From 972169c3395964a12185099cbe2b943c0cffbc60 Mon Sep 17 00:00:00 2001 From: clerie Date: Sat, 4 May 2024 14:43:33 +0200 Subject: [PATCH 1/2] hosts/backup-4: Migrate secrets to sops --- hosts/backup-4/restic-server.nix | 3 +-- hosts/backup-4/secrets.json | 27 +++++++++++++++++++ .../restic-server-magenta-htpasswd.age | 12 --------- hosts/backup-4/secrets/wg-monitoring.age | 10 ------- 4 files changed, 28 insertions(+), 24 deletions(-) create mode 100644 hosts/backup-4/secrets.json delete mode 100644 hosts/backup-4/secrets/restic-server-magenta-htpasswd.age delete mode 100644 hosts/backup-4/secrets/wg-monitoring.age diff --git a/hosts/backup-4/restic-server.nix b/hosts/backup-4/restic-server.nix index 034af54..2024738 100644 --- a/hosts/backup-4/restic-server.nix +++ b/hosts/backup-4/restic-server.nix @@ -10,9 +10,8 @@ # restic rest server does not support --htpasswd-file in the current version of nixpkgs # until then we copy the secrets to the common location - age.secrets.restic-server-magenta-htpasswd = { + sops.secrets.restic-server-magenta-htpasswd = { path = "/mnt/backup-4/magenta/.htpasswd"; - symlink = false; owner = "restic"; group = "restic"; }; diff --git a/hosts/backup-4/secrets.json b/hosts/backup-4/secrets.json new file mode 100644 index 0000000..11720d5 --- /dev/null +++ b/hosts/backup-4/secrets.json @@ -0,0 +1,27 @@ +{ + "restic-server-magenta-htpasswd": "ENC[AES256_GCM,data:yqjXswnjPlN0JkK2XUTWZdJdYg7F2ysON7yfS/jgE+aKEHk0DWMcrXDslLCJuBh2KiX8ODKni2J2TL05lv6LUMzkhgk9In9iiXRfZ5nLf04Vo2tgIUGLvBvnu6CDDqaeV/egL4Zq835C3zZFrsQWmrpxO52M7p/6hrESi5qfBU7JtH1S/SWjQabHdxJY//Ma7DNmZCBodV6Ayc0/bhedtB4dRQxmQsqcQBgxJ2TfgnZGw6KFrVsQ8dtD+avA0887JMKxhTrnPAYDaw/aYjKW4nCVeOVcfu/lTIh48nuC1pR5JumLYPkrPh1+xLaYc4Sl4dMbsUKH13qK7Z6jmAzmABx1HmFjC6mpJB9tqO1mWLL3Gsnx9g==,iv:xXMLP5qmNCPHzBY5mQkPBNQ5um+vzBQkxu4goSEY4fA=,tag:Vf7Xlc9XCwBXSwul+Ua4tw==,type:str]", + "wg-monitoring": "ENC[AES256_GCM,data:lCuE2EgUo3ER9NNg1rD24Z4cZS+VZ4KmDojnfCsb/LyBsfyu6uOJ4IVtxOE=,iv:KHRP1pXYXk8Fi23cjUZVUUadu9yWoJ2ddxj2fMJJYE0=,tag:TiFlekXM7WLLHAPlmYbP8w==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1yx7pqg8hz68487k92kgwhdzuc4cuym7l567a5adel9gtvp8l7qeqlg9zr4", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpdFREUEVzb2JFd3hSaG9y\neVA2a2Fodko0OTI4ZGM0NlZxRmNtYmFDY1hVCm9ncXdWYTJlSU1FSG1WdlNBZ3VW\nM2VtRmZiWldzalRsRWJ0UkV1L1hSMkEKLS0tIGVLQU9kQXhZbC9SUW9CS2JnWGlJ\nQ3RoeXVkRXNkUWNaZ0VQOW1hcEJnNjAKHgZ48PERJlfkkh2TyCLl52zUZY674BXW\n4zPtmhZrb4xlExetINrOd4hZtL7S7qn5GnTxhoxvCddeU+JPPsfWoQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-05-04T12:33:24Z", + "mac": "ENC[AES256_GCM,data:FcZ1oeZkVIpFZJ11sfiw0+X5eKy0yF8VG8L4TWqD8i4Y5L0HPTQ/GzQMPxRO2QLEIvf+RZPkE0owoEMt1+azkkY7JiaZB0sacFPqK4GNSjpIXmN+spJAIYGS7RsJiDEHSwVutuhgmdJWv/QL5wAJHgEXglmsOkIIww5x4hQcR/k=,iv:eht5ELd4xIPJD62l5aSqQC3cJZ0+nQa2BjX3htUFWcc=,tag:fOBoVOeHcxFxKezoa3Tx/A==,type:str]", + "pgp": [ + { + "created_at": "2024-05-04T12:30:52Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPARAAoI+lgyV1TA9VwFGdsDIhwCvynN8v9VYWjujnUr9G/7vV\n2t4MKxlMatvYJSU/AyrO/iXaDokZ6AMBcWHrvUnVimkljUKqgK1gIdHTaQks7GrZ\nR2zx+dVH6EeQOhNLVzzFm1yM692YI4XDXtmeXCrJCKA9DmSB4uzdV4jWlWAYSS1S\nL0/ZNBz0c7PabTHfzhqvBj/+IBnH/Mch80WZyQNtuZFUCQyXdhluKYhaeU7+eUgX\nmHXIy6mZqTYJahUWz0r6D+Iko8HhGPwMFTVnsYCERvfLWZ4Kfr0Zf2tgqt4x0l5x\nza6hnx6gGzrbGqnBLgqP5lH10q1lmZluLi45ChIsI5sScyhcZgjq7+0gdRfjyOC6\nXhjYMzfQ+epcO6RavTnXsEXG0YMtocFIxVZhidv6FCSoRALqOl3z6tksJFfyploR\nDIjYh7iPjUkrgbV1lyH91jIBcRWZP2UvwiXP9qB6/GgAR14TqmF2u9uIywYwqKnf\nX+ptzHSI7i1DxizbF/Tu4Dw1Bz9ZlYpm8ojL3uEw0qSuclxjTd2/T5qogkZ3a+UF\nBuopoUoCIOXLik9VLiKzCJHAcWuSehWbL0+p+1cIlRESH8VdzQ3r8rrSErUoWA+7\nk06Fzl6iBeFMnP1rWWtFetfJeC/Z0PDe1GdFa/xdTpt/sMeNw5qhHzCSiUHavYOF\nAgwDvZ9WSAhwutIBEAC2V4Cqj5ffXmJ64R1y58F0fT4QNJ5lHg3xmvbuQrJoINMY\nC94ysRGpOX8IFVHIL/WypB2HixFEE3ZnEdcbviKJRZ7ukxvy6/Vs9a5SiX8QDFfi\n0UtWg9jEh86mGqPoxjMnyAcv+e+xcbz3izw7cEAYpjlTGTLOmQhHUgv58hs1L6ND\nre+MAUs53iyzoprMezEoU+7rDavy2a68BUMHaZrivCA2l2jH1ApEWz/dxv/3S1Qb\n6sRxumWfLj68UNKcn2nNwfs8xpHLAIWnnZB9BBmwPb989wpg8WLlacpWUtL1QzUT\nmCI8EKyWKMuIZXOnXVNqEmA2jDVDpbXOfMPHw0l0kKNx7tAXtjkWR7IE8T5iTspq\nL1F6d/caDroOnwHYCkJ+QzNstikTevOntIgMRYXkx1+QL+C+rS3K+My7281If1/G\n9XXcIAsi4f5BLmC1xT8my45UaziFlw99KoEFga208uHl9k0j/cZhSIKDgr08sR6e\nQa1p2WAFLhK1AjCcomSkEnLfWSStcUBAhBkFexWYcxlhUerczE0dhV+yH8daug7A\ntcKTKC3ooGkQAPHKcWZHUFnm0dd6TME73xpMLMgo5N4Qli+yvgX3RnvfCzWGN+pN\nkV5hF4kTBmf0/YLYhAft0+TQSKyGymF5MSMW06X5syHE/s/mznV4G1A6FGwbnIUC\nDAM1GWv08EiACgEP/0XA6/lfkb3iUnjR/JH9BOp9nAldAIouTWB3zcuJddfP4kfT\np/+AsK7DMOp/RYWnngKVNSihkAuVfGUfhZpDvF0aS2Cjk3gmgMa2n3K/1g2ypZXR\na5HsXTqAH9EzMxhaHWRkvrb0Kf5jYt20MVIPvI3PuNQNS+gV66zxo7rdZLfINs8r\nigniDPn9vBteXEg9do50fmk70RuqBS2+0RYMgGO6xgz7+qFXBuGbtq/fAVwVsqMu\nG6cPuLNRrZ0aX+2fm1Ay/c25SV15VR5M/zo0qAFoHIGdapjxeOeoncW2KMWRo69w\nDuNMidDFcFOvYqJJ6Ih9ZkZAgtR+uOOjiC9SeKQuFQ7nONfPqpBDuNwHogha2EIU\n3LQpksg2QM7jziZsenNrsbx1nz8QpYC4newsdqjNjqNl/8ZZpv1AEGavrnfQ1ud+\nCxgvUUXhvedk2T+vnNSNmRFsAzIUp6Vy6zGtg/tuagMootexbs6nI9P1iVBh7ojD\ni6/YmOantNhVo9B0XgVXF6JgtlQ8eFZ0gHrAt1YeQejPoiHNQe9S1fOiOv2cTbZI\njWRLGgzNyj9rLRlyGP98Tf3YLjZ9bR1gRylnbdl4l0DFDRNd/tF4CO/20ai8QkZm\ncKZnP7t2hMvILf1LYCty8CDNKM0MQ3k/AawaUKMjNGj6DUdN8JUKS+8sDpW/1GYB\nCQIQv2lQ6ZD+9GTC8hbMrxkM7nm8GfDOgA8fhoyRNSCkUnrXkIvnk5dG4u2hgHOD\naC/VyW8ahSuMqINO7epMhSJD8971MG+qpeLSSPEL4W9uibosY8jT1Mkeg8fkSFHE\nu0LyQcg=\n=EO+v\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/backup-4/secrets/restic-server-magenta-htpasswd.age b/hosts/backup-4/secrets/restic-server-magenta-htpasswd.age deleted file mode 100644 index c761932..0000000 --- a/hosts/backup-4/secrets/restic-server-magenta-htpasswd.age +++ /dev/null @@ -1,12 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w kViHcBQW1BrrsBH+G/G9+uHKemfLVJDdu1YVYvwAmH4 -6Ii1HSGfr2OhqzjRPKPRYXAO5MYMjAH8n6h7P+DVmX8 --> ssh-ed25519 eelCFw 4QoMZ+gZPpy6COWtrKHG75mH/UlBbWbdtJw3ASzlU1g -S+BVcp5IdBPZ5g3mxWR2gF85gRwaGOYS51g8Aly1S7Q --> mP-grease ao;`-B$ -wCQhGRw3OSJrP+woDKwQ2+KW5PXhxnI5aljd1SaeNNM ---- f/xlfi08cmP6+PPMoZ2v/AKsZQOe4RHe4yO97IcUgh4 -A*_$p|CjnO#ܗ.:' BU@f-ջL3Gث] l -4qs"7ߙE]+Lkkd>ڷ]lw$܉>8[t716dA9-iYhԷ -QTy1F1R;F`&O!]Cн~7hE Z %r΅ITkad^, ǡ*SФ6%\ Bo܁iic] -WrbC uA4i+V \ No newline at end of file diff --git a/hosts/backup-4/secrets/wg-monitoring.age b/hosts/backup-4/secrets/wg-monitoring.age deleted file mode 100644 index 03a511c..0000000 --- a/hosts/backup-4/secrets/wg-monitoring.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w NS7or54RThBygIkXukAmaMBerb3XzBl9MWxhhXSOHTs -B9+EuN080AMUEdm/KRVcR/sqlw0uC8/lO4VFuTkfECk --> ssh-ed25519 eelCFw KF1iYVpI/owY2K2entqcm4KaOztBC1Y+9/qK11s3Z0Y -IS3ABKW5+NEDW9bJ2KAb64WiIkHoMibyWtyuF3sF3eI --> D,/q5iN-grease -LBaWGpsSun/TqNuM8OnhBu6/+u4NrwgrSe7iMkER7yrA/j4RKDfzHC17P9l701xN -OWFhKaA1qsxwe2Pk+3cN9Tp7SklE/hY9ADIvA1Jqqa1uVhYonrpZFEUXPVbnEEs ---- JYxwomGwWYbjcoqV5u3ReD/2kaZ7XQmxc7aUEZOGcCk -A,Jiy8K@ڨ0]_MM౉w7ު!Ϲ2ѬԛJޯlQt=p$ \ No newline at end of file From 793122bdbffef9f73597d88662575a1e81da2e4f Mon Sep 17 00:00:00 2001 From: Flake Update Bot Date: Sun, 5 May 2024 03:03:03 +0200 Subject: [PATCH 2/2] Update nixpkgs 2024-05-05-01-03 --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index ac3e4da..f366649 100644 --- a/flake.lock +++ b/flake.lock @@ -283,11 +283,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1712963716, - "narHash": "sha256-WKm9CvgCldeIVvRz87iOMi8CFVB1apJlkUT4GGvA0iM=", + "lastModified": 1714635257, + "narHash": "sha256-4cPymbty65RvF1DWQfc+Bc8B233A1BWxJnNULJKQ1EY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "cfd6b5fc90b15709b780a5a1619695a88505a176", + "rev": "63c3a29ca82437c87573e4c6919b09a24ea61b0f", "type": "github" }, "original": {