From ba30850a81f2e45e7f5e660ea872453747baaba9 Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 10 May 2024 15:05:16 +0200 Subject: [PATCH] hosts/aluminium: Migrate secrets to sops --- hosts/aluminium/fieldpoc.nix | 4 +-- hosts/aluminium/secrets.json | 27 +++++++++++++++++++ .../secrets/fieldpoc-ommpassword.age | 10 ------- .../aluminium/secrets/fieldpoc-sipsecret.age | 11 -------- 4 files changed, 29 insertions(+), 23 deletions(-) create mode 100644 hosts/aluminium/secrets.json delete mode 100644 hosts/aluminium/secrets/fieldpoc-ommpassword.age delete mode 100644 hosts/aluminium/secrets/fieldpoc-sipsecret.age diff --git a/hosts/aluminium/fieldpoc.nix b/hosts/aluminium/fieldpoc.nix index 3e93039..3df29cc 100644 --- a/hosts/aluminium/fieldpoc.nix +++ b/hosts/aluminium/fieldpoc.nix @@ -9,8 +9,8 @@ enable = true; ommIp = "10.42.132.2"; ommUser = "omm"; - ommPasswordPath = config.age.secrets.fieldpoc-ommpassword.path; - sipsecretPath = config.age.secrets.fieldpoc-sipsecret.path; + ommPasswordPath = config.sops.secrets.fieldpoc-ommpassword.path; + sipsecretPath = config.sops.secrets.fieldpoc-sipsecret.path; dhcp = { enable = true; interface = "enp3s0"; diff --git a/hosts/aluminium/secrets.json b/hosts/aluminium/secrets.json new file mode 100644 index 0000000..f44b62f --- /dev/null +++ b/hosts/aluminium/secrets.json @@ -0,0 +1,27 @@ +{ + "fieldpoc-ommpassword": "ENC[AES256_GCM,data:F856G4jZjbj7RQ==,iv:svnlwqEPMDHHlSSv5Anv7w7TlDjHUBmKqiBL+IBV+1w=,tag:fnySgzaHzf2paWEBwD4DYg==,type:str]", + "fieldpoc-sipsecret": "ENC[AES256_GCM,data:ysnHLFHPbOcgTfoAmZy+3Q==,iv:6G66WDGzuyfTzezVK0uwY5Ihv22dR7x7g/A1fvxUhjk=,tag:WUVNU6Bw5u0kyHpyFsKmaw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age12nr9jt7u04ef0uf3h3pmh5wsw0t5ax7flwtk0t57zhsqj7s0lvnqxdgtu4", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2SVJHaWVpVFRtZ0tiTElr\ndk5jem4xbm1rTDdkNFdEanR3eGljak4ySUFrCkVSKzhOMzB6elR6WlFtaW5vTXZK\nVE1TZ0pLcmo5alJnL2thVWVvRmV5YjgKLS0tIFJUY3pVKzhoSDNpQ0Z4TC9vdmNL\nc0RlZ1pVUmhIMjRPd1ltZFBlMXZhZncKgtH6HYaK9GLPmwHpIRXwwyhWLqHVvhDV\nRCusRPXi7vpl9Codn/gKa1yhtS+Nbrftpfibcf4Zpp6tbICBJw6Chw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-05-10T12:55:36Z", + "mac": "ENC[AES256_GCM,data:rYVMHm97fym9o88cF6IjPsOl1ZgIafIlvw3BhS3y1tFKuiIAmsqL+DvD+yy8oLz2atvyxIdcKihDRNoriC6V80WZg2jqedSbkK0QQHng8z+9KE0SAfoacuJqb/SMULOPVvW81Zhox3Y0fbSVdO3WScx7Z0czNBZ0JGWVObRFbHY=,iv:97/B4g0JTHLlyR9yV8xqhhDnkDDfS9VhsXFb8v3pMVs=,tag:No47WYn/Uk6R2mq2j2gpzw==,type:str]", + "pgp": [ + { + "created_at": "2024-05-10T12:54:53Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPARAAqgQosLYib0E8DjzA2YFhXqSvsDhRQblHDMNgTuO2/LkB\nVFj674m60/04eFHkUzAo1Ix9W8ji3Q/vVLJ/bLcfx4mGS7atBNzCFHlRrXPcSS5v\nMyihaRqfusweNTwYF64aQ2iE/EWjEDRo4Ssl5aOoilnPHpIqaTyeIbejzHoZWqqi\n7GZttP33NiQP0iWVO4SXlwkF5yuZT6qaHjUIOQEGImz5q87eMUtTNm+Xf3Qx/jAw\nqSkxwN5ySMuMcMqGpShhztoXpe123YlvNr22fZzkBHU5AwakscC5nf8skaMc2Lrh\nJ/+qFL2tWdgEf/fPd7aYFEIuC2YdJRo+yGMZ9s2VjD9ZlBQUFd8KZhytxmzoO3rW\nNKPM7/4tMyhdomt+uKqQNrVDOFMdyR+xLowyGgVqn9MDDDcnQhEdGyqk+WEeQCWN\nXlrQEVshHvC0YTIIXoyFljmMo/z251FoVY8+PHZOQzAJB2RyUIzjEDTX3a7xDNff\n5j9THrSloPLXuW9lXQO8qX8h/50GbJ2Hjpapslx3jhYx7viOHp2h3ojXbNditrIE\nWHEw679IjgTuantfnTzy1NPtIVvH5twrncPRdRsOqVVL4UHI66O5SCATAuVFXM7O\n+ZlLZS3TnuHE9JDlmV1Ts065VB3iYxXA/3p78gCcVp9otQVeDSVq3PTmKzUCLbSF\nAgwDvZ9WSAhwutIBD/9xwPiMUY60fKMS5/BoFYxKB4Ml41MalHdSURmU5IMp5oax\ngykVOoWmOTw3pm90lsZg809SwO3rbJjejMzzUZZpN+vN2pJbZeqRaY7Av/y1K6Sq\nlWXY7Jzbw2bI3JDPVq0tetM4EixGyN+P5p4tVB07BxKzbaN7dCFWk8EkFZBS5Fg9\nQiqLBwk1EofEsZHEbw6BYPivYHi0Cy63ghQ8t66SfhMyh+s2t9jPFB7s24UACaOe\nQ2aC1CP+kDvEMIlS3StNcHGUvZ73/CAkbTmbb0gynFw3odNN7+8tWHmWL3J+0RaO\n0TfXABH8/A3zka97IoZvMt9SqO0FT9VrxE2xBp318rsTfQrkYN8UiiBfvGjI6Gc2\nlZ7qXgFa1tlzYmTjYYs6TCxyT0a8mCt7wOS5yFkph4pXEumJIhh7nmJlr3/gdapt\nwA/LhAq63+UNCGvAKum2XdfwycLDvxciyz40c0ZN25SDQ+2WQp51/GESvVQNDyIc\ngI+BTFSxVjW2Qs7WdN2dJeQ7bLmN0EpGNGszHYiz/T0zowvuUiOrfjVdoNigSPwR\nSeNDI7KQ+miLiqLCSSNTF6D3MlstHBXeEfGLbJ1qFvT4hX5ErI0xmn3lVeAeQIAu\nW9wMvtmMtt7XAef9hzyUUKvnkf3pQw+GBtvY4/pCJrFWKw8vADmLZ56t8UlNFIUC\nDAM1GWv08EiACgEP/icY5+u/9/LLXcnQ0gUsOwL1ChTAOnJxl2Dfu6Wdl/Xohe20\n6VsznYeAyOQ7pq0yweTRYejx96S5M1H+M6uZJPt4lMUaX4/WwM0zJeRH0nsaqbQT\nr6YUZX+jWKhVtuHZinmSLLo5Kj/DH2DPkDPH+ZZbPHjbsltPnYggx8x5NfseN1wO\nLe/dUCz3uH0LhgMpIxeQRWJSkstV64F907SyuU8fqaQJbq28YuEYZS99yE4VTUH/\nYion7EfHpAU54f9SfAahe4VL4hvDIKQ5qbC8JiiQnPYXElNwvQnDwOpysOAq9LQL\n0VXanXeQf/mXfjRc+NiiF+7sfavSRNmIkKOm8xEgdEASQ8lh4UDhoA8mcSnB1dFJ\nAt8YOmkPEC7kplF2wQNFI0RpI+xsJ4hxsCZ3QFoXNwHK1HbeEZ7/FxtSvzxFdXsx\nNyB7EagsIMq/G6R4J9rWCHAf9LKlnFNyVzMin2LoOUtp17yvODXOszKVEj38TMfr\nz9K31QTellrFzJCNTY1VwZyb1JJfiVsbGCqJTbILB3SYV36Lwb3neAvK1P4KsVFY\nDIqMHeY3oLoxLyHRajtjKxhYTwjB3c0ov2IAqOszAvwnO9YBClxeewMt2/Vv2Eok\nzgkEV3cTSZCtPPhF7+C/0bZ35A1MDNXaG1AyQS+4idN0a3LuIgROF3Ow8gB81GgB\nCQIQBdPtKSJqTekbsvXlb4HEHZmjdwjoinMUiuDjAsccGSAvuEqC85NLKjn3+KpK\n7nYnI6NAI6SJ4IUy6YJ4/nKPw6hKTEn442rhUDMmQ3dmCMQFBTLx+VSUpsHE2SSL\nyZ8fqDq6Dw==\n=LtRd\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/aluminium/secrets/fieldpoc-ommpassword.age b/hosts/aluminium/secrets/fieldpoc-ommpassword.age deleted file mode 100644 index aa6e00e..0000000 --- a/hosts/aluminium/secrets/fieldpoc-ommpassword.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w dvnkhXiz/AAZa3xT6RDx8OIQnBihgUiBddXtVB85JTA -NqFXVizLIgp08r41jP1myZ/sfOcHYRk7qvPrRjH0KUA --> ssh-ed25519 GUpvaA X5Nhz0ppW4smw1cVZ0xPwcgcCREpcF4OHIjgwelm6Eo -N3rA06TZIEOgXGROcTUHlGSN4jpisGbMXX3WnHoIKek --> }zICz2Kn-grease ;yh -NSFTNcxuAeDoIHy7HqGJn6FD7t3admS1EiIlVuPvcY0X8lqUKACMAym8GcCd2vrQ -VF1NK0BsKgW1j6uUFASqBn5/us2Nx6/mwxdaX4QBGINlkas+/zN53bM ---- e+nEDx4JO9clhnhTKZLeTuUdfRSHNJS+kY2UA46j8CM -H>9㱡(Plk?Cڏ,x}W?a* \ No newline at end of file diff --git a/hosts/aluminium/secrets/fieldpoc-sipsecret.age b/hosts/aluminium/secrets/fieldpoc-sipsecret.age deleted file mode 100644 index 317cfe9..0000000 --- a/hosts/aluminium/secrets/fieldpoc-sipsecret.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w IXd1561I7Ia8Vr1nlqcMCMN9xF0LXlpXPJUIW102UBI -KFpKJdE6ge2yE+kp1pYcHnmn3th0m0X2iETZ8rFze48 --> ssh-ed25519 GUpvaA VyC2gxp7m7uz9ba1qmjQ05Cbi1ZXpkCU9ydwpYMAlyw -LC3flGQhaBdl8LeJnG5HbEBXcmEbDarWqZ/XFGhUAoI --> _7e:/rX-grease ~R' V -KlOMxJRircN7onkmcF3Omw8Nseg0kgx9CsqdRsWV9jVV8+aY/4SFRC2cllIDOIQa -71hNmC6LqcOW ---- zr22gxWcsyuMcUg3gXiIUPvbsV/dE2hRvWD+e6i1B98 -1("Sb/Q<*nI$IgfX݆ - \ No newline at end of file