From 0905083fb257782eccac8ad9ad8b0109657f0742 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sun, 5 May 2024 14:18:43 +0200
Subject: [PATCH] hosts/clerie-backup: Migrate secrets to sops

---
 hosts/clerie-backup/restic-server.nix         |   3 +-
 hosts/clerie-backup/secrets.json              |  27 ++++++++++++++++++
 .../secrets/restic-server-cyan-htpasswd.age   | Bin 705 -> 0 bytes
 hosts/clerie-backup/secrets/wg-monitoring.age |  10 -------
 4 files changed, 28 insertions(+), 12 deletions(-)
 create mode 100644 hosts/clerie-backup/secrets.json
 delete mode 100644 hosts/clerie-backup/secrets/restic-server-cyan-htpasswd.age
 delete mode 100644 hosts/clerie-backup/secrets/wg-monitoring.age

diff --git a/hosts/clerie-backup/restic-server.nix b/hosts/clerie-backup/restic-server.nix
index 8dcc651..d10e59a 100644
--- a/hosts/clerie-backup/restic-server.nix
+++ b/hosts/clerie-backup/restic-server.nix
@@ -10,9 +10,8 @@
 
   # restic rest server does not support --htpasswd-file in the current version of nixpkgs
   # until then we copy the secrets to the common location
-  age.secrets.restic-server-cyan-htpasswd = {
+  sops.secrets.restic-server-cyan-htpasswd = {
     path = "/mnt/clerie-backup/cyan/.htpasswd";
-    symlink = false;
     owner = "restic";
     group = "restic";
   };
diff --git a/hosts/clerie-backup/secrets.json b/hosts/clerie-backup/secrets.json
new file mode 100644
index 0000000..a4eef5d
--- /dev/null
+++ b/hosts/clerie-backup/secrets.json
@@ -0,0 +1,27 @@
+{
+	"restic-server-cyan-htpasswd": "ENC[AES256_GCM,data:hZwaiVUPYfsozW8hWXt28e+3ECFVWLrtqrob2P5Aul7UzXDO8yEYd1XEHz6CYxO8kFbYnPfviT7nktkEDrG6Ak7PBxWCmoFARN6x6o/sNTE/XwcEE3fXdRGRPyccwYR7m6cp0PjtRBUdDxhTiSb0Q8jgdDNWvPzm/hHZ3lh0Xz8LUPV56cemL9vAIe+t3l4+DHQOlBhI+MWE6d62yCtJ/maV5BmxlnO/ytlLjO9eLyBMgdJrI54QmtPdUVgnE4OZ5xbX2UhLtOYE8WrHSPNEq2Btozn7YGI5Bw5ELmunTeXb3ealDCCwAzwuvWZbDuAr5nF2DoItd1uH+qX6kFvJ+eIkB5DauMii/ls1U0fJi0aEIVeyrQ==,iv:4+5Mj+9u9DLFTxOpLlT5WsMOqYyCuC6FT1Jq8hQxcsw=,tag:RlkmykrV37eiB2ss5YyDRg==,type:str]",
+	"wg-monitoring": "ENC[AES256_GCM,data:rOpBlDt9K//zlgWo1Bw9IX5jmpLbnit5zi60Ulz8f6tHwqVsKJv5NkxYc9A=,iv:Jlo0QZP6R1CEE20iLa7M/LV/ZX2/33oMv/FzBBo6nvY=,tag:Ttqo7BKd6RuUiMksW6rZnw==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1px682xeu0xfkr49qdqe95er040p2vv3ugekk04e36jj2wqs7tyfs8mhclh",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UCtUZ3NZQWxOK1FUNDhL\nbWhaanN2OEJIVmpMOURzWU1vcGhuODdtcDJnCm9Nb01NaVVpWDJ6Q3JCbXRkRUJP\nUVdFaGVScUdxRnlpSnRNOG1RalNRaFUKLS0tICs0cW1WR0JMUmdaVWVzdTh2bjFm\nenBzaERpb1hCS1E3TUo3cmxpZFUxWmcKcLL5/YTGyZEVLwHSpbEI5XfWGklkI7h+\n0uhCww8Wh23EpUYFslZ0Nnbf5HX5/Z34qBwf20cvN8eLToTAQvTdeg==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-05-05T12:14:00Z",
+		"mac": "ENC[AES256_GCM,data:f340b/muADvVEt9cFg1Y3AxonjpxjQgdq3qyRKkN78b2beuWC1Ih7blEn6XiOTIvb2SODeVR6CzEvjuUt9RiJHvTeY2CY3WOkmJkN5zZrzY1Dv77UUTAwbst+xqzARmUDbNcTZu8ToPjJZitXpC3exeqdL8VE4kyxh655dsk9oU=,iv:EtNhZ28ClcwDpKdpw6hXE8kMocCWnm34WQfC8fXBrNo=,tag:RfRzA6RzH+I65z0Nxs6XMw==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2024-05-05T12:12:27Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ//UhUFxM0YiI1MJgzlBj6Re5rfRYIgQlU033+RK+IBMdJl\njK13jjXYD7bRGlkYWNQbUYk6SWIvU+mvrXdKzXvYsNwK8j99JMRz9pOuScj8o+qs\nZ8pv5ILFXiRBxHbGsxPJQG84tNmSdVQDe3E+ief+t7Gdzui4D6TNGKnciHX4jhN6\nFNng09P4c/DmKLc6r1gRc6UvY5UGkgzVQpvSOkHHI68xGsSzQbZCEeCQGLGmZYyU\nC2ocGWK/9SjPBGMu4LeVlrGACJGMcAuVQKDHRqIlLsla1kbbzzLKOk/6JTenDRak\nC+rzU7fm4jnr2nvAqc6aiG3cqwIdJlaxzy7J9O9lXiAaj0sDBlrf7JEmpbQHKwmP\n9uFhZCMOOcHhVnksLUbEYLrZetK50KOLEjIIc9WIJ0X34QGRkwgbiKE3FGKxHRpC\nmgOSzZWy2VdEnWifu65x2mlFc6iFsHCpdpCl4Hs+DUH2tHi3f2o4rmHUBI8ys6zt\nm/UqSs2w6mftyCIGO+bvpMkJ2EVL1lrQBvL6Oh3u80S5ra4aKVOKui2TiFeQitBA\ntXZPW1EtkmLUsYZD7kUpFn+uInJqNhdoXJPb1D+jqlafT0+xLFXOAgJJ7RerFiCR\n4bi+6h0Z5ybUXp3klboMEWLROpcJ0Z0tgTBL8SlwmzYr6/mDiXgwWTCRa3fv2HqF\nAgwDvZ9WSAhwutIBEAC5+q2rg7IJ+90/TMshrybw+390znLedu8t4ubEIuklzEnK\niUW181+/pbY9gC5H2OQt2A693PLE6/gbdhkned6f3fmLUfbBQeoGRup54f7LWtQU\nwV7CbskhuglKxBgi3WKv0mDYGEOK88h566M/UkC3GBMzNYJjRji6+G9/xVJ4V27d\n7dWBo1mv73QvnmAzOFApJkXi7TGZQzgoUa4kt/bglrkkHZIDYVt5o4JNnXDTI4Fw\nj046WYrQAgqEOujg5nzhtHk+4MVYv6YCA8LPVojVoU4wHuIJZOOZGCk9yLZKagW1\nyQpJTq7XT/cOfb4+nV8cTt3W36ak6yR8/2zcW4Ys40p8pRAgisQv9k1dFuYKGhAg\nJiTBYbw0znp+g89YCljlVC8sx61Dl4fd2WzzYIlq8YzE3RXlBTPE4Vc2obu40pVY\nrwOyYgOzzR2wwjuuPhekvrmwSAURXyxNcGBxKb7OWEP7m+O17UQMC9icICloPaUh\nW9hVmGWmLJfV9bjAtcJuKrMGOJkrg2jsqi4YZW9L+f19TrfFuobbK96zR0mT6hJl\n5zJQn0oo0s3gL2764qT6EeS7iSYaiWB/Dx0JCHr/ecp2+8LzWhmZk7kogAH78J16\nnwUUI1IDDo10JX5/zblfJrsPE8Yk11ToNOhMD484HZ/a1Sydr6IUPI5g0A2yP4UC\nDAM1GWv08EiACgEP+wdQpiVH14ZpfC06VMpDM9BwshMgbHLKP8rJqm6TS1VEx72K\nqMjpSYpw8W5J7M6NGEoXaC59VXuxOQWFX7m2Sgi6Yzo8YhdEiOutGxmD2snuhc7I\nSoYKehsTlm9tjIcLZy1B9TM8JCS9V6yJVkpoNCbaSFfdw4idz02hevOGyzxEA2T1\nlNNij9H+nkw6KCN9Ckt1inhwDfo4B2vZT4fkb46+hqNDJx+1Xh4LIzToN2YvLJZl\nR/eptlV3Xr3EMOba0r3RL/dz4vf0djEXdSyfw/pBKa9i4aGUuwMfx5o9qAieikTv\nUYrejwfXLCAwDDd1b/ieECZ6iE5gnfZtO5aLxRHgl2nD3Wr5lWBrmuATRusvbDpC\nsz2OuiaHm8ivx51n1MweyikBBilDMXIbgXc9pGIGxGdICKypZkJVR1tFBy4Ovjm3\nfpuO+hXeeRa1PFgyh4s8eaZL42v3OAu3lWLbKeXRtui6PC5w8hw0m/8YVooufLm2\nkh8qMKwB/oev52NJZTfi28fZXdSMsdFJ5nWXUoMAelcgOJ3Mu5Rwc3/ro/PqAN/i\nHel9MZVfGBAgRU3x36i2/fVDM1olCqCTYEz3Z4916TKJq2PWRQ+Y8z5eTxl0h3Nu\nGJBTOMDyemEVVcY8HLTG15iudhX2pilTgM5aXQQukKHFoZBHDUu1FQEraMa81GgB\nCQIQj/dOVj3MymQYdSl6n1LCN2UjBEm9AX1Js8v6nY7tLHJo9etTKt57M3xuUCTi\n1VJIXwLWQskI+LPRlyJj63j2cSWs3KrAeigLe8SFb1v7JUYj7aYm9LTawcevSsPr\n69m9Y2zRBg==\n=lDcq\n-----END PGP MESSAGE-----",
+				"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
+			}
+		],
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}
\ No newline at end of file
diff --git a/hosts/clerie-backup/secrets/restic-server-cyan-htpasswd.age b/hosts/clerie-backup/secrets/restic-server-cyan-htpasswd.age
deleted file mode 100644
index 3a6550c489c934c33aeb918abfde2c30f209ebad..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 705
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlC=W6=E>}n`O-pjj
zx5&*j$qV#z%`ex_DRN3qG>r(!cMmTx$SU^tN-T79%*!kb_2u$0arLx}%y+W1NYoFh
zFiZ?AjPNlqOo|LQ%}6qK^LI<D$kUF9DtAvRPe!-R(<i{hwOk=1FSOLa-`mY3)6zS*
zC@QqX)y%yx*Cfo%RlCw6t2nSc!aFFcGBQ6mFp?|K&7?FaKfA;*D!e?|t<)gU&$z_d
zFx%Zf(yyr0*)+w(JTyBq-`CH`&;n#zouOYzW=5!PdQoa(ajJq{LXnqaYJq~kjk94w
zfI@~@Y^{HiwSo;-g^`JNmScEkL0E`?UYV<VcuKZkL3&kcdTB&PPFYHbL6KRdaX^$`
zK&ne&WrVADm9tkwVopkucTkdrX&{%buC9VhPIghLr(2>)WMZ*<aB_x0y04p$WpJ63
zNvLC5k$+02XMna#FwjgRUoLHF{_cbOjE(wht1q>6{F|{)A%S1ycjWYdz@ES7PCe&u
zHZW_7RV|*Q6jRo|WygopqTK<Xjl!7U{kc^*GcEB_s#(a!2XV8PXnB5A@66w?|2ENo
zIsb&ks-?ag*?bt%R{gi+cIZ<xZM*Sxb%n(~>w>)d|7&v$&nrlBvCT9|U!SD&aoy!#
z7ekl)v*w*0X){?yC-=_BWtXHkFFJC_q5IuqSL^9=-A&J%&d)wxwO7(|)l$BG-Gy`Z
z?+s01{hgi3_nhnMX~u1;%At}KnwnmBvp=ZEI$llEytJ#zzBtHIT=#gg?C*Z<kP|-3
zUWvA6Narm)vc~K9EUWKcQdM71Z*jZ&%m2sa^X_M#+P`6rn4~YhM_eIlXPvuO<`qpQ
jxmA;&+C@ryY7=x+PhP3JVb-^4g|j^(6i+dA)=2;Wo&gfT

diff --git a/hosts/clerie-backup/secrets/wg-monitoring.age b/hosts/clerie-backup/secrets/wg-monitoring.age
deleted file mode 100644
index 24f963f..0000000
--- a/hosts/clerie-backup/secrets/wg-monitoring.age
+++ /dev/null
@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 HwR33w t9osbbi1s3J96OhWrTgrNmGHfIWUAqB4aFvmbNqtTG8
-DD+iNLEd6WBvRS8PC0pfiCgNmVR4jNwBZHcaR8a814Y
--> ssh-ed25519 ILP4Ew sisQcIh1A9M3qwl9yD+cSPNM/nnNpII+Xfesj9mwkRM
-7h/dPRCYHA88Q7lWvvPvdHf4ppCiEnu9ca6TY0BZLzY
--> {9O-grease a_:E
-g5khXWjhnAYGhbvvT8+gbde58hiKZe9UtQfsGUDvnngA+OQulOiV9+tRX+yuzUhb
-0z6nyMS0R9kPFsSFg7H03SYbkKaidh54FCYzyRMLld9nHYe6mUE
---- zDunV7ZXq7wNxXOVAdEUJmeGI25kHpsO2S5qNklhHQ4
-GT¸$ìä;¥¸&Nn­g=õRÁvóMS¤W·s/ÚÕ›á—nÙðÝkÿÚŒlL&jíG§ÏERÐ(_™VB‚vÌÄ^—ˆ&iä£:ÊdÊ
\ No newline at end of file