From 2eb575a1043375f4c12b6eb5a060d9c14237f329 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 19:49:00 +0200 Subject: [PATCH] hosts/gatekeeper: Migrate secrets to sops --- hosts/gatekeeper/configuration.nix | 2 +- hosts/gatekeeper/secrets.json | 27 ++++++++++++++++++++++ hosts/gatekeeper/secrets/wg-monitoring.age | 10 -------- hosts/gatekeeper/secrets/wg-vpn.age | 9 -------- 4 files changed, 28 insertions(+), 20 deletions(-) create mode 100644 hosts/gatekeeper/secrets.json delete mode 100644 hosts/gatekeeper/secrets/wg-monitoring.age delete mode 100644 hosts/gatekeeper/secrets/wg-vpn.age diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix index 8135356..03aae1e 100644 --- a/hosts/gatekeeper/configuration.nix +++ b/hosts/gatekeeper/configuration.nix @@ -114,7 +114,7 @@ ]; listenPort = 51820; allowedIPsAsRoutes = false; - privateKeyFile = config.age.secrets.wg-vpn.path; + privateKeyFile = config.sops.secrets.wg-vpn.path; }; }; diff --git a/hosts/gatekeeper/secrets.json b/hosts/gatekeeper/secrets.json new file mode 100644 index 0000000..3789caf --- /dev/null +++ b/hosts/gatekeeper/secrets.json @@ -0,0 +1,27 @@ +{ + "wg-monitoring": "ENC[AES256_GCM,data:90tdQSEYHcJy95AhDX0AT4HrXJK2BNqaeZMSZ7t43NlW/CJjOsfgcgO6EIY=,iv:B/RFe6bBBo5lielWMMCOnVlXrf7eooJFcerG30vxsFk=,tag:FOuPPWE5eP8BgWXni/3BlA==,type:str]", + "wg-vpn": "ENC[AES256_GCM,data:aFGd3R6hfiilCScRtmgS8jMLPQv++yisf1YNYnyARdL+KfW7RvvtGq4egpI=,iv:63WCUk52GdZYv2J8HX+dV8sCP7zKrjolIxGGosxJqg4=,tag:bJwvHiRQHD2FexwRF1hugw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age10npthg6ycgv6s40vynhj5ryaug2delh96fqcvjnc8nw2ccmjga7suxm7xe", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOcDJvYU4vdFJ4T0duWXR4\nVG15SFFZVDRSQXBDaFgxOGM5NTltK0ozblVZCmJXc3JOV1RQMFV4cGpvUnRIbGZv\nMmJiOGFIYTFqc0FVaEFHZnJjU1dUUDgKLS0tIFV6Ulp4ellVQzBsVkRjL0dIdGJ4\nRE02ZFpxNU9IMit0UHdIK2dHOVdXekkKTIGrO7fngsJMTMiKb5KSMh1BCtwTVQCG\nofSx9j9Bd2gz6MPz7Rrft4B67eliHQ78yHJbVvxO9m3cwHM3fv0AdQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T17:40:19Z", + "mac": "ENC[AES256_GCM,data:xt8AFwN+Y8x2kWQVH5MPEPzzWm5m4kgkt+mYKoFbRpfdA6FVnlhl+W+jmZlDz6Hbh6Dkk3cDvD3A3PpvYqsctll6mkjWQLBKphhnZIsGHzAHgdn+cpJ7VAPvWO4iEPjv5ChrPo2JAOKvQcJDooG7yWGB3ltzBqBWCH6TlZ2qxD4=,iv:4HxXa0tWiweHoYG2c7VrLoKgphRX3WRaAFQC98iAVJ4=,tag:y3VBdl2QpEOn1Z5IPS2aVA==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T17:38:49Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ//QonQ5TyKJqsl5ma5UvVOONrc2YXXRbLW7cUxU5FEtkU6\nfvMzmQPBHRX64BMOgpmL32/gCJKB+Q/gpl1RciQBr67DwAQczaZ6E4sUEPeFqiTf\nEUXCRYF54ctaW0Tn8kmTAmpyRxx5Y1jiFK08z4w0KXFKuLHBzrjxbPwu4EYeHp6V\n2XyVKPXEhV7UXxhDgrL+nt48zT+8RixWxm0B3oUGfk5lwH4vAfCAosFxP/IUYza7\nmAB3vM0Iywo9voX9/BPn5cOHvdFs5GEhNHs7X0eJPf3rV6oPpbf117TS+4qpWuhk\n97AyHPoWj8JNIxiIB0YvojBzXsxk404XfRh09dyRKL2dEsV2kve/0Sr1roHvhGwQ\nzhKaEknbC9N7DrL57dnryJhcebgV7xEWyQNIADbDCPxS0IkCoQAFxw0xdxpyQfrg\nVSVBnl5wQr6EgN+AbarXqO74U9dtXfT+eaKYW+Nz5+6aI4TLmp29Gin+m6Tisn+/\n/RLDJdmpX8n6m0s4PiPVm2B7VAo9S8xYWN2lyEjSxFQ3+1+pYB0P7VQHAoFGsQy4\nLVaCzES9dMqvCMJOMTFhDvCfJ9FNa1x8HXPN3YjFgESfmCr9nyr3DJp3wqtKM5tE\nLyfGBBRpEChnuVJdXyUpJFag1l6DtyBCBHSdz3KTAmdD4ltGxqdFFl69DhdBsguF\nAgwDvZ9WSAhwutIBD/0eOOFN9OC2m0r/ZFPHuOE3MNhn0ygS3BdfURcCHcNN9EC0\nrzJ7ZBfIUiUifgdjqQZWjgndGNWZ3iLzePpS4bXfcxl6LvRGnMOOSE2d4EBFSb7o\n4YbtuFhhkO+FsHYOyb76EyrEQoJ64GiozZOTKgDBJ7zWF5KLddjkqU610uyPlLpW\n2JeD+bo627ulRS7eW1q2BTQIsOID/+1tt1xT7szQ1LotM4fm8uHsUZhZ0ILh5QIj\nHUCBGJOeLTJuyMHrzbD9dRphtFOzoT12WOG1mpqdEe4ujtXJaSIjqrAu95iKJ1zQ\nti+ISotBI2v8k78xETiFoHSpcrecjpamy8cYPX7B/f19zIpdA59G7HQkeqE6hcMy\nTBr90WgTkuBMKZ3XFuii/4J6BmMwy05q3BNAjO7LbLKrMwdaqhTuyWhUpQNIW8kd\n7sdWimZSxBM9bjEMYmF2XdDCHQcQP0hx8yE6p0LHMYsLS7uBO+KFg72Mg8EnJGfS\nSGxNqCwf7YSExOMGkxrga1J/AbGA5M7AI+b4Hj2zV4pV+2VyL1+dox7ovB0gZRP3\nhCoUCx/fKZdDwXlqwun36f5995L6LAzDfM/d9MGV45jz3zWoTpXjX3KUNC314tsX\n6/95J83uJr/KoQUotXXzosJqBDr1rCzE24AZ9ZO7JA1chZeiYz+UenlHGq7DuIUC\nDAM1GWv08EiACgEP+wfsWD0gbf/A8Ph3VFpy+K2kix7QJGvumRcdzxO0/XpKs49I\npAh4RmeDr3rVNOsWrBEIbKb184XabR33g6xgXRNx1H5LyUMRZWJ2N3UeOe3g0rH4\nKyC1ycm1Utp//4Ckrh3F8DADXZH4F4c3cp9YwEz0ZWgkTzqi7LiDk8YnMMBqdqdD\n7MB+g3COqcP0A4rOn4ZfBcyt8HPakxARLgL1cSckCJeQpnrexYQCRXeqNMadjbuS\nEM41/vlOukOw+JRsVO8aDTM99r4GBlBgoxEDy4P0IEutWU90RANkEwLkuil5hwMC\n+sPTi1GP1GZOlunAYs8tixeaYNuw+TLy0L8+ZnnCdh38IgjLCuZQrSoi32l5bFrO\nyj4mbN0oLdwVQd+zxLno0fLo1OMHe7LDCirhK7j1r8v3/cSBb1yaesD2SGsnotXD\n87uaPhZ3zj9AET5SPC+lkqB9uJ3A9o1WAmcQIEQe8REOThE8zarh+yUYXsMndwRH\n5IPGBpkoq/zO3n9AJA3IxSrSYhKRgol4jz21XYkpmy+tuwcPoaWI/dZqD2APtMXd\nvuGLr7dACXm6kp5QCPlCFYGVvHOqJBCaYOK4fZt85totWQD+JvHyiPPA2ArblIcA\nwQLf8bEQ8cAXHwWA9OVc6r03bGDTAHKinNyrbw8G+M/nUrF6PwYrVLym87Q51GgB\nCQIQkm+IOyGpl/9gckDZBLG9oFFm/b4Tvi/IFvTy0JzQhgJJ0Nma8ZYC23mInMPl\nwv10rPn8INb6N621Qg6hORzhsn3enCqYXz2a6QRG0Bz8AU+6LiSNqdUjUxxhjzaZ\n99G317yXDA==\n=3IUP\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/gatekeeper/secrets/wg-monitoring.age b/hosts/gatekeeper/secrets/wg-monitoring.age deleted file mode 100644 index 1447632..0000000 --- a/hosts/gatekeeper/secrets/wg-monitoring.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w ScSNP64jvvU/1t/fKlXPW9vaPwGvHwy6UEmGRA/h9HY -GV0KnasHBoj+qtTIT9aI0k6A/XgHPFXvmsApPDhAjc0 --> ssh-ed25519 W4Oy+w 455qbO83X2y2XZR2obj4IItMGkrC/WiRc6B2jp9MOEU -RLT/FkTDWJYHtAhtYAEHaw+CcgITvgBJKLLrN9MpMg0 --> kN4?-grease sJ p ZV(8^Djl N*7)k~ -0wq67UmJOPjObCWQhRSzUE6kWIhZsmv4zz6lEt71YoH5nFb7TzF1vYVfrqMycht2 -QvzqtKMNAmFu6jv30X2ULBIjLNajtMGeZxLyBIjnbkCscnoWv4c ---- 7Fu5hMch3bfWXWlCwRvhVQCWx444fy/SMQyOwUyidqE -çlþû=‚·3Y`\¾Ô…º…žÚR@ØŠ-é¼¾´üK9)X„в܇YwÇ -*c]¸ æv›˜ï>“P1Råð~ \ No newline at end of file diff --git a/hosts/gatekeeper/secrets/wg-vpn.age b/hosts/gatekeeper/secrets/wg-vpn.age deleted file mode 100644 index 7cce97d..0000000 --- a/hosts/gatekeeper/secrets/wg-vpn.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w mc6hKfB2yixGjxjDoUlz5e+KQ9CdlTveXhecg+fnBz0 -PvS1xgw1EpHKjHyjnAQQ6bt5wZF42rE5TE/tNJ4KEKU --> ssh-ed25519 W4Oy+w Cfmoqb/Odb+XJECaXhm7yDqdOi0776l8I3rsZimfNkw -86jSNwg/eKkxCvncnnVDwc6OZovXFMwLnqPeCtuWGHg --> c-grease nQ | u[