From 22512de722187fa6c6f3b7a18d266fcd8ee562b9 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 15:51:25 +0200 Subject: [PATCH 01/14] lib/flake-helper.nix: Automatically load sops secrets --- hosts/dn42-ildix-service/configuration.nix | 2 -- lib/flake-helper.nix | 11 ++++++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/hosts/dn42-ildix-service/configuration.nix b/hosts/dn42-ildix-service/configuration.nix index 895bc5a..dae07f6 100644 --- a/hosts/dn42-ildix-service/configuration.nix +++ b/hosts/dn42-ildix-service/configuration.nix @@ -45,8 +45,6 @@ autoUpgrade = true; }; - sops.secrets.wg-monitoring = {}; - clerie.monitoring = { enable = true; id = "391"; diff --git a/lib/flake-helper.nix b/lib/flake-helper.nix index ed8e299..e852414 100644 --- a/lib/flake-helper.nix +++ b/lib/flake-helper.nix @@ -54,8 +54,17 @@ rec { }) (lib.filterAttrs (name: type: (type == "regular") && (lib.hasSuffix ".age" name) ) (if builtins.pathExists secretsPath then builtins.readDir secretsPath else {})); }) # Automatically load secrets from sops file for host - ({ ... }: { + ({ config, lib, ... }: { sops.defaultSopsFile = ../hosts + "/${name}/secrets.json"; + sops.secrets = let + secretFile = config.sops.defaultSopsFile; + secretNames = builtins.filter (name: name != "sops") (builtins.attrNames (builtins.fromJSON (builtins.readFile secretFile))); + secrets = if builtins.pathExists secretFile then + lib.listToAttrs (builtins.map (name: lib.nameValuePair name {}) secretNames) + else + {}; + in + secrets; }) ]; }; From b5fca786542d07cc5b1716362644644cc1ab65c2 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 15:54:33 +0200 Subject: [PATCH 02/14] hosts/dn42-ildix-service: Remove obsolete age secrets --- hosts/dn42-ildix-service/secrets/wg-monitoring.age | 9 --------- 1 file changed, 9 deletions(-) delete mode 100644 hosts/dn42-ildix-service/secrets/wg-monitoring.age diff --git a/hosts/dn42-ildix-service/secrets/wg-monitoring.age b/hosts/dn42-ildix-service/secrets/wg-monitoring.age deleted file mode 100644 index 75d9042..0000000 --- a/hosts/dn42-ildix-service/secrets/wg-monitoring.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w JKCBhuwIMcH042SNcp+OQjgvpMogmXH9who0wy9Jh2g -waaOvyKbg8AVEQ8BnLONus0y237GK8do0nOWovYv/Hg --> ssh-ed25519 7zj2eQ cMRXtuy4Jsl4X/qstN3wxztrEfCh+lz48+jn9cEO614 -/LcwitDqSk7yEFqUeJvpWo+6lqTI8UjuBi03JxRTx/A --> .-grease sMU_} -NOvvGJmEfeBYR6Q ---- ju0+LEUzdv2AW1Zaf1/YBo5+5ZKc+XhYUOt/p/NqYWU -"'o詮9@1F&'V︪wh$3kjv&O$}NWp[eM eĉCE@Sc1 \ No newline at end of file From dd1d36345c0ed6174be251ec2b8e418dae4c5488 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 18:22:07 +0200 Subject: [PATCH 03/14] modules/wg-clerie: Lookup private key in sops too --- modules/wg-clerie/default.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/wg-clerie/default.nix b/modules/wg-clerie/default.nix index 3a6b69e..aa690ad 100644 --- a/modules/wg-clerie/default.nix +++ b/modules/wg-clerie/default.nix @@ -65,7 +65,9 @@ in networking.wireguard.enable = true; networking.wireguard.interfaces = { wg-clerie = { - privateKeyFile = if cfg.privateKeyFile == null then config.age.secrets.wg-clerie.path else cfg.privateKeyFile; + privateKeyFile = if cfg.privateKeyFile != null then cfg.privateKeyFile else + if builtins.elem "wg-clerie" (attrNames config.sops.secrets) then config.sops.secrets.wg-clerie.path else + config.age.secrets.wg-clerie.path; ips = cfg.ipv6s ++ cfg.ipv4s; table = "wg-clerie"; peers = [ From 7e5a2fa2ecf927e4c54a4fabdbefcd152643236c Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 18:22:36 +0200 Subject: [PATCH 04/14] hosts/astatine: Migrate secrets to sops --- hosts/astatine/secrets.json | 27 +++++++++++++++++++++++ hosts/astatine/secrets/wg-clerie.age | Bin 485 -> 0 bytes hosts/astatine/secrets/wg-monitoring.age | 10 --------- 3 files changed, 27 insertions(+), 10 deletions(-) create mode 100644 hosts/astatine/secrets.json delete mode 100644 hosts/astatine/secrets/wg-clerie.age delete mode 100644 hosts/astatine/secrets/wg-monitoring.age diff --git a/hosts/astatine/secrets.json b/hosts/astatine/secrets.json new file mode 100644 index 0000000..f721d52 --- /dev/null +++ b/hosts/astatine/secrets.json @@ -0,0 +1,27 @@ +{ + "wg-clerie": "ENC[AES256_GCM,data:DbchcO6GTmSFyoHrRAkfu2flaKYrQHPk+rIerekYO4Cto9sqaWLgaSigpS8=,iv:no1xNRVqsKzAN6ssYA0Ir+utOM9tg8OBUT9PY2v0HPA=,tag:lZj1wEPFWHaf52N7YHEQKQ==,type:str]", + "wg-monitoring": "ENC[AES256_GCM,data:dTKKeieaGvECkHUpATLorhOgr9Re5CAH25y1WTcSqJZDsvnwD4CBbqMv2QQ=,iv:u1n1wyAW5aNcVYfGN8BmrEhIhtA3EfRDBNu65IdBZMI=,tag:RJYgOpel9uy6dC72MmqS5A==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1fffvnazdv3ys9ww8v4g832hv5nkvnk6d728syerzvpgskfmfkq8q00whpv", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQUF5dkRwdXRmUkJ1SXN5\nLzdOVkhWYUJGdFd4Qklsa1BXeVZlTGx0eDE0ClZmYWNLMEVzaVVXWGkwQUt5ZHF5\nS1c5OU9PWjBTelM5R2phNFdVNncxUUkKLS0tIDlwSXFyZWNVT1dtdGU5dVFSRHNE\nUUpJZHJZRTd6TnBUU2dCWW90UTRVb0UKCWrHWmQTNhez16wgEKj4EQA4+UBRmGQn\n+NHSjBCMBmmTdHb05nENYVK515Z0T/60+9N3VlNyHWS9IgC3mZRUBg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T16:03:13Z", + "mac": "ENC[AES256_GCM,data:fA8fhOZbX30TYgwZXB7sQDNmck0JRDyAnEXf5nCYtli/Qvs78fTs4DdC08VOpOni8uAVARkFsGSo6Fjo/MpTSDVA8VNYZig/we/bWF+LQlEMCmiqwOI1R6eQ3GPxcRXltlO2aPPlT9BpLwIVZjGGjIsmjpVE8xjkCbLUUqj+UxY=,iv:fHLyw96QLVRrAQky2kR7TDDxf8CNXDV9lVQ5RETzJEI=,tag:y+cG9u3d6vCUmPyNMDRWpA==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T16:02:41Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/8DFDlQ8NflA+CIVi5xaPC77pZeoO0LIKUhmFUhTnqLBBp\nNidFQ+24VmsfhmyPqbF7V3RpO6jvEjTfolnHjWoFV1X3BXmN9bkZbLw6pElMLIVw\n7vCjIyqe06OEzwV5uyn/ye0K/Mxa94MjnpF3wnUid61qSp2C8EJgNV13iTXr/rRy\nQaKZKTigfZF6Kprchr8PgpuL6G50yL7LBaNhdbIxDr1zZ6BO7J60FlDYQf0yUU7H\nmhwiCXKLJ3srSWgTKLJLHCfvQzy3bY0khoNeaLeb97cMuO05d42kc0/qa06R0dEX\nRgOoAnVGTd5VHJL72hMRcZFl0nx7o18rsFUK2Y/xSTOf36QqLjf3RIOt0r/CpGh8\nbVCOc9DXZORvnPqPYCj99sr/2Td2Zw4ZigebnRH3g/Nsrah9LHEBJHRd1MvgklHq\nUlCccoCGGo2T8xCLOjNqNkQbu8TFAAv541PyVI60STR6VxuSZgrKMD9dyUxZJTXj\nYaj1Emue4VbexWkoZlJbn0kFzn6GQLYOz/g5X43VSL2X+o5FKLZOi+IyffVFdpz9\nzb9OTbRaGkIE0xub/MUwkchcUHoqbNVnflV0vcx50kf+jhl+RPo8DSLLWKH+HqSI\n3GUvCtknGsX9XznAijQn2hkXgcQI6tBswweeG13xLnok+2whmo5G9jRE/E7ErZeF\nAgwDvZ9WSAhwutIBD/9fvllnh2ycsUil0QIeQOo30pp7tMPwSxyMy3+uBMSScqHb\nHHK58P7nL7cdj8u+7h/EWMSDrLI0JI6JGGmEth5uMS0EmzjdwnNPLf7eTfAZ+XDe\nf8OMbh+7s7YgM/mM8CeQLoReBGJWpDDcXlVO8vA/5hVIlQ7OfkTcFIKap5h93k9N\nPkKfFXdEfCGhxzSI0hSjCy2kP/d5kaIFcVAHrRgQAMIQYZU6bpRNLKlGcDuDXPy3\n4l3N5orpBHRoVWXH3tKFjnyh4sI1Aw0tYrKQCfA/kRmcDF0+sKaZ+fxqHHWkF+2b\nv8L7LAlFtkEO69LUAHBIhG3fP8pTbUn0AVOI63OQ8Hi6a3vzzFFITLmkTGADtVZv\nepqtz1LuSKArr8MHz8w7v/kJ9E5H6Qd2zvQ8wo0BYu+RjhYbOkianu6DHINj4tGp\nC2RJX/M2j0R8pey4m5ffrEb/lhTNn2XlYcQvb0+EsX+7vZ4WyY8boqwn7DFsfWIh\neOtFlOmQvvWJzv+02F7bGIFwrWgk3iUJSUPordNUSi+jVZOKMFAyJKSdfBKMrXfo\nXqN1hnQdTvE+hamoSsIPoSfI2L/Pk+fkRsom/tlUR8EEkQZQuijKuCDOC8FuXXqV\nB8mYkqXHSomws/M838LSo9QvWDb57aZaihofElzWHsEzA5QZ428hKjMFILRU/IUC\nDAM1GWv08EiACgEQAKU2HTKNS1H8XKzsAfb+1/VkVXA6PGVBYkxP/6K92uydY7Ym\nl87Pc4ixYAnyzf3HelkZxmjtIYH4GqA9TwQJvjT/gLPTYgV4WZ2S7KHsdMdHIoTv\nONp13ohP/nhKsk94XC7DfapEGKcMJIC3z+e/QW98f9cEHoTRfPB5ND3JKcA7oLRG\nxjEtZdre6FXxjVLizyUaMQPtLyDGVXbtS5xpwG/UkZiUeIC9Cm5N1n8lWLjyQ7j3\nW9+aA+PFmh5I5cx4SY/Hw6Hke56tFADCLd3Gp3ZRfstuQRPhNrX4gOM3qT2NBVCR\nXFPGSOBE3Bu1Lm/UbePGpvQdlyHDg63vghUsl1o8c280M3dfMH3Q9e0OobiNVksu\nMEDvR5GPHLEvabj/zvoM7+SpMSaNGqJP4X8e/90WTg4JQbAPB7K/XZqKtwVTqqfs\nWFfU798M2xQZpy5aHgsI77rPdgDWw1NvlIcTSClZyXs42Iqo1ORVoY9mNzJfsop9\nLbbKsF39leLTqSJZi1ZsfdPsjetKxGhRCv3eDdU0vco2tH2xVexPqT4ZcCbqUWfx\nfJrux7CmOUmbyNLjvq0gDEG8Xe2J+InvmML7dXvZK6wd8wh6ODfdrQ+A3ga4XIGm\n0FkiEuVGohUhENHZzPkNBSUykdEYxoRfQQeUAFmywjXnEDBcSj8j1z2Y2IJZ1GgB\nCQIQrLziglrWl7GDjSFhstu83UXngV4M38PiHZSJBo2Ect0nr6o42ZCxhDC22A8V\nQOh286DVqEELdiCHvs18U5aOgFpE+t4MHObkQhE1nX5xDFtOwySaaXkga8XFGnt9\nVAPIsf93xA==\n=nhxm\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/astatine/secrets/wg-clerie.age b/hosts/astatine/secrets/wg-clerie.age deleted file mode 100644 index 64acb96478bd463da242942a6a6954ec349017fc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 485 zcmZ9_J&%)M003YUU1Yhz!MJ$nEk=T+eDq*Bd*!pxh8C{0Ws(*S+822FCSVQm@hzD7jdc^j_s~2K zaL*+frpcj7X;4&&CX&O{#Tx7C||2Is|!>mL}iqJdcf-C2sPmzP1rgmw~ zp@5S1dwdKU5;)A{38pu|5bw; z^`-VuE^qGOe&#v3hZ=1(zP5Mwb{F-89*-8tQp75fa13$2hDLLo4g;2p4+t1m64~?J zi97OA9dnI25vQ6ePRf33(`oR%RE2cO`Ax)>EghN>J!RIg%YhYw<2b4@^n$5!%I2f6 zCQ{MXb1W$N?q)L3B1NcJrY3pdI|tzu`S|$yBSAj-@N@M1-s$U4=B4xBc9J9SLpir{;G1?C9;~C(p9*qImB6eYUWzr>{=lZQb~_wSD#Y{lf<@h%bKu Dh!Ur5 diff --git a/hosts/astatine/secrets/wg-monitoring.age b/hosts/astatine/secrets/wg-monitoring.age deleted file mode 100644 index 78169f2..0000000 --- a/hosts/astatine/secrets/wg-monitoring.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w msCjddFRCD4DbAjaPToTULS2mehbhzhWTliPduNN6Gs -nF0vN4LO32cfgSfgxKKS3TC+HgKX5P0Ka/k5k5/KHX4 --> ssh-ed25519 +Gslrw 10Rgl9PbI+X/wF5R99eW7krHjt1o0gqbcpF4nYo3nD8 -lvoo2eQRFiE439QbXlb2Tai81+dMmTlp2tsXAyuCgOU --> $>c-grease DHV93FeX 2,cO@SCt uMc}n\6 5BT6DPc -rg5XJkHIbvC0qKnT0yrk/Py0BcxoHNmLZDtu3P145KbATV1CJjkttyAtALZIR5z8 -sJCtENKo/r+ydhT94cw ---- 6U1ot/iDF32lzVsiPfPOWxzKzf8ncYRl/m4LrjKfEcE -̎ zXLtCAJG~i(ԗ&*œR/t2ob|/x_a-h4U \ No newline at end of file From f252ab71eb055b147be31b85f11bf747aaf5697c Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 18:45:15 +0200 Subject: [PATCH 05/14] hosts/hydra-1: Migrate secrets to sops --- hosts/hydra-1/configuration.nix | 2 +- hosts/hydra-1/{secrets => }/nix-cache-key.pub | 0 hosts/hydra-1/secrets.json | 27 +++++++++++++++++++ hosts/hydra-1/secrets/nix-cache-key.age | 9 ------- hosts/hydra-1/secrets/wg-monitoring.age | 12 --------- 5 files changed, 28 insertions(+), 22 deletions(-) rename hosts/hydra-1/{secrets => }/nix-cache-key.pub (100%) create mode 100644 hosts/hydra-1/secrets.json delete mode 100644 hosts/hydra-1/secrets/nix-cache-key.age delete mode 100644 hosts/hydra-1/secrets/wg-monitoring.age diff --git a/hosts/hydra-1/configuration.nix b/hosts/hydra-1/configuration.nix index 06309ea..8179409 100644 --- a/hosts/hydra-1/configuration.nix +++ b/hosts/hydra-1/configuration.nix @@ -79,7 +79,7 @@ services.harmonia = { enable = true; settings.bind = "[::1]:5005"; - signKeyPath = config.age.secrets.nix-cache-key.path; + signKeyPath = config.sops.secrets.nix-cache-key.path; }; services.nginx.enable = true; diff --git a/hosts/hydra-1/secrets/nix-cache-key.pub b/hosts/hydra-1/nix-cache-key.pub similarity index 100% rename from hosts/hydra-1/secrets/nix-cache-key.pub rename to hosts/hydra-1/nix-cache-key.pub diff --git a/hosts/hydra-1/secrets.json b/hosts/hydra-1/secrets.json new file mode 100644 index 0000000..189e9e8 --- /dev/null +++ b/hosts/hydra-1/secrets.json @@ -0,0 +1,27 @@ +{ + "nix-cache-key": "ENC[AES256_GCM,data:AFDvfikObYvlwqRd0Wz3jfZdrKp6vu5ga6mFKRSPhh/BPFS1mBNyz3DQTL914bO7Pn47QHQVxufFVYlYmIq9sIK5snudZmRNDC21D95CvnJMWkO4d+nO8sMbjTMocEBmBEPMC18WHrkVmWOJ,iv:sD1qpX4sgAqb0c4Vmr7cRAELwiQhORKleGggKnOtmB4=,tag:q9D/f/+n9J2+ZtyuLXuk6w==,type:str]", + "wg-monitoring": "ENC[AES256_GCM,data:C5C1s8GgEhu0QrIYiToJu/6Be7njwwNzdj5oMDGihT0m4lCtkwDI9NPxdBQ=,iv:icgVuwsJjl9+6pank/0MenY3Sm9eZiJ4KqQHASz+GXE=,tag:ANKZxndDHXAakUFr0euvkQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1v7etelmpeksue9q4fdz826e4zd8d45vjfm057m33jmjeuhr6dcssyw4f60", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiS01SZzVxOGVjeDNuMEY2\nMjd3VjJHRTgyckZxbitFYTg5cUNZNHk5TTM0CkM3QnZyaFFmTUp2T2phZ3FuR3lR\nd1E3TlpsRnBQVXM4WlNIKzdTelJIbkUKLS0tIG5xR1VlK25LR3JucDIwakMzNVp6\nYkI1ZmorajhDUHdHZHQ0QlkxMkE5dHMKTaffSqKMM7Z6pDmMLvRr6MEsNPvJ9ycF\ny5Wilaie7qdFPEWJDNXOmmKwJgF/wPIsYYouL+YlKaOalL4X0i4xgA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T16:30:03Z", + "mac": "ENC[AES256_GCM,data:aEIs0bTuMJJsjCLtwQ/3ApO8iVCdlfPhBY97veU518R+Z2aywEh9R7h89skuVjrRcrbzeZthaubD3fqK+0mWkIgk9cYWzcHAA8OYNX8inZAnWuhN4kcc9pAy6abdqYtlqtTBY33m4BITEsIsUROW+VP7V87Kyp3THnn2S0QqAag=,iv:1wqiyugRLFXT3uXfo053E6mGH/wFGjUO/AkXz915GrA=,tag:8Vil1vZRkKUN4HwcFNJsXQ==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T16:29:22Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPARAAjrV8h3h9H5LiACawYTxnw0Zf31/4NSR5Wnl04IWN+qNg\nbeZmxj4KWuN2DxEjeERm3yNmyzDlhj7LNvmEMpdhE8DGgXVnXOeVvM+GPuKh4ej7\nLy0leHsXvyje12rzSw0Fidqs+PbXpsbeo4NmnNi7VIgjs3zuAzlNuH7AnLkPmUA+\nUAThUl+mswjARYr7UhP6YipQ2mFlrC2oL8guPwpWKvIq1rW8t+Ug9O8IMCA/x/iY\nJZ/04Tygc/EnDuCdvzMOf0n5xWe6CxRbgt81cfeoEP1PVJfof5pP4Rnfob22izst\nxBDnjnxd08xXOkPRHPN/KliMgRxmIVtlWz2tvL11OEmE2N4HJs+K6tpMbHMSm1UG\neA1mseDHw/f5z6tmH/sLFNtyXoznfiLoiQ83T+dUIeq9V9FEO7RqaeI8Qdy1enSQ\nCUXHdc4T3w525px/kYEm8QqUtyWcJHls609WG4togL4zll4MHsGP2gxx+FU4ezWI\nakD3j2KBzSzVP/UGu/oy9bDD30aA29+AJ2gNbvm2kLlY7K6As5u7Ug/u55x/tKQW\nbSbvcRzSXaAWmJtEld4EL+CdEphyMGQSdRSCceS9AqfTtvl88vlNp7EZK7mL4oBC\n8Rox3xzyRkqGpNEeryl6GIi0Y5QUe+AmyGPGNkqfzK1xkafElkqhhKhyOPVu27qF\nAgwDvZ9WSAhwutIBEAC6+vzKfG/E6ZT0RXE+rqrLx8lzrES4mhhOWbktyA1Y1CPo\n3YUkGSZHLUgg3zR4RlT1bhdfG3gpsYizFe3pVsMMkNrIhrPv4fDAqFNSBfVKYJdR\nKb59Qpxpwq+bBdu4Rame2ogTXwzTpZtW+y9jaWoxlgjCTMdlaNzsC/I2SN2gfDFe\n6XqPJaN4VrHX3jXlqrEDjrgFSn1t8ozxe+saaiX8eHygJJyAOWp0qhkDbhJwv9eD\nRveVAhGbQA9z+f6tKXvQiCJbW8GSpu3Udze34f315XRig6tVvAOsUw7zELjlXGHj\nfZVzrBWuC2GtE/uCC4iqIoPGjpk9RZ2fBgSCUVqhQMR4ZxDfB2uNSU4YcsrcOsjn\npUCzGDUWbO8ZleUTWQUehsrWYiZnF4n8M6d6zT8ihgr978iB/NdWlq1nByG2v1DX\nLKgpigiz60kN+EXJyAM1wd0m/DXnFCMnmKLLvto0ACwKe2l5gRXCLpIij7EqWWk1\nU5aQ/3M9YwVMGLGpPDFb5RJ7GXAXsotUEe0MRPeEIhvFdZbGOF9Xtv1E9WJ2PTaF\nwsDpPlufvd1qa/7fXM1ra7nxoksN5I0XYu3NjtMM+2WAtVSBZ6vASWxu5Che5pSt\nXsv9is4H+ORcfd1KDKfGwZtGoGwzeVN4Us6xirjeLzIOdE6QPfw3VYa5eC7YoYUC\nDAM1GWv08EiACgEP/2Bql2AOtUUcrzQIupSut1Bw4jt/Be93I110pjeB4typASRv\nolZgKcWUyv8P0jD3RRwoxJigJjLEolpLSy6F88w5M07fNdtgROuzs3M7nd7tMPS9\nR4RZcLJh87AFVcOt62mM+8FbvA2KTcDmFuA/h+z5T0SKZwjA6xkC92wS7qpYRbOo\nqqnqOgOpv7O3KUl8CQUgeA7UcpWA1Tqu4kEUN4rhaLnJzB/KUx+UzfgumBgrsAss\n2/XcT2l5vZSwmvVbpj1Op8SJhqfB0A3/h6sfq1pxzyDBA7OvsJekdTDwLl2QZtHS\nbKteh4iog5CRSAlbrwt65krh84RJyEU238kzeg1C7JMj799/6paXyWqOZPZaktew\namzFksVdZLSosMFKRmraBPJkTYqyjzy3U3OsXSz63NnHAbIyWJg7MzTLDHHoMSus\nXFXQXXrEnHZYg+1oynTTa0KOD9gEaz0ResHxMokZL0D6Y5FFtM3F4Y5Usvm/ZkM3\no7R8Mh7yKODBPwAO4RXAQQOqWsT+MqAhNHtjZCzIE+mtcY9v3VcUENs7ZDmC6/Cw\n7zl4NxiHOw0874q3DoZtyCVVN7iMnhg3ZXRYOBzaLeUZQP8y5Ex2gjE3nJ3sAy/H\nYdTmJYg7G9Gz4Ffced32hNRD+44XrKXlZBkCKpFGwWHJrjQJS5imrIGdFGvC1GgB\nCQIQfn/f746as53METJMSWUlxADRft5dqrMqqaaqDNAVR5W/Qmsa0fwAUQf76Qxa\nz1++MconWYhB9No/cWM1GspEDOShz3scZ/wth7MmOcBPnscIcsMTt1A0AM+h2hF8\nPOECHUyMzw==\n=SmBP\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/hydra-1/secrets/nix-cache-key.age b/hosts/hydra-1/secrets/nix-cache-key.age deleted file mode 100644 index e017fbc..0000000 --- a/hosts/hydra-1/secrets/nix-cache-key.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w XAZWRRep4zdbZFwRvWGa9yyLe44TlOGIMwtLo/WZXyw -G8Rv8Oqbvx5qYr8ZrQlmIyhYqUG6aJArfhMoqu4U/Uc --> ssh-ed25519 UgSomQ sP6Z3WzhBXDaDfsSNHY7p/vV20/eytII2VhO6+vUAhE -q6+FH+k04jG0417KvY8cHnNeb8hEzEtxX+hLmKWqvdk --> *A>\V=-grease -wpRswQ45ywiN+jit7kj5p0s2a+WloUueeu5E+Nn41WOMNQLJ3RaJqxRk ---- TVK8uHcE2tn7qfDF2oAGb24N6a670Fc+QVU7agmJYNo -_ a -'ӳAbS X2$\Mž#6wPɅ'GK&|7PՌ-v_Sb&^Yұb(K9o߉{CmF0wƣ- 9<5 L̥ \ No newline at end of file diff --git a/hosts/hydra-1/secrets/wg-monitoring.age b/hosts/hydra-1/secrets/wg-monitoring.age deleted file mode 100644 index d25c7b5..0000000 --- a/hosts/hydra-1/secrets/wg-monitoring.age +++ /dev/null @@ -1,12 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w iq9GCoMvjYmB36sb3ObwjSO2eL/wyyxTsIbJ8lye1zE -6PcXowhq3ADvC94MQ0BuFeyiCxmxWwwgEjve2fP3uRc --> ssh-ed25519 UgSomQ OtaRJDru8abGAMKcmcF0YHPDMnilqZAk9LULZ3eVd3I -3vzkjiqpOz1rIODQdO1QTs7j8JW+f7/9hrlBvb48z+M --> zXcO;;.{-grease -w1zwccIRbNRBbiXF5p6fVAS1Fm8OUJdq105gfEaGNUgEKSzUzGRlron5JemsebJt -6rLBebjmtxrgLOMvPMbtpX1hQJOrWV6yVJkBOuqlRtVdFPNMrIEWXc5v+VXR8Ccx -XMs ---- v41dXOCQtZwpIdKXoQSB1oblr17HunSpwoRnfPtKkS4 -M%<Ԅ[_W!s -.Ho0w6t?'zo Иh \ No newline at end of file From 42cde57e8d253970d57b830cfff23d06d41b2199 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 18:51:40 +0200 Subject: [PATCH 06/14] hosts/hydra-2: Migrate secrets to sops --- hosts/hydra-2/secrets.json | 26 ++++++++++++++++++++++++ hosts/hydra-2/secrets/wg-monitoring.age | Bin 454 -> 0 bytes 2 files changed, 26 insertions(+) create mode 100644 hosts/hydra-2/secrets.json delete mode 100644 hosts/hydra-2/secrets/wg-monitoring.age diff --git a/hosts/hydra-2/secrets.json b/hosts/hydra-2/secrets.json new file mode 100644 index 0000000..7b39e72 --- /dev/null +++ b/hosts/hydra-2/secrets.json @@ -0,0 +1,26 @@ +{ + "wg-monitoring": "ENC[AES256_GCM,data:qc1VehsElpUpX6xzEn5qtge44farh48fZ9GqC//UbWK1LDrlEktGrU1SCGc=,iv:IC+WInx+Lb9DvExID9/Spk5rjkeDoMZOWTPP9S28PvQ=,tag:/2IjntZ7WV5MCheYr6xSIg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1eye7ssyazf9rndzkerj2dul3ryyuwha4v9r8gq554nu4l8k4cf9q8lgsdt", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqUkF4ZUZxZTVUbFNFRDMy\nS2RUZUhjUTFZclBYYzZyaG04anpPcDVLNXhRCmtkUlB5YWo1d1hsdDRCWGdVRkk5\nWnRXbmg3d0V5Z3VKeUZ1b0hGQWZIdEEKLS0tIFZ6V1RZTDlCMXNZdUNVRUVJaGta\nRy9MbnB2dkd6RGlOaVhJTVk2eGdvVWMKZSzRhhjAxjLRcQa4Nbvyi7Zls3mJZCE/\nrUqcHuyduael4qrTbfk/gt2A/9xPkUzd6HkdhlohJbCWQlTDU3wXGA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T16:46:44Z", + "mac": "ENC[AES256_GCM,data:h77zaEMheujRolb6G4Z9BpFdNFrolxy2+qswaSFgsgbM9ZwqD8jB9wqPmg+bjnAd+LgElpTMe1qTOwxGr0dGimxaeG8eXWNhCjZTBjr2vj2cg73ZceO1xtqKWK3hXP+WN7N4Mx4SnwRdW55YgJ9YuUpQm/usZJRwhf0pRBtFVSU=,iv:oP2AFlAogCMLyt735UHDFnNlJHmfkKMTQt+EXB8kHrM=,tag:c0UaF2QnVsgv/6rGGxfVHg==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T16:46:31Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ//V4COlA/fpSiHUfBinB+ZjThFHu3Ddk/cLtYzTXzm3LoS\n1JGiyC0mjh02meuLBI0m4vkX3o79/kmEcpNgDihNR9dbdKZ9sA1VvV142DR3jneC\nCoo/q8Jl/8Fpb8DEoVSZbJzG/QdFgmOo/cbdZmGB7iqdwwK6A0tp1EtTLZyq0pfX\nBMcMMkcKn+EOh3Ul/7PpEu5/qUyaR97pXLnsxjBZGOphmNgcXM2tZErkjf+czgH6\nm576Bt7z4hnCtFClPs3nJIA4nfaUFwYgsWkdVLfgv/jKXyV+Weci7WONdVWo5P6W\nuIA23zY32GTv6EOsk4kb/Jrn77r1G7mOOA+6mxVhzA0E3EHxmwLpEW7g0TtDTDiT\nyiIoR3QwBq2hZa+HOloEJ+pOnmhhiVEAWw/HLbH0zfEfPCA39feAiaWZ5gS6naeU\nrlUQIKV3bFrOyc3O1ghlBa77M5geRbdeJ64n9/r0gLi5Qc14yAYaO8mz4XUhZmDf\nXQW2a90sZ8A2KkrMGE5D3xp2L+61fjJ5TxAQi9aeEJwQHgb7I153k8J77vKw5CVo\ncQkwBJDGGtPftyysyHpGTQ6CCaLhC8f/MB8Mvru5r756zW8NbYcXt0lamxVCB6gt\n1+AUwoUzRmAAej5M4n0Zhv0tTJymyrVsQKjHyKlGDEB3frUlHXuDUUrg8dxZ5ByF\nAgwDvZ9WSAhwutIBEADF/hOya2CKNcixVdlOrjhbc/Fgr48R34PPkTyCeBvP+OkR\ndmu3VcXrTIPcFboMJQIp/m8cyUOL81n8EM/ilFpTJV2N6Pof94ztZDCRAOfy9UZ7\naMQJIA9t4V4oHTH1mFdN0t26WfqqNTzaELIzIHzfuXp7AGZY2So+O2U8RKwwGVla\nnAaXyHBlWUiLsHMWzRc8OwYRR3M5d8Wbz7E+K5+4kLZZNKE9AIu4vxnddQnGy8Bh\nkkykgnz3/my6Z6aoRJOHeqiy77ICO8sJGHqd+9xtUgJHdi3/ZVlZSmp/tMTx/MMK\nG4Qk5/R9KG5PTLZlHLz0v0UHZrmJbQaqQMcKoxFJFae4ygxUEcwVGweCRXd9u5jb\nn3kxdp6dYvMDTe9MPRr0NWNyO8ioNVWmBw7W4OdAJxhnyx4C5//yIpBB7I0npwDU\nOMM8WcHkI/N7+v7gf1rSIcArKwKQO7Be8d8MGstRTrEaqs7WgslSveO41/qQfFvu\nRw29MHIvF8d/Mj7YwMHUTLFYiKwOl4ccDw5lpnTKu4Oj55l7xHMSTYLFBz1EYlU5\noSp3RipvblXCkesgYjZxwZiWpYPnBWUXi49Q2pH6fJ4nEClB802cCFNbmZxwL8QQ\nzpOU5zDPLMiN8GaqDMQEgFTVPdfGkdaK1yQVLQkb9vmeZtGCOj8D7edd6e8QYoUC\nDAM1GWv08EiACgEQAMLQwhngxPMiOdzhtNEv4uyHA7hS1E9NIKMNXaXnGNa1WBib\n+cZ06MCGsCO4E0+h9oGLdhIBx/qQadu2FU4nMY/H/IuyRLAJAeGC3VxTo7of6Wez\nHnMepaeP4vdct+odlhK5l+i16CYcDk0LeC/6MbEQmAcTsf6EWZ3Nt0xR6mwV8mKS\n5CMhPdL57t26kJdkKCr782a7j2fsqU9x5rahskuGC4QtYx/J0QabDLaY80zswBUz\nDXiFhAsDIx1vXaBtSuUsJBtA++eYZ6ysJksZLksTuoiR1Z/RLdFHXNavw/CAjd5C\nHQ7n13v4G4p/7UE2cCqK+5yNctxLeuQ/9QzPvg/0zoAnBF7cm9sLp+8qFl1nnri0\nXa9CPgIjWFwX34D24KwykE12OLTWZahMae5Ke4okR6e8OGIJyurrTfIwRa2iZRTp\nrk58jhyCr44xeaZMB9/CFDTJ2wTBbQW6SzZrMjrvCypNAH0B/Z0SUMUEVaLdbO4P\nLSu/MvlGDoBxnulgFLPuLc8OQ+NQr8KD6xqmuC64FGh5lq4mhltWXNC/AW3gyvf6\nI61oEpHviaRk66IAt6N4Wt9ZWxbsuibfc1e4yvrwKxPjtI/eIU0/MD2ZqbGM/7ZO\nNeGI8DbTwsW6Jzco7LE9qsi3+D2OoffIj1tgYmuV+LvsyPbCFmDGGJC72jyW1GYB\nCQIQ9s2T8Cbu+waeABEc/4XidJdejOXgEHD3+Ztwx3+6C4grA3f8lV28wxcH1bJ8\n10YOf+aEHYDrC99mthP8f7Nk3VxNDCqbN0HkSC5pW35zD7ririit0ClZ0/8njtYo\niD6Vdjw=\n=blcz\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/hydra-2/secrets/wg-monitoring.age b/hosts/hydra-2/secrets/wg-monitoring.age deleted file mode 100644 index 5ebdc3df698c4240d0bc36493d13eaf64ba95095..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 454 zcmZ9`J&%)M003akx`u)x=p{{RPi6^&t)yv%Fref^=~=&HYBzMDRnjDCRhH$#%QR zqVn2mwbtm-Hl0&qwutGj-Xdj892uVHZmW%#ChOp`? zTWdCfpalSy9$Q-2u3aN`V;Y*3925U*FjGRoM8}!JQ-iF8`M^;`ZV4=QTHAD+FY`so zTD_plW*bJz()$!biy5WbN)q`@NYTBKNpv!YS^I_Ex9}Zw7`N75yfr^laZ_$y6RND}a1;vD3?+ zU;IAVKlpy>iud#tr|oWBJjKNW>*c$>-SzXm^Zw+^g Date: Sun, 21 Apr 2024 18:56:02 +0200 Subject: [PATCH 07/14] hosts/nonat: Migrate secrets to sops --- hosts/nonat/secrets.json | 26 ++++++++++++++++++++++++++ hosts/nonat/secrets/wg-monitoring.age | 13 ------------- 2 files changed, 26 insertions(+), 13 deletions(-) create mode 100644 hosts/nonat/secrets.json delete mode 100644 hosts/nonat/secrets/wg-monitoring.age diff --git a/hosts/nonat/secrets.json b/hosts/nonat/secrets.json new file mode 100644 index 0000000..1f7a079 --- /dev/null +++ b/hosts/nonat/secrets.json @@ -0,0 +1,26 @@ +{ + "wg-monitoring": "ENC[AES256_GCM,data:F/aXjZuhEkKLBakEnhMCEhj5RDkRzUGHxgJ/WEt3duKw7Iva9tlnbAgkgwA=,iv:XykJvTXiUpqHdKohJijRVe0+bUlxZrI2FLxl9Cs4b+I=,tag:ko3PkURY3jl6AsfmJrekXQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1d6736smhw5jc2tp7teg7dsnyts82zwqxphwww7348nr8u8kwms0q2xakse", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTDRrb1RjMk5oR1owNGJI\nYjV4NlhRMkFaL3M1RW5BVHk2NG9mK0JNMlZrCllQdkRMd3Y4R1FNTVFPMkxrSmow\nZllvcEpKWjJ5dmhXc0Rjb2ZXdndHdUUKLS0tIFdXSVBXbEk5Z2MwOE83U1psRWpy\nTVpuK1h3ak1iREJRbkNZOXpOZHp4QUkKw/ksqqfpvaWqjwnEvvHlRxllRbDw5Kig\nyvnaq6KXyBhd0IeJsVnNkBH1XyDVM1XUSctXLE/YaY1gHxr03Q7Ozw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T16:52:42Z", + "mac": "ENC[AES256_GCM,data:CnZUUmwu7rGCKxALYoklaE+/v4H50jGIuELdpFMSrJER3YNumIZOlYxmsNagZvG9C55Ue1fHpFDJK1ke9lh8OHGofzSJcGHaCQQdbcgFmDQmnHlNKf2k7HHomUs2+RI79EQY0rWmBqmvWFTkues8ftwIu9mwLy90BHyPHk41ZIU=,iv:pDFG7JjhS7aCblvhHziI+zXDW2pXMHtsB7FqbRFGhSI=,tag:tpQKgnyeT8+WHkWKVilcaA==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T16:52:32Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/9GG7ky4QjxnHiLqn4oAo7LvUkufu3NbmnD4ZAn3eyalx5\nJZCi5y/uesiy3VTeaAveNp21CCrrPQitmZhESnE6WIzurnY0BqOLuB+gaNyMqcS0\nLFFCqwBZ/Q51+RuZUgEaH38Hl7rwzYQ9zGruyZAKhGvgO1JEfzD7fF/IuQHfIDoD\nJLcyU2Pueeo7ZQlXijjW8Nrkvh5YyO9UPwA4WoPNnAobtZgyRf2MxhYSAvyq6MaF\nMV1yCo5Ij57Ysn4JXhFFvAbKU+ybxI1/HZHbcphjnCVB/GefuQT7qm9Y8S/TcnDv\n2CzcT6/v38OBQQFSoiRxJCZU15uBXHyuib8elDF8JjNxO043H7Y9FBNuWafETE8F\njAm0ZITz+sA7q7hMK6+Le9tBMm1D1fpdlGOpgc71+a9OPdKy0hAUhIGN4VwjnU+Q\nkA4u8LsCHOUM7Bl5HajzUXdnEXKKoJAiMHG3jdnb4pq7rw9M01a98iS0nLZGG1Mk\nBTlg/Zo2rIwwC7R2aewkXE6NeMCn0jiGxDcs4ddGZUAOUJByZQwnzIWdd63rusxZ\nvLDVyYEA5Am82dZYCcpIjP0ZdnbJDJJpo3zuGbGMXs06BCdeIfSZOBa/Xi6sy7ft\nuyZSM4TZ3PKGO/3JOstzUKkZNDiEFK5il1+0aVcDfehr4lphal8Efg0tvGlXQ+KF\nAgwDvZ9WSAhwutIBEACwUHmTjOzQ0Qy6RoY5KswApxNSq41w+g7sXJyXoqXwacSd\nmHoBHf0vcA0kUeHKOP1NDfBdUVuc8yIg7WZEi7YLCvrDrLsRY2J92m35xxKWHvhy\n9wL1AQvhzS8aOu1llZcBqt8aKxUXaxdH1M2OPkTEz0WS6xIqkKUm3cBfVvkQI50I\nSwI/bFrgj9gDmXdFGfsiv6rd+gCqlgqXPXqgIQq3aEl2Js+c4Dz57r/nhLgnLW9I\nl0BUhML0UJGD1NDUWZHwZn9yBMdKFUghKXYmFIZLi8f1Svq4vxyhBlfoaN9Y+Sin\nF4WrW6en24DEc+WPkOx7Gxz7Pf3ojMzv/FYbZY7tM3j01FOEh/F/pE574bC5saBM\nDTEvt94MXt+WrRl4/N+L5q2HeiaCAALw6jsiqKVZUkg7+E5ZHwTCdkZXrI/8cT0I\nhMe/qhb0jODYn0gtqiXUrg9ysKIQySNI9WrF9zIpddI09m0U+mnO4J7U7jNge1up\nqUMl99t/WYJ/uwiyA/InrwrqqL6zUtf9xChts3g2DpH3WpbYE3jEof8eytsB72IX\neii7hDz/lsKTMSTxSQddHXNkTFhnkE92++hi/oyb0m2cJtu1wFJ9lkwAEwGCaqNN\n5UhYAhBcROuoQLWKiCQFrHKb5YaqDBF4+klPCaOOyzd6hh6uxCtRHwZfHOnglIUC\nDAM1GWv08EiACgEP/1Va6poyz898dZjlaNPu0LFoFyGEG2UPrMk5ZEMeqgZ228YU\niQGHdVtV1w7J98gu8FWIRs6/lBGDKa7uYcrDnhrq8SpiZTVQGK+IBBjoVkRWCZwa\nLOl+2i2RJuxifmCQcToxa1vU+CoJ5OiHI20vk3c8RYsYKUghEDYK9yOUKre72CMN\nHYgPwlVz2oMI4J8o3dySIJ+8Y/WAiPdgQRj71zpNqwCgdleQXr41XpsCps9a0oTG\nsqfJ0aM0fYfANpIKA5VYRXsiXbUZLeEphy10ta65OCnDI7TCv6RxKN0dVXnbIu4U\nS6i9kivjVawYNYPNi8MCrjpBzSq67n1iHVSpDGNq80usTytA0aac2Im8MSeXcUoA\nHSL8P9B5CcMMFDCRhmRPY9F+QiBoD+shd8Up8qF0n9EzjW5iVDHirCz9ePwhhntJ\nUkh8OX52r+j3Z9YIiV4wOsnjtlia8J7x773ZZf5mfaDhSlw8t1/8B/qPWmg03lh4\n8iCJLkPli9ogPUu/Kll1W0Lzlo0If7zmiI2PRNkKXIV2lvF+klZTJqD0pUA2RNXb\n3xYCbGVBN6EMQUZryFb7s/ZD34UFUoQO6fZQmjgNOUkarAPqWsxSvronXDGgOvfu\nRkyYWfGuB9iH1ZgihmGmWnJWq2GERnEaffBXdY8EQi7FtxdUHhoIxN0F0OCa1GYB\nCQIQD2KxqelQQEg8wi6Zj5PieGRPL072e+NG6H+DsVdkSIU+fnXECgXbEqh2pnpJ\nbq8v7SJ75VK8/74ZNl5Y15zfn/05OVpVVP3xtZAHrL4qenIx6rsa7uV0xcGAC5DH\ng6b+2xM=\n=A7xg\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/nonat/secrets/wg-monitoring.age b/hosts/nonat/secrets/wg-monitoring.age deleted file mode 100644 index 289795d..0000000 --- a/hosts/nonat/secrets/wg-monitoring.age +++ /dev/null @@ -1,13 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w iEMelLHDM8EUtRxTjZakRhyaCgvu0y078c2m30LjlgY -o7v/DLKisYUVOgr/q5R/vdrFwsvibdPyGmDdoYxG9wg --> ssh-ed25519 wTWpBQ R1dUP4h19a97U2pRtayUWOer6SZr0K4NQ5HwfxlfljU -NwTJQET27YxUZVMr0Eysniqp7R/mhVLjrcv7KyKk7HQ --> \'G8L\\-grease -IYhz41mhvSiBPNpEd//WIhhxz58Rj5nQrnsyNUcNJ8DJo+u/5XsMX7xsiUpPlqZl -gljbE5k3W79kGV45+gTGbBi6j1kwM98ZPzUx6zF/wdkV+6/UdRvcxdwCBeLMQCpE - ---- 9cL+fMX0BHh+Tdtx6DBoUG/U/dVlwX8YN0CoWIZvU/s -F [*TT;^b&! dXO@KF -%/k/'٭/{ -nCn"Zg/? j \ No newline at end of file From 7ad061292db9a837987437a7b3e4405d55675541 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 19:05:49 +0200 Subject: [PATCH 08/14] hosts/porter: Migrate secrets to sops --- hosts/porter/secrets.json | 26 +++++++++++++++++++++++++ hosts/porter/secrets/wg-monitoring.age | Bin 404 -> 0 bytes 2 files changed, 26 insertions(+) create mode 100644 hosts/porter/secrets.json delete mode 100644 hosts/porter/secrets/wg-monitoring.age diff --git a/hosts/porter/secrets.json b/hosts/porter/secrets.json new file mode 100644 index 0000000..72015ae --- /dev/null +++ b/hosts/porter/secrets.json @@ -0,0 +1,26 @@ +{ + "wg-monitoring": "ENC[AES256_GCM,data:EA1sXBWOKS//Eoy0sC5/gjIboa/ehquWv0f9X9uoz6S1eY6RK7MPTeqtPsw=,iv:2EBtyAQCzSLftRveHFfIUciFOyRyT0mIoInEOu9sCGo=,tag:MwwyglTd7LTKZer1fXuXuw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age14kge9aw4hq4yuqtzzn940yv66g956mqj3h5wmqx56qplvjak3s5q949v5h", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4NjgzZVVBRnVtUnEwaEFt\nTE9VV1ljYU5hMmlQYTlqUjViNWFFNURVR21rCkZ0Zk9LMnd4cmlLenNOV3ZNcytr\ndDVOYnJncEZINWNCTXhWYWZyVndQb1EKLS0tIDFtaTVDM2sxOEo0cmQrdVZYVXo1\nWE03RHlQWnhOV3RRN0dNeVBVZ1dSdzgK4alZSgV34OANF2RrVAEGD2hTBko3CQmX\nKWtptrypxPSRl0Y/ChGNTcQygzNMV8Hiidks7Z2AqEou4dNC5mRQkQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T16:57:07Z", + "mac": "ENC[AES256_GCM,data:a1TUjAdvt7Kw60pjDBBNtBOvOU+V7NvHA2C9BW0iALeCvRrZO/fNwz32caYJ3OXyLvW9mo6DckA7kRHRlT3teT6y7e5DXogY/zaJO+Ic4WgYnPsosSEGJU1/DXUvTkwekON7/DmssLQOIdpBMxP2Il+KQtpwfZaJ21Zz5bk4k+4=,iv:TDNYILGKDLpx4veYOVbXKVng294GxOWhgsDyxPNakmo=,tag:3Ckv28ECkwpcFUsUemiHjg==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T16:56:57Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPARAAmfoMVD3ZIRJx0Yte9zkmfZZGjw7qh9ofZPHGyuW16kzB\ngI3WeVCi5VzJJokrA5lzePuZgr5Pe9tFcGz4coKKhUuNxsRGkZrMKRNa/piKgPQp\nF3jrcMG5ZEde0R/tAQUF1R3Pkj6y7E/4huqZn2lmLYCveeRSSUEeGEUQ7HqLaOof\n64EM1IiDisEUMjnNQi++WR7jqS/qNXkjSboKad4zR7HcWTAhnFFLyKWGV5Addl6I\n69MG5zxlecTJBAtfZaVDXsPtHNiF765RVZz5X1ptbEt4fUPQzvfb5Rv21AhTdWvl\nHeqFKfW5saOvwND+/hNhFYXUGy37rmPNXEy2sO/sojuCqbMVM4ZgsCvIw92+wqXQ\nHbXy6IYTPBOodbwmSjZrrXA/RLCeEfNz6Rkk+9g0rbLFWVeeA7vBR96y9PDJddAF\ngQ9HrG2F+63bRmnZqup3kOQVQCjmGnUbpivr1eOEpLjbGZ+jyFMwySZ8NHN5j1kt\nnszzdBnF15ADQIg27RgYA6FF3lQHZ2iVDLM0981BHAhSRFx4U1Zs/poaC7jOSXJa\nSCjkuidx5FJHHrOY1xW1wazRe/UG04LqExDfv1hvITmgcbUPFD5PhBlXdGbJVpEE\nIiYw2XEmmy1IiVbYtk6efSipePk1VyudvGqO0IiQDDfirx8f0nFy6ApJi7MtKbOF\nAgwDvZ9WSAhwutIBEACp3oZAwqJFbDWGtEVGIw1goINZ3HedsJx9paXkcKFQdQ2o\nw0EYdC+cx5fE9D2KF/7zwp6vWFPh8uH3Na07CoAa4vy6Ic2K9NTGElDDEXNW3mPx\nkiuSi4ZEpdJ+uUdT7utjTnGWKpoiCl63xvOLMs9rEMbLtzki3U9y4yT/plZSu58j\nGtQ9zyfgcEgnlEniFJCRV3vgLCvnR0peKOYqo1mYIqEpiPSZHstRgDLWiKqHbCLD\nRSiiun97yrmzSrh03AcJTWpfkPmwC9mW/DlFw0KwcBxW4KPYBFkLon64se9t8RVf\nObVS53XdY0Nylo0fUodDW9HBZQndnFo9bH3NgLPLDPrXiTAW792Vb6rVc9N8h6mq\ngXxnhatX45qK4cT8lM8SJN/2gaVI721MB5cKQtoC86KvVzY4cCCbioZwpk/CWLCY\nCzxjE2gJi0tKswPebBmiShKHU/e7fyJ2rwPXcniHyf1BoieiMQ37i44Z48+FRT22\n3UE29v44kPsXhetqTGAqE2i2coTdqEBPLb1YH4PJssIW9l0jA7Jf3nSeHPnp9FcR\n8SSqt7VhitCIqrznvSrFnVARX9v9ieWB0zw16pSfpMB9FUv6I5j9a58egvLCh3Gj\n5ZNGAhy7FN6SzlCvjeBrDsVpmm6G92SJG2s0Enq4XXpRT/R5SSmge9YMosGhm4UC\nDAM1GWv08EiACgEP/iC3eiMat1465XTM1R5QvgLSN9PTm0WUueRql8fatb7liO/p\nNOWNmO7+mxtC5PBm+lgY9Ep0oxqZpqWTOY+E0tnkE4O/Q+pKSdNYRUhx30C9RgH1\n/8a4HdsBY4x40ae62tclvatHaBJgSERNGSTdnQNEpo6edrPOn93Hg23MyXzJzupS\n7pT8dguJWiB4HJ5QGacq12+J3Gb8Fnen9I4yWDXuunnX/si52CEcxQhHBPKY6sRH\nZVfaGoj829N0DOxupphXKdx1G6Hwpg3kTUliHtdcyU/fdnBwaCH23KGK8VQuIcem\nx9qIiIEcuJjHjNVK8Gvm8nlHfB6SnvORPnu/K/L5SAXmWZSnBl4uKGgxfuR2LALQ\nQW+oucb/+Qv2FVe6rSHMdBpqDV5PjcnaawDm2zqIBsv/hhrbi7KBRbW8cU6G61F8\nlbBhaa991N1koqW6c+XsAjMppRvXTTZ0KvVFemEDg7isopT0aolKyCMq5Bu4OPI6\nKnzkZL+b4upke3WOqkPAYOhSqhGbdudf8afPFQ0OrR9o8f63uPiOE2Ukpl0Y6LdD\nZG+465NCdzraaSLcGs5hSbj+ECqfdLMGL5bevWZKV+RgMnIIbuMmVmCin5loWgCX\nPUta5r8oytxULPn0XL9HIb2HsDSBHFpfe4kJHjUgQpM/+KFLKFQUNPlOxf2n1GYB\nCQIQ4rFiQkAiUhu3kfiHZmaMTwoId9pAwDPK3KzmJlg1BfJEl+0EcmAyPSoZ8ttb\nxIJbVmlv8HuUZmdDUSj/FbDbSxm/cShKJMGDvVF9cossu6drmSNbHtzUrYWGNX1C\nWAAdrYE=\n=+FHW\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/porter/secrets/wg-monitoring.age b/hosts/porter/secrets/wg-monitoring.age deleted file mode 100644 index e8494d017bfadfcab974c303a653f9094435dd72..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 404 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlC=W6=E>{RLE7tZ1 zt28Le@iYibE;S4^5B4c9c8u`1bjr^vHMB6+FDNT?@$?7}_2i0*^mfg%2rf)=v+xQC zj4U({$*|PccFQz&aj~>0(l<2qb9WAR4=gjN$VRsG02J?)f_}_K3>AP1ZkMY0)&PPoC2+V_Dk@hDyeJTW)A{gc)wk jo4%2c?a;1Ey#XBdi#Kr{@HmnBOel(b>zrAW=4=K47+H)o From 2775acdb48c874e057e9820dde4d7e3fe4008d45 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 19:15:15 +0200 Subject: [PATCH 09/14] hosts/monitoring-3: Migrate secrets to sops --- hosts/monitoring-3/alertmanager.nix | 4 +-- hosts/monitoring-3/prometheus.nix | 2 +- hosts/monitoring-3/secrets.json | 27 +++++++++++++++++++ hosts/monitoring-3/secrets/wg-monitoring.age | Bin 491 -> 0 bytes hosts/monitoring-3/secrets/xmpp-password.age | Bin 521 -> 0 bytes 5 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 hosts/monitoring-3/secrets.json delete mode 100644 hosts/monitoring-3/secrets/wg-monitoring.age delete mode 100644 hosts/monitoring-3/secrets/xmpp-password.age diff --git a/hosts/monitoring-3/alertmanager.nix b/hosts/monitoring-3/alertmanager.nix index 73f0e0f..7913392 100644 --- a/hosts/monitoring-3/alertmanager.nix +++ b/hosts/monitoring-3/alertmanager.nix @@ -1,6 +1,6 @@ { config, pkgs, ... }: { - age.secrets.xmpp-password = { + sops.secrets.xmpp-password = { owner = "solid-xmpp-alarm"; group = "solid-xmpp-alarm"; }; @@ -8,7 +8,7 @@ services.solid-xmpp-alarm = { enable = true; jid = "feuer@fem-net.de"; - passwordFile = config.age.secrets.xmpp-password.path; + passwordFile = config.sops.secrets.xmpp-password.path; receiver = "clerie@fem-net.de"; }; diff --git a/hosts/monitoring-3/prometheus.nix b/hosts/monitoring-3/prometheus.nix index fa94f15..c850696 100644 --- a/hosts/monitoring-3/prometheus.nix +++ b/hosts/monitoring-3/prometheus.nix @@ -66,7 +66,7 @@ in { ips = [ "fd00:327:327:327::1/64" ]; listenPort = 54523; peers = monitoringPeers; - privateKeyFile = config.age.secrets.wg-monitoring.path; + privateKeyFile = config.sops.secrets.wg-monitoring.path; }; }; diff --git a/hosts/monitoring-3/secrets.json b/hosts/monitoring-3/secrets.json new file mode 100644 index 0000000..3a88242 --- /dev/null +++ b/hosts/monitoring-3/secrets.json @@ -0,0 +1,27 @@ +{ + "wg-monitoring": "ENC[AES256_GCM,data:kYFhMbqL7b0rwE2XIaR4QVT8ahoODmpXKzK5gvkODFJVklubwCmq2bLJk94=,iv:eR+VjxdtS4et9I4okzHyA+if1Rxj2/MuiC0CrWXd0Bg=,tag:rMaYMTvO6gWw6WegehDBFQ==,type:str]", + "xmpp-password": "ENC[AES256_GCM,data:eBZsBYqo+juLrYZjBqTcKFirHViRsul+wt6kkOmMhCp4xU7Ou8eJAPCOuhvHcUGxRE44L0yIyUObhRgAj0T5QA==,iv:DsLJ3qCZyrdolJBZFT9FJUNQ75pc8Vz32K2a8RJHuLc=,tag:wOxs2Ulw1aSMadWfjGSKsw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1kdgrgsjqgtxkjv8ec2ljc5jgtm45w5e6hj830m0awahnvdtknefq9yh8v9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxOGNMcm9vRWxMZjBwcmVS\nVGVoS2kwSmZjOHdGMXQwUmlzV3hhbGhhOVhzCkljQi94aUtORldKOFdqeVNXYnJQ\ndS9Vc0hRRisyL1dESk1NOTQ1dVJyMDgKLS0tIE54VlU1cVRXWXRlVGU5RzR5dXkv\nSEZJeElpWDdJYW9WNWxGLzdjdGR1YUUKGZwFPOc4MD97FBRtj1Py4A9Tz/HlzHcK\nX6nYgkYSUycM4g4d3+N+1NKutfWJ7KheuTlhNRDftyLYmmo5wyEtrw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T17:08:58Z", + "mac": "ENC[AES256_GCM,data:UucT7OiO9S3FcO9b1UKPQYXi7v3Ak7/J/VkDN4P9fssS4nky6PyX4oV5UvGcuR3p0pxLAHGJ4rOXj5QbnOqwDqmHfCnoqdItAlXRT1YPdSrelQ/gHyOfexsuV1XLOUS/OXJoYEi3ymKtza4rMIZow+du0YkRxrJQjwM0y8XSa3I=,iv:mDBaVhbHCLdxx5DC7urPPDdVPsCPYqKgLRwfqjLFdnU=,tag:Wpq6ihxIr/eceG12gpOJwQ==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T17:08:30Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPARAAp91D6Qh7RgaeQwMge/L6ETqb348WyZ/SM5LCC/IsApV6\nJiGfmtUoDLyS+X0Ry8hVIKJmoxPypBV13eZHzxrI5rif8MAlQp3jW0zqpbeo9ltJ\naqyg1xI2NC5jh9+mLGR9nqU+vpQaAaMG0EVPVHOcJA1o1TGZ/poTNA8c8azAMQUi\nnGpkKBmM7WiR4zLSiEJJbkgOaQSAptXv5z3G2RS3e/9lnZM0QcACRjR6ck40tvnr\nLLUOdbZcro0KUk5JmGmaGXXBZRz+muF3BrPV8uRS99UN2NMasRh+vthukoH+E+GJ\ntYbBeCuFEqU6g3SRTRqO8pF9/d3v2xwGUzU/nW6tyVxhlhbQTUE+yV6qA26W6f/6\nLllnFuSDGqxTnKVgg+UvYh7HzEa6LqbRKEkyu3fXQRqyevYWO/J2q6R3ZJ17RQPj\nDrd0gvg0hBhaa24b6ybxK7wl9TgLyxo/xeyLMW7akjvhjxPid1nHY/+cvraNgMIu\nay2XieyIh7p6o856Y0YzAQ0BXgmlIRmFs15V007o2fuHY14yY8uiv7odMYxv7tWg\nXRFKtLNndc0pjdWJ1kqMr8Ap45mNMaFrVHOlH3Urrdc+1v9EF8BctlCouKv7uaMa\nY34fhc94jy8aTKQtXwfmQccQOUnjH2U/foUeuXlmXSw0vB4Hk7D8boii3KdWLgKF\nAgwDvZ9WSAhwutIBEACI2oAdmWomlbswi7YJeRKShB5Gz6cYKD7KRQkpGucdiINl\nTYdTB/3U8qDrOMUrBwvHDobEIg1+x/vqzbA6mKaoWh/TN6NH+KJ6QCAN2oOs1fB1\nUukHyUIBywXcb8bMaOJ4spTH6knY4AMv8EdlGY0iDyOXfNvBRjs9952rV62Bg/Ax\nYW1HrGpcSyyDk8cuLddrJ+9tSMR46xHxRJU91mTOWH2ElA2tW3otN2IDOFc+E3Eq\nZmBvokeer+nPdu9Htcgif4PRMatOlbxnk5lnxM8dQrqA3IyVyyLU3m17ZtOD7zRv\nUXHODfQrXV2UjFeuKFqtA7YibwP2Z9qSok2SQB1knWYYhWvZv8hM2ifoFxmOgwIC\n8LDIUvJmP6WGLtMxncWHS+KH+AW3gEkSeupyysUCuROH5FNI3Etim4k+f3SaxSjR\nKWlLj/n437udYCnGnXdK9gBWlRdWkaiMBGgdB+1QsRsx+qr6T3wpM2zBsLnByVxn\nUEKm6W+VJT7kLuYB4JegjA88rWugndGZ4eHlqhV4g6ZoignoSwdZEYSkKPvJYktE\n25+TO8Ya67+VU1yUxMtFTGWfG9RkDtpT6DoxbJ1kHSIBpY9WOGsgk7/Egi+0AiAU\nbFaYkvtHWF/tCKrkrSUThD5GIy4FWnFYXK+0Pvc/+LZeAKcMWEs2PoULwRT2F4UC\nDAM1GWv08EiACgEP/jDByq/bY4HFtebvh4osCzLR7aYeKquHfo248TvhwVT3JON6\nl3CZ11z8R7z31np1YtaR06EXON6DyMd3oLqllu5PF8y/+YSsPEDO83u/KxG+CAGx\ncqes8uwzF4/Qc2yAB12rMuDm5GGzixLgorwchYxRwJwO6JVvzvGbeErYXOpJA4e7\nf2IBAcvOrAc5sOo0mFUnQN9/+oBgT7QsWWRJ7JuJLuaAyQr60vkkEzxFaAxC2dKX\nSCQDXVX4fk24EkcJvnE9gmG6o17H9HLVFomq2VN+QmZYJWZwSQwmQgCZ9rW/Da5D\nips4m010AhGL9nK5qUQmpfvkwj3/tgSr/mtE5McFhdgwqsai+nw1sdOO89BUVin5\nc//aazke439vvmpFCLa887TG2lkAy+/61YbkkiHzMYlcjQ7MJNf+wKJ3bmJVAkh0\no6Yd09YnwQm0bGLt0qeOS/CHHpnc/4Td9HmpcHLLXdxVQKACDOHdPPas/ogkQN38\nK+ztvgea4RttRI7MEetgRAIhXCtb9vcJryLNbiTDeuZES9+opo84UA3MW+ep0vxI\nmk/9IgjKeXTWENTVdseE4mpL8QX/hwNCEOFRJbT8/YlX6Xtu/cQkSemIA+Xo8F3m\nSIxh4O7pmgAribYofS5TOjwUjdygpuAyw2pBZ2ZSnIhl/GQWoTBsBZktdPvR1GYB\nCQIQo4VyLskvEfGa66Nn4gd52wpalzu/u1X4aO4vDzDizs3q8/FymrVGcRHfGCSz\n58qxqjLg9B6DY0cr3eMb+KFTGJTiCeHS4wnZ6HDu9Z7nFZucMZ+7b9Ph2UqjBvbA\n4FuSofs=\n=84OD\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/monitoring-3/secrets/wg-monitoring.age b/hosts/monitoring-3/secrets/wg-monitoring.age deleted file mode 100644 index b8c8355486965a7dc104d059d1711fd73a1788b9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 491 zcmZ9_J&%)M003ZPZenq8aWe04I@lo4@0(|erCe!2pinr^7>$W8 zCJrWUt}ad*$6GF%7^jQ5!KkaQj&6ReK7ZgrfsgwuFRhY1j8|9VG$0BJ!#g0$=D0s? zLP&97uN<^mCEz48@^>uVZV$Cap0JyIqZ%osWTqJhBVjjLdb;JoAg?k^L5gVvU)kM~K&W z(#R&-EKfwGJ=g3pkGb|*rDLTUF9p{%DS`1)X)u!X#gyXYJ+G_!R#GmSir(Y@ZTU7H zq&~`gu$J#!>hM#Lf}LC06_awnjcWyo5zA2?&V^;V8?lZPkqZ$OoI~-M)d(AvP#SA7 z>E4`5Yb3x%(N`LQF68!v9;^hfo33hX71f9om*tFi+cr5f<)FwWe{UQIQpFEjRnKj1 zP(K>Oz88xgOV`@%B#Z~L6V6zn$B1>MHy2p=?fY?f{_f{jM`!MBaqkYke0Xu;>FMFi zXXhS*2U~B6_oVTA_!B<5I&003Yw!pOxT2ws$m;w8kU`Dhx@jV4|5(PU}T`KD1BWXan%X_~Z6x_luX zL=Z&~@dwE8?!miw8VvCy3JRVC@dpShUesOv1rIzff&@&wv|6mfd2(f*qGsO0h>b>; z1qAddmTmD3xv*%uXc)SM2ZhG5Ld$PCWLfOwRx)IJxH^dX^W3F1!DhCHj1=qGw7~oG zI^g?NTo;8|+U~NNYQmNdGiFK|lvA}U)iF)iGym7zS_fLu@F8HNp`+$|z5|+kfC70% z({Nw6d(7T2?oP#$wI`vMksYj+inXk85RvgLG-gITw#e%fh!UCHkIP5|p`huS8hN#I ztX=XJV3$BCbTf#Ja2E&jeCZ>of^Hv3F3AFIQL=cogYyvaLMEC1%;#>56R|7tB9-8% zLr$z{g-lfi7=wFq-cf>bG6~a!le?%t;tWn9%LU!RYjHbB9HWPNRI$>GPH6D9^>3IU z8qt8&UCtKc$$SEutK?XZZ9I?p*<^EOuxxINH-Ug#b zw>Ex_f4qM9 Date: Sun, 21 Apr 2024 19:20:53 +0200 Subject: [PATCH 10/14] hosts/dn42-ildix-clerie: Migrate secrets to sops --- hosts/dn42-ildix-clerie/secrets.json | 26 +++++++++++++++++++ .../secrets/wg-monitoring.age | 9 ------- 2 files changed, 26 insertions(+), 9 deletions(-) create mode 100644 hosts/dn42-ildix-clerie/secrets.json delete mode 100644 hosts/dn42-ildix-clerie/secrets/wg-monitoring.age diff --git a/hosts/dn42-ildix-clerie/secrets.json b/hosts/dn42-ildix-clerie/secrets.json new file mode 100644 index 0000000..ca04e9e --- /dev/null +++ b/hosts/dn42-ildix-clerie/secrets.json @@ -0,0 +1,26 @@ +{ + "wg-monitoring": "ENC[AES256_GCM,data:LGm+hg215dTJBPfwr6KXUl6jhKBOgNV+eglyBZVa//M6A44iGmk8AAITUgI=,iv:zcQQAY/cG/DGG5nGPLAcfPZXy7IiWAREVVIZiMf5zz0=,tag:M9P6UlpB2xurMfRn7TEl4Q==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1r44rs8ujkc3xmz07d9m7as8rg054fqmpmdt0fr4xd3tltk2zwcps98jm74", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyYk14c3RPQzZXTkhlb0hS\ndWE4YlNIM0Ira0JTT0tRd3N0bUNRT1hGczFFCkRLa0twUmxaYyswaUR3R003Syta\nNXpTMkxLWFhLWnVKaDlXMnM1ZlBWck0KLS0tIGpoNWgrRnJmOG5XT1YyL0x6Zk9T\nOVZ0eDdYa3BzQ1pBR1JaSnR3Q1h5eUEKQXrtxKZRwTbfiqVYFM6u8F7rIsk/fCQb\nsZ1fPSIhVI8colyzHDhZOEc95RC5FgbfZdOP5EPKPgEGgo/HtWetOg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T17:19:22Z", + "mac": "ENC[AES256_GCM,data:urrl88PONhdSQfnRxp79tJ0cShuD6I7BiwQj+7nVNT1YDZ0PlIRWCZWlrw0CIYp7pkWzE5UHLnVSPNDX8Pf99bWJqdo3kfnkxhcSAlOn0kTQVGVtRzxmFNYdu3Mvtni+ebHJzB92u6376j1YPhyjPPC7D1yV/8FG/MaHo/HMZ2Y=,iv:Ajrf94TeZ7W49PvOM4GiNip1YazqIoIb1KfTgahgdZA=,tag:HIoDNm9/b+6K/WOaH9eCaQ==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T17:19:13Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ//Y4StFde6UAotA0bKAswDHVMFHXNDwi2u0DFQB87NMJTd\nyOaP19TZzVUZKl20QAhPoa87JdmdwWySiUW6HjQgFwDUm4HYsibufI0lml81KsM6\nYUNw8VZbD1rFs2H3Q6U8Qdp7pwfTppPIpe9l0z2JzC6uic87nhjtkaGGGvMqyeFg\nky4R7A9QDAugcM91+7gzId+0sPdbNV/QQL+PgEyiB0jhIt2bKIck/NUSxmIefEmV\nLpXWo6iV5Z15QSBGuN2cbZWInY9UbXZ/KH6bP0knQYX1w2sXmEg+KlnW9b7iW8Kz\nW9/FK6znPSjJ3+hs6Sf/CT6ZQ86rYJ5854dikuoBTKaeRgEQD6lX5o0T7T4p/n6B\nn5nQSBlg0fxCujpooq3n2hdghmSzKyQyonRhc5oDWKw/QWdkX/h6XLdiZvRgexdP\n8WpiModrxfzplZhtpcRdBs/XNFH7tnT1ZKeJODqVY4e0F3/6stnbkuJfeY+ZmTJd\nCC8HVrxaWlUtGu/67IiVz4s9mMgAsl8MGLp0mPyIEK3zVbnlmvVB+tQNe5Rb5cbk\nvpgivgPkmmgmTHRzhsCfnEXj0kN5SxQAXAmp8WkGChz/V0cft873RN3k2GYk7Iwe\nKJHpV/DctOpoqIq44dponJdqKWwXMSBHcFOt4pIJx85ma349yt80U3yhGr5oB76F\nAgwDvZ9WSAhwutIBEACNjvJZSGAfCdOdm5Q91Y3kFW7gwuTyQPMjdLGGd7qP0E4E\n0d9/aks6FpT1ycIP62wUIpkclGHv3YZuA5Tj3CGC4I3aqE2HspBxFdT8XF43w5Cz\nqqnNfhbQZxBOWJHDTsT96E3K+lZ8IIIgMPX8SHOzdrg7YlX3LmptHy49C5XpC9F4\nHczDLb6GhQzY3O0q+VFm6j/mWeWHJ2ygDZiL8w3lpJjMG7RPxRTVszAiJ3n7ltXm\nMcsLLVrRmvGRQtPD/5umFBpZ9XsLPupHCQv8YTIxmI9cY4RO9Yx44Uw7N4tQDVlz\ng+iK+5OsywDPYny5FWxNTuzcPokzEovzytyj9rs2PHyYSQ8Qr59TAzRNqKNUYuJu\n12I/vfE0xxaRow6f8BRePV2Yrb9kaoXEcINNTqCg9Q7XEPaaCp6dMHiJsHEtcDp8\n1XNss+tv1jOMP3OhOG3VZGNy8gRssbPa5BJvYpszr38BW9Li+6rC+afqTkVOu37O\nubFuGg8uL5QPH7NWcW1ohJaT3PVemA7MscmngLH4l9Qz8UXqkbWgJKYedVrUol+P\nG7K5A3lOzTKWlQu8CSFbbYGx+NnucJiAIy6eWIQB6bawfkQVET/00dy/7VuKcO/t\nxHj/6L5/GqVjPiGU3zyP+VlGzlsIkU7JsOMweKDaS7ZqUOGopStxaXPJyQ94voUC\nDAM1GWv08EiACgEP/iaNz29e9ZqInPXtrk+lCntzCteF5e+K2QrcdLT34+6bmlsn\nyNgOLNbrNP9u/1W1EFutAxZfeOLfk7rOtSSK2Zhh5C6u4OdViqVYgajPI7aAUfrh\n3cPgdlWFFcAbgKwwuDJI/qin0IuU2jSpVsY8Z6xfCNFPOZuvXC9UWJIUTjqVmfuw\ne1hQVn3K2XAGOcfJRopuakTRc/XrSIlZ+yce07nPpnc5vNUoE4e3NqEPk/pmgjm6\ngcEWKlveVpdRlTsbC4cr2c/zE8I9ges1ctduk9qram2laTJSa/tvSmIMnAmDuIII\nzY0kNOaJAn0mhSsDP1f+34/5a8rW8OivypAf+i0VxFvKGy955sHN6mmB4HONwURC\nrgAqZwBiT0mhLUsInJKk3BfSlo7th9T2/BXdBjgEIR15kjwij6Vkbdzz0X7Qw7Q2\nwySKZsiUVVDDPD7pp8FLtf2CEayCZeVef9ZlJIZ3Q7YqIp0Rv9LiLXHB5wbeFEIt\nepG8QBKnPgzgfUrO/Inbfr0AB/fDX5f3N2Bhh5UHU8S3uAJwZjGsjPUklT+ysQ05\nXFwIIgHXGCWXsg++PWw5GTlOpvaGTlzqBu6B0D/6diPRKnf1COOZtApwjhm49Io5\nV5ZOeZuABF54WvBrPH/rv6JUvYYPF0iAN3opv/0JJVGPw3ZRUt7Ix864VBYp1GgB\nCQIQKuDZY2reZmJzjudMdNwlw538VonNWfqOt7pv69UntLTXp3hKBZJODrDi2jJ/\nesCR3AZkC+L3A1qJwGOAJL60lQ575AZKAWhYCceEZd1p+4SBZh81GM46Izxr5fsx\n+57tfsT79Q==\n=rtgK\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/dn42-ildix-clerie/secrets/wg-monitoring.age b/hosts/dn42-ildix-clerie/secrets/wg-monitoring.age deleted file mode 100644 index 2fcba08..0000000 --- a/hosts/dn42-ildix-clerie/secrets/wg-monitoring.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w 8zOolyGJvZ/2INs4yS7pFci+ktyEjOsGaff7+5HkEh4 -HWXI2uYLIfutJ9PrJbwuH02GLNF/bJLVAd1prLbSk6o --> ssh-ed25519 RyOjvA Fp4D7amm2EPSp5VyN7N99S10U3p1ITe+nhY+UVs64W8 -xWfbN92OvHDrAvwYtnJfcwKuGtN68fN82/otWYbDiFs --> '&&2PA(-grease O @2r[ u -5pJJ/ZfFB46scMhGo7wQY4r5gH2UZxZvt6sCOlyJ4uy+VVj8FZAShrBo ---- NncgnJg/91wjSyXj21jb0SkMuSsN3MciRpeI2pmKjco -1U’/Hww@QSXto[Zcq\bWÇՅER .E5F4IC3Θ \ No newline at end of file From 2b00410eebda8c12722474495315a2c84298013a Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 19:26:05 +0200 Subject: [PATCH 11/14] hosts/dn42-il-gw5: Migrate secrets to sops --- hosts/dn42-il-gw5/secrets.json | 26 ++++++++++++++++++++ hosts/dn42-il-gw5/secrets/wg-monitoring.age | Bin 456 -> 0 bytes 2 files changed, 26 insertions(+) create mode 100644 hosts/dn42-il-gw5/secrets.json delete mode 100644 hosts/dn42-il-gw5/secrets/wg-monitoring.age diff --git a/hosts/dn42-il-gw5/secrets.json b/hosts/dn42-il-gw5/secrets.json new file mode 100644 index 0000000..2ccb168 --- /dev/null +++ b/hosts/dn42-il-gw5/secrets.json @@ -0,0 +1,26 @@ +{ + "wg-monitoring": "ENC[AES256_GCM,data:1tXtGSt4efVLWDJBv+YTW7G9e9FWWNk7eP92uAwXQs/wBiiD8rg8HGWxD44=,iv:nQfYtyIJRm+K/slCIQljVt6FBkyyXgmHt8Jf41wGJaU=,tag:vyAa5DqOttQ6I/3qr8gJaQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age17a24csx3mdehmlcpmmqg209j57jkxkznjy0603ltxaws2fvwzapqm2r002", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkWGszcUF2dUJQMmpQdHZ4\ncXhQSGRzZlhPcVVhRUlpejNleHMrOVVGVnpJClpmb0RIM3dpTzFzYVNJSjkraU4v\naFZVUnBGRFQ3VjNwSTRsNUhQT1dYOUEKLS0tIGYrVkRWV1JwTnFZYkJVYmhSWkJO\nOGhJSktyVWdTQTE1ZFhqL2NRZmpScjAKM/BBc28TgTVOuaToHDyLMuuKsxeAlYHU\nsvmVQfOH8G54DGS9iAh8R9yVlMWvGZ6TzG8Pjxba3GNZcnwHrnmpyg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T17:22:54Z", + "mac": "ENC[AES256_GCM,data:7CBfWGDo4hfji5h5/d7vq1MVx8RLtgN1JJKLGayFaUQG3TRk3paBcQ6/w1JlzpTMhKVYiCZHmMJW4M8a+/sNIEw1hVqfvMqfCyS8E4u7Ap/NQkV8rLq7X5W6WxWhBVUh/vjnEUBxAJf3WgWbaUxwCNxbffmVVtf4cCCGum/WL4k=,iv:PHDJfXXovDTfkJ9lyrMtxu5+try1zKOjdSKljTDNi2o=,tag:VdJ51XBhvP4MmlHrOlIwTw==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T17:22:43Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ//VLuWsS3MWpM8+RblzWZ0Drkz5X+rZ/ik3DtX80zeBqxw\nhYwgnzzUC/0uyH4JrjiC2d4vGrDtdoO+YhXMZxmmXEijc+USijZbrNmPRaj9yMe7\n4yF0US1grvoPR2Vynaa7fKSCHN42K8EwtREEeaLJ7fiqWf8iEEN34W2wF2UxeXFY\nBNpTrLnxHletEX6Scp2mCrN0ueDtp8jdpInEZ35nkMbDJC49w+vgeC7sJg5//EB3\nO+AqmrNIXh12cXQzHjkvenJqU5t0AONoIYUnGK4364pdgVUgAppxIp/R4Xsyi4CG\ntg9hdxAcMUzM6DciHKmzZly1F7LJp9HhzY7cA0y3YCkUFAzUfNYpgdJ8BckeZafZ\n4/6yKw/Xr6yWk8tg3bpwl1FWC+NPPTgLvabb6b/6EKZroT0SQphdVOuSoGqqHStu\nPuHP3LocYRWX8/TW8Rlf58BVpMKnWZis1+Xy0g+56BDggSzHtlt4K8F2iiEcapXU\nAetvp/OYshy1VOl+lq+ld85kz9/6ro80kwqDMB657tnXNTxghqKOonTTlwEJxkI1\n44Mgj7uo38Dmq20Y1oYav0THcJuI9sYMf+ig1GZT56j3iI73eMbDjJGcKO+a6C9Q\ntI4iPP6nFiAGCQZTpMmaqWN7ym9lRrffkvlwcfD3Sbk6X6f0RjGlbFUmX0ksydGF\nAgwDvZ9WSAhwutIBEACOhsdLTk9WMmksXzzjMZJlvlmmJdh2dX1i63RaZT/ZLTOS\nEkQ5qvkkKy92OUV3QWMA+TZ8GREqO/chAZC0agUK/sQq6sbbCaz0L+D7hVD/NYBO\nH5JlUs31Z9S5JOEx1lTFkqUTqYGypiHXoH5SIZiXCINFxTH9oEBKFpRYyBy8BBrT\nwgChoDQNOrAM1jIy/HBhQSykSSOAgO191qIDf05DJO6Io/tdrwj+KvhVfrX3OV0N\nTRIdb69NMnmD/jrWJui4IkiEU5KreuHBhlez2uzj9Qq8wzGRXG84gCajciIitZ8r\nurYBqOPoxHPsP3TAbR7ih4CmTopEctMw50+LBq1/oD4ftE/HetTtis96BuK/fWqG\nVgTFNvadSXcMVNp2gIutbzi1IgxyMt8wPXji4gcIbT8OWTY3Nsk6/Nbp5sjc5T6A\nqNogCLG9Rf1q1WERWLEIcCV5wqbS/dYegyvR2NirjC60iL04RzSQaClRAbgkXD/N\nAUh7ayVYtpcb4H0CsId8ylxG1Qs+bIUoQTYPEFop8qO2bV+7Q9g1LCEMLmUMmOYO\n1hUyIVRiTnSkTQYF2vZrxWGjJrdnkRFuWLG1qYyc1G5URiv5R29zQnY2Ww6zaKOM\nL5SKrVz+zPbiKHyT3wQsRhArre/ZBJqy24IB0w43WBTK9P1q19t6G74+0x4mFoUC\nDAM1GWv08EiACgEP/iKYEacSCEq/lKf6rKDwxdtxxJ5/lLUtgiFjSL6gfV3PxJRG\nnc1SMBO2RDR8lMOyzFGPnNWsTFmTa1A1TkQ9yPb8MgVEZhf+1wXGQDPy8Ng97+Ra\nn6cT5IaJZb5Tkfww53jDwWGnbPZwrSorIYd+/p7Xu703XZ2Lz5kQZiehbKiNcxO3\n2vJciT0lVAQWpmOtbyuvAPtRsc/qXbfOmmzzFBKa0caZPY2rquYnYU17ZuYkFVMk\nky7cDrJiWEuDfGr/AmcdWuRnZmD7QEYq7tHBxeyiwC6xdygfcJHg/RDMmKeCRibP\n9KdSv8yK2qR6xZwYbe7MF4XxoH+VHse4Byp9HWmy+SilAcmiAIkGB63VYibfJNq7\nrundhRyhKHBD+p2HNySPemVynIlTvErIxRMTs0t+davsLrsprUaErfNVgoDAk/oJ\nvuVbSkH4dUhRw+AE2uzaLR63N4mAKFDi+i60rLzeIjKRaWLYbtX3exfVtzJ2/AFL\nvxZEEPha0ddu+l9/6nyFxxwEbD3LSTAnBgn9xhz5uVOuJqwU9jpTKgwjWkGvfTIz\nHm/pM+fhx1PqMReQSI3+g3RtdaUeW88SnOcNN7QxS6VcjBPX4/RH+w9p9wZSLJIc\nmrLjVhHvj0D+2haicseIdeL5o/Zg0Sdi86TOLrGpGw+q/WljWxrpChJl/iyw1GgB\nCQIQjbJKHURAPuktpmkNv66l7q4AhthHWxRe8wNAsLLv9gTBlsM7RcT8J+spVg7j\nd+3eULppGCFfr6aMGgUHicE8WdYUnGThBastUFMg/nAhSY3YPBQp21ba2OgpHe+z\nasrxAXRCag==\n=RSoI\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/dn42-il-gw5/secrets/wg-monitoring.age b/hosts/dn42-il-gw5/secrets/wg-monitoring.age deleted file mode 100644 index 241c0810ed768ea305eaeae47d1759256c760a64..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 456 zcmZ9_JCBoa003|oa~Br9+;EBU5(Xy;QlO=+xtLHMM@uc`RcP%XP#%^?DHQ&NnB3qu zaB?x~EhY{QZZ3_h)9GyDaJ$pR=%$IIzc28!d>3^SC#%xUlT~tWmHAkSL+ArI&jZw5 z5Um#8g$1CHB!Fqe)H`17@IlG=E_s@yO~o*9yIFz87zvRn&Q~%A^g?wYrH9y#%!Qs* zkCCdK228PPiC9?^QJ;4?ODL9Bd$S>ILH>Vp8;LFW@PbZg1gNYw<9IftrrWKKHBDAt zH^PS#g%#MP)J+LF+Tt{1t-Fjk>knfDr?||_us-RrdF02jGz#OM0i0SYa;l6#_-~`o zE$U~kmAkNsJ%XwktuAJ#c@$WzxwNx}K~JVdo%Fql*{eh^&U{Bt34P>-18q34M@*Mv zDz6RVvEU_?4%xb2Lnw;E6p4B6%FM9@3{qV?pNsFF?H~V~U;nkc@%8D4S9d?D+MAP? bXBP*1_Mh`xmsh(V_qp%X#}~Wk?UC{qR Date: Sun, 21 Apr 2024 19:31:18 +0200 Subject: [PATCH 12/14] hosts/dn42-il-gw6: Migrate secrets to sops --- hosts/dn42-il-gw6/secrets.json | 26 +++++++++++++++++++++ hosts/dn42-il-gw6/secrets/wg-monitoring.age | 9 ------- 2 files changed, 26 insertions(+), 9 deletions(-) create mode 100644 hosts/dn42-il-gw6/secrets.json delete mode 100644 hosts/dn42-il-gw6/secrets/wg-monitoring.age diff --git a/hosts/dn42-il-gw6/secrets.json b/hosts/dn42-il-gw6/secrets.json new file mode 100644 index 0000000..0b634e6 --- /dev/null +++ b/hosts/dn42-il-gw6/secrets.json @@ -0,0 +1,26 @@ +{ + "wg-monitoring": "ENC[AES256_GCM,data:qqia7se7/bjSXQUxR7O0Xr5oJmnWp9vu/gwJqYdmsJlgG2IctIT1miUZheE=,iv:QzMBjOfwh7zMysJHMf18StonFGIvDZ/zQZ3QbJpeoss=,tag:VjaNTlcyPh9NgqjBTHY2eQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1syldhpzgdu099cke2lexq6g9mtx7pa6k7jtt33jrxyhgpysf2d7qw5mzjf", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZUxqV3BNbFU0SjRhWHpB\nbXc4bnhHUHdYckxyWlZ0K1pjbkh5cVRvT0ZzClVOVGhxSkhwMG5yMjREWnduQlY4\nbmRjaXlqKzduanNjRzI4TGpUQmd6dHMKLS0tIE5sYnlodmZrZWxxRnF5QlhUL2Vs\nVlJqSnNHVVZFdlhLaldva0FiYjcyRnMKp2YCzfnio2zZNnMD5viaxVRjfJapia41\n7UrJmMTrD40Bnw3DA66JWPzxHLIASF0Vb7x1blTozcRgST72JL6NIw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T17:27:03Z", + "mac": "ENC[AES256_GCM,data:r3Gi8RQ5IUS0/qGDpiK+Xyc1K8y/hYg6rPEfLr1bLQgJvn+PkZj/KH8mJnGGUVydWPZnVwMUcwUkhOndPhJEhD1xtRG8cN7BerpGmlS/Hj8MBfC+MPcT4Dr87NIhWlLV/bVn14t6S3a7YWmT8Oq5Ka5UhNeHp98cbrDpv7ROuqw=,iv:QEUbLIcBDdt9I7/Lv+loCFJIh63cEjhta3kyFnXG9Yk=,tag:5974Ps9Ez8n+J7SkjZ2mUg==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T17:26:54Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ//T0O4/GpIDgW7oB56Chmr3jNQME2DzPp2v+HrWiO8UI9s\nqiTPui5PvwE6MZBKWCWDdju+jPVA5T1uygwyMXPD7bmW13+Ic23eYgq0JlKILpjE\nM5ktX246WK7D+JZAqooqNt+Qtk/PC30gmqz/stv69YXkqHUO0hOJ4C7tl1zNEGpQ\nYNCCfnoMunESKSSroqzxdm37H3L6/paFlxoGV43KFZM3KwEvXH15/hhrna0i805J\nqkjvZxKEyKfL17/f4ZpksfFlErPaDVBjtjl+dldKxDP7aTrXSwb/dlFmTzsP0YcL\ncJgLQibJb1BivV8hPeR0WI7gISxflfh/9KF0P4/B5wwCbCbymeN8oncqFFpJ98Qc\n2796cj9/LOLBT8fJLLp3U42Fdbm6Gp67FSsiMAuG8ihTfxDsAt2qVL4p0FlOGoot\nEiryOyMnBgrTryc72GHJEtggrsxKxvc+1weAfCRVpy7IcggxBTm2ER+kouiQQbfb\nZv3f/7K1w00FVbk5SEH7MASLswW+kmACUQKV8vF3XIstgJT0qHo71sY9FExLdULx\nt6TbGJLV+ilTZSETwGFnLKQ7Qxyy5tFXDA5VURON/dtGoiIG7uJTHEjtgdXulodx\ngLuR9zJR7UgIQNbaefopFCRWYXAR/W0sTqgXyTizsN75CIVZBewakDxUVCrDWUeF\nAgwDvZ9WSAhwutIBEADS4b6DTDrdgOuGvBIJtBs11gxoog4DCOjYWLI4kcCD68R0\n4RjDylxzzvA4W3CgoqvHaNBmksNscVxXEsjdnpMWSUZtFGtN1xttAd95QXQSbb1d\nYN0Jz+o0X97PFPvlJSZ/P7Qa31Ce2cO2kUP917zW/Sk/irinBHUuxjRpzw5nKc93\nD/9i+IgXfLILA9rCH1q7xGFd4tCHtW3ELXi4qtv53Bo9tc9agG+wlDhiPbz3MITp\n0Ya+XYAsvNTq/ukHq1IHGVdbnsb2gh18xPNYB8X0s4gNL6+uaLyLUfA+9548MMeT\nBgoVvHMzVRSUslJvrxFiV7DEmSzrDp+WCPmNbCAIIPMk2H4IDSOgEyjBHD+0d372\nOtHaVn6koJ4Cx4ipF/XZL/iL165lFWkznpcPoyVXk9tSp6axWuv7tX3rFUw4emT4\nXURWTBopPKmeTk8lP2U6MrKdEnPhXPbLoYcMbpSqZvICj/BYdhhO1ntlU2GZHVFj\nl3PstfkZgbXQdh8yCZ3SElY4r7rQKeKpYHKL9mRbGdp/8DbGR1Q974+LluzLbuyM\nxNzDAJGxCKxbPSSp95H/Pv0UP3Se6LJDd/dnmMVW3EdKkHmDp7iwN4dLmoAVheRq\n6CpeYI7jqASGZ02LhNu1tOXdb5LRDKCb+9pO9QE0cDEMzqn3ApgcGb1yYq8Ak4UC\nDAM1GWv08EiACgEQAI0X93L6kH3YAuzJYyx+rYUoV0HIXJ2x2mssUiP7jiujKu6k\n44+GkjbG7XSv0zhGIGxILCFDG+FxFDmDdOtxUKKB2Ed967PXKsbyevYdYiZJw6Un\nLUE1hQ4YpJbYs+dPkTkm+/A71TSS/lUiyNJQJ9Mc9OTuP0DHEZWU22uhbFRMJcD4\n8VTrFNewtCQ+/Y5TA7x1aahPdvTuz7D372bg8XddkE36r2gK201rvm9KhDIYZN0P\np2UadFeLEbGzgkoBN/kKj+U+CEFn2WUF326ZoroNrvAuVSCfp4WPyhadAZ0hv4An\nBlK1gnokJho2RYvUI/PDfvPpqoG9JwvoI1x/tU2IW/V2P19PzkKCUyo0q/FcXwi9\ndD5y29BCGamn9VS2q2dPtxoomCD/n6gCqWf39BoZq08JSR5iYggikcYEcOzLdgF3\nQ7/gLOigtbQWnv42Cglf5NmfZT6BQAR8RSWd3GSRCp8qQN8QW3lJZSkqCYlQmShu\niEye2ajPeq3Ft0Xe+hjBD9XInMxZI6KFrBROB3/qQKnEu48jXwU6jCcP1vvm4YbL\nNRE0sTTw6P0Kg3sF7edqNvlF4XwJo4QwzEPB901kCyJKgMQZAkMTzCeS+TZjfOtr\nt/0iouUANl6CI+gns1RfUm0oLmJqBBfkvGF4RLtiRO5Qy1oUCLdOakM3gyZZ1GYB\nCQIQnCKilN/LbAYWW/kJLEkZVmK9zUP71phFOBQNvW5bOwmJ/y3QnEt3XbVuVyst\nksctGDMabxaRACR5Ua5DyI4Re+eTX0kX75M8U2QO0eFjKVrHdE9qVtmgWoOncHFn\nYlzveIE=\n=i377\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/dn42-il-gw6/secrets/wg-monitoring.age b/hosts/dn42-il-gw6/secrets/wg-monitoring.age deleted file mode 100644 index 2acbdc2..0000000 --- a/hosts/dn42-il-gw6/secrets/wg-monitoring.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w 5r8PAnWrr1maOMNehoMkegIq1RvYcOTVSC6aynbI9Dc -g/q8AoKehfdRK8zuIVfj1TQeu37PQdUUXEPez07d2x0 --> ssh-ed25519 I+qNDQ r2etKUBWkHA4X6wpnGZbMmkLRQWhZ4JI13mOV3XX3Xk -/FJzTBB29gVH0VAeStXzi4rFZNoc/odYjXyObq/wVuQ --> !YfpC-grease 4B -4ZoUV7O6DjEEHUXCG8+PcjyDt64X4nfKcnH1xt/45Wc ---- HptZmw/gU1pbkVwRvrTvDSj6Ly5ip5BQrMMyvVDULZ8 -\x!*zZy`ƓqmS=yٞjk*Wޥ (,F`t5QǁqX \ No newline at end of file From 2eb575a1043375f4c12b6eb5a060d9c14237f329 Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 19:49:00 +0200 Subject: [PATCH 13/14] hosts/gatekeeper: Migrate secrets to sops --- hosts/gatekeeper/configuration.nix | 2 +- hosts/gatekeeper/secrets.json | 27 ++++++++++++++++++++++ hosts/gatekeeper/secrets/wg-monitoring.age | 10 -------- hosts/gatekeeper/secrets/wg-vpn.age | 9 -------- 4 files changed, 28 insertions(+), 20 deletions(-) create mode 100644 hosts/gatekeeper/secrets.json delete mode 100644 hosts/gatekeeper/secrets/wg-monitoring.age delete mode 100644 hosts/gatekeeper/secrets/wg-vpn.age diff --git a/hosts/gatekeeper/configuration.nix b/hosts/gatekeeper/configuration.nix index 8135356..03aae1e 100644 --- a/hosts/gatekeeper/configuration.nix +++ b/hosts/gatekeeper/configuration.nix @@ -114,7 +114,7 @@ ]; listenPort = 51820; allowedIPsAsRoutes = false; - privateKeyFile = config.age.secrets.wg-vpn.path; + privateKeyFile = config.sops.secrets.wg-vpn.path; }; }; diff --git a/hosts/gatekeeper/secrets.json b/hosts/gatekeeper/secrets.json new file mode 100644 index 0000000..3789caf --- /dev/null +++ b/hosts/gatekeeper/secrets.json @@ -0,0 +1,27 @@ +{ + "wg-monitoring": "ENC[AES256_GCM,data:90tdQSEYHcJy95AhDX0AT4HrXJK2BNqaeZMSZ7t43NlW/CJjOsfgcgO6EIY=,iv:B/RFe6bBBo5lielWMMCOnVlXrf7eooJFcerG30vxsFk=,tag:FOuPPWE5eP8BgWXni/3BlA==,type:str]", + "wg-vpn": "ENC[AES256_GCM,data:aFGd3R6hfiilCScRtmgS8jMLPQv++yisf1YNYnyARdL+KfW7RvvtGq4egpI=,iv:63WCUk52GdZYv2J8HX+dV8sCP7zKrjolIxGGosxJqg4=,tag:bJwvHiRQHD2FexwRF1hugw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age10npthg6ycgv6s40vynhj5ryaug2delh96fqcvjnc8nw2ccmjga7suxm7xe", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOcDJvYU4vdFJ4T0duWXR4\nVG15SFFZVDRSQXBDaFgxOGM5NTltK0ozblVZCmJXc3JOV1RQMFV4cGpvUnRIbGZv\nMmJiOGFIYTFqc0FVaEFHZnJjU1dUUDgKLS0tIFV6Ulp4ellVQzBsVkRjL0dIdGJ4\nRE02ZFpxNU9IMit0UHdIK2dHOVdXekkKTIGrO7fngsJMTMiKb5KSMh1BCtwTVQCG\nofSx9j9Bd2gz6MPz7Rrft4B67eliHQ78yHJbVvxO9m3cwHM3fv0AdQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T17:40:19Z", + "mac": "ENC[AES256_GCM,data:xt8AFwN+Y8x2kWQVH5MPEPzzWm5m4kgkt+mYKoFbRpfdA6FVnlhl+W+jmZlDz6Hbh6Dkk3cDvD3A3PpvYqsctll6mkjWQLBKphhnZIsGHzAHgdn+cpJ7VAPvWO4iEPjv5ChrPo2JAOKvQcJDooG7yWGB3ltzBqBWCH6TlZ2qxD4=,iv:4HxXa0tWiweHoYG2c7VrLoKgphRX3WRaAFQC98iAVJ4=,tag:y3VBdl2QpEOn1Z5IPS2aVA==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T17:38:49Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ//QonQ5TyKJqsl5ma5UvVOONrc2YXXRbLW7cUxU5FEtkU6\nfvMzmQPBHRX64BMOgpmL32/gCJKB+Q/gpl1RciQBr67DwAQczaZ6E4sUEPeFqiTf\nEUXCRYF54ctaW0Tn8kmTAmpyRxx5Y1jiFK08z4w0KXFKuLHBzrjxbPwu4EYeHp6V\n2XyVKPXEhV7UXxhDgrL+nt48zT+8RixWxm0B3oUGfk5lwH4vAfCAosFxP/IUYza7\nmAB3vM0Iywo9voX9/BPn5cOHvdFs5GEhNHs7X0eJPf3rV6oPpbf117TS+4qpWuhk\n97AyHPoWj8JNIxiIB0YvojBzXsxk404XfRh09dyRKL2dEsV2kve/0Sr1roHvhGwQ\nzhKaEknbC9N7DrL57dnryJhcebgV7xEWyQNIADbDCPxS0IkCoQAFxw0xdxpyQfrg\nVSVBnl5wQr6EgN+AbarXqO74U9dtXfT+eaKYW+Nz5+6aI4TLmp29Gin+m6Tisn+/\n/RLDJdmpX8n6m0s4PiPVm2B7VAo9S8xYWN2lyEjSxFQ3+1+pYB0P7VQHAoFGsQy4\nLVaCzES9dMqvCMJOMTFhDvCfJ9FNa1x8HXPN3YjFgESfmCr9nyr3DJp3wqtKM5tE\nLyfGBBRpEChnuVJdXyUpJFag1l6DtyBCBHSdz3KTAmdD4ltGxqdFFl69DhdBsguF\nAgwDvZ9WSAhwutIBD/0eOOFN9OC2m0r/ZFPHuOE3MNhn0ygS3BdfURcCHcNN9EC0\nrzJ7ZBfIUiUifgdjqQZWjgndGNWZ3iLzePpS4bXfcxl6LvRGnMOOSE2d4EBFSb7o\n4YbtuFhhkO+FsHYOyb76EyrEQoJ64GiozZOTKgDBJ7zWF5KLddjkqU610uyPlLpW\n2JeD+bo627ulRS7eW1q2BTQIsOID/+1tt1xT7szQ1LotM4fm8uHsUZhZ0ILh5QIj\nHUCBGJOeLTJuyMHrzbD9dRphtFOzoT12WOG1mpqdEe4ujtXJaSIjqrAu95iKJ1zQ\nti+ISotBI2v8k78xETiFoHSpcrecjpamy8cYPX7B/f19zIpdA59G7HQkeqE6hcMy\nTBr90WgTkuBMKZ3XFuii/4J6BmMwy05q3BNAjO7LbLKrMwdaqhTuyWhUpQNIW8kd\n7sdWimZSxBM9bjEMYmF2XdDCHQcQP0hx8yE6p0LHMYsLS7uBO+KFg72Mg8EnJGfS\nSGxNqCwf7YSExOMGkxrga1J/AbGA5M7AI+b4Hj2zV4pV+2VyL1+dox7ovB0gZRP3\nhCoUCx/fKZdDwXlqwun36f5995L6LAzDfM/d9MGV45jz3zWoTpXjX3KUNC314tsX\n6/95J83uJr/KoQUotXXzosJqBDr1rCzE24AZ9ZO7JA1chZeiYz+UenlHGq7DuIUC\nDAM1GWv08EiACgEP+wfsWD0gbf/A8Ph3VFpy+K2kix7QJGvumRcdzxO0/XpKs49I\npAh4RmeDr3rVNOsWrBEIbKb184XabR33g6xgXRNx1H5LyUMRZWJ2N3UeOe3g0rH4\nKyC1ycm1Utp//4Ckrh3F8DADXZH4F4c3cp9YwEz0ZWgkTzqi7LiDk8YnMMBqdqdD\n7MB+g3COqcP0A4rOn4ZfBcyt8HPakxARLgL1cSckCJeQpnrexYQCRXeqNMadjbuS\nEM41/vlOukOw+JRsVO8aDTM99r4GBlBgoxEDy4P0IEutWU90RANkEwLkuil5hwMC\n+sPTi1GP1GZOlunAYs8tixeaYNuw+TLy0L8+ZnnCdh38IgjLCuZQrSoi32l5bFrO\nyj4mbN0oLdwVQd+zxLno0fLo1OMHe7LDCirhK7j1r8v3/cSBb1yaesD2SGsnotXD\n87uaPhZ3zj9AET5SPC+lkqB9uJ3A9o1WAmcQIEQe8REOThE8zarh+yUYXsMndwRH\n5IPGBpkoq/zO3n9AJA3IxSrSYhKRgol4jz21XYkpmy+tuwcPoaWI/dZqD2APtMXd\nvuGLr7dACXm6kp5QCPlCFYGVvHOqJBCaYOK4fZt85totWQD+JvHyiPPA2ArblIcA\nwQLf8bEQ8cAXHwWA9OVc6r03bGDTAHKinNyrbw8G+M/nUrF6PwYrVLym87Q51GgB\nCQIQkm+IOyGpl/9gckDZBLG9oFFm/b4Tvi/IFvTy0JzQhgJJ0Nma8ZYC23mInMPl\nwv10rPn8INb6N621Qg6hORzhsn3enCqYXz2a6QRG0Bz8AU+6LiSNqdUjUxxhjzaZ\n99G317yXDA==\n=3IUP\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/gatekeeper/secrets/wg-monitoring.age b/hosts/gatekeeper/secrets/wg-monitoring.age deleted file mode 100644 index 1447632..0000000 --- a/hosts/gatekeeper/secrets/wg-monitoring.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w ScSNP64jvvU/1t/fKlXPW9vaPwGvHwy6UEmGRA/h9HY -GV0KnasHBoj+qtTIT9aI0k6A/XgHPFXvmsApPDhAjc0 --> ssh-ed25519 W4Oy+w 455qbO83X2y2XZR2obj4IItMGkrC/WiRc6B2jp9MOEU -RLT/FkTDWJYHtAhtYAEHaw+CcgITvgBJKLLrN9MpMg0 --> kN4?-grease sJ p ZV(8^Djl N*7)k~ -0wq67UmJOPjObCWQhRSzUE6kWIhZsmv4zz6lEt71YoH5nFb7TzF1vYVfrqMycht2 -QvzqtKMNAmFu6jv30X2ULBIjLNajtMGeZxLyBIjnbkCscnoWv4c ---- 7Fu5hMch3bfWXWlCwRvhVQCWx444fy/SMQyOwUyidqE -l=·3Y`\ԅR@؊-©K9)XYwǠ-*c] v>P1R~ \ No newline at end of file diff --git a/hosts/gatekeeper/secrets/wg-vpn.age b/hosts/gatekeeper/secrets/wg-vpn.age deleted file mode 100644 index 7cce97d..0000000 --- a/hosts/gatekeeper/secrets/wg-vpn.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w mc6hKfB2yixGjxjDoUlz5e+KQ9CdlTveXhecg+fnBz0 -PvS1xgw1EpHKjHyjnAQQ6bt5wZF42rE5TE/tNJ4KEKU --> ssh-ed25519 W4Oy+w Cfmoqb/Odb+XJECaXhm7yDqdOi0776l8I3rsZimfNkw -86jSNwg/eKkxCvncnnVDwc6OZovXFMwLnqPeCtuWGHg --> c-grease nQ | u[ Date: Mon, 22 Apr 2024 03:04:07 +0200 Subject: [PATCH 14/14] Update nixpkgs 2024-04-22-01-03 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index ac3e4da..bcb95f2 100644 --- a/flake.lock +++ b/flake.lock @@ -283,11 +283,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1712963716, - "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", + "lastModified": 1713537308, + "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", + "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f", "type": "github" }, "original": {