Move Tor hostnames into secrets.nix

2016-04-29 01:05:09 +02:00 · 2016-04-29 01:05:09 +02:00 · 1928755491
parent 228599deb7
commit 1928755491
6 changed files with 26 additions and 51 deletions
--- a/2
+++ b/2
@ -25,5 +25,5 @@ remote-deploy)
 	$0 remote nixops deploy ${@:2}
 	;;
 update-encrypt)
-	gpg -a -r yorick --encrypt-files secrets.nix deploy_key keys/*.hostname keys/*.key
+	gpg -a -r yorick --encrypt-files secrets.nix deploy_key keys/*.key
 esac
--- a/keys/ssh.frumar.hostname.asc
+++ b/keys/ssh.frumar.hostname.asc
@ -1,13 +0,0 @@
-----BEGIN PGP MESSAGE-----
-Version: GnuPG v2
-
-hQEMAwEAjpZflP7cAQf/e+HeSvqtGKPtU89jRWJRKGWIHMw+Sd/q3iXaTvE6XJC5
-KDKo5JfTkN8gsRBMcIRKZAE1B41WnOtq0ZXaGeSrZPtt5oVtIKbLwHPNVj8E6ysf
-EPf9NWBxei1WEqRZln8FMVtKSn2bIxN0qsQ+o/6RxGSC+yzvYlnk9FZc7qDkO2GJ
-7lxBFHVnRzgQPA9nv3MCiyJDxCScDLG0vpS1qQ+NeZOvj7T+K6n6EXgwCvaGv3LQ
-CRRSUOmBijh4vxREdwyRko47/g+O77JzC2N9xR6HYYXAHsGkcu3bKow44XGu9M84
-4mEGfYrTu/iHeaNOwUDnrQRpNZmIqUj/uc/L2LpiY9JiAb73hDjRREOg9JqacHHO
-VGRjYDJ5ydYRfTFrGn/1x8TvW2K1WJibqyVorqCmvVUwfI9xln56tH7nHxHJ0hCC
-Hx4r/7CoNNIpwpUtu1QggIBeKppDQk7t1ixvCVXHFJNl+Iw=
-=dy/n
-----END PGP MESSAGE-----
--- a/keys/ssh.pennyworth.hostname.asc
+++ b/keys/ssh.pennyworth.hostname.asc
@ -1,13 +0,0 @@
-----BEGIN PGP MESSAGE-----
-Version: GnuPG v2
-
-hQEMAwEAjpZflP7cAQf/Zk2l208KLP6TuE3riCi2ogm42yk23PRTYjcO/MZZ7us5
-tzkzf6RkYUlAngotnBppwCbc7nTQcpSPwE2DfrRnzOvfQp4Wv9XoV2WS/anar3MZ
-Bk9ECUaItLO6j0gxhfwwyIAD1jodswDvBZ3DTJn/8de2t+bq3fbNbun/LdCVa8eA
-OtqLNO8llaCEN0cutZJw5hXNBDw5+xehv/EY11LiwBe6QueFnKHWCzD6koXSWdR9
-TR8R+sZyr/0hYqHrrSr5EhvqCAWqNPUeJ/i6ouZkmlFKgZMsidyAbYLPLX8TOIQt
-d6+MTSmoTHSzI99bvi2znbj4nmoXBVN6pasYPMuNX9JmAfYE5Cc+tVXfRokuEBSF
-Evbpyf23o5i6dh8tQrUw32elPcjWIlCBUXkfisAYXQ0zntvf288yRGBonKK01yAK
-uxNAwotaUZWmkJby25cEKmrxFqVKAQVBSEZcV7VfUmBmf5JYUgnd
-=/dyQ
-----END PGP MESSAGE-----
--- a/modules/tor-hidden-service.nix
+++ b/modules/tor-hidden-service.nix
@ -33,7 +33,7 @@ in {
        if ! [[ -e /var/lib/tor/${hiddenService.name}/private_key ]]; then
          mkdir -p /var/lib/tor/${hiddenService.name}/
          cp ${hiddenService.private_key} /var/lib/tor/${hiddenService.name}/private_key
-          cp ${hiddenService.hostname} /var/lib/tor/${hiddenService.name}/hostname
+          echo ${hiddenService.hostname} > /var/lib/tor/${hiddenService.name}/hostname
          chmod -R 700 /var/lib/tor/${hiddenService.name};
        fi
      '' else "true") hiddenServices);
--- a/pennyworth/configuration.nix
+++ b/pennyworth/configuration.nix
@ -92,7 +92,7 @@ in
  services.tor.hiddenServices = [
    { name = "ssh";
      port = 22;
-      hostname = "/run/keys/torkeys/ssh.pennyworth.hostname";
+      hostname = secrets.tor_hostnames."ssh.pennyworth";
      private_key = "/run/keys/torkeys/ssh.pennyworth.key"; }
  ];

--- a/secrets.nix.asc
+++ b/secrets.nix.asc
@ -1,26 +1,27 @@
 -----BEGIN PGP MESSAGE-----
 Version: GnuPG v2

-hQEMAwEAjpZflP7cAQf/XtTo6OegwjwMcof/0CfW+AwF7hhqk5KXOj9cX14j+cWO
-4QOYM8uVSHVF8ynz7/nvl5cCixRqguMo/G9urUCyBdXSP5lt6eCu6ROLYQ+KjYWx
-9Zu5X09jl+QnS0jsqZun+akMNjLmkxIqbHAzDo8WVN9oAIV1sejzZeCXdvaNIgat
-Z25M0yC2YTJ8tHNTp0P0+qEvsynDTo1zjabshjLPuob6UcwGQWwqZZZuOmfGO48a
-LS3hLlO8OOAxeG0BwgLOoQyw8B5l3L9UCW/1eAAf3StxR/aKn1mgt1wtHd/DoUC7
-rBt5tiolUjZszQgZO5ztF/ehEU5SWEmCq+pZS7BWPtLpAT/NkOPxaxXylZAoHVQM
-OTbKhpNDvkiFCQTwDsM51xuQcFnTRLIwj2HemuX2NaDyWVm/XosCwhwLZHoQcpxH
-jWrkFckUFu8D6GitU3C+EjJyq3NDIFR3+5thqdPY829TLRbbyGETIftCZtDt+5kd
-Po6EX3vjPmugLnlrWqIPlSTbCG9853joj4W4BWYba3wK1qFmeoLQmeIdtVxnz41M
-uPlLToZsuEaYDIgKn3HSBqPYuTtOjnvLnKvWxBA+ny6ACjS2xSNbWH726Q92hg/M
-3zrYyUoefc6xeeDFRjjnOwD3lczSvHRLa5GHdMZegv0bUwzRKDkBNJZVENEVRbt2
-A46REcqCb+Bbt7k8lq7dMNRfKixF+t4Ra6KWBeanIL6DlRz+KVj3JmaaAZmIe/dX
-ucJb/f/zl4NOtWyaA5lGYlTh6WEBLBatQJQG1EpVzMuTPPOKicht1/FxzxDT3jRM
-bxBvZV12vcgTQJFTidrfadEOYVsGqznbYcBci76X5dCarPp7bC3st81L/pM18zt/
-LfKEl+EUOexG7UlcAZcitDpJEilYqGvkbTo8SAvnZ1xNp32CJ9yibNs95aJhahEv
-y6m/hxsZend8Xtu9EWG7hXqxPMRL8ysMlRETprjgxM5ZWlzPI1m/vJuaYg/iJFN4
-xaEXfd6jSNw2EHOE2Khzi7XAE5ECbnaNedAoSq3RIlP/qzkYmQTgSUcWy87zb3yx
-gZ1BbhfV/vG0MwcvZEKrtICUGFglAwL7niyzabS9xRuV/vyeWcTjMvPrgInxGbVX
-Re5Uuup6H9/G3CLa4+FbR6a7irtJYkLiy+KrRGzE7Xal4kpgKxIx4duPYpTLHQj6
-bTnhekIljEvGpIATS/XE9SJtBGPpK9yMA5UMCGz0IqfNFKALjT9JOy5d86NZtn5P
-SmJas+M1Shu2BUJhrPyzcyv7FFdi/GdG2wVss+FH0pLXAZdgoro=
-=5q+m
+hQEMAwEAjpZflP7cAQf5Aevf5xTB40XNBl7RnAX5/hfmStnnc0b/Vfx5k+Dz/Hn4
+/Jt12+WUniKxMpuAhENSJYOBsvu2HPiHNeFlUSOaoyX8UERv5LcGAdZEMwiP/hQu
+yWDXFHxchgdtEYCqzrtZcTYXelAiuS6b0Sq+xK03/yL6BKj12TiAcQv0SAKzkFD9
+tvy0NrbMwpZPqOF5Hy89LXsG5dOy+MT0SgwaJGiKxZ6JumUYsF2gYGh9vdkDX4BX
+hS2eZgGJDHkUpW26JaDohzQg6441DA+s0uso/KAMmfKoUcsx7RIrM6sEbV6GRspC
+DOzdZyZc/2NJuDtMBcpVpzXMylqhBhOtqDj9wREIONLpAQVdCBLgU+o0kI80Dc5p
+qwbYC4mzG/mOIUcFNAvH99kxT4OBtGaMyqIQ0he07dHd3jPnzHdJPLcHzJz0CabL
+rncODL6fPk7MPPIN0yTXyBgoFnwb0PnXML9pQfIKTHD1bd8zxKNJLiJMfZC7/cbV
+qHPhnjPOAX5pmIKpEqdBrIZ0+cMRFgauFSwO+Ts4ZuoLsO+0uR6t1EJ4Nc4tpoD3
+j1JDEHz3wyz16Mb/rjAJokJdarPJysqwuu8jmSwFOj+Q2P5H2rG4ESqpX9jKv9Gt
+MM9FrTiDjyvOA5lye+JlsGcFCWVgf3WTE8DjHQeBWAyPuUT9xesbd+h0jY7j2GRJ
+m3XsaAfIzZkFQx77Kymsjh5QYcv+LaRrMbY8ID5Mz+sEj8+JkUaLynkn+QZ3IwqA
+xPsNwFX/+HoBPH9ZR8erTEpQMEtadwC8TwN+RC+PPokIDfLP+dvfxyoJDXypVmoD
+YK7PFPfYoU7ZrwTioinA3flBG71VhuTlIzSN6FaBL8oj+ssbhnmNJCMSm8X4hghV
+wAtlhgxOgrGtng5J9M+KbtVoCyjffi8cosLvSHCZk2SHss+i1RGNmytUEYtjsyB7
+wFPBPT3n9kbTc7xMjec4RWPO5O4LvBqTX6pc94HvA5oJsxo4J4WdFD5EVFm90TOy
+eMsJmAVw5tuU8QjlL0Ps0GvATUCwKLVVq3e1+dlZAqcORl+/e1zpK+Hg7XihFymC
+yCK2oZ8TlWX+H1xlAwgQ6KSz8ah+Z97wdm5+YVgYKOBkNrOWkNv9O72tGPIPA9/n
+a8+FBAXq75hufY06Hl8ryUy4V3udJpTCKkGADe8X2ru9k1nZmuMvWponapzXZM9y
+xpcaJzro+P64PxN9g423GHjD8vOpqqPNY8Ff+A6IJdyDMBR7F8KdKN+M6jGzkWRN
+gMXd8+O9KwMLUGmAKeZiZNcQZEent2jWYuZi7vLxmWMTtEpZQQfwy0Ca1aIaAgPe
+/s3UBRQDhcKwQOOGaM05UicFv4yfoq1XhDv9mcqbQEmIS7QynvmuDhIBmtfFKZCa
+=tRx2
 -----END PGP MESSAGE-----