Fix hydra sshkey permissions

This commit is contained in:
emily 2024-07-24 00:11:04 +02:00
parent dc2705dfa6
commit 75d866774c
Signed by: emily
GPG key ID: F6F4C66207FCF995
2 changed files with 9 additions and 5 deletions

View file

@ -6,11 +6,14 @@
owner = "hydra-queue-runner"; owner = "hydra-queue-runner";
sopsFile = ../../../secrets/services/hydra.yaml; sopsFile = ../../../secrets/services/hydra.yaml;
}; };
sops.secrets."services/hydra/id_ed25519_hydra" = { sops.secrets."services/hydra/id_ed25519_hydra-eval" = {
path = "/var/lib/hydra/.ssh/id_ed25519"; path = "/var/lib/hydra/.ssh/id_ed25519";
owner = "hydra";
mode = "0400";
sopsFile = ../../../secrets/services/hydra.yaml;
};
sops.secrets."services/hydra/id_ed25519_hydra" = {
owner = "hydra-queue-runner"; owner = "hydra-queue-runner";
group = "hydra";
mode = "0440";
sopsFile = ../../../secrets/services/hydra.yaml; sopsFile = ../../../secrets/services/hydra.yaml;
}; };
kyouma.deployment.auto-upgrade.cache = "daemon"; kyouma.deployment.auto-upgrade.cache = "daemon";

View file

@ -2,6 +2,7 @@ services:
hydra: hydra:
signKey: ENC[AES256_GCM,data:WbGyQtlko04eCXP5duAVbgbMHSQ8wNrCHuS0+M29l/9LJjm8E7wps2ogy5S5jH+5etkwIj2m7d+xFci1IE9a2ERVs4qrFmfx8mikuF/+iIewJuaOOJcHcrUtYto5RxiFjYb9ooG7ktfy,iv:FvNRBY/aZnJ8z/wSYhsZLiq8h25WYvXB/zL9+4qQR7o=,tag:hU6i64XZH/1JDJzDHbiuXQ==,type:str] signKey: ENC[AES256_GCM,data:WbGyQtlko04eCXP5duAVbgbMHSQ8wNrCHuS0+M29l/9LJjm8E7wps2ogy5S5jH+5etkwIj2m7d+xFci1IE9a2ERVs4qrFmfx8mikuF/+iIewJuaOOJcHcrUtYto5RxiFjYb9ooG7ktfy,iv:FvNRBY/aZnJ8z/wSYhsZLiq8h25WYvXB/zL9+4qQR7o=,tag:hU6i64XZH/1JDJzDHbiuXQ==,type:str]
id_ed25519_hydra: ENC[AES256_GCM,data:7dmdHA/bLBQunNjaCwT1zb2CmuLVdUiFunkGpaGJXvnzHsVnWOdy9O5p+zIAiGeg3awNjn8jlH9KJiUk5W5X55caPlhDnFOhx77zW684vJAWViHK3Iu84XJ/sL33a547c4lLPgT5dLTMY4JDtNQCk0hV1BdsRwU9rpDvkuGaT2mewu8xCpyueV++wwDfy6e3HXRxPlXHkvE77FCFgDXW5tCH/q+UDOS59WkERT8SFwy8t1ILTUt07rdyhIQmykPo5nPatrPuV9TD/60R9pcxA6w88HeZzi36q3GfJVEKJ/MdFdzvShX1ayhfojVkCRptMxwyu/9MYigqvENgOvnV6N+0JKbJWpkDUldUUEFCZFl2EAoSVb+QGP3S6Bro5x2b3AjHRDW5fUmldEQQUDG6UO+zbXnUeziH2kairqrQAj4UMyZSumiLV3P9d3LYZy7wCza68lklcupbhap5lxgXJhNAz1ScHOPgzQpmLw0bxiLDX1oHhPPZtBNc3t4wGlQyNuKUTXzhrn3L5dBdSmZ3,iv:Ftw3hBUcvY/nW9LiBFUbhHOpv7KIbkdEcIp3Si4oM1Q=,tag:QqUDYFcJ6bq2l2Q09klXdQ==,type:str] id_ed25519_hydra: ENC[AES256_GCM,data:7dmdHA/bLBQunNjaCwT1zb2CmuLVdUiFunkGpaGJXvnzHsVnWOdy9O5p+zIAiGeg3awNjn8jlH9KJiUk5W5X55caPlhDnFOhx77zW684vJAWViHK3Iu84XJ/sL33a547c4lLPgT5dLTMY4JDtNQCk0hV1BdsRwU9rpDvkuGaT2mewu8xCpyueV++wwDfy6e3HXRxPlXHkvE77FCFgDXW5tCH/q+UDOS59WkERT8SFwy8t1ILTUt07rdyhIQmykPo5nPatrPuV9TD/60R9pcxA6w88HeZzi36q3GfJVEKJ/MdFdzvShX1ayhfojVkCRptMxwyu/9MYigqvENgOvnV6N+0JKbJWpkDUldUUEFCZFl2EAoSVb+QGP3S6Bro5x2b3AjHRDW5fUmldEQQUDG6UO+zbXnUeziH2kairqrQAj4UMyZSumiLV3P9d3LYZy7wCza68lklcupbhap5lxgXJhNAz1ScHOPgzQpmLw0bxiLDX1oHhPPZtBNc3t4wGlQyNuKUTXzhrn3L5dBdSmZ3,iv:Ftw3hBUcvY/nW9LiBFUbhHOpv7KIbkdEcIp3Si4oM1Q=,tag:QqUDYFcJ6bq2l2Q09klXdQ==,type:str]
id_ed25519_hydra-eval: ENC[AES256_GCM,data:8YLmxuh+2ul1VtCbpXk5gORM97R5jgxkq/0GGUgAGgrUzKxeW+7onXTD3DoCz5sMaLOgtgM4ZEuMLQIxBQIwbmGPubZZhaP1nYsrgMxz/ZEjnHc7o2EOgrIa6B7v1w16D9uqRqfvA47jHyA5SoDEo7iJcEF9o34cyxCGQe0AHkhnCxcFY3u1ZNMCQ6WBPl4rlyAvZcaba6ySss9WQuzVs7IlJyOEr0F1zgl6R9cj700UnVrd27pId9xBhN1xtwob23+BnSIbq7u7HBECrQLwfDwXaDbVpHfk+cPEG23DzRXVeiy8KGEVBVE5nzx6WpRfTbh45CP0LrDVR+/G3crKiuK4mHqAtJ3UnW45clM3Gcz7VygCsjGArO3pVp4cctOZu0lD+AfAjmgl7tz7xTVLLPNhglraSLbWL3TUQ7rdtKIGggrJD7uo7k2RpUHemMtZk2+o42tYJ4uHKVELf+vACoGHGYn/2Vn6NWZEITlpOXCNNRMd7eYunFwN4HX2m9vRwUR8vtPJyOUeC957kln3,iv:r0ejnmyxNFabwzJn5gJL0tId/jP0FTrL0utFWd/DiRA=,tag:RsObDcDIkbr3tg2863b19Q==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -17,8 +18,8 @@ sops:
enBjbHhJS1hqRGF2QUF1azNJdk9yUDAKJ1TY0Pybp54zh6KQ1kJQrcJeT91F4QKQ enBjbHhJS1hqRGF2QUF1azNJdk9yUDAKJ1TY0Pybp54zh6KQ1kJQrcJeT91F4QKQ
YpeRMwHR+QIuXF37MXuWKtIsRmcPAC+dCi4LZFmXUjX0yUwA0K8juQ== YpeRMwHR+QIuXF37MXuWKtIsRmcPAC+dCi4LZFmXUjX0yUwA0K8juQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-14T12:01:05Z" lastmodified: "2024-07-23T22:18:12Z"
mac: ENC[AES256_GCM,data:CvaqYz0wwU0i9tQ6DoLJwAfX5+IuPtnoc0tRtYAe1dLhszDqSv+VXRYtjwoM5jAIpYcHTN6w90pZkDXNEtluHDSmy1WlDEGhRo/rMuVi12le7iTPZ6G380/bUrE4PqKxYo6Kg2esAXZTXFdM0Om1oqcBfOywrCOPpx1ioIOxEQ8=,iv:l++0F1jTIjcqXUAKF5N63PJtNZgUeRQT7H3FV87/nZA=,tag:icTc376kY2+CPLtnvlaUUA==,type:str] mac: ENC[AES256_GCM,data:80Dul9VV/MpL/IgWilpne4szz28rQPV0fgdjTfX33c6hO1OiARDFrY6hRTAk38AKakkIFwmneBlmTfFpgN6pstqX9f4YNtHLdi6KXoJzBL9v6+gyY5ypJwKftpXcKUuJUo/A03HA8Grq4vhOqsUEO7HXofj96GxKcMtHONgcTbI=,iv:v140qo5vnEsJhObV5GgLgBbU2/AoROfSSvEiAXl+Kgg=,tag:vitC7J3pSGA9WkNzfFVmXw==,type:str]
pgp: pgp:
- created_at: "2024-05-10T18:05:16Z" - created_at: "2024-05-10T18:05:16Z"
enc: |- enc: |-