chore: remove obsolete files

Swarsel · Dec 29, 2024 · 16a6aec · 16a6aec
1 parent 80bf759
commit 16a6aec
Show file tree

Hide file tree

Showing 9 changed files with 68 additions and 147 deletions.
diff --git a/.sops.yaml b/.sops.yaml
@@ -26,7 +26,7 @@ creation_rules:
     - pgp:
       - *swarsel
       age:
-      - *winters
+      - *nbl
       - *toto
       - *surface
       - *winters

diff --git a/SwarselSystems.org b/SwarselSystems.org
@@ -5070,13 +5070,12 @@ Here I only enable =networkmanager= and a few default networks. The rest of the
               proxy = { };
               vpn = {
                 auth = "sha1";
-                ca =
-                  "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
+                ca = config.sops.secrets."sweden-aes-128-cbc-udp-dns-ca.pem".path;
                 challenge-response-flags = "2";
                 cipher = "aes-128-cbc";
                 compress = "yes";
                 connection-type = "password";
-                crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem";
+                crl-verify-file = config.sops.secrets."sweden-aes-128-cbc-udp-dns-crl-verify.pem".path;
                 dev = "tun";
                 password-flags = "0";
                 remote = "sweden.privacy.network:1198";
@@ -5167,7 +5166,10 @@ I use sops-nix to handle secrets that I want to have available on my machines at
 - update entry for sops.age.sshKeyPaths
 
 #+begin_src nix :tangle profiles/common/nixos/sops.nix
-  { config, lib, ... }:
+  { self, config, lib, ... }:
+  let
+    certsSopsFile = self + /secrets/certs/secrets.yaml;
+  in
   {
     sops = lib.mkIf (!config.swarselsystems.isPublic) {
 
@@ -5194,6 +5196,8 @@ I use sops-nix to handle secrets that I want to have available on my machines at
         githubforgepass = { };
         gitlabforgeuser = { };
         gitlabforgepass = { };
+        "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = "swarsel"; };
+        "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = "swarsel"; };
       };
       templates = {
         "network-manager.env".content = ''

diff --git a/profiles/common/nixos/network.nix b/profiles/common/nixos/network.nix
@@ -194,13 +194,12 @@
             proxy = { };
             vpn = {
               auth = "sha1";
-              ca =
-                "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
+              ca = config.sops.secrets."sweden-aes-128-cbc-udp-dns-ca.pem".path;
               challenge-response-flags = "2";
               cipher = "aes-128-cbc";
               compress = "yes";
               connection-type = "password";
-              crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem";
+              crl-verify-file = config.sops.secrets."sweden-aes-128-cbc-udp-dns-crl-verify.pem".path;
               dev = "tun";
               password-flags = "0";
               remote = "sweden.privacy.network:1198";

diff --git a/profiles/common/nixos/sops.nix b/profiles/common/nixos/sops.nix
@@ -1,4 +1,7 @@
-{ config, lib, ... }:
+{ self, config, lib, ... }:
+let
+  certsSopsFile = self + /secrets/certs/secrets.yaml;
+in
 {
   sops = lib.mkIf (!config.swarselsystems.isPublic) {
 
@@ -25,6 +28,8 @@
       githubforgepass = { };
       gitlabforgeuser = { };
       gitlabforgepass = { };
+      "sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = "swarsel"; };
+      "sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = "swarsel"; };
     };
     templates = {
       "network-manager.env".content = ''

diff --git a/secrets/certs/ca.rsa.2048.crt b/secrets/certs/ca.rsa.2048.crt
diff --git a/secrets/certs/crl.rsa.2048.pem b/secrets/certs/crl.rsa.2048.pem
diff --git a/secrets/certs/secrets.yaml b/secrets/certs/secrets.yaml
@@ -6,65 +6,74 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
+        - recipient: age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpRko1ZnZsMUM2L1VmNGQ4
-            MnhOZTZmdlBLQ2dra0xMY3E0NmZPQUpuU1Q4CjNDSDNnVGNCV05aUWpWRnZkWEt2
-            Y1FlbEdTZ290SjRKc1hKRzN0bUNwVDAKLS0tIHFjVEk0S045NGgzMUFDUitIdEx4
-            dlRRWUtiYldYQ3V0QzFyRHNIblNFNm8KkPXunwFKo/4klAZhkAXikg7UpuFC1EP/
-            kf6roOcQx41hPSqAWzivySwPgRUO3iygFw4jonYaFZJik/wIo9OulA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZjVjb1pVeWxrZVh0UHRK
+            emV5Ylo4a21qcnZydTVEWGpzM3pVYlZ4WWlnCkNEY3ZSZ2F1Q1hGS2FMZVJWaEFO
+            TjBTOVBxejNnMk43eW9IbjJqWWEzSFEKLS0tIHMxUUNwMDZ4dXZrUFRhQnE5UXl6
+            dXVMTTM3YVdiWGcyLzM1R3ZHdFU2eEkKTvJcAVfk4UpNDQFJwr4BW5QPQtdGhmmi
+            gsuxZOe/ojpuGoH+9Ht5d9QdENoOsqQJ+0VpHgqysy/KJxC0MmaBrg==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUmhXcS8rWmNQUGVudGxP
-            STZPaVB3VlFHYXhDbUZYdjhENFFOL1FCUEZVClJ2cFhwNlRpVnAzRThQZ1FuNHNi
-            T3pyWm5aNDVaUnJHcjYzWVVOUHBwWUEKLS0tIFdKSXF5TGw2aDJ3NGdhZ0RGWGpu
-            MjBYTktmeE9EcDNad0VKV1dhME9UbVkKYrDIQ8/DfeJ/3ITfw9/51i2N44hqnIi3
-            4hHKaefSiHU0glUHUdYhg/F17Hgh5MuhZ0LB4dfIYngWNgFDwnC4aQ==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL1VqalFMcEtObnhoL0U1
+            TjdLSVJNMHZUNFpIL29Ib2FGMTFsdXdPdUVZCmxrb3lzL0M3Tk1xcEtnbHZxeTkv
+            cmJrUzRFM2ErT2lZVWFEd1NQVHlEWVkKLS0tIHFtSEJHSjhBMzljRTlxSDRBZkJQ
+            b0gycVVHWFQ3WXhkZUlzUkxzQUYxVnMKIGMqw8hHsPB/sQqKjW6WKp/w4Idrzcg3
+            2362DS8UswVpymq+mMHQXiyu2tuG26ZAE3U4Gx4Pyg2XZJDwC/Bymw==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNWFNvaE5VQms2VFNOK25D
-            NTdocVF5QTMwSDEreE02cWVVaHIyQ2dqcVRnClB4QzAzTkRVb1hSL1VjYW5IOEIr
-            SG9adlpacGd1ck8vTU1IOTNyS2Y4cjAKLS0tIDQxT3lOUjhpQ1FNNGZKbnpXOVJG
-            aS9qY0crYXpsSFRxT280VzllTE1kdWcKoaATszZ1H4b05vpEzQXkffJuwQESbTyW
-            nBE5WYRqUHBFWeve1Ssq3AaYpNEht+MAYA0YlA3TsJc5scSbkFXi4g==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxMnhPT1J2dENZRzFQdi9p
+            ZHl1LzVhSnp3ejlQbUZlT21BV3VsVHNoUHlvClUzNW9Wa3VueUNjbnZWYWZPWncy
+            eEFIY25HVEJYNEptV1lXbHBsVENEM0EKLS0tIHJERmVSUnZvUFV2M3I1RlR5WGR1
+            S241amNkdFIxdE9nekU0S0ZQUi9hVlUKSEpbaG9Y1rvm/QorguodDeDO77apy8cX
+            C9NqAxRkJiSjyLvqB063oRsPr1aH5c0hTq8Y2zBjwC620jO2vqTjug==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1h72072slm2pthn9m2qwjsyy2dsazc6hz97kpzh4gksvv0r2jqecqul8w63
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlTkdZL2lGYVVReW80VWpw
+            VkRpWTFjdHhTRlJDRlBzc2pjTWdlcmYyc0RVCm13UmJla3NkaDEwaE5mK2ZpZ1Ex
+            WTNvSXZGYjVpdHNsQkdydDdKanBkOGMKLS0tIHZVZlRtaE0wcEZGc3pJNnhEQVB4
+            ME9BMzQ3TmZmUW5aVG1Oa3hTNzdnd1EKFqMrQnP/5Nw654EJYTLjziDmffrr2Ryj
+            5L9weh8fRKopPOPEXwPDULjxCL0G1AipFXwUgk+zJY8dJugDHvsmuA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-07-16T23:56:59Z"
     mac: ENC[AES256_GCM,data:bo8SHGmkNGQqR8nnlIKvAMzd+4vWJ19u9Kga2U1mOEYKMCyZ2nTXju6e327ppmx6KJUnzzieS7F8myE/5jzfd1+LyAN7QlL1xixtyLZH784Eh3c3Rd3sXKO/Tuj00gSsz8PsXzq8VK5RdR6NggxhMM6l3Mji4mTQibEzFQ0XPwo=,iv:6mAVBuMwxkO/ms0O/lpLEAg9lzVtZywMbwhL7diB4Z4=,tag:oGnwY5Ikc8qOrwNyiWqtGg==,type:str]
     pgp:
-        - created_at: "2024-12-24T14:59:45Z"
+        - created_at: "2024-12-29T00:45:42Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMAwDh3VI7VctTARAAk4nNktWj0SF7nbb9/Fg8BW5KuO0aBINoExyIC+Lvgaoz
-            Bs5G4twnhGnH5J667yId4JpwFKrLi4sGzVoO3pvbhAhjJE2Ea3vVA4vse43XGBJb
-            z2IXWuDaWxu+fVWpGpu+2GDvIyMCFUMGVK3PjF5Gc1sq5wratMLZMEOfo3lG1gfm
-            IQvBiyi21F3lEDrI0sbBry+5BuWmvvz6GlaITCSzzmU1LygSvv2S0S7KsV7E8ldC
-            NAa9e5/NFwpmauATNSuLJfWIHNuwLCDSx1DbinIKu/ADgmCn4kvyXmFiTC4kmfKo
-            76It/qrWDgCK8ApNbQeNxzWgTCNgqGYcgL08sQC6T6J5kIdG3QhZfVHFFe9dQO8S
-            pB0H7O7j8ZCnXkd2IBUoXg2RP+BvWCyU6NB6YMZkcfIXvvJHsfNTODdOi5IRfyUC
-            9BaRhGTuFh1ggtdNWSjkI5ccYm5HEEawLds7oZ013qV8T+myoERIS5ZLVkpTr5nT
-            Xurx/EmHxPZsXCsBp+vrFgfzFq3P5raDDK/AADXOk3oWVRy+5+6iHT+M8yNdGqYU
-            AmXhQra2rqCVearYkJ/4IfsHFGy2Dzvyd0a1GqLtVoQaHlP5QjVXcqNJAmEbuN6y
-            j4neGeCxfnla53PfeuKa6mhOcfupmosfaebDajHvj0224G0oXcZ0LA/vrLdnuXSF
-            AgwDC9FRLmchgYQBD/9rPvTgOfuhtiY1M4mOgOUlUSELgsslPVuDgeioErWfVHMf
-            /krx1wLn/+sVPBqQ3e3fleVRauAnzEgZSsdyAwscmpX1GQwGFIsxwgWeIU16xxjL
-            fa44twBualtyjp2iCslT3jUgNqpNLFlRSQicNCpcNVAgP2Ycxrar9X5v6hhOuf9A
-            SERsp0i3A/zueW76QA1gGQhe/1uX+TuRxrC1cUT59pYSjWhIWATO/HkK3pE19IAe
-            Ioq/eMrY19a/BcbAJ9TE/HUQ6ENrr9gUuTD+hwE3F3cLUWb1tR8ambRwLKB5V94l
-            GMGan/vOtPqeDiJKQfXvwXPzbyRkVMc1Mnxmtmb4maoyG3Jj7Lqc3UGISVco8yNv
-            EJIn75ZpPZjBmQdVBcKLE07pvWxIAaDvEdkNY6bBLsClqkMtHudE0/wfhRZpqG1l
-            cVe6kyYJGg8kDR0RrGWfuE+ruDfHmsme/xE1HcTxt2iIgV+RBMeGFZ7rCyUX2mFZ
-            0GnFmh/clrVbSisHbyILokWmCkdofUDbTNAKEV6nStvFBW8o4U18KpL2hTgdGrOl
-            fTDSATTYR5ljxlRzI3+lWD6qfDbNftPOgPwnKNhBm8bnPKB8ZgcSjwCpcI2daMY7
-            ghAZTNoZJrkkCmE/5TswjmvEvez0psSorFIw60ZuwboE87zAHyUzH3vWkI6p1tJc
-            AZzPeodzalKAdYZ3EfldCzFBj1ZepHcdG4T9xmos6wS6U19vGQgZUhI4JXt6rXsr
-            G08XWuBwp064gFfREDkNMuYI3Tgc73r+J6mvyvycoqYi069ici4T+U7Zw6w=
-            =8uFY
+            hQIMAwDh3VI7VctTAQ/+MDjASUMqC4cqjI7n7EPUVCBzOyLgjE5pihtWJMREsBxa
+            dsz7pZKg+UFqOK5MZq+WPibvt4NzelNiQJdKJK3ZlG4W7o8KKk9cGqjWLCA4239e
+            uXOBBheGXp+u9xX8btasqupOXN0mJ3OsHWi76ijrCOxcAPvk5+zE5c6TqI/nPE7w
+            yvVFkPQRYw8DrnYKKhMPftQYQjv/7r/4N9+ve5oymgOGUtEjI7HVG+B95j/HsNQU
+            Ap6Gj8/Tyb3+MQs0LxFo+Tjrn7VQ6PG03aOCgQDMNRd4FpbCRbIIvZbzsc4GNszE
+            5fWXQox8mPxVpBTYAsRWmk749sjYcaXaB4HNXNP0euS3yIuCGbhfdeP9sWJheu45
+            oqdA2XcAyD+5L7H4J1Lg5OkxP8oRO/layj7e0K11EPnBbahE12vehcHWxPFYLSwl
+            oYnzmWVQ5LUWIk+oH/Jb02CGKHHE21W6+CgX3l7WehvIO+QOxWOrBgNVHONVX4HZ
+            kMQWljcwU15yP4F2n1BU4a4D1a5hYemySTclw/ZqC+REBwq8p9tvzEsGBs10kkK4
+            1KrCx7X7OHtBgBEWqhCqHOEX/bIQ10vzAKfPywHvj2TpJEyhCh0dk7mK/jfdIASU
+            V6x8vJfYfN1EdlFHgeiNLjx5u2Oa7azp+ZjYOEEH+xoUoI00Cn9GoIHohyZMECGF
+            AgwDC9FRLmchgYQBD/0ROxGKsAyMJ0QfWtgr9wP+haPWwZ1TdWg22epTm3VSfjLQ
+            Y5qLcN4J4Cmw858JABB72yYA1dcrdnObWHDNDrM4EqmRWrAvNXRNnmyi9ozPs6Qt
+            rYFCa6y2MH59V75YCUqw9Dkom+v6RUIep5zioxwqTa/D5Y9pF+kKR4JAqRa4PZXP
+            Dqc/rg7IONShpkF0l5wEaL8WR0oNnqKeTy9Ejte9qJejx6I1PGmRoskb6WOdkwJn
+            AK9UertXc2C6PvZ7A4JqEBYBYHgDMp9nRVnKht6h3NttI5Ye/id6400KJ4SPA1xy
+            tp5VQYrt8X9oD+goN835nwplXTuLT3MKAYn7/6w1txaVwgs2Ewi3D3pThERChOU9
+            zF2eTCe0dnDtuO2YlEV1ucjqFV9Ix3gWPzOjh5B0n8WMGHRCzlLGTHO2h9soM6E+
+            CKAJ8t+mNQv6BV4JPToTCZS/Sii3pSGKqtIBs3saTGrQ1CIaH2oHVw2b4luCZJXE
+            rTGzhLmOTWdZXfEeLnpTIJXTd4c7Fpuk3iKxOI/cNfd+8cY5J9SoRYbR20LzyWO+
+            CFcBJhvtC4hSyA3odsBRDsptEp7MKhsn1o1jidEQYAEpESsq7BtUshG42Hx5Uc1P
+            DU8DGxm1eWmfcr4WONSnEVConPz85kemltTNuGjTMqJc/vvPDHu3h7o8PpHqK9Je
+            AY+XGmvaUTTDm3Du4MZmKvLAoeatu7sqqo0ICrOzbZw5hDEvrGacjllQrG+XULlw
+            C93eY7rbvGAjARr27h62YiH/rT16Mf8fpDkrwGDz0aeg3Nj+J2g7/OKeRWvvzw==
+            =q4yh
             -----END PGP MESSAGE-----
           fp: 4BE7925262289B476DBBC17B76FD3810215AE097
     unencrypted_suffix: _unencrypted

diff --git a/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem b/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem
diff --git a/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem b/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem