hosts/gatekeeper: Migrate secrets to sops

2024-04-21 19:49:00 +02:00 · 2024-04-21 19:49:00 +02:00 · 2eb575a104
parent 23cae87333
commit 2eb575a104
4 changed files with 28 additions and 20 deletions
--- a/hosts/gatekeeper/configuration.nix
+++ b/hosts/gatekeeper/configuration.nix
@ -114,7 +114,7 @@
      ];
      listenPort = 51820;
      allowedIPsAsRoutes = false;
-      privateKeyFile = config.age.secrets.wg-vpn.path;
+      privateKeyFile = config.sops.secrets.wg-vpn.path;
    };
  };

--- a/hosts/gatekeeper/secrets.json
+++ b/hosts/gatekeeper/secrets.json
@ -0,0 +1,27 @@
+{
+	"wg-monitoring": "ENC[AES256_GCM,data:90tdQSEYHcJy95AhDX0AT4HrXJK2BNqaeZMSZ7t43NlW/CJjOsfgcgO6EIY=,iv:B/RFe6bBBo5lielWMMCOnVlXrf7eooJFcerG30vxsFk=,tag:FOuPPWE5eP8BgWXni/3BlA==,type:str]",
+	"wg-vpn": "ENC[AES256_GCM,data:aFGd3R6hfiilCScRtmgS8jMLPQv++yisf1YNYnyARdL+KfW7RvvtGq4egpI=,iv:63WCUk52GdZYv2J8HX+dV8sCP7zKrjolIxGGosxJqg4=,tag:bJwvHiRQHD2FexwRF1hugw==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age10npthg6ycgv6s40vynhj5ryaug2delh96fqcvjnc8nw2ccmjga7suxm7xe",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOcDJvYU4vdFJ4T0duWXR4\nVG15SFFZVDRSQXBDaFgxOGM5NTltK0ozblVZCmJXc3JOV1RQMFV4cGpvUnRIbGZv\nMmJiOGFIYTFqc0FVaEFHZnJjU1dUUDgKLS0tIFV6Ulp4ellVQzBsVkRjL0dIdGJ4\nRE02ZFpxNU9IMit0UHdIK2dHOVdXekkKTIGrO7fngsJMTMiKb5KSMh1BCtwTVQCG\nofSx9j9Bd2gz6MPz7Rrft4B67eliHQ78yHJbVvxO9m3cwHM3fv0AdQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-04-21T17:40:19Z",
+		"mac": "ENC[AES256_GCM,data:xt8AFwN+Y8x2kWQVH5MPEPzzWm5m4kgkt+mYKoFbRpfdA6FVnlhl+W+jmZlDz6Hbh6Dkk3cDvD3A3PpvYqsctll6mkjWQLBKphhnZIsGHzAHgdn+cpJ7VAPvWO4iEPjv5ChrPo2JAOKvQcJDooG7yWGB3ltzBqBWCH6TlZ2qxD4=,iv:4HxXa0tWiweHoYG2c7VrLoKgphRX3WRaAFQC98iAVJ4=,tag:y3VBdl2QpEOn1Z5IPS2aVA==,type:str]",
+		"pgp": [
+			{
+				"created_at": "2024-04-21T17:38:49Z",
+				"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ//QonQ5TyKJqsl5ma5UvVOONrc2YXXRbLW7cUxU5FEtkU6\nfvMzmQPBHRX64BMOgpmL32/gCJKB+Q/gpl1RciQBr67DwAQczaZ6E4sUEPeFqiTf\nEUXCRYF54ctaW0Tn8kmTAmpyRxx5Y1jiFK08z4w0KXFKuLHBzrjxbPwu4EYeHp6V\n2XyVKPXEhV7UXxhDgrL+nt48zT+8RixWxm0B3oUGfk5lwH4vAfCAosFxP/IUYza7\nmAB3vM0Iywo9voX9/BPn5cOHvdFs5GEhNHs7X0eJPf3rV6oPpbf117TS+4qpWuhk\n97AyHPoWj8JNIxiIB0YvojBzXsxk404XfRh09dyRKL2dEsV2kve/0Sr1roHvhGwQ\nzhKaEknbC9N7DrL57dnryJhcebgV7xEWyQNIADbDCPxS0IkCoQAFxw0xdxpyQfrg\nVSVBnl5wQr6EgN+AbarXqO74U9dtXfT+eaKYW+Nz5+6aI4TLmp29Gin+m6Tisn+/\n/RLDJdmpX8n6m0s4PiPVm2B7VAo9S8xYWN2lyEjSxFQ3+1+pYB0P7VQHAoFGsQy4\nLVaCzES9dMqvCMJOMTFhDvCfJ9FNa1x8HXPN3YjFgESfmCr9nyr3DJp3wqtKM5tE\nLyfGBBRpEChnuVJdXyUpJFag1l6DtyBCBHSdz3KTAmdD4ltGxqdFFl69DhdBsguF\nAgwDvZ9WSAhwutIBD/0eOOFN9OC2m0r/ZFPHuOE3MNhn0ygS3BdfURcCHcNN9EC0\nrzJ7ZBfIUiUifgdjqQZWjgndGNWZ3iLzePpS4bXfcxl6LvRGnMOOSE2d4EBFSb7o\n4YbtuFhhkO+FsHYOyb76EyrEQoJ64GiozZOTKgDBJ7zWF5KLddjkqU610uyPlLpW\n2JeD+bo627ulRS7eW1q2BTQIsOID/+1tt1xT7szQ1LotM4fm8uHsUZhZ0ILh5QIj\nHUCBGJOeLTJuyMHrzbD9dRphtFOzoT12WOG1mpqdEe4ujtXJaSIjqrAu95iKJ1zQ\nti+ISotBI2v8k78xETiFoHSpcrecjpamy8cYPX7B/f19zIpdA59G7HQkeqE6hcMy\nTBr90WgTkuBMKZ3XFuii/4J6BmMwy05q3BNAjO7LbLKrMwdaqhTuyWhUpQNIW8kd\n7sdWimZSxBM9bjEMYmF2XdDCHQcQP0hx8yE6p0LHMYsLS7uBO+KFg72Mg8EnJGfS\nSGxNqCwf7YSExOMGkxrga1J/AbGA5M7AI+b4Hj2zV4pV+2VyL1+dox7ovB0gZRP3\nhCoUCx/fKZdDwXlqwun36f5995L6LAzDfM/d9MGV45jz3zWoTpXjX3KUNC314tsX\n6/95J83uJr/KoQUotXXzosJqBDr1rCzE24AZ9ZO7JA1chZeiYz+UenlHGq7DuIUC\nDAM1GWv08EiACgEP+wfsWD0gbf/A8Ph3VFpy+K2kix7QJGvumRcdzxO0/XpKs49I\npAh4RmeDr3rVNOsWrBEIbKb184XabR33g6xgXRNx1H5LyUMRZWJ2N3UeOe3g0rH4\nKyC1ycm1Utp//4Ckrh3F8DADXZH4F4c3cp9YwEz0ZWgkTzqi7LiDk8YnMMBqdqdD\n7MB+g3COqcP0A4rOn4ZfBcyt8HPakxARLgL1cSckCJeQpnrexYQCRXeqNMadjbuS\nEM41/vlOukOw+JRsVO8aDTM99r4GBlBgoxEDy4P0IEutWU90RANkEwLkuil5hwMC\n+sPTi1GP1GZOlunAYs8tixeaYNuw+TLy0L8+ZnnCdh38IgjLCuZQrSoi32l5bFrO\nyj4mbN0oLdwVQd+zxLno0fLo1OMHe7LDCirhK7j1r8v3/cSBb1yaesD2SGsnotXD\n87uaPhZ3zj9AET5SPC+lkqB9uJ3A9o1WAmcQIEQe8REOThE8zarh+yUYXsMndwRH\n5IPGBpkoq/zO3n9AJA3IxSrSYhKRgol4jz21XYkpmy+tuwcPoaWI/dZqD2APtMXd\nvuGLr7dACXm6kp5QCPlCFYGVvHOqJBCaYOK4fZt85totWQD+JvHyiPPA2ArblIcA\nwQLf8bEQ8cAXHwWA9OVc6r03bGDTAHKinNyrbw8G+M/nUrF6PwYrVLym87Q51GgB\nCQIQkm+IOyGpl/9gckDZBLG9oFFm/b4Tvi/IFvTy0JzQhgJJ0Nma8ZYC23mInMPl\nwv10rPn8INb6N621Qg6hORzhsn3enCqYXz2a6QRG0Bz8AU+6LiSNqdUjUxxhjzaZ\n99G317yXDA==\n=3IUP\n-----END PGP MESSAGE-----",
+				"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
+			}
+		],
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.8.1"
+	}
+}
--- a/hosts/gatekeeper/secrets/wg-monitoring.age
+++ b/hosts/gatekeeper/secrets/wg-monitoring.age
@ -1,10 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 HwR33w ScSNP64jvvU/1t/fKlXPW9vaPwGvHwy6UEmGRA/h9HY
-GV0KnasHBoj+qtTIT9aI0k6A/XgHPFXvmsApPDhAjc0
-> ssh-ed25519 W4Oy+w 455qbO83X2y2XZR2obj4IItMGkrC/WiRc6B2jp9MOEU
-RLT/FkTDWJYHtAhtYAEHaw+CcgITvgBJKLLrN9MpMg0
-> kN4?-grease sJ p ZV(8^Djl N*7)k~
-0wq67UmJOPjObCWQhRSzUE6kWIhZsmv4zz6lEt71YoH5nFb7TzF1vYVfrqMycht2
-QvzqtKMNAmFu6jv30X2ULBIjLNajtMGeZxLyBIjnbkCscnoWv4c
--- 7Fu5hMch3bfWXWlCwRvhVQCWx444fy/SMQyOwUyidqE
-çlþÃ»=‚Â·3Y`\¾Ô…º…žÚR@ØŠ-ÃÂ©¼¾´üK9)X„Ð²Ü‡YwÇ -*c]¸æv›˜ï>“P1Råð~
--- a/hosts/gatekeeper/secrets/wg-vpn.age
+++ b/hosts/gatekeeper/secrets/wg-vpn.age
@ -1,9 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 HwR33w mc6hKfB2yixGjxjDoUlz5e+KQ9CdlTveXhecg+fnBz0
-PvS1xgw1EpHKjHyjnAQQ6bt5wZF42rE5TE/tNJ4KEKU
-> ssh-ed25519 W4Oy+w Cfmoqb/Odb+XJECaXhm7yDqdOi0776l8I3rsZimfNkw
-86jSNwg/eKkxCvncnnVDwc6OZovXFMwLnqPeCtuWGHg
-> c-grease nQ | u[<tiR5
-ZJfBhhmLf64ruvxrxxHtjSuZ00snW+w9
--- f8ZhZlLEbwre1PYWOGu2rBVllDbDIjj7FmW8Jrq9EQM
-W*àË:§ºA˜Í2¢‹°¢Úú^<5E>-'‹ÛÒ¦qé_©ì-ÂøWd+*EŽäƒ¿ÿÿGÊýY$ý©—t\b™Ï\Ô3º[}a}\âˆV3ïg