forked from emily/nixfiles
Fix hydra sshkey permissions
This commit is contained in:
parent
dc2705dfa6
commit
75d866774c
2 changed files with 9 additions and 5 deletions
|
@ -6,11 +6,14 @@
|
|||
owner = "hydra-queue-runner";
|
||||
sopsFile = ../../../secrets/services/hydra.yaml;
|
||||
};
|
||||
sops.secrets."services/hydra/id_ed25519_hydra" = {
|
||||
sops.secrets."services/hydra/id_ed25519_hydra-eval" = {
|
||||
path = "/var/lib/hydra/.ssh/id_ed25519";
|
||||
owner = "hydra";
|
||||
mode = "0400";
|
||||
sopsFile = ../../../secrets/services/hydra.yaml;
|
||||
};
|
||||
sops.secrets."services/hydra/id_ed25519_hydra" = {
|
||||
owner = "hydra-queue-runner";
|
||||
group = "hydra";
|
||||
mode = "0440";
|
||||
sopsFile = ../../../secrets/services/hydra.yaml;
|
||||
};
|
||||
kyouma.deployment.auto-upgrade.cache = "daemon";
|
||||
|
|
|
@ -2,6 +2,7 @@ services:
|
|||
hydra:
|
||||
signKey: ENC[AES256_GCM,data:WbGyQtlko04eCXP5duAVbgbMHSQ8wNrCHuS0+M29l/9LJjm8E7wps2ogy5S5jH+5etkwIj2m7d+xFci1IE9a2ERVs4qrFmfx8mikuF/+iIewJuaOOJcHcrUtYto5RxiFjYb9ooG7ktfy,iv:FvNRBY/aZnJ8z/wSYhsZLiq8h25WYvXB/zL9+4qQR7o=,tag:hU6i64XZH/1JDJzDHbiuXQ==,type:str]
|
||||
id_ed25519_hydra: ENC[AES256_GCM,data:7dmdHA/bLBQunNjaCwT1zb2CmuLVdUiFunkGpaGJXvnzHsVnWOdy9O5p+zIAiGeg3awNjn8jlH9KJiUk5W5X55caPlhDnFOhx77zW684vJAWViHK3Iu84XJ/sL33a547c4lLPgT5dLTMY4JDtNQCk0hV1BdsRwU9rpDvkuGaT2mewu8xCpyueV++wwDfy6e3HXRxPlXHkvE77FCFgDXW5tCH/q+UDOS59WkERT8SFwy8t1ILTUt07rdyhIQmykPo5nPatrPuV9TD/60R9pcxA6w88HeZzi36q3GfJVEKJ/MdFdzvShX1ayhfojVkCRptMxwyu/9MYigqvENgOvnV6N+0JKbJWpkDUldUUEFCZFl2EAoSVb+QGP3S6Bro5x2b3AjHRDW5fUmldEQQUDG6UO+zbXnUeziH2kairqrQAj4UMyZSumiLV3P9d3LYZy7wCza68lklcupbhap5lxgXJhNAz1ScHOPgzQpmLw0bxiLDX1oHhPPZtBNc3t4wGlQyNuKUTXzhrn3L5dBdSmZ3,iv:Ftw3hBUcvY/nW9LiBFUbhHOpv7KIbkdEcIp3Si4oM1Q=,tag:QqUDYFcJ6bq2l2Q09klXdQ==,type:str]
|
||||
id_ed25519_hydra-eval: ENC[AES256_GCM,data:8YLmxuh+2ul1VtCbpXk5gORM97R5jgxkq/0GGUgAGgrUzKxeW+7onXTD3DoCz5sMaLOgtgM4ZEuMLQIxBQIwbmGPubZZhaP1nYsrgMxz/ZEjnHc7o2EOgrIa6B7v1w16D9uqRqfvA47jHyA5SoDEo7iJcEF9o34cyxCGQe0AHkhnCxcFY3u1ZNMCQ6WBPl4rlyAvZcaba6ySss9WQuzVs7IlJyOEr0F1zgl6R9cj700UnVrd27pId9xBhN1xtwob23+BnSIbq7u7HBECrQLwfDwXaDbVpHfk+cPEG23DzRXVeiy8KGEVBVE5nzx6WpRfTbh45CP0LrDVR+/G3crKiuK4mHqAtJ3UnW45clM3Gcz7VygCsjGArO3pVp4cctOZu0lD+AfAjmgl7tz7xTVLLPNhglraSLbWL3TUQ7rdtKIGggrJD7uo7k2RpUHemMtZk2+o42tYJ4uHKVELf+vACoGHGYn/2Vn6NWZEITlpOXCNNRMd7eYunFwN4HX2m9vRwUR8vtPJyOUeC957kln3,iv:r0ejnmyxNFabwzJn5gJL0tId/jP0FTrL0utFWd/DiRA=,tag:RsObDcDIkbr3tg2863b19Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -17,8 +18,8 @@ sops:
|
|||
enBjbHhJS1hqRGF2QUF1azNJdk9yUDAKJ1TY0Pybp54zh6KQ1kJQrcJeT91F4QKQ
|
||||
YpeRMwHR+QIuXF37MXuWKtIsRmcPAC+dCi4LZFmXUjX0yUwA0K8juQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-05-14T12:01:05Z"
|
||||
mac: ENC[AES256_GCM,data:CvaqYz0wwU0i9tQ6DoLJwAfX5+IuPtnoc0tRtYAe1dLhszDqSv+VXRYtjwoM5jAIpYcHTN6w90pZkDXNEtluHDSmy1WlDEGhRo/rMuVi12le7iTPZ6G380/bUrE4PqKxYo6Kg2esAXZTXFdM0Om1oqcBfOywrCOPpx1ioIOxEQ8=,iv:l++0F1jTIjcqXUAKF5N63PJtNZgUeRQT7H3FV87/nZA=,tag:icTc376kY2+CPLtnvlaUUA==,type:str]
|
||||
lastmodified: "2024-07-23T22:18:12Z"
|
||||
mac: ENC[AES256_GCM,data:80Dul9VV/MpL/IgWilpne4szz28rQPV0fgdjTfX33c6hO1OiARDFrY6hRTAk38AKakkIFwmneBlmTfFpgN6pstqX9f4YNtHLdi6KXoJzBL9v6+gyY5ypJwKftpXcKUuJUo/A03HA8Grq4vhOqsUEO7HXofj96GxKcMtHONgcTbI=,iv:v140qo5vnEsJhObV5GgLgBbU2/AoROfSSvEiAXl+Kgg=,tag:vitC7J3pSGA9WkNzfFVmXw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-05-10T18:05:16Z"
|
||||
enc: |-
|
||||
|
|
Loading…
Reference in a new issue