From e094afc4a0531b0e481ac5e003dd3b1fe96afb7d Mon Sep 17 00:00:00 2001 From: clerie Date: Fri, 10 May 2024 15:36:09 +0200 Subject: [PATCH] hosts/web-2: Migrate secrets to sops --- hosts/web-2/radicale.nix | 4 +-- hosts/web-2/secrets.json | 30 ++++++++++++++++++ .../web-2/secrets/clerie-backup-job-main.age | Bin 508 -> 0 bytes .../secrets/clerie-backup-target-cyan.age | Bin 531 -> 0 bytes .../secrets/clerie-backup-target-magenta.age | 10 ------ hosts/web-2/secrets/radicale-htpasswd.age | 11 ------- hosts/web-2/secrets/wg-monitoring.age | 9 ------ 7 files changed, 32 insertions(+), 32 deletions(-) create mode 100644 hosts/web-2/secrets.json delete mode 100644 hosts/web-2/secrets/clerie-backup-job-main.age delete mode 100644 hosts/web-2/secrets/clerie-backup-target-cyan.age delete mode 100644 hosts/web-2/secrets/clerie-backup-target-magenta.age delete mode 100644 hosts/web-2/secrets/radicale-htpasswd.age delete mode 100644 hosts/web-2/secrets/wg-monitoring.age diff --git a/hosts/web-2/radicale.nix b/hosts/web-2/radicale.nix index d2936fd..3ad1ede 100644 --- a/hosts/web-2/radicale.nix +++ b/hosts/web-2/radicale.nix @@ -1,7 +1,7 @@ { config, ... }: { - age.secrets.radicale-htpasswd = { + sops.secrets.radicale-htpasswd = { owner = "radicale"; group = "radicale"; }; @@ -14,7 +14,7 @@ }; auth = { type = "htpasswd"; - htpasswd_filename = config.age.secrets.radicale-htpasswd.path; + htpasswd_filename = config.sops.secrets.radicale-htpasswd.path; htpasswd_encryption = "bcrypt"; }; storage = { diff --git a/hosts/web-2/secrets.json b/hosts/web-2/secrets.json new file mode 100644 index 0000000..b9048bd --- /dev/null +++ b/hosts/web-2/secrets.json @@ -0,0 +1,30 @@ +{ + "clerie-backup-job-main": "ENC[AES256_GCM,data:AoreXT9N9blmaSsIVF+fWuGPVc8Fi1J4uQDrjtY6fzQFCFM9Yk0JQT/+POGiltOUkJSd+Ua1yKAxQ6zoR33WvQ==,iv:He82CVLKZ0dMBpkNzzrnUZhZcuFJXcWDmBKCJhBPrBA=,tag:EDDBVAcceURYV2SL2qEuyQ==,type:str]", + "clerie-backup-target-cyan": "ENC[AES256_GCM,data:G6ILFo1w1SVs7b5pIk/JdFvcIXdIaKFL5qKxrchxLedlovltnnRuufxfKivgjWgjTeVV78WNJMRVQVwXIcBhLg==,iv:gUjvjG04ClAxyFqhhj60XTWX6gbJELRRbUT/EbXxa+o=,tag:hsfmuQh0GRCRVm7NUnBInw==,type:str]", + "clerie-backup-target-magenta": "ENC[AES256_GCM,data:zsPFXpnTWHL2b9/fZiW1fhpla8hTeZb1+O8oihnwDIAcC4Tgn8PrFDEYK7kuWYcdbIvL5XRJRR48erSACsntFA==,iv:lTlAyVl3ndgca4Mp9lSldXmhlP8ECPvE/CM7Zpzy9ao=,tag:LCNF1loABQpZ8Y5wfpXjkg==,type:str]", + "wg-monitoring": "ENC[AES256_GCM,data:AfkytaHshFSyKkMdKVMdYaq3sKUC9dKYs5rKXN4Ouv5kjDGNXC18liEsRuc=,iv:4mMgsovdAJ++Myr+9GuhAaEBuzDBNZbGK6zfzoAEJ0E=,tag:/d0ZXNbpaMFyxyzov23kdQ==,type:str]", + "radicale-htpasswd": "ENC[AES256_GCM,data:+FHsq5We/fc8gBNub/GV5Mfs2i0/7Qm9UPDhb3unEhak6XDAvMSUQb4eaX0wn7Yi3y/gFGmapd0eYilTjfoJnI9gVnvi,iv:lEV8kQh9RBL/xKcCLIRzUR6ADq4zoah1c8Z67Qrs3dQ=,tag:cw6jKYbZUXBD3Zio5CH+Hw==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1nn8dwl2avshdhwn66w92jvlvz2ugl5fdxc8dxz6lpru72hlq44uq5a88az", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlU2tEMHIvRUFxa24wMVcy\nb2lheGR2ekl6S0wzWUd5cTMwTC9HdFN1eVc0CkRjRHdJVUw3ZCtZSTlUOHZCV2J6\nYkxqdnNmU05LTTNmNFZiTzBxZVdkOTgKLS0tIEZUZ0svL2NhcTZPdFZrYUhwQ05Q\nWnZXRWIvRXBOMWNDTzQ4RDNKa3IwSUkKj+vI9dEEUQYN9uT6H1FdexComfbe+iA9\nVzLF970ASzptGiNYtdN9GYdXY7JGHoOfmYy3fpjZGN3p2KqiYyi3UA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-05-10T13:32:34Z", + "mac": "ENC[AES256_GCM,data:lxfYT2TEO9KFx0x6DPRQ2mRy5Ft6syyyO1yV9my6GwvDxd1e7odXGRcFo3N1AFod8Y6z4+XaxqZ/GoqSp94Pk8aF4eEhyAFun/UUr8KhKGsnq6xnQA4p37oYccvTY4eohS5YHBr/+AMutddmQ7qiYtQhVViXAr6+dmOsV1Tfu+A=,iv:bC+z9SP2W048bR3aWIcPgRlfLB5n5ccst6OvH0NjYBk=,tag:qhoXUAl0nG4LYy6yXQP2/g==,type:str]", + "pgp": [ + { + "created_at": "2024-05-10T13:29:58Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPAQ/9EWbkWn0T2rknNHaAwSKis43wQe9ItWzi1KNaGtE2yJt6\nvFWN43+Uop58NQqRsQiBD+wXrrkZCceIsiwT11FiOr1xwxm+j5Dt9ItfYG4SLPQy\ndRCgABRHXkJTlizFLBqhNH+m28rVeP2rjv/VISnX9dsaN3wBe1SQdCWahirbdoUZ\n3pQAJKDqptEp8MwW9OYhQf0A+etUKGyY1UZBdizgGI+FQH3NASDq/TbfzytE2h7f\nk4ptT0Wn3CqIeqSRwQ89x2ma/pmN/7sHvC0wmmyCuL8m59EGwX4pMu5jk249n8S9\nfi0PFsaPa150wCcsF3G9K9RpxzKJOQ5ysWbKKzKTvc9KIzeGzC4BjEwaSu1mtqmb\n7JVjbwXPUD1QbbB8Vymd0LUcUg20rMHqExMvOJfYwVb+eUMUdYJQHNpmOpRAlgkr\n8cd5bPWmFiWyCZ6DaEUA+cdtLHkrz1nWkrlG2n3K+7aSCVRZayheraIP53uMG9Ng\n3Co1mTrHy6bLAT+keRWseOEkCnAFGns+Il6v4dign4Q7hQ9Ovp2d3kMj4uWOHrd7\nyWUKIUT2ejTF3iM6UoNF8POvtgMD0ZmwMI0wZlc1FE6pkSAVC/1lEUqE4eT+l/Mv\nLCDF5ktd7MBdsMzdEbsVV55D9/vRb4AP8cccof5/akeZbbj9A5spWcBzApLv5MuF\nAgwDvZ9WSAhwutIBD/4o7j58zECSLtSHa3E8hDt1zy4u5Bbddtldzk6ItW78nJWK\nPHU0+IoTWAybSkqD8NBVMyo4ijHs5ipmvmeJ+DIdpR7219VFfBAr36suP0F0f2dg\nVQOsbZdeDar1sqacmcHcdqaBgkVW+M8A216moCld582Yy8JvGVvRSW647mBnhgW9\npkcuT+zKQJUwczXSUw/y23w+9qiuby3CmiJuAWFMVRT4E36cl9xAaezafDfp8doC\nZ4AcATAvZtLIOHKg3XjYzJyzuN0pyocTZu4x4PiJsHLtx34WOivwU3i0Iu9J/2VE\nDvXsWRql/P/r5O5U7np4cDGHR/siaJvHx9nbZOottisETAWGI+V/QnVTqzUEcK8C\nu4PGrgaPyFHtW/rDAcINU/tmLB78FM+BgNXJNxBDeJgoRQ9VB0nHlDT4pOZ5Bdo6\nkmxi/bCWpasThNE0EEQRMhNr1zXMwxaD5/enm4wIY6oXDmIxAf5Cj+rHPrCSiBpV\npge6xBhXGQSZMJT+QAQPwAu3l0g52DKIb8zJaLMCRnpra48W7dFRpIRb8LV3G4PQ\n7xxiSTO0NE1GbYMmqC/LU7RgRRqt2P0y5VaHqHSFwjdJpHk/zdoZ2QCh36Wtc3nw\nvTP7crZVZj0oYKenMBIIYOR74GY0L92Owxd1yNi+YdKtnFzXzvPtqrldx/Ps7IUC\nDAM1GWv08EiACgEP/1Red5Qltvhdb7UN06EYmZtbqf/ERExu8Zom4C1887HHOz/d\nkq/uOfXo4PHfEI/8mkcV5FDZ0kI1sGYXv9czLiImAwwPRD2klo4irfvBSWZglRE2\nO5sa2xPkeiXyaWkOeV48fm7c1TxUSzA5olFZad4z+3LzkEv2qyVJJZ6MW3We1wu6\nYXyGesF1oJQZb4GxQr6feknlG9WP35spMk/9s3zR6ZQCdgm1VZx50vfzpgbvVo8D\nySnVCWUqG6/3PTToMxm+LndE5ejbFOvubh7ppgsceOZyDsPNGPA3tVwJDZU/T2DC\n0D9M3F0DHUe1aNzQAA+CUgRiC1F95IgHtXUcCfF4aDtDmvHOMjDwKlxpeE00Qthp\nxms00wT+I0Wt0ieTErmHJHmpkGtGdr3aQXi4LFS6EZhleWdZkJXko/UBIsxfLKji\naEdz3sooHTVBUxQ6qmieVwZQBS5dFbqxoRId/y71QjW6whVi7JpAzUZ9J9Av503b\nxYrJrrfiUM/qmH7/EcBaYWZUDwzh6E71G/luyiGrJYlXV7mp7I2yw1EDYpDCz084\ngUQTdKtav6YNUFE8IWvK5mmXCnnWTmiOhxmomGcJC8s9CXoBYaC7ItxqkeeLcMaD\nYl2RcCSsynJpicJx5oDKr/J1EX92e9RzGYrgdmvVhlSGDBqpXL2+6n0wm1qG1GYB\nCQIQf4J+4HW3sHrDVXEDvuxA4sebLViuSm9+YkwCEIp5TvqVH9O3y1TMS0/MK15N\n6KomgzU9q8N7MsR07NoOMWYGF99RB/4/7lIIlN79g6jwqPuXbqZPFMf51woXb8Mo\nUn5pu94=\n=binq\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/web-2/secrets/clerie-backup-job-main.age b/hosts/web-2/secrets/clerie-backup-job-main.age deleted file mode 100644 index 45c9fde0fd9735e0dc6725d9a93c01ea86300963..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 508 zcmZ9_O>dK6003a)Nzr5`ix*G0?V^Z)w3K;RQlL=2N`cX?s8J{s$|%tC@pgDHGucc` zws`PvJn2Cb6R(>17rf1wT|F4R8E+=WtIr>JoWMu@WW3nRifNkMOcw!G5fHis=Xr?w z-mPYn*o3>lAV~lhge~@FeZ&)GjGVZ>J_s$uHcFor8F63`sn}BH!CVm76!MHJT=x!{QZZ$y$HxDHDozLzR(+V3PCPi88l*V?2NO9LfvJB#9({9SpB?uRN4g*%P9Lu;4p(qMtOa;`e%ZRRL z^7B+h)LGV`IvN4kk+3vLRd8&(Q3MJzhVDIcy@!JS_~2yi%Ejj0cSma*E6TZz{qK=h z{y4sR*8fnhzI9JOKL7RT&dW2c!Z;uOx%BPD1&sOnbmiJ;)!*lpFQ><^q``0c=K*zi W^5k~%`Tpx0myh0b_YU8SpZ)@O>a5xT diff --git a/hosts/web-2/secrets/clerie-backup-target-cyan.age b/hosts/web-2/secrets/clerie-backup-target-cyan.age deleted file mode 100644 index 914b016b1ffaab9f1af9012026430a9ca1cfc1f3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 531 zcmZ9_J&%)M003Z3V~qR)6QeeI)4g(Sfqpp{=>ercEA(0l3`QsvO5ue9<)f3MiHnQ5 zTXfZb;NWtJlhMTJbjeK@qlq~uxNw;F_?DwRFI2_YUPOuji}k)YZx44V?$b6zr9LYocTW?%YfAZ@fd~|Zn`Ey8JJl;Qe_VMh!bF}&XiG25M*Drn|o9)f@VCVSj+wCuJ1`5sH nei@Wr^zT1(Pwu{oOIJ_-Ub*nwxN!#Vd_L?yeZJmGFTMT;;99)a diff --git a/hosts/web-2/secrets/clerie-backup-target-magenta.age b/hosts/web-2/secrets/clerie-backup-target-magenta.age deleted file mode 100644 index 50b8b6c..0000000 --- a/hosts/web-2/secrets/clerie-backup-target-magenta.age +++ /dev/null @@ -1,10 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w xLbOv/c4pjyh513O2LPkoKcprKZbM+217yy1a8Z7AFo -83NxTqotYXOM+w+gCR3zHdar9kNabgar0/eJBewO3DY --> ssh-ed25519 1nn+0Q Oc01U+rgGAizyKzhgvmqThlXAEMuhlRAqsQL+/ozQFs -xHxOl3ESipcMZdnulTxC7W628patS2eO6681oNZa/6g --> e[x'-grease 6N W+gfF\l \ x}~ -yqY9BH/fmjHn2QizHe1/DRDfTJmSAVPuJlIOmeuXWfhhfiauy6ia/DjbgVjcyqha -XarEaYsvkI4JqKODHRRaiJ1i3TOs2Cdk ---- 5wtIT/mhGMy8kQHbzO1h9Wj7OgX1ax8bk6k05tfLhsQ -0I԰Ȭ5H,oqeH}r2,Ъ\4U#] Z"+jy&W O~(өg ~A? \ No newline at end of file diff --git a/hosts/web-2/secrets/radicale-htpasswd.age b/hosts/web-2/secrets/radicale-htpasswd.age deleted file mode 100644 index 181070b..0000000 --- a/hosts/web-2/secrets/radicale-htpasswd.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w +w13fgMLBeHKig0VX67/mlhQb0EPSJAFTu//velYNRY -irMedsePNfFFOYhKksrqLcLdNdYHMxFy4iTPneIOtWU --> ssh-ed25519 1nn+0Q KpFGP/y4zZ8E8Jut8Gpea1DLH6rXGKODLE3IPTbzOUo -p28M4shr97sqqTBAxB1fQRNCj2E+xio3TboKZ/6smb8 --> rXRB4)-grease -t3CdM1EbN2yfSeKURCJRMTZ4w9FtXu6+Y8PWxo2RTV0fyv6XJdrq1jn1n4IflQLP -CV3H9FlQp4Lg/bdqVZDqDoMJ6dprVWK4rACnF6/tRRkZR4Ndfk4JRRWtWBOfR/ax -GWNb ---- yNRoOEai4ypvo0uGZYI1q/qwzS4wIZFXQEGYcW+H/wc - Ze0_D@Ε>[KOQBuP9TGg(9pZ@1&RZOCp$krlg!\=W׃(Vq \ No newline at end of file diff --git a/hosts/web-2/secrets/wg-monitoring.age b/hosts/web-2/secrets/wg-monitoring.age deleted file mode 100644 index ae28b6a..0000000 --- a/hosts/web-2/secrets/wg-monitoring.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w ZWn7K/SI1OWS0FslI6Vz+KooVyWXuww4dNa5y0O1+Xo -P723ghoGExFpcMYjdvcZrvT1eOG/pmccI3IO0/UnaAw --> ssh-ed25519 1nn+0Q IL+SAfWJvd1KPV1z1kAyoLu3o/t6qdCx4cHjplqkaAo -5io07rjFwtbvmgvA2sYn0VsjdtHi0AA1JRwhH5yijpI --> m2cEFebO-grease )(5.!z\ - ---- 4ILHmhv4fz6NZaWVYAKmFGY4ojpt4WQu3ulxz0R5FCA -(Եnl*Ujˮî:U51rڠ‡A ޴cCN|_X.s[K& \ No newline at end of file