1
0

hosts/osmium: Migrate secrets to sops

This commit is contained in:
clerie 2024-04-28 10:57:03 +02:00
parent 67e3aa4ac1
commit 8c46f57946
4 changed files with 28 additions and 11 deletions

View File

@ -14,7 +14,7 @@
WorkingDirectory = "/var/lib/clerie-update-nixfiles"; WorkingDirectory = "/var/lib/clerie-update-nixfiles";
DynamicUser = true; DynamicUser = true;
# this sets the correct file permissions for the ssh key because we use DynamicUser # this sets the correct file permissions for the ssh key because we use DynamicUser
LoadCredential = "clerie-update-nixfiles-ssh:${config.age.secrets."clerie-update-nixfiles-ssh".path}"; LoadCredential = "clerie-update-nixfiles-ssh:${config.sops.secrets."clerie-update-nixfiles-ssh".path}";
}; };
startAt = "*-*-* 03:03:00"; startAt = "*-*-* 03:03:00";
}; };

27
hosts/osmium/secrets.json Normal file
View File

@ -0,0 +1,27 @@
{
"clerie-update-nixfiles-ssh": "ENC[AES256_GCM,data:B5bp+zUSYs6QdWRH9bKore0UYhgj+GXaxgvhr3sixz7pfjOZ+aXi1owgFMWzhK8IYrjkmU95320GGSaOdC/f1B1Y+XuftQ9+Ts/TkfBPqcGNmze/qaHjwODMzVreeACrEPVti6h99Il7a8GsB82kRLCPXB/sDf3t0lAx5KZ+x1154UUcYDiJo8WoK7tF+gUBRniavuHtrzPm824zK4ziSXoRcGWwEMowhs+kroDxbA5T2/l5ch3kNVoir+ijuiDQcoWUUA3kXNHgWHIWiWIaDyGQqchq9/TPLN0kA/3tVEmHmfMlIZXSP6w11Y8ItSABkKhXshgC87/QrtnSjev3suGWboD61t1zR4YjDZpcZ28XrM2/XDiFWMHtJzlvtiuh4KfwlSrkkbAjYnr8/Xv/t3ZeJmUzC5qiEzywjjHDhxeTaQ5RZ2LgS9JYjNXjRQVudXYJvH7MK5WxnAh0h2/6WAdiwx4EKfSy1zsc7a4b2pvWf7JBPOCkcn1Suqbi01LvDVrQAj7xT0ifkEg5QAGGeQErbbOs+Kpy2gDjTcySNyxBwVU=,iv:cVYtqW4ryWzXGjh/QoHpeZRymOXs/a+Ai5m+l104s6Q=,tag:UOzdJpQZRw1kPvOljhcVWQ==,type:str]",
"wg-monitoring": "ENC[AES256_GCM,data:ItR4B3L+dKrvHMNYXdTBJwr1K74x91+wfCuP7AXHfag6HaJO4F4r8h4eIto=,iv:jhSf0pYm+RjX/zzg4nZ6/AjYDo6wZUI92eBdN+AmecI=,tag:zVnrZmtUIM2dvdLQKEzM/w==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1v3ld7wgdjt7ravp4r5n2mkt9su9d9ecmrnu6xtuny309d8jukfjsxsc570",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArMjJOUVVnVFJaVXZPdW5T\nMUgvSGpOQXNWRGRRVDkyd1d2aklhUmo5SFZ3CmxJWmM1dW9nMzBocEhCTDVUem1I\ndFFhSlBSSlV6YzdpTGEvNVlCWnZLcWsKLS0tIDhOYkhheTN4bEhWUjg2YlZxdzlB\naFNFazJabFhocVVDeXZ4UXdObUJPR1kKrUnHYp4kAZC21VjI7CcmbNiW5J5PHVFh\nIL8QeNnjn3df5kSRm/EeTV76LFsBfaEJF5usBNc7A/G/VF2kepp2Ew==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2024-04-28T08:30:00Z",
"mac": "ENC[AES256_GCM,data:4uaZekojGS1dhP21DKKgvRkHMxHR+s0wn56pFJ7/vwRDjSKBRg+riaIylRyWGuo5Ww93NU2BNBzyt8nO7PHymI51XsHZL8fGrn26JXdZ0vxTLiTHOpl2ipRT9t4JwyQdPGzdcS2zxf5RuxUtvpr+Hnoc9+BdvU0cQf65Uh9xDZo=,iv:2YhEIkVxQwlZAm+6smgDcciKs0rw+MUIaVkhiPFK93M=,tag:oRcWPAprvuArDZa4BwVgoQ==,type:str]",
"pgp": [
{
"created_at": "2024-04-28T08:26:35Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/+OMW4PCP21uyCS49MORrTMv/5xHClkfGZdggCe6RMzm45\nnfPvZCQhrAN9/969tR4S8O/eRds5L1ab0Yt7242SznL6vSLWE/zjFtaMLHZOWpEP\nCNxjcXBB0i4kjy5MnMnSKuXt1mEdyrDmED6nw2ef1AVgwnoIl5a6NtvahwFaiuFz\n5gebQQ2aUCQU1gxAcW6W3o03/FKifFvULtg4I6XUyZPmbmbzf+IavxaZ+fISnvP1\nWffniN3IiBoXT1g8VJ6szmizy726odpnESAs1EPX/dafs2fdzxQOBgF23Vn5Kp+8\nwaAHqJjH1C5f6XmfjhotRy6mg2sPqwLfSDDYnMzY1UgLTKOSJzZZ6a4Y9scc05lx\nkxechLj30GzXrSrjkuwGRTRRgKUXuDb6XYI2unP8DNJbuiL4nml0rxUTUVaEmQuX\nSn3d7EfaTTutp4u5yqqtv/DbY8XP6pKGsVZsQqhVX9byuvKJ1bG+olX1wUVZvXzh\n4KUXwKyMErTACdWmvWgxRQHM+omZ3YR51zg4JpaJJHTng3bxfQDLicMvS+jDUXwq\nhrhlxxMpfl7fHZWbUa33YWvEznbWQ5uexpcLiAL+XMp1akGkx1rwjH7qNLWir4KF\nZ8Jyd1d7zHGnsYBRsWXxtaaIOux1LDkpD4plHwG97Q+TmZroigXC0THgS2aSKv+F\nAgwDvZ9WSAhwutIBEACYc3UQ2K+ZW8myCrTOihn2xlItd1IO4yIjaxyKwXvrBp4p\nm2gSS9qhsugrHMCr0dfXLV+50F9fgqMgldOJd9+KqhZdeZvKcKzmqxXns/MV4i0n\nlJkA7wIV0gCrH7rzhn/WEn53BrKZ5SIzatxkyMdncpYWG80bvR7J5pGUB0t7ARYi\nqmGXRrXCutD5Ln4U1+AewqONTHlQ3m2VjxgBx+RfpIjpN0MShGh1kNxvpCJSqpXe\nvxTx5pNB3P4/D1YGtCzKegVwdPTXPoh7ljbwqdRwIOK/TSa0gqlqCZPr+v94+WrK\nS8ng8sKqC4fErBIUdR7eS0UZsdQIyZrl8ovD+6hDzVO55i1q5YbJLmYXmJdsvpux\nb1S0Nys9JeSdNqAVqErsXMLOWa55tXGCs6yIaqDu0Ovj3cdabMRPSoF8DmotUAxp\n7kzo9YQmMKNBx543l9VrKL1FYx3wGAo93GtWt19AO2J8gA0Hfm3IQ3FaNNsW/+ke\nwqaUgev+3mRGHeA+l0CeboMTkE5MIaEfZA9SQ9q/7dPK8mfqQaYY2CMhYhVB5fxL\nhT6/LuRAiPnmEXuTsLXet1n56W2b7j/dnoDIqGTjNa+3FSMPECnuhYM/PKIXmcLT\nzG/V2Ul9gVw5ft1uisbbn9uAcHI7UR3DR/MbRItNkxzsSTmJRl7VsZuRPYp1poUC\nDAM1GWv08EiACgEQAIg3E+6WonwjXMwfp/TaNtGBUVl65zkZ9OPImozfEqDinDDH\nBMzfkGR0QS/FmDXFCUCnNZX+T0BGVh5Lwh5Roc4KyomD4/IYVZLWnw0bOIpXLo+L\nd7E+Qi8emthdsF/NbW8FX+tkV1PbIfyGhZyDhYsp/7oZHWwfzMGH2Pc7jCMjyfvC\nA5inGSqlocC52TKAfgbqLdwpXWSbY7XYU5FNeqg2uvo0gdHTHzwKdWN2s+gV1s3F\np/BbwV8NtF4FR114gHRo27GwK9BIMKUQg8E9mJwt1PpMzLIdR33pMxq7jcGOzZwo\nojyzuD9/lIkk7FpqqTOt4VK4O83WhnPmGwCNWo22kBp9CNAeoijhFQIZ2su52msE\nrfy/KvIWIrrtaDGnis1MB9iVT6CKDx6ciUa81usLr5ufda+RWCU3/gDG9IL1pKHn\nRYnc97SDRDLtwV90BEzWYTLyOnf+TnpXL5299ab/U7eFl3v2rlaG361i9zgCQPjI\nzgMok4OoA8wPtBHvQsFwPKS4Cusf116l/HBvKMHwXVTl5EwXday1/hYOi4+o9zYG\n+Insj4UFrBWSDCbktTbxlj0A9zZf1pyaFw9T3MxnEipXaGsISCUwMcsVGokZY5lU\nRR9NgQu1cwQdr7Osr74Zz6VcQt+UEvwiutiRnkt7pXY+vuRKRVt29B2z0J5q1GgB\nCQIQs9f2RqnYIpHyVAkg5Plc6vlEnBwnKAOqAfwJT/snTFpclYFL6xPfKEIrOGwf\ncyBSoIX4cohrwcZk+zslFfKWQuIMTnFbyG1eccxBCZpH23pQAb0RZksEi7Uc2C/v\nuFkTA+4x6Q==\n=ATnx\n-----END PGP MESSAGE-----",
"fp": "0C982F87B7AFBA0F504F90A2629E741947C87928"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.8.1"
}
}

View File

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 HwR33w GdM0PlWSyTELO16TOGV5qVDnpy+wmRVISm8zq4AkL2I
bFPVH0sTvsAoewRyetxxMDq4TXKBbo9kcer4j/+TnEY
-> ssh-ed25519 e95K1g C9JuyI5jzWfFdhN6BNiUeEUHyVTW6hrZzf0fxHWniGk
TBU7VCgk1OKYwc4ol+kcKnAUXae83BePZh2DBoTGz+A
-> "-grease
/GBX/iJRT06Kgz3sXOsc4gqb5ZugnM0qDWBBCsrQ0cWkhswar/wIocSYVilsrM+0
X8ZhFq0LIN63eCcVcw3bLk4Kvqz/GCF68uk0VOxxSThVZ+rj
--- xW5X/IzB/clE7LZDkvD42EUmKnwEmgDmzPrKR5ni/uE
‡E<EFBFBD>íp² ·}¨:.œf¼G(70T<30>¨ )VÀ<12>|¾‰O"<22>ýwÈø¯<C3B8>1¸2‰ž½u¡ókwn¬ÖšøN£Ñ©ë3}ÍXC¤ÞB