feat: initial amzebs config

2025-11-14 09:30:19 +01:00
parent 9fab06795a
commit 865311bf49
13 changed files with 741 additions and 0 deletions
--- a/hosts/amzebs-01/secrets.yaml
+++ b/hosts/amzebs-01/secrets.yaml
@@ -0,0 +1,18 @@
+# SOPS encrypted secrets for amzebs-01
+# Edit with: nix-shell -p sops --run 'sops hosts/amzebs-01/secrets.yaml'
+#
+# Required secrets:
+# - borg-passphrase: Backup encryption passphrase
+# - borg-ssh-key: SSH private key for backup server access
+# - mysql-readonly-password: Password for read-only MySQL user (api_ebs_amz_at_ro)
+#
+# To initialize this file, first ensure the host SSH key exists, then run:
+# sops hosts/amzebs-01/secrets.yaml
+
+# Placeholder structure (will be encrypted after initialization):
+borg-passphrase: CHANGEME
+borg-ssh-key: |
+  -----BEGIN OPENSSH PRIVATE KEY-----
+  CHANGEME
+  -----END OPENSSH PRIVATE KEY-----
+mysql-readonly-password: CHANGEME