From 2775acdb48c874e057e9820dde4d7e3fe4008d45 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 19:15:15 +0200 Subject: [PATCH] hosts/monitoring-3: Migrate secrets to sops --- hosts/monitoring-3/alertmanager.nix | 4 +-- hosts/monitoring-3/prometheus.nix | 2 +- hosts/monitoring-3/secrets.json | 27 +++++++++++++++++++ hosts/monitoring-3/secrets/wg-monitoring.age | Bin 491 -> 0 bytes hosts/monitoring-3/secrets/xmpp-password.age | Bin 521 -> 0 bytes 5 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 hosts/monitoring-3/secrets.json delete mode 100644 hosts/monitoring-3/secrets/wg-monitoring.age delete mode 100644 hosts/monitoring-3/secrets/xmpp-password.age diff --git a/hosts/monitoring-3/alertmanager.nix b/hosts/monitoring-3/alertmanager.nix index 73f0e0f..7913392 100644 --- a/hosts/monitoring-3/alertmanager.nix +++ b/hosts/monitoring-3/alertmanager.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - age.secrets.xmpp-password = { + sops.secrets.xmpp-password = { owner = "solid-xmpp-alarm"; group = "solid-xmpp-alarm"; }; @@ -8,7 +8,7 @@ services.solid-xmpp-alarm = { enable = true; jid = "feuer@fem-net.de"; - passwordFile = config.age.secrets.xmpp-password.path; + passwordFile = config.sops.secrets.xmpp-password.path; receiver = "clerie@fem-net.de"; }; diff --git a/hosts/monitoring-3/prometheus.nix b/hosts/monitoring-3/prometheus.nix index fa94f15..c850696 100644 --- a/hosts/monitoring-3/prometheus.nix +++ b/hosts/monitoring-3/prometheus.nix @@ -66,7 +66,7 @@ in { ips = [ "fd00:327:327:327::1/64" ]; listenPort = 54523; peers = monitoringPeers; - privateKeyFile = config.age.secrets.wg-monitoring.path; + privateKeyFile = config.sops.secrets.wg-monitoring.path; }; }; diff --git a/hosts/monitoring-3/secrets.json b/hosts/monitoring-3/secrets.json new file mode 100644 index 0000000..3a88242 --- /dev/null +++ b/hosts/monitoring-3/secrets.json @@ -0,0 +1,27 @@ +{ + "wg-monitoring": "ENC[AES256_GCM,data:kYFhMbqL7b0rwE2XIaR4QVT8ahoODmpXKzK5gvkODFJVklubwCmq2bLJk94=,iv:eR+VjxdtS4et9I4okzHyA+if1Rxj2/MuiC0CrWXd0Bg=,tag:rMaYMTvO6gWw6WegehDBFQ==,type:str]", + "xmpp-password": "ENC[AES256_GCM,data:eBZsBYqo+juLrYZjBqTcKFirHViRsul+wt6kkOmMhCp4xU7Ou8eJAPCOuhvHcUGxRE44L0yIyUObhRgAj0T5QA==,iv:DsLJ3qCZyrdolJBZFT9FJUNQ75pc8Vz32K2a8RJHuLc=,tag:wOxs2Ulw1aSMadWfjGSKsw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1kdgrgsjqgtxkjv8ec2ljc5jgtm45w5e6hj830m0awahnvdtknefq9yh8v9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxOGNMcm9vRWxMZjBwcmVS\nVGVoS2kwSmZjOHdGMXQwUmlzV3hhbGhhOVhzCkljQi94aUtORldKOFdqeVNXYnJQ\ndS9Vc0hRRisyL1dESk1NOTQ1dVJyMDgKLS0tIE54VlU1cVRXWXRlVGU5RzR5dXkv\nSEZJeElpWDdJYW9WNWxGLzdjdGR1YUUKGZwFPOc4MD97FBRtj1Py4A9Tz/HlzHcK\nX6nYgkYSUycM4g4d3+N+1NKutfWJ7KheuTlhNRDftyLYmmo5wyEtrw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T17:08:58Z", + "mac": "ENC[AES256_GCM,data:UucT7OiO9S3FcO9b1UKPQYXi7v3Ak7/J/VkDN4P9fssS4nky6PyX4oV5UvGcuR3p0pxLAHGJ4rOXj5QbnOqwDqmHfCnoqdItAlXRT1YPdSrelQ/gHyOfexsuV1XLOUS/OXJoYEi3ymKtza4rMIZow+du0YkRxrJQjwM0y8XSa3I=,iv:mDBaVhbHCLdxx5DC7urPPDdVPsCPYqKgLRwfqjLFdnU=,tag:Wpq6ihxIr/eceG12gpOJwQ==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T17:08:30Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPARAAp91D6Qh7RgaeQwMge/L6ETqb348WyZ/SM5LCC/IsApV6\nJiGfmtUoDLyS+X0Ry8hVIKJmoxPypBV13eZHzxrI5rif8MAlQp3jW0zqpbeo9ltJ\naqyg1xI2NC5jh9+mLGR9nqU+vpQaAaMG0EVPVHOcJA1o1TGZ/poTNA8c8azAMQUi\nnGpkKBmM7WiR4zLSiEJJbkgOaQSAptXv5z3G2RS3e/9lnZM0QcACRjR6ck40tvnr\nLLUOdbZcro0KUk5JmGmaGXXBZRz+muF3BrPV8uRS99UN2NMasRh+vthukoH+E+GJ\ntYbBeCuFEqU6g3SRTRqO8pF9/d3v2xwGUzU/nW6tyVxhlhbQTUE+yV6qA26W6f/6\nLllnFuSDGqxTnKVgg+UvYh7HzEa6LqbRKEkyu3fXQRqyevYWO/J2q6R3ZJ17RQPj\nDrd0gvg0hBhaa24b6ybxK7wl9TgLyxo/xeyLMW7akjvhjxPid1nHY/+cvraNgMIu\nay2XieyIh7p6o856Y0YzAQ0BXgmlIRmFs15V007o2fuHY14yY8uiv7odMYxv7tWg\nXRFKtLNndc0pjdWJ1kqMr8Ap45mNMaFrVHOlH3Urrdc+1v9EF8BctlCouKv7uaMa\nY34fhc94jy8aTKQtXwfmQccQOUnjH2U/foUeuXlmXSw0vB4Hk7D8boii3KdWLgKF\nAgwDvZ9WSAhwutIBEACI2oAdmWomlbswi7YJeRKShB5Gz6cYKD7KRQkpGucdiINl\nTYdTB/3U8qDrOMUrBwvHDobEIg1+x/vqzbA6mKaoWh/TN6NH+KJ6QCAN2oOs1fB1\nUukHyUIBywXcb8bMaOJ4spTH6knY4AMv8EdlGY0iDyOXfNvBRjs9952rV62Bg/Ax\nYW1HrGpcSyyDk8cuLddrJ+9tSMR46xHxRJU91mTOWH2ElA2tW3otN2IDOFc+E3Eq\nZmBvokeer+nPdu9Htcgif4PRMatOlbxnk5lnxM8dQrqA3IyVyyLU3m17ZtOD7zRv\nUXHODfQrXV2UjFeuKFqtA7YibwP2Z9qSok2SQB1knWYYhWvZv8hM2ifoFxmOgwIC\n8LDIUvJmP6WGLtMxncWHS+KH+AW3gEkSeupyysUCuROH5FNI3Etim4k+f3SaxSjR\nKWlLj/n437udYCnGnXdK9gBWlRdWkaiMBGgdB+1QsRsx+qr6T3wpM2zBsLnByVxn\nUEKm6W+VJT7kLuYB4JegjA88rWugndGZ4eHlqhV4g6ZoignoSwdZEYSkKPvJYktE\n25+TO8Ya67+VU1yUxMtFTGWfG9RkDtpT6DoxbJ1kHSIBpY9WOGsgk7/Egi+0AiAU\nbFaYkvtHWF/tCKrkrSUThD5GIy4FWnFYXK+0Pvc/+LZeAKcMWEs2PoULwRT2F4UC\nDAM1GWv08EiACgEP/jDByq/bY4HFtebvh4osCzLR7aYeKquHfo248TvhwVT3JON6\nl3CZ11z8R7z31np1YtaR06EXON6DyMd3oLqllu5PF8y/+YSsPEDO83u/KxG+CAGx\ncqes8uwzF4/Qc2yAB12rMuDm5GGzixLgorwchYxRwJwO6JVvzvGbeErYXOpJA4e7\nf2IBAcvOrAc5sOo0mFUnQN9/+oBgT7QsWWRJ7JuJLuaAyQr60vkkEzxFaAxC2dKX\nSCQDXVX4fk24EkcJvnE9gmG6o17H9HLVFomq2VN+QmZYJWZwSQwmQgCZ9rW/Da5D\nips4m010AhGL9nK5qUQmpfvkwj3/tgSr/mtE5McFhdgwqsai+nw1sdOO89BUVin5\nc//aazke439vvmpFCLa887TG2lkAy+/61YbkkiHzMYlcjQ7MJNf+wKJ3bmJVAkh0\no6Yd09YnwQm0bGLt0qeOS/CHHpnc/4Td9HmpcHLLXdxVQKACDOHdPPas/ogkQN38\nK+ztvgea4RttRI7MEetgRAIhXCtb9vcJryLNbiTDeuZES9+opo84UA3MW+ep0vxI\nmk/9IgjKeXTWENTVdseE4mpL8QX/hwNCEOFRJbT8/YlX6Xtu/cQkSemIA+Xo8F3m\nSIxh4O7pmgAribYofS5TOjwUjdygpuAyw2pBZ2ZSnIhl/GQWoTBsBZktdPvR1GYB\nCQIQo4VyLskvEfGa66Nn4gd52wpalzu/u1X4aO4vDzDizs3q8/FymrVGcRHfGCSz\n58qxqjLg9B6DY0cr3eMb+KFTGJTiCeHS4wnZ6HDu9Z7nFZucMZ+7b9Ph2UqjBvbA\n4FuSofs=\n=84OD\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/monitoring-3/secrets/wg-monitoring.age b/hosts/monitoring-3/secrets/wg-monitoring.age deleted file mode 100644 index b8c8355486965a7dc104d059d1711fd73a1788b9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 491 zcmZ9_J&%)M003ZPZenq8aWe04I@lo4@0(|erCe!2pinr^7>$W8 zCJrWUt}ad*$6GF%7^jQ5!KkaQj&6ReK7ZgrfsgwuFRhY1j8|9VG$0BJ!#g0$=D0s? zLP&97uN<^mCEz48@^>uVZV$Cap0JyIqZ%osWTqJhBVjjLdb;JoAg?k^L5gVvU)kM~K&W z(#R&-EKfwGJ=g3pkGb|*rDLTUF9p{%DS`1)X)u!X#gyXYJ+G_!R#GmSir(Y@ZTU7H zq&~`gu$J#!>hM#Lf}LC06_awnjcWyo5zA2?&V^;V8?lZPkqZ$OoI~-M)d(AvP#SA7 z>E4`5Yb3x%(N`LQF68!v9;^hfo33hX71f9om*tFi+cr5f<)FwWe{UQIQpFEjRnKj1 zP(K>Oz88xgOV`@%B#Z~L6V6zn$B1>MHy2p=?fY?f{_f{jM`!MBaqkYke0Xu;>FMFi zXXhS*2U~B6_oVTA_!B<5I&003Yw!pOxT2ws$m;w8kU`Dhx@jV4|5(PU}T`KD1BWXan%X_~Z6x_luX zL=Z&~@dwE8?!miw8VvCy3JRVC@dpShUesOv1rIzff&@&wv|6mfd2(f*qGsO0h>b>; z1qAddmTmD3xv*%uXc)SM2ZhG5Ld$PCWLfOwRx)IJxH^dX^W3F1!DhCHj1=qGw7~oG zI^g?NTo;8|+U~NNYQmNdGiFK|lvA}U)iF)iGym7zS_fLu@F8HNp`+$|z5|+kfC70% z({Nw6d(7T2?oP#$wI`vMksYj+inXk85RvgLG-gITw#e%fh!UCHkIP5|p`huS8hN#I ztX=XJV3$BCbTf#Ja2E&jeCZ>of^Hv3F3AFIQL=cogYyvaLMEC1%;#>56R|7tB9-8% zLr$z{g-lfi7=wFq-cf>bG6~a!le?%t;tWn9%LU!RYjHbB9HWPNRI$>GPH6D9^>3IU z8qt8&UCtKc$$SEutK?XZZ9I?p*<^EOuxxINH-Ug#b zw>Ex_f4qM9