mirror of
https://github.com/auricom/home-cluster.git
synced 2025-09-17 18:24:14 +02:00
🗑️ truenas jails
This commit is contained in:
auricom
@@ -16,11 +16,6 @@ all:
|
||||
ansible_port: 35875
|
||||
vars:
|
||||
ansible_user: homelab
|
||||
truenas-jails:
|
||||
hosts:
|
||||
borgserver:
|
||||
ansible_host: borgserver.{{ secret_domain }}
|
||||
# postgres:
|
||||
kubernetes:
|
||||
children:
|
||||
master:
|
||||
|
||||
@@ -1,96 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
PUID=${PUID:-1000}
|
||||
PGID=${PGID:-1000}
|
||||
|
||||
usermod -o -u "$PUID" borg &>/dev/null
|
||||
groupmod -o -g "$PGID" borg &>/dev/null
|
||||
|
||||
BORG_DATA_DIR=/backups
|
||||
SSH_KEY_DIR=/keys
|
||||
BORG_CMD='cd ${BORG_DATA_DIR}/${client_name}; borg serve --restrict-to-path ${BORG_DATA_DIR}/${client_name} ${BORG_SERVE_ARGS}'
|
||||
AUTHORIZED_KEYS_PATH=/home/borg/.ssh/authorized_keys
|
||||
|
||||
# Append only mode?
|
||||
BORG_APPEND_ONLY=${BORG_APPEND_ONLY:=no}
|
||||
|
||||
source /etc/os-release
|
||||
echo "########################################################"
|
||||
echo -n " * BorgServer powered by "
|
||||
borg -V
|
||||
echo " * Based on k8s-at-home"
|
||||
echo "########################################################"
|
||||
echo " * User id: $(id -u borg)"
|
||||
echo " * Group id: $(id -g borg)"
|
||||
echo "########################################################"
|
||||
|
||||
|
||||
# Precheck if BORG_ADMIN is set
|
||||
if [ "${BORG_APPEND_ONLY}" == "yes" ] && [ -z "${BORG_ADMIN}" ] ; then
|
||||
echo "WARNING: BORG_APPEND_ONLY is active, but no BORG_ADMIN was specified!"
|
||||
fi
|
||||
|
||||
# Precheck directories & client ssh-keys
|
||||
for dir in BORG_DATA_DIR SSH_KEY_DIR ; do
|
||||
dirpath=$(eval echo '$'${dir})
|
||||
echo " * Testing Volume ${dir}: ${dirpath}"
|
||||
if [ ! -d "${dirpath}" ] ; then
|
||||
echo "ERROR: ${dirpath} is no directory!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$(find ${SSH_KEY_DIR}/clients ! -regex '.*/\..*' -a -type f | wc -l)" == "0" ] ; then
|
||||
echo "ERROR: No SSH-Pubkey file found in ${SSH_KEY_DIR}"
|
||||
exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# Create SSH-Host-Keys on persistent storage, if not exist
|
||||
mkdir -p ${SSH_KEY_DIR}/host 2>/dev/null
|
||||
echo " * Checking / Preparing SSH Host-Keys..."
|
||||
for keytype in ed25519 rsa ; do
|
||||
if [ ! -f "${SSH_KEY_DIR}/host/ssh_host_${keytype}_key" ] ; then
|
||||
echo " ** Creating SSH Hostkey [${keytype}]..."
|
||||
ssh-keygen -q -f "${SSH_KEY_DIR}/host/ssh_host_${keytype}_key" -N '' -t ${keytype}
|
||||
fi
|
||||
done
|
||||
|
||||
echo "########################################################"
|
||||
echo " * Starting SSH-Key import..."
|
||||
|
||||
# Add every key to borg-users authorized_keys
|
||||
rm ${AUTHORIZED_KEYS_PATH} &>/dev/null
|
||||
for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); do
|
||||
client_name=$(basename ${keyfile})
|
||||
mkdir ${BORG_DATA_DIR}/${client_name} 2>/dev/null
|
||||
echo " ** Adding client ${client_name} with repo path ${BORG_DATA_DIR}/${client_name}"
|
||||
|
||||
# If client is $BORG_ADMIN unset $client_name, so path restriction equals $BORG_DATA_DIR
|
||||
# Otherwise add --append-only, if enabled
|
||||
borg_cmd=${BORG_CMD}
|
||||
if [ "${client_name}" == "${BORG_ADMIN}" ] ; then
|
||||
echo " ** Client '${client_name}' is BORG_ADMIN! **"
|
||||
unset client_name
|
||||
elif [ "${BORG_APPEND_ONLY}" == "yes" ] ; then
|
||||
borg_cmd="${BORG_CMD} --append-only"
|
||||
fi
|
||||
|
||||
echo -n "restrict,command=\"$(eval echo -n \"${borg_cmd}\")\" " >> ${AUTHORIZED_KEYS_PATH}
|
||||
cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH}
|
||||
echo >> ${AUTHORIZED_KEYS_PATH}
|
||||
done
|
||||
chmod 0600 "${AUTHORIZED_KEYS_PATH}"
|
||||
|
||||
echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..."
|
||||
ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null)
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "ERROR: ${ERROR}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
chown -R borg:borg ${BORG_DATA_DIR}
|
||||
chown borg:borg ${AUTHORIZED_KEYS_PATH}
|
||||
chmod 600 ${AUTHORIZED_KEYS_PATH}
|
||||
|
||||
echo "########################################################"
|
||||
echo " * Init done!"
|
||||
@@ -1,5 +0,0 @@
|
||||
HostKey /keys/host/ssh_host_rsa_key
|
||||
HostKey /keys/host/ssh_host_ed25519_key
|
||||
AuthorizedKeysFile .ssh/authorized_keys
|
||||
Subsystem sftp /usr/libexec/sftp-server
|
||||
PermitRootLogin yes
|
||||
@@ -1,112 +0,0 @@
|
||||
---
|
||||
- name: jail-borgserver | get jail ip
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage exec borgserver ifconfig epair0b | grep 'inet' | awk -F ' ' '{ print $2 }'
|
||||
changed_when: false
|
||||
register: borgserver_jail_ip
|
||||
become: true
|
||||
|
||||
- block:
|
||||
- name: jail-borgserver | create zfs pools
|
||||
community.general.zfs:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- "{{ pool_name }}/jail-mounts"
|
||||
- "{{ pool_name }}/jail-mounts/borgserver"
|
||||
- "{{ pool_name }}/jail-mounts/borgserver/backups"
|
||||
- "{{ pool_name }}/jail-mounts/borgserver/keys"
|
||||
|
||||
- name: jail-borgserver | create empty dirs
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage exec borgserver mkdir -p /{{ item }}
|
||||
loop:
|
||||
- backups
|
||||
- keys
|
||||
|
||||
- name: jail-borgserver | mount dirs
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage fstab -a borgserver /mnt/{{ pool_name }}/jail-mounts/borgserver/{{ item }} /{{ item }} nullfs rw 0 0
|
||||
loop:
|
||||
- backups
|
||||
- keys
|
||||
become: true
|
||||
|
||||
- block:
|
||||
- name: jail-borgserver | packages
|
||||
community.general.pkgng:
|
||||
name:
|
||||
#- py39-borgbackup
|
||||
- sshguard
|
||||
state: present
|
||||
|
||||
- name: jail-borgserver | download borg cli
|
||||
ansible.builtin.get_url:
|
||||
url: https://github.com/borgbackup/borg/releases/download/1.2.1/borg-freebsd64
|
||||
dest: /usr/local/bin/borg
|
||||
mode: 0755
|
||||
|
||||
- name: jail-borgserver | user borg
|
||||
ansible.builtin.user:
|
||||
name: borg
|
||||
uid: 1000
|
||||
state: present
|
||||
|
||||
- name: jail-borgserver | create directories
|
||||
ansible.builtin.file:
|
||||
path: /home/borg/.ssh
|
||||
owner: 1000
|
||||
group: 1000
|
||||
state: directory
|
||||
|
||||
- name: jail-borgserver | authorized_keys
|
||||
ansible.builtin.file:
|
||||
path: /home/borg/.ssh/authorized_keys
|
||||
owner: 1000
|
||||
group: 1000
|
||||
state: touch
|
||||
|
||||
- name: jail-borgserver | change folders mod
|
||||
ansible.builtin.file:
|
||||
path: "{{ item }}"
|
||||
owner: 1000
|
||||
group: 1000
|
||||
loop:
|
||||
- /backups
|
||||
- /keys
|
||||
|
||||
- name: jail-borgserver | copy sshd_config
|
||||
ansible.builtin.copy:
|
||||
src: borgserver/sshd_config
|
||||
dest: /etc/ssh/sshd_config'
|
||||
mode: 0644
|
||||
|
||||
- name: jail-borgserver | copy borgserver rc.d
|
||||
ansible.builtin.copy:
|
||||
src: borgserver/rc.d
|
||||
dest: /etc/rc.d/borgserver
|
||||
mode: 0755
|
||||
|
||||
- name: jail-borgserver | configure sshguard
|
||||
community.general.sysrc:
|
||||
name: "{{ item.name }}"
|
||||
value: "{{ item.value }}"
|
||||
state: present
|
||||
loop:
|
||||
- { name: "sshguard_enable", value: "YES" }
|
||||
- { name: "sshguard_danger_thresh", value: "30" }
|
||||
- { name: "sshguard_release_interval", value: "600" }
|
||||
- { name: "sshguard_reset_interval", value: "7200" }
|
||||
|
||||
- name: jail-borgserver | start sshguard service
|
||||
ansible.builtin.service:
|
||||
name: sshguard
|
||||
state: started
|
||||
|
||||
- name: jail-borgserver | restart sshd service
|
||||
ansible.builtin.service:
|
||||
name: sshd
|
||||
state: restarted
|
||||
|
||||
delegate_to: "{{ borgserver_jail_ip.stdout }}"
|
||||
remote_user: root
|
||||
@@ -1,31 +0,0 @@
|
||||
---
|
||||
- name: jail-prepare | {{ outside_item.item }} | create .ssh directory
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage exec {{ outside_item.item }} 'mkdir -p /root/.ssh; echo "" > /root/.ssh/authorized_keys; chmod 700 /root/.ssh; chmod 600 /root/.ssh/authorized_keys'
|
||||
become: true
|
||||
|
||||
- name: jail-prepare | {{ outside_item.item }} | deploy ssh keys
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage exec {{ outside_item.item }} 'echo "{{ item }}" >> /root/.ssh/authorized_keys'
|
||||
loop: "{{ public_ssh_keys }}"
|
||||
become: true
|
||||
|
||||
- name: jail-prepare | {{ outside_item.item }} | activate sshd
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage exec {{ outside_item.item }} 'sysrc sshd_enable="YES"'
|
||||
become: true
|
||||
|
||||
- name: jail-prepare | {{ outside_item.item }} | sshd permit root login
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage exec {{ outside_item.item }} 'echo "PermitRootLogin yes" >> /etc/ssh/sshd_config'
|
||||
become: true
|
||||
|
||||
- name: jail-prepare | {{ outside_item.item }} | start sshd
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage exec {{ outside_item.item }} 'service sshd start'
|
||||
become: true
|
||||
|
||||
- name: jail-prepare | {{ outside_item.item }} | install packages
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage exec {{ outside_item.item }} 'pkg install -y python39 bash; ln -s /usr/local/bin/bash /bin/bash'
|
||||
become: true
|
||||
@@ -1,41 +0,0 @@
|
||||
---
|
||||
- name: jails | check if jail exist
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage list | grep {{ item }}
|
||||
loop: "{{ groups['truenas-jails'] }}"
|
||||
register: jails_check
|
||||
changed_when: false
|
||||
failed_when: jails_check.rc != 0 and jails_check.rc != 1
|
||||
|
||||
- name: jails | is iocage fetch required
|
||||
ansible.builtin.set_fact:
|
||||
jail_missing: true
|
||||
loop: "{{ jails_check.results }}"
|
||||
when: item.rc == 1
|
||||
|
||||
- block:
|
||||
- name: jails | get current FreeBSD release
|
||||
ansible.builtin.shell:
|
||||
cmd: freebsd-version -k
|
||||
register: release
|
||||
failed_when: release.rc != 0
|
||||
|
||||
- name: jails | fetch iocage template {{ release.stdout }}
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage fetch -r {{ release.stdout }}
|
||||
become: true
|
||||
|
||||
- name: jails | create jail
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage create -r {{ release.stdout }} -n {{ item.item }} dhcp=on boot=on
|
||||
loop: "{{ jails_check.results }}"
|
||||
when: item.rc == 1
|
||||
become: true
|
||||
when: jail_missing
|
||||
|
||||
- name: jails | init jails
|
||||
ansible.builtin.include_tasks: init.yml
|
||||
loop: "{{ jails_check.results }}"
|
||||
loop_control:
|
||||
loop_var: outside_item
|
||||
when: outside_item.rc == 1
|
||||
@@ -1,60 +0,0 @@
|
||||
---
|
||||
- name: jail-postgres | get jail ip
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage exec postgres ifconfig epair0b | grep 'inet' | awk -F ' ' '{ print $2 }'
|
||||
changed_when: false
|
||||
register: postgres_jail_ip
|
||||
become: true
|
||||
|
||||
- name: jail-postgres | copy letsencrypt certificate
|
||||
ansible.builtin.copy:
|
||||
src: /mnt/storage/home/homelab/letsencrypt/{{ secret_domain }}/{{ item.src }}
|
||||
remote_src: true
|
||||
dest: /mnt/storage/jail-mounts/postgres/data{{ postgres_version }}/{{ item.dest }}
|
||||
owner: 770
|
||||
group: 770
|
||||
mode: 0600
|
||||
loop:
|
||||
- { src: "fullchain.pem", dest: "server.crt" }
|
||||
- { src: "key.pem", dest: "server.key" }
|
||||
notify: restart postgresql
|
||||
become: true
|
||||
|
||||
- block:
|
||||
- name: jail-postgres | disable full page writes because of ZFS
|
||||
ansible.builtin.lineinfile:
|
||||
path: /var/db/postgres/data{{ postgres_version }}/postgresql.conf
|
||||
regexp: '^full_page_writes\s*='
|
||||
line: "full_page_writes=off"
|
||||
state: present
|
||||
notify: restart postgresql
|
||||
|
||||
- name: jail-postgres | listen to all addresses
|
||||
ansible.builtin.lineinfile:
|
||||
path: /var/db/postgres/data{{ postgres_version }}/postgresql.conf
|
||||
regexp: '^listen_addresses\s*='
|
||||
line: "listen_addresses = '*'"
|
||||
state: present
|
||||
notify: restart postgresql
|
||||
|
||||
- name: jail-postgres | ssl configuration
|
||||
ansible.builtin.blockinfile:
|
||||
path: /var/db/postgres/data{{ postgres_version }}/postgresql.conf
|
||||
block: |
|
||||
ssl = on
|
||||
ssl_cert_file = 'server.crt'
|
||||
ssl_key_file = 'server.key'
|
||||
ssl_prefer_server_ciphers = on
|
||||
state: present
|
||||
notify: restart postgresql
|
||||
|
||||
- name: jail-postgres | configure postgres
|
||||
ansible.builtin.template:
|
||||
src: postgres/pg_hba.conf
|
||||
dest: /var/db/postgres/data{{ postgres_version }}/pg_hba.conf
|
||||
owner: postgres
|
||||
group: postgres
|
||||
notify: restart postgresql
|
||||
|
||||
delegate_to: "{{ postgres_jail_ip.stdout }}"
|
||||
remote_user: root
|
||||
@@ -1,143 +0,0 @@
|
||||
---
|
||||
- name: jail-postgres | get jail ip
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage exec postgres ifconfig epair0b | grep 'inet' | awk -F ' ' '{ print $2 }'
|
||||
changed_when: false
|
||||
register: postgres_jail_ip
|
||||
become: true
|
||||
|
||||
- block:
|
||||
- name: jail-postgres | create zfs pools
|
||||
community.general.zfs:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- "{{ pool_name }}/jail-mounts"
|
||||
- "{{ pool_name }}/jail-mounts/postgres"
|
||||
- "{{ pool_name }}/jail-mounts/postgres/data{{ postgres_version }}"
|
||||
|
||||
- name: jail-postgres | configure zfs pool postgresql
|
||||
community.general.zfs:
|
||||
name: "{{ pool_name }}/jail-mounts/postgres"
|
||||
state: present
|
||||
extra_zfs_properties:
|
||||
atime: off
|
||||
setuid: off
|
||||
|
||||
- name: jail-postgres | configure zfs pool postgresql
|
||||
community.general.zfs:
|
||||
name: "{{ pool_name }}/jail-mounts/postgres"
|
||||
state: present
|
||||
extra_zfs_properties:
|
||||
atime: off
|
||||
setuid: off
|
||||
|
||||
- name: jail-postgres | create empty data{{ postgres_version }} dir
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage exec postgres mkdir -p /var/db/postgres/data{{ postgres_version }}
|
||||
|
||||
- name: jail-postgres | mount data{{ postgres_version }}
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage fstab -a postgres /mnt/{{ pool_name }}/jail-mounts/postgres/data{{ postgres_version }} /var/db/postgres/data{{ postgres_version }} nullfs rw 0 0
|
||||
become: true
|
||||
|
||||
- block:
|
||||
- name: jail-postgres | packages
|
||||
community.general.pkgng:
|
||||
name:
|
||||
- postgresql{{ postgres_version }}-server
|
||||
- postgresql{{ postgres_version }}-contrib
|
||||
- postgresql{{ postgres_version }}-client
|
||||
- py39-pip
|
||||
state: present
|
||||
|
||||
- name: jail-postgres | pip packages
|
||||
ansible.builtin.pip:
|
||||
name: psycopg2
|
||||
state: present
|
||||
|
||||
- name: jail-postgres | change postgres/data{{ postgres_version }} mod
|
||||
ansible.builtin.file:
|
||||
path: /var/db/postgres/data{{ postgres_version }}
|
||||
owner: postgres
|
||||
group: postgres
|
||||
|
||||
- name: jail-postgres | initdb
|
||||
ansible.builtin.shell:
|
||||
cmd: su -m postgres -c 'initdb -E UTF-8 /var/db/postgres/data{{ postgres_version }}'
|
||||
|
||||
- name: jail-postgres | move base and pg_wal
|
||||
ansible.builtin.shell:
|
||||
cmd: su -m postgres -c 'mv /var/db/postgres/data{{ postgres_version }}/{{ item }} /var/db/postgres/data{{ postgres_version }}/{{ item }}0'
|
||||
loop:
|
||||
- base
|
||||
- pg_wal
|
||||
|
||||
- name: jail-postgres | create base and pg_wal empty dirs
|
||||
ansible.builtin.file:
|
||||
path: /var/db/postgres/data{{ postgres_version }}/{{ item }}
|
||||
state: directory
|
||||
owner: postgres
|
||||
group: postgres
|
||||
loop:
|
||||
- base
|
||||
- pg_wal
|
||||
|
||||
delegate_to: "{{ postgres_jail_ip.stdout }}"
|
||||
remote_user: root
|
||||
|
||||
- block:
|
||||
- name: jail-postgres | create missing zfs pools
|
||||
community.general.zfs:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
- "{{ pool_name }}/jail-mounts/postgres/data{{ postgres_version }}/base"
|
||||
- "{{ pool_name }}/jail-mounts/postgres/data{{ postgres_version }}/pg_wal"
|
||||
|
||||
- name: jail-postgres | mount base
|
||||
ansible.builtin.shell:
|
||||
cmd: iocage fstab -a postgres /mnt/{{ pool_name }}/jail-mounts/postgres/data{{ postgres_version }}/{{ item }} /var/db/postgres/data{{ postgres_version }}/{{ item }} nullfs rw 0 0
|
||||
loop:
|
||||
- base
|
||||
- pg_wal
|
||||
|
||||
become: true
|
||||
|
||||
- block:
|
||||
- name: jail-postgres | move base and pg_wal content to mounts
|
||||
ansible.builtin.shell:
|
||||
cmd: mv /var/db/postgres/data{{ postgres_version }}/{{ item }}0/* /var/db/postgres/data{{ postgres_version }}/{{ item }}/; rmdir /var/db/postgres/data{{ postgres_version }}/{{ item }}0
|
||||
loop:
|
||||
- base
|
||||
- pg_wal
|
||||
|
||||
- name: jail-postgres | change mod
|
||||
ansible.builtin.file:
|
||||
path: /var/db/postgres/data{{ postgres_version }}/{{ item }}
|
||||
state: directory
|
||||
owner: postgres
|
||||
group: postgres
|
||||
recurse: true
|
||||
loop:
|
||||
- base
|
||||
- pg_wal
|
||||
|
||||
- name: jail-postgres | enable postgresql service
|
||||
community.general.sysrc:
|
||||
name: postgresql_enable
|
||||
state: present
|
||||
value: "YES"
|
||||
|
||||
- name: jail-postgres | start postgresql service
|
||||
ansible.builtin.service:
|
||||
name: postgresql
|
||||
state: started
|
||||
|
||||
- name: jail-postgres | change postgres password
|
||||
postgresql_query:
|
||||
login_user: postgres
|
||||
query: ALTER USER postgres PASSWORD '{{ postgres_password }}'
|
||||
|
||||
delegate_to: "{{ postgres_jail_ip.stdout }}"
|
||||
remote_user: root
|
||||
@@ -7,30 +7,3 @@
|
||||
|
||||
- ansible.builtin.include_tasks: wireguard.yml
|
||||
when: "main_nas == false"
|
||||
|
||||
- block:
|
||||
- ansible.builtin.include_tasks: jails/main.yml
|
||||
|
||||
# - ansible.builtin.shell:
|
||||
# cmd: test -f /mnt/storage/jail-mounts/postgres/data{{ postgres_version }}/postgresql.conf
|
||||
# register: postgres_data_exists
|
||||
# become: true
|
||||
# changed_when: false
|
||||
# failed_when: postgres_data_exists.rc != 0 and postgres_data_exists.rc != 1
|
||||
|
||||
# - ansible.builtin.include_tasks: jails/postgres-init.yml
|
||||
# when: postgres_data_exists.rc == 1
|
||||
|
||||
# - ansible.builtin.include_tasks: jails/postgres-conf.yml
|
||||
|
||||
- ansible.builtin.shell:
|
||||
cmd: test -f /mnt/storage/jail-mounts/borgserver/keys/host/ssh_host_ed25519_key
|
||||
register: borgserver_data_exists
|
||||
become: true
|
||||
changed_when: false
|
||||
failed_when: borgserver_data_exists.rc != 0 and borgserver_data_exists.rc != 1
|
||||
|
||||
- ansible.builtin.include_tasks: jails/borgserver-init.yml
|
||||
when: borgserver_data_exists.rc == 1
|
||||
|
||||
when: "main_nas"
|
||||
|
||||
@@ -1,31 +0,0 @@
|
||||
kind: Secret
|
||||
apiVersion: v1
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: borgserver-host
|
||||
namespace: default
|
||||
stringData:
|
||||
ssh_host_ed25519_key: ENC[AES256_GCM,data:FeWPg7LWcnrFm7DXdizGgxSwN4UVwl39XdQCQv8JeizTqmr9OJQLQzfLW5ExE7UD/bdHs6CvNKDOVBpcicc/Drmio6272WIQk5XcoyfyWaZQfmjKLj7Qfh3UCWi0b59uFXwfvoAEzeBbG+L530bTDyPqiIQxO9m/QVFTsBfZCg0QDJNUbQV/5a4jK5nJXIYrfE+VezbknzZtTvHVCr65ftN+ZWEjHBtClRdmnNjTaDUnCKqu+n8UKw756V5+a5+4MGUiWmwib4fYZnYFquajndvHk+73bd4mo8mO+s7zyl9txcXUJX39qGiSUmY2ABznbpP+nDMwvgHggGV/jsXAzSmhA17SVidWImyPz+vNy8oNIkkM/IviCIYiDmDFyqRGBUxjL/cc3UwtmO40QuJl3TCR8ztLkO7paYmNvwCbfHInygSlR8etao8qKzhh3EE0dTageuKKp8anCrwDeceSQ6kZsNk4zhQTXxhamNni77BcxwFNGJOGdDhXsz9/hxfAgaAPO4PwHo9jxDopX6DEV+VEQZ4vePJVMzyLaBXvgdZQSZqMWndPbbHRsbIC8YIV,iv:A1aZEhL6xK5rnbjoUNByufnpoJRO559KPwF4PlZGRsc=,tag:rtEQIRldBanayzitxHgRiA==,type:str]
|
||||
ssh_host_ed25519_key.pub: ENC[AES256_GCM,data:C5+/1cNsWoshxXCkJJBofn47qBbz0TaQlHRCUt3zJbfb2T6kne3vVOYA6sEs0Kcr5Ecj6QAINwJlnmWsPsET36m6lHhcFKJeUaAQWVybOxP0eg+NBuuYoZILzdqv6xXGRCiAED+ZhEWsTgcsIjLS4Hsq,iv:yHGTQLc0Wwmc2xtOIHl8kbgInRKFwxk4wlx0UO+Jz6c=,tag:1rmWNdUgNcXGOYElMhx5xQ==,type:str]
|
||||
ssh_host_rsa_key: ENC[AES256_GCM,data:a99N0mPtEbZK5Nawlj+MycuObFxz5Tn0tspdfBWC18FbUUQNqS6+DYGHJ68KU9o1eT9sVpdMO4jDhoxZNP8JqSuwv0GL6j3OhXM6xdLCO795HeaH/eeJpIjNooEhIImhRnbrz4Z/cKhNmyuHVOj7Nbo6pBJOtQTiPs3YHRRytMMfUe1UByXzA9YZPWYht7OkMOQWXXqhsuXF3JezQnzhRo8SfO2LlSX4H/5Kb444h12VCc4NIHr+ds3R3Z99wTkYcY3WKXAd6P57wAX7G/eSv9iSRKanG7NoyUoimXvTZYKcz3Il6UIZGaCS6ntwJBeBqdZjgf/3gXxyim8I90wmtDpDbqxpOF2K3EmY7DXSHud5SA7d7xvrzDnAiEPaW8GcFnlPtsTbn7DnCQ0uomf3aM8TS/NooRj2M5oufdZ2rq692h+w7q6LFB+rCdNrcttv4IDLmGd7jV7biWHvxyXgYC1DXskJArYnKzZfzNV3Yzdyg4GzKPstV8BhjtKgYTMU9OVVqK84AptGNdYfcBCB1GaNYG5vl/LP3eEjBSLubdC3JUucV5n9p9fBDf41QaCg+DrWs2xFybEM/JoBJt9DQOX4FznXJr7Qc/+FbeKZbZuqNDLReI0oTpp610DSta/Y1rlw0c6NLADA2WZzsodatUgzYfpstZ5cLl4B/i61M+928Wx4P+PrHI7IXRW4j3usNRIS7a6BF1VBdOSQn5H5lLdpDpy8IhhfAvEj1E4eSvG8s3Qp76oS7uSotyecBkCIxiu4HhGN8QGOj/2tjq6sxh05iX4YHg7C4vtmITIP6I3h8ewOP42lo6NxZp+NJKC+lryNcCqMrQuIUK5AKXqO5K1OYa6pWIUXgIssHyt+OpjaJ6VvN1VkXRioGIigg597+0AABDajLefLpFgDIMGLOWw6Mz1LaU4jg2mgfiqdSatrD9whi6TGyMFCwR4oWPZNMjw8udr3LWXj6GgnfNu6VVuLEj6e1qnEdZpywrTEM9pDGLeexvbFv0Ipexyd5OgTbMisvYCUO6nXs7FwxTIsrnjmai16whLBWa+TrChxQDOL5XJZjHZRcT+8DOl4AX9FyffIy7tdS8D2IFhk7ffernFGf/2TUGLREyw1bkAGVZjBRRJ/9y///sRal1dDp52k4OH3QZlHmjjTMExGAjn55K/fDhqdlNRdAVwFylBa83E9ci+RUW1DEJQ8t+WimS55CevwMPRjcABHm3TFgxM4gS2vySwG/+3plACqoTp7IwniTNs9hjMbU24X8FqdTxLLn5VvHjb/NzuAGhcBd/GoRg4sjDB97TWXoRRFjh2UjApUqdoU2XWW1/qkFRxYh1l9ahQy1+nRqWzo0+nVzF9KKtbubNRH9xhDcGtz/R4xep8Bxqg1Mq/wF3So/vGGGCYJ+K6eIBLdnoaq4M/WzlYRSAW94mp2WrIAAZSc+2CO14Hwnf6qyeLWJtAFSh7FBsoEmqkI1kojmI4j8MO/mzouYvaybejpOAe8p0xQ27J1I1cG0ceb5ZPrjpAsaGP3bJDu78JUYfnSHEuFOfXAXny64pFayzPOE6+F0QIK3nL3s+XO4Nj9ySJzn5iL9nGZit49nUvhp/fB+7KCNyPCMF/5+NveMYgerjvvfq+tmCS+TvWjKCrvO2fHBTVcB4XHyTuMu5BC/Vmd6qhOnpJuUt1uHpCkIlZs9tJsXzuKJ/X6Ym2UOXspzTpztzmsmQiqxIrBZ2TP2PdPCL210loK0FSRRS/FAs5/Krna/HcdzLtMhHgFlZNALpti/tHGYOuLI0sDXtdbJhxz99H/onXHTHDHoGM8auvnQCObcAp0eFiyMiEzAl2Y5S0lbGun3xbX19xuOOmn3AN2wkQ46Lcu59Bl3YPBh+ORMhyG8gTJRyS5rXq3/FvSeQbIMMy9dGru5YCu/MKOJ9IeBwyDcN4rissplAljesclZ+yaaVyFTbMgOniEQt4aRt3yuUJKWesuKmsnMXGHSxKkDSLpS3svUMBcC3yuDTONjXe7NPwQgGdqrC1nUPlIHZ6FGc0lfD6lPh0BpdpZHuFaxiHuI1kIi0VLOB05iO5Rw+QJt6oCjxiVzI0HdeKJ8WTrd8OO4XS3L0/MlEsjJO8VHBZ4UfF3jWB74mrjqvyhoOWOaqv5dZJZwtWGO5yrgqilD4MkludWMhrGGREcj5KL3EoT71+3pBUO1gqytE4UQCrPG9n2Jwb0Vb9xvaqiJfsm5tQ7BvqKysnHI4obhO57XYc9bjEwzCpKQa2AMBM2NEa8desa3fmA7JrGUbD463Zu4Cbq0cnX/5bmfPkVYgcvZgGpW++bvEZAH/TWwV8IhEoof3tNRuGs4aWkuebCqULcnspaq0zIjagJLhzVWFp0uSlyn2LUfJm6JCv09aX7nSOVXWRmh/stmxCmzFB/8oSmiTEB3O/evN6c3AzAPz+4hTleoUuIPnd+R59s0S6mm0Kdr7d+AVBOWUMfuRin+yfTXE4Ud5JT1wmTSWzaEshDx3MMH650d7gaYU0f38w7adZpB88uii/iA0SlQ+ucIEMR4UR2R6pFya515u5AVnygS6Xm4sVroEw/8H0ZE2KzdCfY6oBI9Y2Tcc3IDe0D0TNIu0d7GPgjWZPAPDV10Dm/IxHEB4RZoGwj32NqLSplEcTl1JjYg8H90AuUzfDjCV04neUiN0IROVnYYoz37PhaMFV5mSsNiQjoohmAgS3lsb4/Y9n3GfR6OHvwDpCmrA1WpM5eM/W4yzRao7t4f7EYVy1fkNdqfdUJ9IJzsK6iKux0BwE0s7uxbYWJsZwdaaoE7NuhQi0+PyltDEDrELa2tf0fFQ89PJuXiIHo6zaOomTQcqhTpte7I1nr35F3nlHWjdNp/pbYAax53owp0WY8N/Tp5Nwxg7f90KWyiAqPLpLpSi8PkNOk+hyI4Gw+QT86KjRO1P1szLDGqAy1WS02mkSvcmBF/ax3mrBrEs2aqkYTjz9jPma7vL1/VzIKuyx6j0QJWbbOTdjZBUQJjgPfWVWYPR+HjBqXX6QPF3Qo13g8BeMz2ZVsqGaTO+H/HEeX8C1i/U13+ZA3oAxAJLgbH7b2oBb3ja35Df2pBg8orCSnS8ay5yDSPOFO2UIJERuJzqHdyLlSOrgp8avEVK3U3CFbjjE1dOI7krqeKwYXoUsROSDbNTzstYBjW4zlhoK/e9P79xMmTcGaE8B0CswTcJdRH3btT0Qao+BL8s0lB4yX0rvFVvRNVNuG214/WTLll9mTs7MJZuQeX2zaC32aJ5RmGwzoBZDSik/3ZSsKr1Uyc6rOrdgrflHrDWb/a1SXuGatLfqWHUiQmyeXQjxebWcGVEset6Pby7QMwXD75HhzgCSjdP+fef9KI/Hkgt0GJJ0tzbnf277VJVgl3p1US1BiHbdzVn9wmWn4a1Wy/OqnwU571sE8QKQRCz6D8tDfm3VfBY2avxdYBMqAXttdrvaHZo5w6k4yX+qWwiQBbh4URrnsH8mZ,iv:AX/hwSuHPNe8BMFiM0n9j21SwEw3gNPP3Azq1QFkddo=,tag:kI7F5Xbmk8RE/jMIxkIkOw==,type:str]
|
||||
ssh_host_rsa_key.pub: ENC[AES256_GCM,data:qXkMPzaXNnvnrmus0nALNxLH1jEqew0MS2YJ5jhDIB3Z1zfwMha/Jd+bslwDuuNeIOo+BBtNgYvvmNKAAefKbbbMFsJo9o5Yi1Y3En3xek/v3COqS/AQ7iDRkTvvrMKtKtXsPChDSsDE5xS9+cRVFlxPkNIne69bqmTdz+WImj8let9YBB6HYg7jpsnOE7CcJ2Jqw9qGJqH5cIFQoNOSWTvd//v7CcXkE0t+eAqAQDYo01y9bcTzow4qRX5RRXx6qNC7KzSDGwtBnUe1A3Z68GmlsZaSpGrGyKQTCBJ/fod+WmbsfbfDZBorJiFrVfA+nU6JfowRkWC5Bt4gg4ArcR7uW6qN7Hg6EcEZf+GPG8Isdg7Bim41JijTedD6GuPvrpxTf7klLLgKcgRjjw4vjAMa1gzl9lYdMCxVrarD61Ex1z2lvmQqvpKDpTlbnXGqbYNUYq86TsN8/PyrxzquYS21j8je8b31IgAUysnOjOVwbtegbCn6EkfisDZdQTv1vJ6Ey1SShV4udk9TT5WRaKKGDELKp94CWFdHsRHClAdCUkltqBRkQHZZC2GOCO1kROiQVbKT5TAhd96uuvAG5U+GH+CokZn7PgTVzLStIxVItueFWV2/oKxpaACEiLNwPQnXAXqqL/ArGkeQN3lWZVRUBpzNKv71vIowRA48+qHt8JqRLKqfFcUzwJaiGRCfn4g7amSvqTGOKGQ/LsZAsdSIt71//wk6zJE8/ZIfSN3rqE6WSu4RC150lJI5MF6teQ0Mz+S+AyBuUw==,iv:zUoqq6FDBMas2fkWNz3zhnM+wvxBGAb2MeI1PRzmw+8=,tag:oAN/GvXfjOYwXP4uXzts4Q==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSd2h2N2RELzkvODM0WE1p
|
||||
c1M3bEQxdDZkZ3Zlcm9uKzFWYklLWWpUYXhvCkN1bXU3YmNrY255RmkwSXFDWmt1
|
||||
dHExaGZRODhKdm1NR2xYV29CeE5vbk0KLS0tIHpBUGVaNUhKaE5UOU1hM3c0akxX
|
||||
ZWRhWnBrY1FBNVQyOU0yVGFXb0QrVnMK26Nc5Bw/jOzuxXcufHcxnugG1bzqO9T8
|
||||
LNIau17zdWX5bfWGDj++ipnm8x1sPswEULal4U2Muc2Iy7GuZPhVyg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-11-20T18:08:09Z"
|
||||
mac: ENC[AES256_GCM,data:ztMF0JW6BZfpXitcdFy6wG8cIvsEGB6jVY25xijONz2qhi0F9Lw4IiJwumfJ+3hFqMJUznI3IoEjhUIR54YNpmzVwn60CJIK0nVw4WrsGDg0728fuZmA4UlLi8Paynksn3ulGjaal9+K9ML266Xmo+12lf/13Q73yA9XsVy3nRk=,iv:suhFmkdB0UprQOpR6BuJZ9K1XHaDBxzTr7ViFNOCENE=,tag:nwYdO/cYPQM2GMNI4d+GEg==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.7.3
|
||||
@@ -2,7 +2,6 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- borgserver
|
||||
- kopia-web
|
||||
- resilio-sync
|
||||
- smartctl-exporter
|
||||
|
||||
Reference in New Issue
Block a user