feat(amd): add opencode web server at opencode.amd.hoyer.world
Mirror of the sgx opencode setup: systemd service on port 4196 fronted by nginx with a per-host ACME cert (DNS-01 via internetbs). Adds amd key + path rule to .sops.yaml so secrets under .secrets/amd/ encrypt for the host.
This commit is contained in:
parent
01f42c0851
commit
0e723e2da8
7 changed files with 158 additions and 0 deletions
|
|
@ -1,6 +1,7 @@
|
|||
keys:
|
||||
- &server_hetzner age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy
|
||||
- &server_sgx age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3
|
||||
- &server_amd age1u2glh4g65qjvlcan7u7qmhdlpvxqkc2h48m5zka8nafjrfnt5e3ss494vt
|
||||
- &server_t15 age1f2yu0cc826ej7hs4g865y29zy9uqfy0yp32f2m80typpk2pxqp7sfcffj4
|
||||
- &server_x1 age1z87u2na6vts0sqg6sc73p9ym6e5g9a0gf3hp9e7ha47e83zy4efqcjhk0y
|
||||
- &harald age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
|
||||
|
|
@ -18,6 +19,12 @@ creation_rules:
|
|||
- *server_sgx
|
||||
- *harald
|
||||
- *harald_ssh
|
||||
- path_regex: .secrets/amd/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
- *server_amd
|
||||
- *harald
|
||||
- *harald_ssh
|
||||
- path_regex: .secrets/t15/[^/]+\.(yaml|json|env|ini)$
|
||||
key_groups:
|
||||
- age:
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue