC1lZDI1NTE5IHVsMGt4USBrS3AxaGFHd3JKcWtHUWt2V2xUNGZs +ZjFqR29yNWdxQzM5MU5PQytGaVdvCjdpVEZaZnZjQnU3bmIyTVp3UlRuTnJxYzZp +NWxIN0FIZ0ZENzhLNUk5SHMKLT4gc3NoLWVkMjU1MTkgWnc1SGt3IGZrZ0U3N0M5 +Lzc1ZlovK29OV1h5QU5ZNkhaRFdjNWRQcHF2OWl1M1Jzd1EKYzVHdktjZFZ5S2Ev +TWsvd2hMV1ljS1EybHVjNHdYNUt2b0wxTzA2TGtGVQotPiBzc2gtZWQyNTUxOSB6 +RzMrMXcgV0RrU1lnTTZ0L0o5RlIwbUZUNVlQaEgzbGZadmtIeVpmQWhxV1NyY1J4 +VQpVQWNKTGlTUElBczNuTlVmbnUzQXNIbVhYYW1jK1RyRlZWN0F1WXVHamVvCi0+ +IGNycy1ncmVhc2UgLzdHXk1HQCBCCjQ2a05YbFp6Ni9DRmJoQ1lVVEFpNXEydFpI +cHB3TVphSXcKLS0tIDdOajBjU1NqaXM1dFo2Rk5mWWMvMnpMdWJVcEZZY2g0MWlx +NWhkaTJPKzgKOTYgpJXvf47nS1vCC2kA3G7+oplnot1p73dyTg7kW/mJUeBhXqjf +OX24j8Ovx9paVbyCMIvyRjEJzL58m8S0hFo1wDTL2HGIopyAFIXNTu6ScUJKqWMw +HsB8wZcMxlQghYv0ABmqZJwNqFCRf+CbXeGBqGLNC1WtYndHXj68i7diqTF3IxYs +wpxk3rjLaeJdgSh6+frIb9rh7mck7brKJrPU04/RZBx9EJ3nGPFVBPYK8zTezqCD +cN4rv7deV2dwS7nj7laPtzhignXP0tJVvuSgHYwqh39U//1Lv9y1xoMyEbDNJqcP +AIkapF5A0uv5sL8OoQbfUYqO1xbf8/IRsxJP4ybTiA== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/secrets.nix b/secrets/secrets.nix index a90b3d4..1449651 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -43,6 +43,9 @@ in { "hamish.age".publicKeys = ops ++ systems; "logan.age".publicKeys = ops ++ systems; "xander.age".publicKeys = ops ++ systems; + "cardano/cardano-kes.age".publicKeys = ops ++ systems; + "cardano/cardano-vrf.age".publicKeys = ops ++ systems; + "cardano/cardano-opcert.age".publicKeys = ops ++ systems; "coturn.age".publicKeys = ops ++ systems; "nextcloud-dbpass.age".publicKeys = ops ++ systems; "nextcloud-adminpass.age".publicKeys = ops ++ systems;