about summary refs log tree commit diff
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2022-02-12 23:50:27 +0900
committersefidel <contact@sefidel.net>2022-02-12 23:50:27 +0900
commit71df3adebb2662d9295ee44bec2804d10921ac37 (patch)
tree5165dd6059bb5f5c3dd6e105849a1f45cf46caf8
parentd2dd5d1287e0f2630e1407ecb09b13413f4e2d93 (diff)
downloadnixrc-71df3adebb2662d9295ee44bec2804d10921ac37.tar.gz
nixrc-71df3adebb2662d9295ee44bec2804d10921ac37.zip
feat(nixos/alpha): pgp -> age
-rw-r--r--nixos/.sops.yaml5
-rw-r--r--nixos/alpha/secrets/secrets.yaml67
2 files changed, 35 insertions, 37 deletions
diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml
index 6b89a0c..0d15882 100644
--- a/nixos/.sops.yaml
+++ b/nixos/.sops.yaml
@@ -1,9 +1,10 @@
 keys:
   - &user_zach 346833414516C852FFB238E19F734565641C2F14
-  - &host_alpha 39513104f6c28be21b21a437ee6e9d915470eba4
+  - &host_alpha age1ndc6vascfywmk5d3ptyeps92dyc9d9qsxmezn6t4wv56jjzysucqu8ldfn
 creation_rules:
   - path_regex: alpha/secrets/[^/]+\.yaml$
     key_groups:
       - pgp:
-        - *host_alpha
         - *user_zach
+      - age:
+        - *host_alpha
diff --git a/nixos/alpha/secrets/secrets.yaml b/nixos/alpha/secrets/secrets.yaml
index 17e7a2d..bfceeb2 100644
--- a/nixos/alpha/secrets/secrets.yaml
+++ b/nixos/alpha/secrets/secrets.yaml
@@ -1,43 +1,40 @@
-spotify-password: ENC[AES256_GCM,data:tWOoEQk2oQT2s8pdRA4TAUtT8P5RSclZoQ==,iv:sgXUI3i72/QD2oIe0rtgO595PkfqL+EVAjtsuWjkFe8=,tag:MbiqIAiF3kEhZDXUCFg9aA==,type:str]
+spotify-password: ENC[AES256_GCM,data:Ch5t1CRgEl5YzXjUQDKB0T5bCCtwcaxuxg==,iv:syNOAub1gZ0Tlh5rGvCgX6eXL071e2x+PM8KcouziLs=,tag:7fCCSwABsP9L4iZ8UFQOKA==,type:str]
 sops:
+    shamir_threshold: 2
+    key_groups:
+        - pgp:
+            - created_at: "2022-02-12T14:44:47Z"
+              enc: |
+                -----BEGIN PGP MESSAGE-----
+
+                hF4Dod9S80wXQ00SAQdAQ2yYl36GKa+uN+GdzKB3NGkdfP80/chaJSZNxiqIHSkw
+                jGKIvFroAcbuvWv0wKzrRcG8LXNSAzVLLxa1aJeohPYjLet+6cuyFaLXyZbGTL3V
+                0l8BRlabGME2HoGl3fl/LjDEeMBXVEcykMkMUX2REnpkBxK5Ks61kAhLeim0Sk+N
+                XWt9ajduAZH9Ryy8ikg7Og6ZDYVv/MsqNLMIlWpdiuEynqo3/q3vpzDv9VSsBOKQ
+                bg==
+                =fPaH
+                -----END PGP MESSAGE-----
+              fp: 346833414516C852FFB238E19F734565641C2F14
+          hc_vault: []
+          age: []
+        - hc_vault: []
+          age:
+            - recipient: age1ndc6vascfywmk5d3ptyeps92dyc9d9qsxmezn6t4wv56jjzysucqu8ldfn
+              enc: |
+                -----BEGIN AGE ENCRYPTED FILE-----
+                YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwczFhSjRJOWxobGVLcVhE
+                VlI3OG9LWkdpN0FvVjdwdHdLeERZM0hsWEg4CjBGdnZiNE1PSHNWT3B4V29kKyt6
+                dDloZ0xmK0JXaWdDQTNjWW5JY295aEkKLS0tIHFDcy85NjJNNzRwS3NkaUxNVE5T
+                bW9MeXhHdHpXdWVFMlZjemJ3OG8zalUKbtZdiWCR+epsaXK2BXc5pgR3IgGQ8+SR
+                J6IuZt73d2XhFJ7eq50EdANcuivYhFgjDnwPrZhOw2Qwn+TTVONGBHY=
+                -----END AGE ENCRYPTED FILE-----
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-02-12T09:11:12Z"
-    mac: ENC[AES256_GCM,data:DcbZnvlX2fytF4EKoBSE2WPApcrPiGQvzOzILrRPoSf+kCVrL2W1+KgITma0lh9/Ja7An2SRnDmsmeGddZIPOih2VShMAexQu6jh0YvWsJ+0MF91rSG7ZeHRYiLdPv/Y/ovodibUlxolewtJTmB6pR+/hm+wLt2ns7gLP9LzqO4=,iv:hGgfEo3QxmBUFNRHG3So1uUT/2TI6v5W8aVnxBVyPZ0=,tag:aoyklCavONqvYJdPA+HO3g==,type:str]
-    pgp:
-        - created_at: "2022-02-12T09:11:01Z"
-          enc: |
-            -----BEGIN PGP MESSAGE-----
-
-            hQIMA+5unZFUcOukAQ//V4BWqpo8VN8kd+8wb/7p+hcODgdfS84MgmVcS5kXtTgg
-            GlF1S2Y8sZNYeaoR+QmWj9+AnXOuS5Lzc8HZgeE8LlgfMSsE+7lQOMKVvRHkOchY
-            bvCx9LRmJr1L7jnxkaq/BU8vC+ztIz0Xl1UePMoqz4GpuyiX2ObMEaH8IW8DuQJv
-            vR22j5P/0Zw/UihwaCS+nkXZntFfDYmdvOTwXkyfuZE06kHbqxDEbuOkjsS/jegg
-            OUciGa0BC+B0CvqNA1p5SIOLlAi5QwGOHbv9IOXeF4laUMV57O3QnxXNZ1CPmBVJ
-            N/MDFc1ZVxL/jix4P5NPpDb786f++KjmTApHJXYvbm+JMMyl3QDopjLFJ7sMTXB3
-            1/eO3euxkkbLRkdySw834gSeazfS9KlBONXs250NBrmEttPMU1e2KuOhzwwFXPpS
-            FwT76e0w+UqhS1NL969+LzWaI8PsnBHgl2VYIGU5KoyUMZjwgtlriD9Kw1J6N4dL
-            N6G5jOvJq8S+sHb8IXKVXDvY/apehQ4btgnxiuNtndWf8qWRmDaFt+OGVKKwbplS
-            Q8/2K70J27SnwqyLQtRw7pmGwzIo5TQ2cT2o0Us1J4Pexc6/1ulrnMqRBseACddI
-            0BBG3MF1erxRg180SwjZpU8DeWS2FxI1i0hBu/pA9sua/4Ij26lVs8H2moWv3RLS
-            VgG167RUeqXMqdXlMY9YP6qxQylXO0V2g34nzT4tIXhxRZ27PWqOgpEhboO/Hu5z
-            fnTsX9fr1tJUYSSrvrZtBBhbfvY+Zfs6BUsabqprVzQ1MShtSP6b
-            =eyfG
-            -----END PGP MESSAGE-----
-          fp: 39513104f6c28be21b21a437ee6e9d915470eba4
-        - created_at: "2022-02-12T09:11:01Z"
-          enc: |
-            -----BEGIN PGP MESSAGE-----
-
-            hF4Dod9S80wXQ00SAQdApdVK41an40JF07p4gDcSvpYnjRmZQTXF1drUqP5A1XIw
-            5nxHskuJ+voJeSi/HLJRY/9xURyaOawt0Nd6VLrf8oA8qmzYCiYvl+lrHR2T8lzX
-            0lwBTZtzmsDw8fYALzLaRUchwEXOOj05DMpo9zxu5VHkSPftqX8mhLqUPv/FbjC3
-            DO/SoZmwuGj12qaOSJu2fq0hvqM9MXs2rjDsd+5C6/EWiKM+87siRqBXaBRPWQ==
-            =/ycG
-            -----END PGP MESSAGE-----
-          fp: 346833414516C852FFB238E19F734565641C2F14
+    lastmodified: "2022-02-12T14:45:00Z"
+    mac: ENC[AES256_GCM,data:fgd0ZRv8IDEhWhUQcMH3GBkkKk+r9kr2LKihOmVslNSTsJ4L5+g5wJaBtAe/5FNq/TYOwyzPZRW4HLPcFTq7ZLPPD1DtdjXkHtsoPi9i53Y6WJ/6aZsH29w/F84ULWZTQVf3oJNx87vZ04rS5ADN9ndS9lu8cLyYkM3kyajNrhY=,iv:As7/YWXRvK9WXI5cbYCPUnTalodzHC3ZzkBMdPKljVw=,tag:lXCwPJy5EjovgenslaAlfw==,type:str]
+    pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.1