From f252ab71eb055b147be31b85f11bf747aaf5697c Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 21 Apr 2024 18:45:15 +0200 Subject: [PATCH] hosts/hydra-1: Migrate secrets to sops --- hosts/hydra-1/configuration.nix | 2 +- hosts/hydra-1/{secrets => }/nix-cache-key.pub | 0 hosts/hydra-1/secrets.json | 27 +++++++++++++++++++ hosts/hydra-1/secrets/nix-cache-key.age | 9 ------- hosts/hydra-1/secrets/wg-monitoring.age | 12 --------- 5 files changed, 28 insertions(+), 22 deletions(-) rename hosts/hydra-1/{secrets => }/nix-cache-key.pub (100%) create mode 100644 hosts/hydra-1/secrets.json delete mode 100644 hosts/hydra-1/secrets/nix-cache-key.age delete mode 100644 hosts/hydra-1/secrets/wg-monitoring.age diff --git a/hosts/hydra-1/configuration.nix b/hosts/hydra-1/configuration.nix index 06309ea..8179409 100644 --- a/hosts/hydra-1/configuration.nix +++ b/hosts/hydra-1/configuration.nix @@ -79,7 +79,7 @@ services.harmonia = { enable = true; settings.bind = "[::1]:5005"; - signKeyPath = config.age.secrets.nix-cache-key.path; + signKeyPath = config.sops.secrets.nix-cache-key.path; }; services.nginx.enable = true; diff --git a/hosts/hydra-1/secrets/nix-cache-key.pub b/hosts/hydra-1/nix-cache-key.pub similarity index 100% rename from hosts/hydra-1/secrets/nix-cache-key.pub rename to hosts/hydra-1/nix-cache-key.pub diff --git a/hosts/hydra-1/secrets.json b/hosts/hydra-1/secrets.json new file mode 100644 index 0000000..189e9e8 --- /dev/null +++ b/hosts/hydra-1/secrets.json @@ -0,0 +1,27 @@ +{ + "nix-cache-key": "ENC[AES256_GCM,data:AFDvfikObYvlwqRd0Wz3jfZdrKp6vu5ga6mFKRSPhh/BPFS1mBNyz3DQTL914bO7Pn47QHQVxufFVYlYmIq9sIK5snudZmRNDC21D95CvnJMWkO4d+nO8sMbjTMocEBmBEPMC18WHrkVmWOJ,iv:sD1qpX4sgAqb0c4Vmr7cRAELwiQhORKleGggKnOtmB4=,tag:q9D/f/+n9J2+ZtyuLXuk6w==,type:str]", + "wg-monitoring": "ENC[AES256_GCM,data:C5C1s8GgEhu0QrIYiToJu/6Be7njwwNzdj5oMDGihT0m4lCtkwDI9NPxdBQ=,iv:icgVuwsJjl9+6pank/0MenY3Sm9eZiJ4KqQHASz+GXE=,tag:ANKZxndDHXAakUFr0euvkQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1v7etelmpeksue9q4fdz826e4zd8d45vjfm057m33jmjeuhr6dcssyw4f60", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiS01SZzVxOGVjeDNuMEY2\nMjd3VjJHRTgyckZxbitFYTg5cUNZNHk5TTM0CkM3QnZyaFFmTUp2T2phZ3FuR3lR\nd1E3TlpsRnBQVXM4WlNIKzdTelJIbkUKLS0tIG5xR1VlK25LR3JucDIwakMzNVp6\nYkI1ZmorajhDUHdHZHQ0QlkxMkE5dHMKTaffSqKMM7Z6pDmMLvRr6MEsNPvJ9ycF\ny5Wilaie7qdFPEWJDNXOmmKwJgF/wPIsYYouL+YlKaOalL4X0i4xgA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-04-21T16:30:03Z", + "mac": "ENC[AES256_GCM,data:aEIs0bTuMJJsjCLtwQ/3ApO8iVCdlfPhBY97veU518R+Z2aywEh9R7h89skuVjrRcrbzeZthaubD3fqK+0mWkIgk9cYWzcHAA8OYNX8inZAnWuhN4kcc9pAy6abdqYtlqtTBY33m4BITEsIsUROW+VP7V87Kyp3THnn2S0QqAag=,iv:1wqiyugRLFXT3uXfo053E6mGH/wFGjUO/AkXz915GrA=,tag:8Vil1vZRkKUN4HwcFNJsXQ==,type:str]", + "pgp": [ + { + "created_at": "2024-04-21T16:29:22Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA5OzEzXewpmPARAAjrV8h3h9H5LiACawYTxnw0Zf31/4NSR5Wnl04IWN+qNg\nbeZmxj4KWuN2DxEjeERm3yNmyzDlhj7LNvmEMpdhE8DGgXVnXOeVvM+GPuKh4ej7\nLy0leHsXvyje12rzSw0Fidqs+PbXpsbeo4NmnNi7VIgjs3zuAzlNuH7AnLkPmUA+\nUAThUl+mswjARYr7UhP6YipQ2mFlrC2oL8guPwpWKvIq1rW8t+Ug9O8IMCA/x/iY\nJZ/04Tygc/EnDuCdvzMOf0n5xWe6CxRbgt81cfeoEP1PVJfof5pP4Rnfob22izst\nxBDnjnxd08xXOkPRHPN/KliMgRxmIVtlWz2tvL11OEmE2N4HJs+K6tpMbHMSm1UG\neA1mseDHw/f5z6tmH/sLFNtyXoznfiLoiQ83T+dUIeq9V9FEO7RqaeI8Qdy1enSQ\nCUXHdc4T3w525px/kYEm8QqUtyWcJHls609WG4togL4zll4MHsGP2gxx+FU4ezWI\nakD3j2KBzSzVP/UGu/oy9bDD30aA29+AJ2gNbvm2kLlY7K6As5u7Ug/u55x/tKQW\nbSbvcRzSXaAWmJtEld4EL+CdEphyMGQSdRSCceS9AqfTtvl88vlNp7EZK7mL4oBC\n8Rox3xzyRkqGpNEeryl6GIi0Y5QUe+AmyGPGNkqfzK1xkafElkqhhKhyOPVu27qF\nAgwDvZ9WSAhwutIBEAC6+vzKfG/E6ZT0RXE+rqrLx8lzrES4mhhOWbktyA1Y1CPo\n3YUkGSZHLUgg3zR4RlT1bhdfG3gpsYizFe3pVsMMkNrIhrPv4fDAqFNSBfVKYJdR\nKb59Qpxpwq+bBdu4Rame2ogTXwzTpZtW+y9jaWoxlgjCTMdlaNzsC/I2SN2gfDFe\n6XqPJaN4VrHX3jXlqrEDjrgFSn1t8ozxe+saaiX8eHygJJyAOWp0qhkDbhJwv9eD\nRveVAhGbQA9z+f6tKXvQiCJbW8GSpu3Udze34f315XRig6tVvAOsUw7zELjlXGHj\nfZVzrBWuC2GtE/uCC4iqIoPGjpk9RZ2fBgSCUVqhQMR4ZxDfB2uNSU4YcsrcOsjn\npUCzGDUWbO8ZleUTWQUehsrWYiZnF4n8M6d6zT8ihgr978iB/NdWlq1nByG2v1DX\nLKgpigiz60kN+EXJyAM1wd0m/DXnFCMnmKLLvto0ACwKe2l5gRXCLpIij7EqWWk1\nU5aQ/3M9YwVMGLGpPDFb5RJ7GXAXsotUEe0MRPeEIhvFdZbGOF9Xtv1E9WJ2PTaF\nwsDpPlufvd1qa/7fXM1ra7nxoksN5I0XYu3NjtMM+2WAtVSBZ6vASWxu5Che5pSt\nXsv9is4H+ORcfd1KDKfGwZtGoGwzeVN4Us6xirjeLzIOdE6QPfw3VYa5eC7YoYUC\nDAM1GWv08EiACgEP/2Bql2AOtUUcrzQIupSut1Bw4jt/Be93I110pjeB4typASRv\nolZgKcWUyv8P0jD3RRwoxJigJjLEolpLSy6F88w5M07fNdtgROuzs3M7nd7tMPS9\nR4RZcLJh87AFVcOt62mM+8FbvA2KTcDmFuA/h+z5T0SKZwjA6xkC92wS7qpYRbOo\nqqnqOgOpv7O3KUl8CQUgeA7UcpWA1Tqu4kEUN4rhaLnJzB/KUx+UzfgumBgrsAss\n2/XcT2l5vZSwmvVbpj1Op8SJhqfB0A3/h6sfq1pxzyDBA7OvsJekdTDwLl2QZtHS\nbKteh4iog5CRSAlbrwt65krh84RJyEU238kzeg1C7JMj799/6paXyWqOZPZaktew\namzFksVdZLSosMFKRmraBPJkTYqyjzy3U3OsXSz63NnHAbIyWJg7MzTLDHHoMSus\nXFXQXXrEnHZYg+1oynTTa0KOD9gEaz0ResHxMokZL0D6Y5FFtM3F4Y5Usvm/ZkM3\no7R8Mh7yKODBPwAO4RXAQQOqWsT+MqAhNHtjZCzIE+mtcY9v3VcUENs7ZDmC6/Cw\n7zl4NxiHOw0874q3DoZtyCVVN7iMnhg3ZXRYOBzaLeUZQP8y5Ex2gjE3nJ3sAy/H\nYdTmJYg7G9Gz4Ffced32hNRD+44XrKXlZBkCKpFGwWHJrjQJS5imrIGdFGvC1GgB\nCQIQfn/f746as53METJMSWUlxADRft5dqrMqqaaqDNAVR5W/Qmsa0fwAUQf76Qxa\nz1++MconWYhB9No/cWM1GspEDOShz3scZ/wth7MmOcBPnscIcsMTt1A0AM+h2hF8\nPOECHUyMzw==\n=SmBP\n-----END PGP MESSAGE-----", + "fp": "0C982F87B7AFBA0F504F90A2629E741947C87928" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.8.1" + } +} \ No newline at end of file diff --git a/hosts/hydra-1/secrets/nix-cache-key.age b/hosts/hydra-1/secrets/nix-cache-key.age deleted file mode 100644 index e017fbc..0000000 --- a/hosts/hydra-1/secrets/nix-cache-key.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w XAZWRRep4zdbZFwRvWGa9yyLe44TlOGIMwtLo/WZXyw -G8Rv8Oqbvx5qYr8ZrQlmIyhYqUG6aJArfhMoqu4U/Uc --> ssh-ed25519 UgSomQ sP6Z3WzhBXDaDfsSNHY7p/vV20/eytII2VhO6+vUAhE -q6+FH+k04jG0417KvY8cHnNeb8hEzEtxX+hLmKWqvdk --> *A>\V=-grease -wpRswQ45ywiN+jit7kj5p0s2a+WloUueeu5E+Nn41WOMNQLJ3RaJqxRk ---- TVK8uHcE2tn7qfDF2oAGb24N6a670Fc+QVU7agmJYNo -_ a -'ӳAbS X2$\Mž#6wPɅ'GK&|7PՌ-v_Sb&^Yұb(K9o߉{CmF0wƣ- 9<5 L̥ \ No newline at end of file diff --git a/hosts/hydra-1/secrets/wg-monitoring.age b/hosts/hydra-1/secrets/wg-monitoring.age deleted file mode 100644 index d25c7b5..0000000 --- a/hosts/hydra-1/secrets/wg-monitoring.age +++ /dev/null @@ -1,12 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 HwR33w iq9GCoMvjYmB36sb3ObwjSO2eL/wyyxTsIbJ8lye1zE -6PcXowhq3ADvC94MQ0BuFeyiCxmxWwwgEjve2fP3uRc --> ssh-ed25519 UgSomQ OtaRJDru8abGAMKcmcF0YHPDMnilqZAk9LULZ3eVd3I -3vzkjiqpOz1rIODQdO1QTs7j8JW+f7/9hrlBvb48z+M --> zXcO;;.{-grease -w1zwccIRbNRBbiXF5p6fVAS1Fm8OUJdq105gfEaGNUgEKSzUzGRlron5JemsebJt -6rLBebjmtxrgLOMvPMbtpX1hQJOrWV6yVJkBOuqlRtVdFPNMrIEWXc5v+VXR8Ccx -XMs ---- v41dXOCQtZwpIdKXoQSB1oblr17HunSpwoRnfPtKkS4 -M%<Ԅ[_W!s -.Ho0w6t?'zo Иh \ No newline at end of file