From b0c90b357d008071c14ebf1c6e6429c0e437c9ad Mon Sep 17 00:00:00 2001 From: sefidel Date: Mon, 20 Feb 2023 20:39:24 +0900 Subject: feat: use age for sops --- nixos/.sops.yaml | 11 ++++---- nixos/alpha/secrets/secrets.yaml | 57 +++++++++++++++----------------------- nixos/kompakt/secrets/secrets.yaml | 57 +++++++++++++++----------------------- 3 files changed, 50 insertions(+), 75 deletions(-) (limited to 'nixos') diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml index 9e31314..9c5ea30 100644 --- a/nixos/.sops.yaml +++ b/nixos/.sops.yaml @@ -1,15 +1,16 @@ keys: - - &sefidel 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2 - - &host_alpha c8f082e7e8b1554f11bdf1f794ade1df5e8f83f1 - - &host_kompakt e6a9ee28ea91e2dbf24d817d0c5936391be59DC0 + - &sefidel age1jt8xg0lvzj5q4f7fn7nw670qsszm3kv3caa654eh62azra4x44zss4fad8 + - &sefidel_pgp 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2 + - &host_alpha age100jkyvgl8hqkapw3s4s4uu8jjgfkjn8kyl769x8u4x6tddk6rezshtf6gr + - &host_kompakt age180yj8dn9jhjzj9c0y6qr5fa76g0ls3p772dvn60nu67wveqv8pvsahvur6 creation_rules: - path_regex: alpha/secrets/[^/]+\.yaml$ key_groups: - - pgp: + - age: - *sefidel - *host_alpha - path_regex: kompakt/secrets/[^/]+\.yaml$ key_groups: - - pgp: + - age: - *sefidel - *host_kompakt diff --git a/nixos/alpha/secrets/secrets.yaml b/nixos/alpha/secrets/secrets.yaml index 5e9b0d3..020c060 100644 --- a/nixos/alpha/secrets/secrets.yaml +++ b/nixos/alpha/secrets/secrets.yaml @@ -1,44 +1,31 @@ -root-password: ENC[AES256_GCM,data:Oks5E9t0XAdWysG8aNazmJjhncyrTm+Chbo/nQpVS+ffsTFVj1bzj5nb6TrVwGFqRv4xtr0hEyQUFDUGEptJoxG0e3tbfY9pwQ==,iv:RrWtjGW/sJpGuSRxWEDD5KnCp3VIRJeNfpDOyf3ezd0=,tag:WmKF4ncrHOc/wLhdXjK4JQ==,type:str] -sefidel-password: ENC[AES256_GCM,data:W5q+642ogGNseHJSctNqaK25frTuo0lOIYTdxo9t0+PyzC/jBsph7VlOOmJIjovDyNCFwpYuOR8hMyg/wjXO3wZk3BmQIW+1vuaddA874BHWiOFIEaP2jnYNgP0HiBWrjsMHSCxo30Ycng==,iv:RLvT6zWyogZJNpQifTL/8MYAiReYyhqTe6+rMZBoaEE=,tag:87qGzrOeQ8ZDwH//vL1LjA==,type:str] +root-password: ENC[AES256_GCM,data:4EgEuEEL2BGj1wDRdK16WY72xKjwAqqWBZzKMn84WdkjRpGaTV+3BGgGhPimdUCl0LkdD74EzyW+ABAJ9TLp1Wt8b5ZFT3l89A==,iv:7iHixJi85lOQJU8svPEYe122K1jOyJVJovqgReJn428=,tag:BLTaHH7FSDTfVewW17kMBQ==,type:str] +sefidel-password: ENC[AES256_GCM,data:RAlIJ31NPPvD5Pz4k1ren1fVdMWI86z9OFSAj7I4wCSeEBU4TZJ/EvJQr0cAyX6i8oIzSoJ8S6VvKmIdqZe5A+s1a4FU63/3UzgrDRKx1zUHTctrDRA7YNYxl9EDxAD0nOAd4kLArVRtTA==,iv:g6YgymUNjZ/dPZKrPesNalAuhXLbmhGZGbjlmlBg+VQ=,tag:e+hHJX1/+f5ye4EAZEkeCw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] - age: [] - lastmodified: "2023-02-16T02:32:53Z" - mac: ENC[AES256_GCM,data:MwT7Lt7J4hqZbY64tHXypZQDShfAW2Zqg9khNosh8gQVKeQaqHfOGnfINH1W5dtRpyLvQON5xyHuGsH6dERuC92257E0Es0vbbqslYT17Nw/kOD6Uq0HPTWa96sQ4K7LNWljVZpzOGLYQMEJt73tCHY8ge0UL1GYekDNMAdVQXc=,iv:T6+SwarPAEQFeJcKmH5aogTdRM3YdxCgi8Oq8b4ZCac=,tag:JR9sx7LZoNeSm3BxpNUnmg==,type:str] - pgp: - - created_at: "2023-02-16T02:29:39Z" + age: + - recipient: age1jt8xg0lvzj5q4f7fn7nw670qsszm3kv3caa654eh62azra4x44zss4fad8 enc: | - -----BEGIN PGP MESSAGE----- - - hF4Dr9flwPWa1q8SAQdAI/6Vf2s+nzzaxwa0sWIBK61oIy7kNJUWxfzXMCqEbiww - 3WYfihpq4CSClukTKYhBnMA/Pawmdidn8agXtAXqNbZUc11Iyl9XJDy8x0GxMtF1 - 0lwBjQg77xhUo+0IBb1XLKXfHQVYbs5JBasaZ0P3AgMUw+aUCFpnsSc2mkUmtzBg - 9GqRwgPqEC3hGNtMHVADaZrNRRF7t8ZFS0VozYReOyboYWAkt8hz9P1NJfqIpw== - =59ZL - -----END PGP MESSAGE----- - fp: 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2 - - created_at: "2023-02-16T02:29:39Z" + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmYllCKzZBaVNwOTBRbm0x + Ni9hMTJCZ3kydThsZmlxa2drOGwrZVhBVkIwCnV5eDZobE9zMy9xRjNId3NsRFRR + SmtTNm5ZaGZRRXRLczlJdjNmWDRXMzQKLS0tIDZlblFENENwa3hXVnZJSGtNNE9m + QzlUV21aeGx5bTlaSDA3MWY3T2VicjAKpQlU66hPMEk7Alp3ByqURXzrYxMwwA8y + 1HIbch3PFkR5fTQ8TwTVSOxRYmi3oyHB3OEGytWZZ7eU85GSMFOBsA== + -----END AGE ENCRYPTED FILE----- + - recipient: age100jkyvgl8hqkapw3s4s4uu8jjgfkjn8kyl769x8u4x6tddk6rezshtf6gr enc: | - -----BEGIN PGP MESSAGE----- - - hQIMA5St4d9ej4PxAQ//adx3JKnElng16kbl30e67y3HCHg4jHOHCU8ilmyAP5iT - UFSVO2SVVP3hny3WwqEPJvnkn2d8KeRklPSkhVgXDKU4kthw6rW8uYN991y9NUAa - n8d8lZlFz35OwmPmEhRoxdxC/JTj/8iM6N+heL4x6v4VjKOFnBQFY5QTvr0VmsKB - wM/pRjiK5KEmpoNd4G3NFJf9od//R5NXS9fFwnudUQXN2vdshJXsSjN69RpdA4vV - aL2D0NmufbTx3enaFQ6PwFm3vNs7iUoRNZ7P2diJkxjoVWiGHcepvYjhJTnjjMSA - 3Vd4ypWvrfYjorJpWiwQMzmgPl6HDpRVZ7dFp0peIJ6gkrOaZTYVq9fMdYmh7tp6 - ktqPzTAuEF0+13fDXK0fNrz/+Adb0NqWTRssmK+gleMVOjjsHWEmiMIyoSrPNB8U - DKPVC92AvShLVpP1HX8UiuXWyr87F6BREqmQbk4+N5QCm6bEQ+eS0ZL4N4wmK/B1 - z/ee4CTiKZ4C4oUVfUUcSbH7aYfPFAyavKdtDx9tsyqvQYPDxOBtBb0EXcK3epOc - GaNDwfLirzlCd7/tv9/5IUf4aW6ghk2BWM7y2DfaCPzqOZVXBly/tiQR81mBZwYe - jGTjywLnrQrYGD1IT5TTpMFDtoB3wbioa4QR4sw0F7SygVsqtvfXZdXpm6qaaznS - VgHA5e9mYojB69TPa4z7UDhmIqATgEQ1Pig4GIVpDFGndHW4bCfVW6VWo3sLgpQs - YcG8Stk1/SrqLcnLYZCsEw7VdLD+y8qWQcWM5jO7pXLd5fx0xC6B - =uYfX - -----END PGP MESSAGE----- - fp: c8f082e7e8b1554f11bdf1f794ade1df5e8f83f1 + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxTmEraC9kK3VJV25UR0ht + bXArM1BzVUtyN0dKQmZwYUdhUlFXOUVMQWxrCkdxcjdySUNBWjJ4a2FrRTExdE9J + aE5pTnY5bGtqdXlBRktUQUJ2Ryt2cGcKLS0tIFB6SUxmS0c3VUJiTGNSR3lOZEhy + Qkt1Y2RIWmcwMW91VTVxeEVrUDR4MHcKNzDtHEEa8McCXgADwXRNNnwllOB+MZvR + oDMuo1zZnKT0DzTxumd8DSgHK28PKNFOsWtxdunWF7lm30gZsFxQFQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-20T07:25:46Z" + mac: ENC[AES256_GCM,data:bhzvZsSnOeXw56intd55UYhO57fzkPRlJPUj7clw7h4VovxT/NIi6iTKry27to3DflR2JVgQ8s2g5YNllippYPBXnnCKC190oEDeaCsw5lcH4HU//obgVHsmYaLmJIJZmvJ+dIAYIoonG2/ZezKYDvSC7bdsYZLGpaq4uCZGIWI=,iv:lrhejHDeOZIirsA28WnN2Kcfy26wuLHP+feTdzt+0PM=,tag:RMr5Vyg5MqF02UTwdez9Mw==,type:str] + pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/nixos/kompakt/secrets/secrets.yaml b/nixos/kompakt/secrets/secrets.yaml index b819391..f9d53ff 100644 --- a/nixos/kompakt/secrets/secrets.yaml +++ b/nixos/kompakt/secrets/secrets.yaml @@ -1,44 +1,31 @@ -root-password: ENC[AES256_GCM,data:5te9t+Sa5U2PKilFiMCnrTVgAJsjikkXxBzknpdkjntegdT7AoHuIsVpM/kQJzgfsgnd3bdf+Vzu+8xA6xS0DtpRt2jIhZk+mQ==,iv:ZcTkmodTXHbKUJ+Y9KX3q01Ni9cU7LFJXLoIzEje9Pk=,tag:ESjorSUe+wKInYvFUoMlsg==,type:str] -sefidel-password: ENC[AES256_GCM,data:txMBDsKRvvVyXGkXPzFHi+Y0aeSBnS83tq1xMEXcY+24+oWHa0cNXsL9A0vbbZEFW6C4pedCKoV+8VuG87PUNBYM+xZqvvSP6g==,iv:0AFa+09kEsbINeoaH4QMMID+jykzyU5PWqhKfiXhrrc=,tag:8wWXBdZh2eDVulcEE2TaCQ==,type:str] +root-password: ENC[AES256_GCM,data:YQnUoTGpz0JC1Ck3pPTkbHavcSAZJxVD9xvKYXQRmfIS27B9yz0TmLv0ozweb7qsvRAgO0m3tCO9rfIh+5qO3kGMG0h5OhP7dw==,iv:hFTEFEsOubYaWEu58xusBtT5c9K5sAcezKfVkCrtvrE=,tag:GZA6AVsFIdWjaGZe1c5aJQ==,type:str] +sefidel-password: ENC[AES256_GCM,data:jphYVr3Wg8+1llflee0Hb2f2V6bgwq+uAoZ+ZTCHxh95vHRHGBSUYDDnMZdJr63hr9Kc+t/ZYRJpwmmxAbZqrFJAjCzuSrBqlKFY0AGRVhIvFg/jeZbocea+8T+Flpp/yQ5rMtJWIE5NSg==,iv:+3UCC8tCXVyyLmHDuxTTJpB6ufZoZUNvBwHb70S5iYc=,tag:44OdW9OFv9hibABsB4w6cw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] - age: [] - lastmodified: "2023-02-14T16:45:38Z" - mac: ENC[AES256_GCM,data:VIRMrvlfYGxGeZQ5OWVEYb7ugbDKShFVyOsipaG/4eF2FG0BJyummdLVplbgygbX61rBVsPCzsMGGcT2oOn44KgO6WSYbh3nrWf9dIdCjrBoXc1MTVAnNvCBd4qdeCLGb0r3HAzSCjL1kVaakJOW5dN9HB2W0YvZBe8SBhNHV28=,iv:DXeHA2ltreedVguZX6fABK/grXAeGiX1YK82Wi6A4CQ=,tag:kOV9QgQWqpGiZuRosqiZFw==,type:str] - pgp: - - created_at: "2023-02-14T16:45:28Z" + age: + - recipient: age1jt8xg0lvzj5q4f7fn7nw670qsszm3kv3caa654eh62azra4x44zss4fad8 enc: | - -----BEGIN PGP MESSAGE----- - - hF4Dr9flwPWa1q8SAQdAyiUgV18oKBdRvAS+P9nMyGZXqfwRohBtzTyRdAfiFlQw - l/3M7zVzHoWbGD3Shm5+cEWGMDjBvzl5PmMP05epBNCoVlslvBll9Cbbq2QuoPjl - 0l4BeDabn+XxFQHOY7jHNPG710ZxeFc+EyhpnePDkKLQxZTl3izcJqXbwkrGZaDT - vA00Mm9VAMJ3lvwRQmrRzmyHpH4QihW+Y29kuXPTMnm0PUEgl7s5ChBhZn6N7vRp - =4Bjf - -----END PGP MESSAGE----- - fp: 387E2BF0402610B00A9CB7E689C80C5BD6DBE2B2 - - created_at: "2023-02-14T16:45:28Z" + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1UkJnR2czcm90MHBoUUtE + Zi94UFJvRUlhbjhZMStUWlhUVzlXTE5MSkRvCjZOck9kWTBKMHhUai9kbklGVUF1 + RTNESGZyZFVucGlDM2cxbUVPS0w5cjQKLS0tIGhDeFN2KzkzZTVmWHBVTFhScHBR + czFyOHArSHNpaGN2R1p5aDJjd2JEOWsKThjzyM88xKZPrMjLOzrS7q2GQzS9+Xl/ + df1X1guIS3i7fwjc9DuvaDlnuz3QpIwOQ1/1M8NR/gjBfYRJ+0pLcw== + -----END AGE ENCRYPTED FILE----- + - recipient: age180yj8dn9jhjzj9c0y6qr5fa76g0ls3p772dvn60nu67wveqv8pvsahvur6 enc: | - -----BEGIN PGP MESSAGE----- - - hQIMAwxZNjkb5Z3AAQ/+KGRrC1Cg57a0dOnsIqgmtS9lzROEYBsRfiIkOxTtq46k - jqPB3FTLTbOEfuh1K+ZNbs3M08+eZfH1uTZqxw1Vec39tPq9W88z4ucwSsa6v6B/ - li0GaOXw3r3t2qVtmtq5/57ijPlhbBP7scM6iGHeFMR0kdZrQpcxOOzV7QgGKpss - FwF2Z0Jgl19vBl4a+sbAtgjktCyGzu4UmSAzQSEfYaYLIcpPjC19gb8fEgw0s1RP - k0MCgApFUg/k3IrHbGhuu02RZcd+/XQqy1qo7WLeaoHbIsbnjCIFsbR90so0dwvT - 9jDdStP12pmNMg0zBmir8N24audnYmTU5OENpl7l7TcEKLu8QrqVyNGUyugtDhUw - CUczYBbV/OCOTxGQnGwaOK9q8mVvjHk7RgJplawKNwxuhyDddZ/yep6q1/CxL4G2 - u+0KGxZjchUbJpakIpn7RO29Kv0ZqreSp18pD15a9sxQt+66w9V8PjX7qxbZINCD - WXpwcBNmZYbTa2JiVNF8KwGkwGvegBkf9MmxF9eprjeBm1ViyT0gH+8Ap2tvyHxl - GYyoX43xh/cef408ZK0UW70/SAvZE9cP0QaZbv6cCKjmQ4B5K8nWxMnMSdyr7ceW - /OJqJ8wfh/+xioAVtrj3pOWh4WHJp9VCZQjHMjc0XR2aYXSkHFtnt6qPMUl77ZDS - WAEiNt4dwmcw3Djz4zYY9mmnL/lLyqAWzWsXWs+iiFA0kDEJY2K0MYHwyhXyIZep - fuHohenWI27g9ZrfRsH8BIP/5AFdYTQiZZEbgNaL0lrauOo0rP1BMbE= - =v6C0 - -----END PGP MESSAGE----- - fp: e6a9ee28ea91e2dbf24d817d0c5936391be59DC0 + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHNlVqOGFYUEl2TVR5dlBp + aVRUSjhjYXBVVFVZaTlWN0hiblVvSXhMWFV3Ci9haDA1V0w1MjYwSThyU25ia3NJ + L1htVTZnUGRPakQyQUVxbzJYWmxvblEKLS0tIGFOSTZ3cmI0NnBxdzl3N2dvUW92 + bjJCVUJDMm50V3pwaU1zQkUwRXdpdjAK39fVzMaVj7WRv7CcrTTrWyaSqohVZ59Z + coo75mzw8ImC8Evk1ZqkOAjmN4FbXrsWnpF+pLp17fsqbINkQM3QvA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-02-20T07:26:03Z" + mac: ENC[AES256_GCM,data:xH89h6MC0LNk8RkxDGrp0m92PZcjBWI0itMCS1OoHKEo+pRNYVVlQT4sqKyY5SWs1UAKKhF/Ks7jHNtAHFvo7gxw56mziYXhtnOTV3uzxLkVmhOH1qkma+4eztwVdLzBny9v9MtqCWdVdEPnCgeJfM3lLCEuT/Rif/b3wdnLcwQ=,iv:7K+xpkjUtxCEhplksrxl73GbMtzQM6YIFdGJQELGUOQ=,tag:UoTyR1rlEEMsg0/SCclfUg==,type:str] + pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 -- cgit 1.4.1