From f691469fc2b8b778dc3895d47631a42cae7b33f1 Mon Sep 17 00:00:00 2001 From: Jan Schumacher <155645800+jschumacher-wire@users.noreply.github.com> Date: Fri, 12 Jul 2024 15:35:53 +0200 Subject: [PATCH] Updating apt key (#716) * bumping nix overlay for expired gpg apt key recreation * updating ansible hetzner playbook with latest artifact ID * updating nix build comment --- ansible/hetzner-single-deploy.yml | 2 +- nix/overlay.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/hetzner-single-deploy.yml b/ansible/hetzner-single-deploy.yml index 5a875d7fd..3c446f58c 100644 --- a/ansible/hetzner-single-deploy.yml +++ b/ansible/hetzner-single-deploy.yml @@ -1,7 +1,7 @@ - hosts: all become: true vars: - artifact_hash: f97a141ff9484810164510bf872bd2033ec3e7ff + artifact_hash: d8fe36747614968ea73ebd43d47b99364c52f9c1 ubuntu_version: 22.04.4 ssh_pubkey: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPTGTo1lTqd3Ym/75MRyQvj8xZINO/GI6FzfIadSe5c backend+hetzner-dedicated-operator@wire.com" tasks: diff --git a/nix/overlay.nix b/nix/overlay.nix index 3ee5623e0..fdf47b91c 100644 --- a/nix/overlay.nix +++ b/nix/overlay.nix @@ -33,7 +33,7 @@ super: { # or whenever this derivation is built again without having the result in the binary cache. # The public part of the key is shipped with the offline bundle # ($aptly_root/public/gpg). - # Bump the following timestamp to force a recreation: 2022-05-17 + # The private key (Github secret) was last replaced on 2024-07-12 and is valid for two years. install -Dm755 ${./scripts/generate-gpg1-key.sh} $out/bin/generate-gpg1-key # we *--set* PATH here, to ensure we don't pick wrong gpgs