diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..8499766 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,61 @@ +keys: + - &chunk age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + - &yt age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 +creation_rules: + - path_regex: secrets/de3911/yt.yaml + key_groups: + - age: + - *yt + - path_regex: secrets/de3911/chunk.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/services/ntfy.yaml + key_groups: + - age: + - *chunk + - *yt + - path_regex: secrets/restic/yt.yaml + key_groups: + - age: + - *yt + - path_regex: secrets/borg/yt.yaml + key_groups: + - age: + - *yt + - path_regex: secrets/borg/chunk.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/wireguard/yt.yaml + key_groups: + - age: + - *yt + - path_regex: secrets/wireguard/chunk.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/services/caddy.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/services/hedgedoc.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/services/miniflux.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/services/gitlab.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/services/vaultwarden.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/rclone/chunk.yaml + key_groups: + - age: + - *chunk diff --git a/hosts/chunk/borg.nix b/hosts/chunk/borg.nix index e06d83e..6e2110b 100644 --- a/hosts/chunk/borg.nix +++ b/hosts/chunk/borg.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + config, + ... +}: { services.borgbackup.jobs = { crashRsync = { paths = ["/root" "/home" "/var/backup" "/var/lib" "/var/log" "/opt" "/etc" "/vw-data"]; @@ -6,7 +10,7 @@ repo = "de3911@de3911.rsync.net:borg/crash"; encryption = { mode = "repokey-blake2"; - passCommand = "cat /run/secrets/borg/crash"; + passCommand = "cat ${config.sops.secrets."borg/rsyncnet".path}"; }; environment = { BORG_RSH = "ssh -i /home/yt/.ssh/id_ed25519"; @@ -18,7 +22,7 @@ # warnings are often not that serious failOnWarnings = false; postHook = '' - ${pkgs.curl}/bin/curl -u $(cat /run/secrets/ntfy) -d "chunk: backup completed with exit code: $exitStatus + ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "chunk: backup completed with exit code: $exitStatus $(journalctl -u borgbackup-job-crashRsync.service|tail -n 5)" \ https://ntfy.cything.io/chunk ''; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 95fbf9d..94d384a 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - inputs, ... }: { imports = [ @@ -24,38 +23,57 @@ ./tor.nix ]; - sops.defaultSopsFile = ./secrets.yaml; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.secrets = { - "borg/crash" = {}; - "ntfy" = {}; - "rclone" = {}; - "vaultwarden" = {}; - "caddy" = {}; - "hedgedoc" = {}; - "wireguard/private" = {}; - "wireguard/psk" = {}; - "wireguard/pskphone" = {}; - "miniflux" = {}; + "borg/rsyncnet" = { + sopsFile = ../../secrets/borg/chunk.yaml; + }; + "services/ntfy" = { + sopsFile = ../../secrets/services/ntfy.yaml; + }; + "rclone/env" = { + sopsFile = ../../secrets/rclone/chunk.yaml; + }; + "vaultwarden/env" = { + sopsFile = ../../secrets/services/vaultwarden.yaml; + }; + "caddy/env" = { + sopsFile = ../../secrets/services/caddy.yaml; + }; + "hedgedoc/env" = { + sopsFile = ../../secrets/services/hedgedoc.yaml; + }; + "wireguard/private" = { + sopsFile = ../../secrets/wireguard/chunk.yaml; + }; + "wireguard/psk-yt" = { + sopsFile = ../../secrets/wireguard/chunk.yaml; + }; + "wireguard/psk-phone" = { + sopsFile = ../../secrets/wireguard/chunk.yaml; + }; + "miniflux/env" = { + sopsFile = ../../secrets/services/miniflux.yaml; + }; "gitlab/root" = { + sopsFile = ../../secrets/services/gitlab.yaml; owner = config.users.users.git.name; - group = config.users.users.git.group; }; "gitlab/secret" = { + sopsFile = ../../secrets/services/gitlab.yaml; owner = config.users.users.git.name; - group = config.users.users.git.group; }; "gitlab/jws" = { + sopsFile = ../../secrets/services/gitlab.yaml; owner = config.users.users.git.name; - group = config.users.users.git.group; }; "gitlab/db" = { + sopsFile = ../../secrets/services/gitlab.yaml; owner = config.users.users.git.name; - group = config.users.users.git.group; }; "gitlab/otp" = { + sopsFile = ../../secrets/services/gitlab.yaml; owner = config.users.users.git.name; - group = config.users.users.git.group; }; }; @@ -148,7 +166,7 @@ services.caddy = { enable = true; configFile = ./Caddyfile; - environmentFile = "/run/secrets/caddy"; + environmentFile = config.sops.secrets."caddy/env".path; logFormat = lib.mkForce "level INFO"; }; diff --git a/hosts/chunk/gitlab.nix b/hosts/chunk/gitlab.nix index 7ce1425..9a4b7a6 100644 --- a/hosts/chunk/gitlab.nix +++ b/hosts/chunk/gitlab.nix @@ -1,4 +1,4 @@ -{...}: { +{config, ...}: { services.gitlab = { enable = true; https = true; @@ -10,12 +10,12 @@ sidekiq.concurrency = 10; databaseUsername = "git"; # needs to be same as user initialRootEmail = "hi@cything.io"; - initialRootPasswordFile = "/run/secrets/gitlab/root"; + initialRootPasswordFile = config.sops.secrets."gitlab/root".path; secrets = { - secretFile = "/run/secrets/gitlab/secret"; - otpFile = "/run/secrets/gitlab/otp"; - jwsFile = "/run/secrets/gitlab/jws"; - dbFile = "/run/secrets/gitlab/db"; + secretFile = config.sops.secrets."gitlab/secret".path; + otpFile = config.sops.secrets."gitlab/otp".path; + jwsFile = config.sops.secrets."gitlab/jws".path; + dbFile = config.sops.secrets."gitlab/db".path; }; }; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 6aed82b..001bf37 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -1,7 +1,7 @@ -{...}: { +{config, ...}: { services.hedgedoc = { enable = true; - environmentFile = "/run/secrets/hedgedoc"; + environmentFile = config.sops.secrets."hedgedoc/env".path; settings = { db = { username = "hedgedoc"; diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index fff4967..b6f2d59 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -1,7 +1,7 @@ -{...}: { +{config, ...}: { services.miniflux = { enable = true; - adminCredentialsFile = "/run/secrets/miniflux"; + adminCredentialsFile = config.sops.secrets."miniflux/env".path; config = { PORT = 8080; BASE_URL = "https://rss.cything.io"; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 0e4e84d..f70bc83 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + config, + ... +}: { systemd.services.immich-mount = { enable = true; description = "Mount the immich data remote"; @@ -10,7 +14,7 @@ ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --transfers=32 --dir-cache-time 720h --poll-interval 0 --vfs-cache-mode writes photos: /mnt/photos "; ExecStop = "/bin/fusermount -u /mnt/photos"; - EnvironmentFile = "/run/secrets/rclone"; + EnvironmentFile = config.sops.secrets."rclone/env".path; }; }; @@ -24,7 +28,7 @@ Type = "notify"; ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --uid 33 --gid 0 --allow-other --file-perms 0770 --dir-perms 0770 --transfers=32 rsyncnet:nextcloud /mnt/nextcloud"; ExecStop = "/bin/fusermount -u /mnt/nextcloud"; - EnvironmentFile = "/run/secrets/rclone"; + EnvironmentFile = config.sops.secrets."rclone/env".path; }; }; programs.fuse.userAllowOther = true; diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index 581ca88..af2acce 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -1,8 +1,8 @@ -{...}: { +{config, ...}: { services.vaultwarden = { enable = true; dbBackend = "postgresql"; - environmentFile = "/run/secrets/vaultwarden"; + environmentFile = config.sops.secrets."vaultwarden/env".path; config = { ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = "8081"; diff --git a/hosts/chunk/wireguard.nix b/hosts/chunk/wireguard.nix index cfb8f7c..37a0b00 100644 --- a/hosts/chunk/wireguard.nix +++ b/hosts/chunk/wireguard.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + config, + ... +}: { networking.nat = { enable = true; enableIPv6 = true; @@ -9,7 +13,7 @@ networking.wg-quick.interfaces.wg0 = { address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"]; listenPort = 51820; - privateKeyFile = "/run/secrets/wireguard/private"; + privateKeyFile = config.sops.secrets."wireguard/private".path; postUp = '' ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/iptables -A FORWARD -o wg0 -j ACCEPT @@ -30,12 +34,12 @@ { publicKey = "qUhWoTPVC7jJdDEJLYY92OeiwPkaf8I5pv5kkMcSW3g="; allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"]; - presharedKeyFile = "/run/secrets/wireguard/psk"; + presharedKeyFile = config.sops.secrets."wireguard/psk-yt".path; } { publicKey = "JIGi60wzLw717Cim1dSFoLCdJz5rePa5AIFfuisJI0k="; allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"]; - presharedKeyFile = "/run/secrets/wireguard/pskphone"; + presharedKeyFile = config.sops.secrets."wireguard/psk-phone".path; } ]; }; diff --git a/hosts/ytnix/.sops.yaml b/hosts/ytnix/.sops.yaml deleted file mode 100644 index 99be1e4..0000000 --- a/hosts/ytnix/.sops.yaml +++ /dev/null @@ -1,7 +0,0 @@ -keys: - - &primary age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 -creation_rules: - - path_regex: secrets.yaml$ - key_groups: - - age: - - *primary diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 72c495b..992c852 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -1,7 +1,4 @@ { - inputs, - outputs, - lib, config, pkgs, ... @@ -11,15 +8,20 @@ ../common.nix ]; - sops.defaultSopsFile = ./secrets.yaml; - sops.defaultSopsFormat = "yaml"; sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.secrets = { - "borg/yt" = {}; - "azure" = {}; - "ntfy" = {}; - "wireguard/private" = {}; - "wireguard/psk" = {}; + "borg/rsyncnet" = { + sopsFile = ../../secrets/borg/yt.yaml; + }; + "services/ntfy" = { + sopsFile = ../../secrets/services/ntfy.yaml; + }; + "wireguard/private" = { + sopsFile = ../../secrets/wireguard/yt.yaml; + }; + "wireguard/psk" = { + sopsFile = ../../secrets/wireguard/yt.yaml; + }; }; boot = { @@ -183,7 +185,7 @@ repo = "de3911@de3911.rsync.net:borg/yt"; encryption = { mode = "repokey-blake2"; - passCommand = "cat /run/secrets/borg/yt"; + passCommand = ''cat ${config.sops.secrets."borg/rsyncnet".path}''; }; environment = { BORG_RSH = "ssh -i /home/yt/.ssh/id_ed25519"; @@ -195,7 +197,7 @@ # warnings are often not that serious failOnWarnings = false; postHook = '' - ${pkgs.curl}/bin/curl -u $(cat /run/secrets/ntfy) -d "ytnixRsync: backup completed with exit code: $exitStatus + ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus $(journalctl -u borgbackup-job-ytnixRsync.service|tail -n 5)" \ https://ntfy.cything.io/chunk ''; @@ -284,14 +286,14 @@ # wireguard setup networking.wg-quick.interfaces.wg0 = { address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"]; - privateKeyFile = "/run/secrets/wireguard/private"; + privateKeyFile = config.sops.secrets."wireguard/private".path; peers = [ { publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0="; allowedIPs = ["0.0.0.0/0" "::/0"]; endpoint = "31.59.129.225:51820"; persistentKeepalive = 25; - presharedKeyFile = "/run/secrets/wireguard/psk"; + presharedKeyFile = config.sops.secrets."wireguard/psk".path; } ]; }; diff --git a/hosts/ytnix/secrets.yaml b/hosts/ytnix/secrets.yaml deleted file mode 100644 index 4b93538..0000000 --- a/hosts/ytnix/secrets.yaml +++ /dev/null @@ -1,29 +0,0 @@ -borg: - yt: ENC[AES256_GCM,data:CGcdcA9LnDDlTYJwsT25uY9h70yJtKhxgA==,iv:F25VTezkd4RQd7BZ3DD39hPiPj+Z3H01IgPhCGUQ5aM=,tag:mxLPXR/ffBXkByk1R1PYvQ==,type:str] -restic: - azure-yt: ENC[AES256_GCM,data:s8TJ5cNVW2Jr7kyul8mrBGwdLoTlNTb2MfpZgPU=,iv:sC0DbgFbFl6vvLqwOFDwRa3nabrIWxOTuz7GXn17IHk=,tag:2MYprYgNhh1aFlzuyw5eGQ==,type:str] -azure: ENC[AES256_GCM,data:UdHmasRElCFC66dxnnGTOw6vgOzrOIMiSLsczK0Qew2WBdZUKVnRTfSCxQrB7P8k+j3N2CDt5Y4GXvf9GVFrWCMOInOqYXcyycGXsdli2DbqpXTa3f13ykvc/aoKyw3YuFQdrNci3Kae9PYZ4v5f7fH8n4WgOKuYj3mO9k7WHxM1JBzYRRZP41Jghnb9SqVhl9UXVPI5ONBd6JI/FiezSMZPYC2FxNgQ7zHUQJ7qQ6aJTgRljslJK9I=,iv:bRoYEA1hbEXRG7PoU7Dfba9uRu3cAqfeuvSIfavZZ8M=,tag:cHXUe/njZNoG6EuHYYz0Yg==,type:str] -ntfy: ENC[AES256_GCM,data:ZfTVhdzA1+L3B+g7tw==,iv:1dXDqYi5/zBQ9iphzjn/GHGDcl90J1NYHvHQpTsVPlg=,tag:RfB1/Zz9ITJQV89cuk9OcQ==,type:str] -wireguard: - private: ENC[AES256_GCM,data:hPfJis6gbPPguuhNBViiZDmeFSaUXsgRrCGrhTFzbySIytVuaieU0BJSJQo=,iv:tYU41JTeB7Y50RQr1b+zGCgB5voZec2Vfmd350J1Tgc=,tag:aFMZoJhMToJDuuV8dc5Acg==,type:str] - psk: ENC[AES256_GCM,data:NhQ1lYFpjTpqbkhYyEpEcBTf6vewSeGevUnvCmruoZMSGA2ZWs+le8a0tAA=,iv:aBeVhzUwzBgochk4vtdqnUv61dZ5jELh28amx8XqyFI=,tag:9TvGx+sJaicX52FitOpOdA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhUmhsRDljYWJLS2tzUC90 - a1oxZGZBUy9LaFpJeTF2MmZWQnl1NU0vQkc0CklnTGszaHRCRW5GYUU1OU9NVjVH - SW02OWVXNDNSMTFyV2NUU2xTV1dlTGMKLS0tIGpKT3lQd3I0T0xEMWo2ekd1MmM3 - a1MwYjB0Tm03bzJnWTdoZ01KbXBPUkUKUr6hOsdZDJK6bFyEnBf4Vkms8EJsIvZY - ML481g9d9Vlm5x7X74nUcWemFSzttSdWEM3Y/IOHpXDbvC/Tbw+z7Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-14T23:07:47Z" - mac: ENC[AES256_GCM,data:GQUbR/ApVo6E5jqkGo79GDkRv7nj7Sa16ROCTg0uYO0xDmv9h/bPWBTUOfsU0G/0g3OvohLkBbmYA+hMx24xlLQzQkh8Z3dyAn9CcAJ2j9JLY7qHtSBpvafyPptvKzmPU0mnQpShgqYPCUhF6A2B2YAAvW+TknBih7eiKKeidkc=,iv:XLKIad/LZWuWUrrcXtF0UyNccLhoB0VSWXYCGDq/7Uc=,tag:lNyMV8Ses28gOj+KINem5A==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.2 diff --git a/secrets/borg/chunk.yaml b/secrets/borg/chunk.yaml new file mode 100644 index 0000000..f6d0602 --- /dev/null +++ b/secrets/borg/chunk.yaml @@ -0,0 +1,22 @@ +borg: + rsyncnet: ENC[AES256_GCM,data:sBqE+gZg58J1iYO5hww8SfqDj2MMZMux8Q==,iv:jjw2Z05BdbH0kB1EN6R01rD1bI4iELKpuIMEGYb+1gQ=,tag:tBDd6+wxEuBgyIZzjJIl1g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadVRSb3R2Y3h2WUQvbUJp + SlN1Z1E0dnN6YkVnczVqayttSTNjRkJ5SndvClk4ZmY4cTM3dVV2c3BMMGJOaXRr + bENjVHBNeXZXZFBZNWJHL3hYT1RDd3MKLS0tIC90RFlxRjNTbW13Tm9pYW0rdVZn + NlRDMzBHZEoxVndneFJldFZMWWgzbXcK1tCG0a4wlTDSiDC6v6eJvc/REJ8z5ZlI + PxXOcrZNKwFwYMsh29U8iZNBGO6ykSJYCYjac50d/me9QC6rFlXNWw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:22:24Z" + mac: ENC[AES256_GCM,data:6OGZTa2SpLSDmhRqYSgJn6BfsPPvkpIamNGemq6nh3gKUVm0GvQ2FFE5w+X2o5BmQhzTtU0zfbjvV0Z9utH0wrO9E2f7yI5FTb+AoZKl0Y2W/uXAEne0+L4Y5NfRimiLc4yXp//GK9eORBd9jcPx2MQFi3jRA3vrn79HEofVIcg=,iv:A5srnfngS5HCzgPuRdGtrRAbj8o7WxaPwcbIHn/6j2s=,tag:uPAFfjOTz0qKzidd4GMlhg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/borg/yt.yaml b/secrets/borg/yt.yaml new file mode 100644 index 0000000..1f66b9e --- /dev/null +++ b/secrets/borg/yt.yaml @@ -0,0 +1,22 @@ +borg: + rsyncnet: ENC[AES256_GCM,data:o1z9xwXqjceO6b/k9da33DyltLt+k9cS5w==,iv:Buu2gHB+MH2Ma/d0cGYyoNAZxcHE7dK/uLZMR9y2VDo=,tag:hNZyZQqAqRF7HXkT7ypTHg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMS84NVY2eGdUWHBPNjRG + bVY0UjRaci9kMTRHa1o0V3YzN2VtNWhJaVVrCnBma2xsLzVKOERLVXNhQU1vTCth + azQyaUpPbHF5U2dMbEs1VUhFeUI0RGsKLS0tIGNtTjEvWk9ZMzVlVmdURlU0cWZy + bGhLRU15QUxXNjQ4TDBIWmlYMndJeWMKCY1djq72Fow3HiVP+cG63CMEtshIve2k + sHhU3UWPidxcZxdDmK/Sw3NKoYncxeLJUS/W7UhNYr3Z7UZCW6+D9g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:08:48Z" + mac: ENC[AES256_GCM,data:Zxdfy547x/RQF7Q3ip6163nD07F2L49u9yNvCQcxrjfFbVQNYspkX+aZJNOW+9KzIpmMcmVe9llN9IyA2b3R3Yzz6hBzP2LCxO9iQt+XQVpv5rCQRC3E+4SgkX6KpZ0TOhjiA9+4KvwfYkXH5P6JS6jjw5u4v16i1X121quBemk=,iv:86EoZpSSqZ5q2DZP4B9NTASFOzX1ptdRcw5o+3eQKkw=,tag:c/D7Mus6d8X1Q8hMPziGqQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/de3911/chunk.yaml b/secrets/de3911/chunk.yaml new file mode 100644 index 0000000..4e7ec88 --- /dev/null +++ b/secrets/de3911/chunk.yaml @@ -0,0 +1,22 @@ +rsyncnet: + id_ed25519: ENC[AES256_GCM,data:+Pkqd8Dpl9/VkE/+/y/sx9EFDWjYNVctJSUDtE3NWlBAqlnXifXOHPxRL00NUJv+zsLpCk9eF/0N0ygzZhaQP76Tsv1fB00LaBfnMMDaC0aaHJoV+RnJLVMNYfddZ9ZeNwFmFnO2UQTZNVmcxgWc/okkmrsf8ERepb9AZktmLjq0UEGm9S+GifLmaL7xWtIPjtOs1HHQmODW/2oUL+ZOfZGZ4YM629Unxm44KTVf0ffY2nBkCpXcJVssXCqANYVtfDRq8s+PKppppEdmUPQkr23nqVldP71BBbYVjHNRoCHf9O6ag4+aFVlLiJyj9YDVtGRRNg5xORonOr4pcdvBdxC9GNgo0+XpMTBMnP1eqU2+lTPWBLiHx2tpNwl1gv7F8lBHG3yN3GxK02otrh2aheiEE/gthohrk6XzCcr+0C/BHEilB6MqhBw0TYJKq0r1ooE5LWmlh64+BSsOYXCSwEoo4Rgxkwagl0/JRkjfHhxRPJgitdOP9AugcnihYJJ8iVcYWOUuxWNtB4oXM2iZ,iv:zB/1QrQ6j/kJYfFdQFFYAVbZSm0AYARXjUtfgv+nems=,tag:49eeO5FyD301SsmB2OlvvA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWFFJaWVYZXRPa05pcVNl + VnB3K3YrbnFuS0RUTHBFRVcxS0hpcWVYRzFRCmpRZUhQSGRKS1BPd0l4MGFROS95 + eTBsYU0yamZYbEZGZTl0ZHNRVTF1UTAKLS0tIHVwN0d3SVJDSEFnaUhVQ1VsSmYr + cXJsSUtTVW1xWFBaMGIwNXZpSjhwSEkK1q5yXlJgHrnyuvtuzTXurl93LDXqWSaV + g09SQVF3tzU8zye6aBidhJJnMBrR6jHxK0P6rPYYE8a0U5DMP7D5wA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:22:54Z" + mac: ENC[AES256_GCM,data:iJyPss8kVZTI6f8WXZbNgVKBR8fbTWqFjPacXfzVthSQEbVAmEuldQdquWWfY/EiqPQO9WRmbqSXAED/AtSRu1up3C29ZByyWETxm9O7K0iLVDsR+9Rv1n0Dgc3YhHU8GUS8RWbe6L731FIpq9Nqv5Nw6Xgw2ZteApriT1YMVgY=,iv:t4wAeVuvk+C1ebWSklT4L/+Xy5tUVHRfaUh2uSjnZbE=,tag:Tj11XkvTfoxNd8znGM33cA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/de3911/yt.yaml b/secrets/de3911/yt.yaml new file mode 100644 index 0000000..49ccf64 --- /dev/null +++ b/secrets/de3911/yt.yaml @@ -0,0 +1,22 @@ +rsyncnet: + id_ed25519: ENC[AES256_GCM,data:KHFv0P5JLHCXKXb3UFmZrgLG7mrSDSi6CAYZTMSxJH6FgakFhPY/u1VE0wlHaBEwUSHbh6xhVbITiAgrqQXbPeo72moUhBD1/+X1fGUV+0rbHHhZecaEoqXseNEWfxAypUWnmKQ3DwCjO0wb9A+UohLCTMUzHBucX0AKVBxW2VEYkvMXu3du2ryWCDNYKukdwLYXxTxrBmIbjSJ2Myq22vcqLpMAIOJ85QWoCrVypVxB6TD7xi6KwQmqDHpE7KEdDg6Eq0Gzu7RWIdUiUddvWJwBFr/v+dJguk93er/K6azFfbzPMXL8IuogAr/Aly22tu5MQm0i1oSmMgovQqfYCQdaDnelVgopWn0KRrlmEDHPyA5aiEg4sPfUDGmyRIFLy5avKv7bPo+Xk9iRt0tuu09lUJl9PxiyDGoeLoh2qD+jJA76DO57A1EB+JdoKJZiRgkfSg1IOtYXUkV5XQfK0sIkc+VdoDKOdVvIqM7stoSSIqycbf8knekYVpgSVQkrPg75lQd8soOFJoID8xB6,iv:pidCcX4V6PKCNnUDDq11zTGOoketZ80nCqm0R5BYx4c=,tag:Z3Sq1+FVAAqQikaBFQ6M5Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bWFJR2JmY0JIdzU5OURp + MHVDbnMra1hCUklLMjNQVVdyYUZwaFFaMVJjClBsWlIwNm40RW1taGVLaFB5d3BH + VHNVUEJoOHNwSWRUQlNjUTk2WERieEkKLS0tIDlVZ2I5VEdJa0hIQ3MxT3RZb0Z1 + bmVVUjZTVGJzOEdFTno1ZmhZWnkrUFkK0R6GoBKaixAAoRnh89kTvFW7tUvJh7Ce + Lxc4pTd/ZDAaNjMy8KCJvAo1CQBb/Hqytl/dERm99RL6C/MifDAodw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:07:54Z" + mac: ENC[AES256_GCM,data:d9k3j80zF6yvIBWy32HUt4d26DR4ygrU8kRxlWutPd2pcEnyGOFq8mbgJCQeqpngek51ECwnuCGemVvTBJq0szy9zExeGRtZ8wWIDReTOCPMAKITTEsiwr14eOpeNbjKnbMz9RNI4T7Uwy7JV+rPaZh2AzG64ajkTGv4uA0JT3U=,iv:79AEtjqS/Bf79jdFasEKDJrWN6T/RVUvdm03N8rg694=,tag:ZDS6dwH7TEp5pxTuZ/LUBQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/rclone/chunk.yaml b/secrets/rclone/chunk.yaml new file mode 100644 index 0000000..9149cb7 --- /dev/null +++ b/secrets/rclone/chunk.yaml @@ -0,0 +1,22 @@ +rclone: + env: ENC[AES256_GCM,data:e8O4cUbgFMseJTvzGyBhsD/beCkhuh/Sl4ZHqV/kQodcuKi3V9XHyeCAnBb/,iv:rOySfX7vQ1mduFEL4gSbM8rYk9Gp7aEcieV1CW+aGDk=,tag:aWmdde3Xv9IqLRigPZBH1w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUnBqMU56ZS9QZnpETmZ6 + a2tVRURyTU1LakR3bi90QXNpR21JcEI0ZFZzCm9jTDlCNk1xSTgwcmRqc3ZNbkJG + RzloNTZHQUJXU2J4UUttcjdIdFl6dWMKLS0tIDNaTUpZQ3lwYk1lNTlZMjF5d2VR + U09rb0kvcU1FdVBsanQyM3grTWdKRkEKAxZyWISPu4XUBevUhdOwd6ZJHfbvpAch + +jGrLXGBYlvp2oKdWHBXjv3HZ3N0IyEj07LyYsPBLchmUxhOCn4Piw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:32:29Z" + mac: ENC[AES256_GCM,data:TTaw6wv7cidgcB7c2igUPo6urQ87d0btr5puTr9yA8ppJ0iTKdLQT2nIZI0OHnP/cFE/at0YrhDNNk5AL1y9fuATRWveu1Y2KmjlYNXLlZS4PdAr3rsUs3FqSECdTqXR8ZYGodA5mOSjzWu1eYuoubVk2wtXV0alMUY7bwrnr6E=,iv:1zslrT0FX6SIEIRHPloLa2Fy8pVJVqMDIghR46l5+xg=,tag:qpw9iQAetUIoqvDQzufh8w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/restic/yt.yaml b/secrets/restic/yt.yaml new file mode 100644 index 0000000..6f1601e --- /dev/null +++ b/secrets/restic/yt.yaml @@ -0,0 +1,22 @@ +key: ENC[AES256_GCM,data:1yjpaRXeie+8nC/GcVk2mmMDdPTHOyaAWLuilWE=,iv:sAjl7Q2o0ELfysRGnM3182dI9eRo/XjZNLi3ubLY734=,tag:BYDRqd3Zirg0FQgKRRQg1A==,type:str] +azure: ENC[AES256_GCM,data:zcAeDgtNEffH/sPNfYfT/9xZuIn61maVUNA/PNIYE5nY159gIOmJFR8R6zaJT5Ij3mxx5KUCeChjMbDtb/ZnYbKeiaNRd9Xw1zVOuuBZAbONhCU5iksUGLzJzJk0j3j9MnRTIwl7903m/052DvbzFcFdCaKvKZn7KRH2sggGjqQ+1UxSb/yez/QtF2I0duMBvC4SKI1Gr6GXoV+sYDckpGKj5mdnxMu+rZsIFFICtFvpmIObk0l36Zc=,iv:XRcNGGEX81KC0+EIoFqBnMIMMvi7yJmSpZjeCG8TutU=,tag:rBq1SLuZrys8kxJqWcjoyQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWFZ4dEFyRVhlMnNHampS + eTJUcTlVWWRVNG8vSjIvaTkzTzBLWGVmT3lBCmhONUhjZFMySEMyY1VXeGJwRVJq + bVlNcUF6ejBTK3Z4WEhXenlvY3plSVEKLS0tIFMxUitCZC90d1NOTzFLd3pic2I4 + MkhJUGxHRTBnZVFFbG1najJFZno1YVkK+R5gpmJ7Tx/tdFRvg9TIa0yIwAqT8Sah + ib5ORCby6GwhW2J2r2b9qCd1827zQH/2hngk4D7Y7x7ys1yifrIKww== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T02:17:42Z" + mac: ENC[AES256_GCM,data:tdKRHS6RDKYUF2hM+/XDvezt2iNuT3IXBxWPnBjDfYEoanJEeT4LgqvSz9r/Cu8XNMF78bWykuSDgj+KNo0XUfLqv9AxYS5EhdBdMHcJKj4T6FuQ5j7hMPg9vKzv4I3ZzDBUJeOV6qso7VhLkaZXzqIsuDJia2V0rJ3nwhkTvzk=,iv:uEJ4zE73E+kbFYmTl/PNjv9CKbi2b3qtYk4Bth/iy6I=,tag:8/+3hdG/3MVLgfyNNQuGUA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml new file mode 100644 index 0000000..b8078ca --- /dev/null +++ b/secrets/services/caddy.yaml @@ -0,0 +1,22 @@ +caddy: + env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUQ01HQ01LUVpTYmx1U3Ro + QUpRQjdkMEVIK1RpVTdxbCtTVmZoMmo1cUJFCjhMajlWQll2MHAwZ1JXMmJ0Ym9Q + RnJ3QVBUck9tblRrcVVibmFmVTN1cnMKLS0tICs0c0FSYXo2Y1g0TG41ZWR4ZDNY + RVdNL2dWQ2JGL2ZlTTZyb2dzY0V5bFUKDd0iSl1f0Qm6H3rku7zf4nNZhe/mdaai + t2xTH0mSIOzy2D8TYSUG7EwhdqSa8qa21TRKppCRIClYl1/DzoDl1g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:25:37Z" + mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/gitlab.yaml b/secrets/services/gitlab.yaml new file mode 100644 index 0000000..91239ba --- /dev/null +++ b/secrets/services/gitlab.yaml @@ -0,0 +1,26 @@ +gitlab: + root: ENC[AES256_GCM,data:m5eqqSMECu1wOIdtY4pJ4WwAWw==,iv:fK1ZEtzP0vqj6S1yqsetDVJui80NI5GBlqyJ1a8vVV0=,tag:V7zTH+O2Q4SWdPsEbjoEVw==,type:str] + secret: ENC[AES256_GCM,data:rDYuTSE/mU/61iUUMOtegt77OLfb6udkn2f73HuN1SCoqLo=,iv:Y5L7PZbsoCQ5Evv8G9S7Bm5OKKrHEPb/jjgTKgFKlfo=,tag:Bx7UUERT0dRA6DM93ZpA+A==,type:str] + otp: ENC[AES256_GCM,data:xQqNUbGbjYUYAfy3E1yaFh9Xms7B0hDal7Y/U7GaxTV4Cpo=,iv:hWcyYorFPHBJoGVB9Agc20qUkY8LvJCIxI4AMwtB6U8=,tag:tqLO/NVIZ+lr3vy/ctI4mg==,type:str] + db: ENC[AES256_GCM,data:VTVxgJ5N7jnbSLC62fHqhlo9BHJsfmqvoBrM+BKaHfglEz4=,iv:2lhj3nRfx1efLZR8PWczs3NOxbjm1nQ2Rsp4TSZAC20=,tag:WFAu5SE6pBboxKHHyooJgg==,type:str] + jws: ENC[AES256_GCM,data:cOpTmTxcQutV0gRZyD44NTqYcuKo+amH0tm6nifViqTDjNGgOuaSMW526+FB66eg7fJ5KK6UVVwuv1Vkv1gNXc4AcVJiFxMRAfXB+68vQivqCJvcN4YhgiuyRcfJCvMciELBySiJs9yckCwVd/PZrZGwRbJ2NGuDiZDxobfzVsH5lJWPAUzv8+kuhKrb3IVRS4ahluZY3Him0EnkU8ZWQy09iOjYP673zEyvSQutAbzDwHFKk9amV9RZqIfN68f1VL+lqNInU82ZxudAYuFDeoSJYol8d1D28gnQBZy6UutZjQat3HTktVwW/7I79eohXKKMt2i8lJtgJgmR0ht3f2DEXyI4B7r7ORlA0qaxrPmiVIjareRwswEkdpumjW1GtAHqvBLHrEHtJtELMm2JuAF5my90m7TWdgPIxwLzwCP/YqnRixzW7ON8tmamHpVIucmHmaSdTTJMhJH/WXLEzYEHcH/0M68jd3GHjvNM0lhXAbMWPJ0nx5eRBXGnEzSgqAG0AwGUEPHyK2WKyhtaKWz9TDo7yiJfRd8uaprdgCyQPbiBGHCNJkwD55oytqCKZmruEsR56VzZ5OBSWSoWKCr7nt8rCmOKVpWyI0wxW+7zFjETFhnHYPqF6Ms+9DeUmcFI8rxFNFpcCpGUUlOxjA/dWdxpQaw5AoQw3OCQYG1FzCLZc2GfFKtHor7UzmoCpp8vPdVp7tE0s9vwVffGyPxoyzGm2sJWe5vCrk5Bo4E9X+U2lcGC0jfKA3K8e0m8EBBujuhBFSrMBzylY7F046J7GMQqbzMBM+TFVg3IeA24yTxkuzUqypYkSRnQPCJtcr6alvzU840FcRwBHigQvPMW+X/kg6W6Krp9ocbjF41pYQaM90Ba5JWYCnEl3/I2fyjDK9+Vm3wYwso10e6DmrIFVAx6uH+ZOxE7JRaYJGDYGRes6q1BBr9vEgD8+ghQZ5wIp0/BZ/gzvhH22Gh6YuAUPiG1bjeECXAXF5e9izUIoR2MdYD0ljKFJp5/qeMoP/ncbUYzh3qUIRdhHrPJs5E6IOXFHLR0tN9K/IdtIyFuz9c1Y6IfnX97/P+teH5GANTJl+E5lRHxGWpkwRksqkuyOY7ND8oggHpXjl8QqsdvfgaPHknoc3AJnTQcaU6R/BOmEwv5JQt3HKHhiv+1Rk14OawRj6P7sHv0Nwgb3r/lpBdyRCVeHZoZcRSKMh7SS2M6teDqkCpBOrSugf7iFPWSGhR6QOxC4T73V1D6NjAi2doIoUbPEZIvLOB4Umud032gWJ9p0oRMQwObe345xQQHVx6qnDI8FCKt7JD+9YhI3qCWIe892kKY3UotJe5a4f+0ZN070ZPfdHegzu+CETl9TZIB4AERaMejC45A0d2/ymtuP7cYeW/swdxGcyLUm56rCj5uafz/Qsvra3dOsPbilh1+FYb+5YjhJrS80ixMC9RJ6YWl5zCopAmbXXPaTLSXNwc8LT1IXeIYAWp/IjMqtMGxiiS7N7PNpYZeNnpkz37jDlzFbY99WvxAgIvHWi52JamdztCnZdzfeF5FDqCnSGV0IdB0IfmiSbIF9erP00A7xcPPVMJvUo0N/7OtkyyqreowyUC46zuC3cQBWodd2HF4mfhXzhm5jBs8kHZW+ZX8z8LOgvpAoGiXQMpx4MeqERZpdB8z83okzdj0E8XfgjJ1XYuz3IH6ziiyVwCetn2hc+LkOA04VB8IPpMqAtNB0O9C3M8DU2t+3ob+kZ9Y40p7JeCX4JPmPTIWOtoVi5Vf3cLfEDiu5D5Y0L5Mpi6dZhL8F17M0gNvUA5pjFRZNz+qsJXc6UteUqaoyKxBM3B6PEJV4trzwRGQz95cu35w5TW18Dj9iA9ypkguqyQU4VTTVjITnNauhbYEcsz0bhj84d4KcEAxb0RuhP77b4rIQAAji70+qW7JFBNa+0Vt+zhMSwWbNNcFWPOrUsgOcB0Gh1XaW5UJvWSID1olF2ftbVChfgnStbCk6GT9w8864sckNKOfwbQbDmy6AgFGR10BFUWY4fVQjl36vzowdje6DgtW85weJ58xoAtOxrXgpFJK3+m+7kJHdkwE1A2Q5OQk1YsMnJWUU2nhU+/W0gdm4HpRq7ltQe5RfZGd1vKGbXY7NvPeO4GUnp564ROuijOCN5IXFpDkhPXNPRiQNY586Upq0iU3inQH3GAp11ZTRlf25IkrOC9dI50vcGNqFzvS2GsAfLZptdVHYXVZw1wo9ZJqpW04Skstspfb6jR57WgTLgAvBZi+wSM3NtcW7jbjmJR/qjqZr6Dk/jE3R0Lf1F41FrUltOR56u5SRQsLF5y9CvTG+wiGK0tk25OPlRFLqrv61Nrnw0XN3bTIps0JFWPGZi9hKyn7kFFAOvWaXcpoPwiw7rNupKvrw4tQ++xW/7xAnodtumSgBn4lpee/45yieFJLQLAaU9qwIqerFbuioKxrcAoYdqMNMM9oswmamiAw1CzpOKl3brh0ttTddZ5waLwxBLk4YdPqjTVQk0mBaPBaZXwWiIVUmm5XmaN3Wc6PdlIHsv+h32zEXadJCdArOxEw1HDAq6ZBivbHRF2DK8UaTg7zu+xG/okmUgeObtO01MPXIxOJa12rlAXOf3KvZPFstTL35BTgQuoiAUCsNShZhm8IxxDSt1F9lFljMzZ+Ik63mC1slXZLijWAi10vJMBIB08uex4AfpXNCN3Ur0+Hs52jnEvYJXg8inq5dOcLsmK1CgI1jX0vUfh/5R+/SJSOgqL6bX16ZIRr+BsS5Qj1ls/yreEuGmhlggf88mAAf0D9Y6VUF2I9rl03QmRFhX1uIIeo5lOG7FZl0E9w4a9iBQB8axmO5cym5lddVXqsNCR5aqVt6m+BqHNaZIlz6vgKKwwC4L6LoU6PGpmMz10PvU37EQ84NimuqGNbQJ4J8nr9Jxi3TPZ0mXwW6GpqJTNji56fapoDydN4Pu3t08Xn1QLnI8Z97BFGUJp7ypIWbW9nL0DA6vhO5+Mfhjm39l5ef31l8nUitot/xUpRdlmbR+tUNYaxcUh2N2c56pNp140ZRM+BEObWhKiQ62R5RhqjUJk8A67kRYFyifMemPuz3wqMrREIkIGJn4MmIvDMIcQkzhtV8b3WBCwbt35kg8AhF+4/X6vQd0rYY1XDIjl9PppyOJXb9T1bkninyFZRQxUHk8cRohsfGApo9sWGr8r9afapVOxj0Y/oMjy+oWH5+4KU4PEUcYnpFi/MpD8YtBUiEhvmqSRCYR8pjTkgC+QSjFv4bz+9C7ALN7Mk0o5n5sCxqBUCwb94K4cYAiKatVWs330Jawsea3I06pMw9XO5yflDUhsQJk45QNFaXNrMDfDitDje3KnfaudC3oV0aGKQvGj71O/Km7VyWx7H8Gray4jVGleVqwflbBeaBerVgm7dhbVislupydeJSmXIv4MvacFTTu0SJK2qAb/6FV+29ZvLUyFGk2W/NVog13dJmoSw9lYJppGAiLVBLkOUloFe5YMaPnl89I+8n34Mfl9TM8Bey1lZbT/Z6RjjRQIrfJNKrq5x0t/duAY7g7Y8pIkc2UnjaUr+BUpruRR2M3+4caA5qIiRW8lePvQ149NkIUGLEuK5RyB4Q2nhfbXIwhb8tTh+k0zv8o7ePxkZKTWRth4ZJ/PTzYKzGJENpd4cy10BE3GM53kAjp39diBwhOFJzN1Y/iNVgTMchtAEpxj1ry4PhYynjTdZpKQRrsMkzUfrMIQpIpUIr3JJBG6c35Vof6hM51QIU/b1wnbH1XPQtgDoHPuTNJooyYrXYxxOXzVnOJIVERe/IVNJ63mFQ+dqxAn2aYKrZyayG/R3Blc8WOlZGQNirBkd66W4K8dtdQTkdfHWapd9LZ9eoZKekSmaLzOUCJZV5IReVOLxp4ZjPAubSLBTtITfW7TVtylbHMjCEwV18/1u1pb3vKIYwoGfCIzGMJ92V3QmuMbtKUs2brre7ZeT4TFfiPlBK6qUkqSVMeArMhG84hsyZ0lCeqi5BXVy19NYODZayC7c6WAXXV+ws21sPSzuunjZuEMPJCoJs16m+NLzTvozot/hEZyTTS7866aA6TP+DF+/b1RJmaZvaec2hECBm8Qa+jOT8beT2JU/y7DsykQMyAUhV001nPpBpLF2734Hk+77hdaZIJRDLxhyqLWBXCXH7JmYx74NZrXKOrj+4JPyS4UFnWn33Ci475KaBwlY8djHaf7t7BZMI+bFhwCvZjdqPIam4LcpkU6T98803oBXXodoTZphvAYM4E3UqE8cZsz5BfaA/HioPW1d8d3/whdIqlN48ZsoTMIdI+OPjxU+dSTwIUQ4GoRDiCF8p9wwwNIg64g=,iv:oD/HCuULodDgHrJepgm4b2TXGT/Fxj0ak0mfIRh6zfs=,tag:Iw9O/DK5FBQBwV6qYd0qAg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocHUza3ZYMXF1bWVpTCt5 + bFMwY202SVFpbHl4MmNaVitUa0xVaFRGRFVBCnRua2NraWdwK0IvZW44OVFnWk9y + QU1kQ1FLRFJ4VEpOcWZRTnFrZW8xL2sKLS0tIEEzNzNvWWZ5QzY5ZHI4Ui9CTXox + NDJub0VsOHBWRUdmaS9MVjdsR0w0TWcKakkE1WPj8foCbEvhgy08yQXPUzGEYxiM + m92v1LS7QiCNkzcrN3CvqyTS+StgGK7W+TMrTDbTSpONnpHC8DH7Kg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:25:06Z" + mac: ENC[AES256_GCM,data:HWRWYCu0iNQZxHnYJyfgtW7pvDjgnl5+lnRL649WkbsvsA4zuw32DdUwyTa+lmqMBNwVa6QOHIde+gPzHH8aieXQ6q1QMzytu/X0t5AWcAIhzrWL2l8MNQcuatMF2aPyt45ip1Ojv4gdfpeTXINgEU/AIUPP3ZYmGSH88xhCdGo=,iv:lVJeCiPNbICou3EqTn6LMaqtNoLRfZiNd4hyORT0Hgg=,tag:YCtvl9Cx00/3NV7QbPM97w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/hedgedoc.yaml b/secrets/services/hedgedoc.yaml new file mode 100644 index 0000000..c96f0e2 --- /dev/null +++ b/secrets/services/hedgedoc.yaml @@ -0,0 +1,22 @@ +hedgedoc: + env: ENC[AES256_GCM,data:15rWiIYWyIJ0Hxl5I8m+EBV+FkNDT/OHlLK9shVS46UE7SQtuIh45N5hvwgs0rg9E9Tawu+lyE2aozWNh6HSDUZ1h4FYrB+JHwIetGkOqXSLHfXi,iv:v9ohLTtlxw3fsRoJJoOY5VYxVsxUyDEsQHRjcGKg/GY=,tag:Wncm1reqNblnVhRTYjU3Pg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUY0NtM1pLd3FvUmpkZWxv + bVpOTlFXVE1FWDdaNmpPd2owdUQyaWh1d1J3CmNDQWdSZE5MZnBhUjdIMUlodklq + bXkyMUtBSzV6L2tqeXFtdzh3NFdxZEkKLS0tIHMyZ0dGOWwydzlSdVAyeFdxc21C + NkFoeERWQkNGSU9yRTI4MmlrK2VNS0kKb+aWjkg5OlNanSNrJtwR0Whxg3EEYXyC + ZfZFYeXyheCPiu9/rYiKssVrHpJZFHR6a2sE1yKw0+3BP6DiKIp/nw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:25:54Z" + mac: ENC[AES256_GCM,data:1cxiK/HhqYzatT2PhZxjvtizII2QMHqbbyOujUtx4cT8x488j2wecu6hOfSkuHbQ43AxA8kDH1NAruPCSdCpj3PytMR+np+R/5WuRcK+OF/FCnWvWvvHqgDnBs/wYjllnR6HyWBlhrROpINxu9ch4fzN0Def3I7O+wJgpojnPiU=,iv:PKPykPv9zSHj9+HXnrg1v8Ty78te66D9ZH6c1V7Qlh4=,tag:JQk68u6p317r3Df+hv16+g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/miniflux.yaml b/secrets/services/miniflux.yaml new file mode 100644 index 0000000..60f56b3 --- /dev/null +++ b/secrets/services/miniflux.yaml @@ -0,0 +1,22 @@ +miniflux: + env: ENC[AES256_GCM,data:KwV/iinyB+B/QDtXpY0e2GoC58PaVnUURa0gk028OKwGGvGtVXPse+QyfYD8Wu5A,iv:JZsgfwnAwMF07HREnrSEeGYtylx/ua6Il0plSryLeRQ=,tag:hSnm/Qb2lnzbOVGwM5lSyw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuL05LU3AxMmowM0cyQjJX + Y3VkTzZmNU84K1E1KzNLNXFRR0xscVpKY1JjCnR1aGh5bHFpcWV0RXlObXhFblhO + djYvYVdWMS9rWWZnRkwxSHh5bWE2aHcKLS0tIDJQcDBUTEpMUVZlMGJEUGtWcVps + anFWdCtvMU9ZMitRa1JtUjJvWTBrVkUKJqNVPXLEC27RKYICFySy9ZRfp8na8P7G + vf0vJ5y0mmlNOiETfQEaHNYu+cBlMr+sfNjgsLtff00LHHnmkE8WQg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:26:08Z" + mac: ENC[AES256_GCM,data:3dysNrXhu+T5ke7INsjx+erobRZ7iMTRDY2BkxCC/LBNFbHlBnZpPffmAdWNDUT9QS6p7a7cHR+Xu7e+aHkLIxVpJrx3tN0YSvN9u6kCwRFSc/GPIDi++bdxwRuq6WwiswJu8l5oXrWFta61XeuNQucPyBcrI5OXGRXoPsZXvvo=,iv:d7glk+gNpLYl7U1jGWDvgLJGX2eckCvaRZgAkab8JZ0=,tag:r8TH7eTAEg+n+9RDGpyh3A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/ntfy.yaml b/secrets/services/ntfy.yaml new file mode 100644 index 0000000..6edc64c --- /dev/null +++ b/secrets/services/ntfy.yaml @@ -0,0 +1,31 @@ +services: + ntfy: ENC[AES256_GCM,data:94sCR5zF5ck3R9uvng==,iv:fRtWRzx5oGXxMRpx1Iv0vMELlwB1T7kiujSQu+AXQXo=,tag:3f6WgbL+Xfy1X36/9Cozgg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZjBEMjlmZnYwemdjcEov + V0xRUnpUZVNVeUwvVmJrQ05FVThjMUJNeFVjCjZUN1ZXQkZPY3lKVll4UENGM3Qz + Z0xxVDVGRWJ5WmtOVWw5Z2hQMUpOa2sKLS0tIEM5bWxzaE5RN3gyNjF0WFlBanFz + UzR4S1BQLzVhbXo3TnlWVXZIVWFxR1EKZTLkZXWc/7ItdcsMSj0HgbRsq3RARU4b + lPsGhz/h3/D4xLnkkA/l52MAiL76SDflU5AMbNQg1iC+BHvpWD8qpg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVU9MSkZIaDArRGQ4bHVR + NFRZc0VKSGxnQm1HTkRrMm1LVDZ1cWdjUWxZClY0TjUyVmczNEJNSC8vUGNxTmY4 + c3hBNTBrZy9nSGE4K1V1aFZZNzl6VFEKLS0tIFhpZlVla01vK0dNczR0T0VyWjF6 + NUxQNDUyNHpaWW4wYUlDdHZ5d2VyWWsK7pv4z6+RBtzokkcsi6HzuDqUXr/DsK4x + ORJS3S8ZloiUF2QZHhjOIqdUtAija1CUreRF3RjFjGLms4/NL5M8Xw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:08:24Z" + mac: ENC[AES256_GCM,data:K1XW1n6umC/qayF9SFanVVhOfN5AXmzD9FsaXx74IoPiLMz6ZCJ547Je4f5mKdt5Gc5aUjNOALXGxXG/hSB+L8h6S/k/iGbx0zF3iwEFvURa7P/ScTMzvnABdqdjA4mah/QsfsFXnBhhCUzHpvo4kBge30U4V8uLjw6seEZ42Vk=,iv:1AQFbv6bFxIKSrJZr6AqQB58OfGNnFD8RHNZKP2ePwE=,tag:m/lKEBQ7Ij6ieIspVsqE9Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/vaultwarden.yaml b/secrets/services/vaultwarden.yaml new file mode 100644 index 0000000..62ed08d --- /dev/null +++ b/secrets/services/vaultwarden.yaml @@ -0,0 +1,22 @@ +vaultwarden: + env: ENC[AES256_GCM,data:VBYfmsrB5LLcEyFqKGvMz9U7LRix8Yo5IBoyIelwKY0g/TfaaFO8QTo84CQrkgB1faFex2xX/nbnsaUslSgxYu36f4XmaMUzMJ6FneDUnbAU2wp09bxek7iEqfRSrennfwAa3cTpOr3RkWG8AfW9xDMFhduqSSr3emqrXSGSnPSI5BuDjru5NbVmcPSdw9U396rkGZd5znxnIa+2f63+ox45tHxsOsC9iVlnnX4KMfJl+8QufX19atxGZwH2OVWn7ehesOd+DuvRMWkProoUERbGz51EvBQm3Ixm4WSQ3M9vFSIuup3ppNBYKHG6a9XAGiEyFDZEEiYhVQ==,iv:tCE83OE3c9bUXb8Z4sPJc/YwjOCftj4dmW0M//3ncQU=,tag:TyLR+5hNcQnXLZUxZiIKmg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcFBzNi9lcFNyYVM0VzF2 + UGtralRTNi9qVG9waElST05BZTU2U1Y1endvCjFRT2FtbEFKZUt5Wm1WQ2lITzlL + TXNjZlMrNnB4K0NsSVd4TnFKa0thSTQKLS0tIElkR28wMUNKd090Z1M5eG9nVzFO + L0I2TWZackFkbDMzRnN6NXV2eXNjOGMK3jJFBU/aMtH11l9V2FgHgAJdGRJvYfIQ + DAwMwUM+pz7/uJJ/PmDx1aF8SRGPbG+CjcNz2SSo/u99GX5q08jVkg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:33:07Z" + mac: ENC[AES256_GCM,data:Voh0c1sqoT3CBGyjDXkFAjuHRlQG8JwNLwWF0TMBaQ/Ihz1zplEeHfsM23IceEhBggbEHqhcRipqTkSH24tkXD9wqvg0GsZZLiQ52o+JYPmPCaXZFqfLqjNKFS1y6+rokQaFy4rphWSBv0uS52MaOx8WIZr7m7s3/NNnaEy059E=,iv:Q8EswVeJdsQUDxnj4fTJESCYYHXn648sKVghLtRtBpU=,tag:cveD+MXcTn+xfU8fBkRZYQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/wireguard/chunk.yaml b/secrets/wireguard/chunk.yaml new file mode 100644 index 0000000..d063296 --- /dev/null +++ b/secrets/wireguard/chunk.yaml @@ -0,0 +1,24 @@ +wireguard: + private: ENC[AES256_GCM,data:ki5PV+6YoVtvafc+1WbD95hhOwKUOi6FrnymdeFcAMepngwv7s+IT2LuhfE=,iv:r08egXi+QmLS4oDnoz3sxfhTO4Z5pfWwsIt435TxyJk=,tag:jrbLbN/An/xokIRKCIKJsg==,type:str] + psk-yt: ENC[AES256_GCM,data:iAE6vh4jowQnoS+qqNqJh8NtjP+pBowVpC6ItfgAoL4W0sn8rR2V1aKYQxU=,iv:MK5Xum3L9iYSmfYxkVpkWhCsVsnKR1tZgtPQ5dgjc3c=,tag:nXCJihnlkuoLcS0QW9oAPg==,type:str] + psk-phone: ENC[AES256_GCM,data:UzL+T7D+huI+m+eH/JsDOi7LD8MfbRSsnLaeMUyJXLxBRLpcE+vcVX6j9QQ=,iv:XtSYHcYtg+B3/Cs7pNTcZrSP599VMQC54c3y4h2jEZY=,tag:/BSk3OxkiYzFlm3xUsaA1g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMUliZlRiaXN4QUlvM2pJ + YkpiTm9iSnhLZnY3QTdwMWNKRUE1K3hLN2pJCmVOUE1QbnUzU0lPQXdVaDlHaVVH + S0xhK2FBb3o5OC8xK0t2OHoyeWFSSDAKLS0tIHkxMHIreG5QS3VsbUhPa0dXRVM3 + ZnBkTllKWWwyOXdaTEZhVndVNDhtV0EKGCAYXiYwbk0b0w/FuE5gkp7597YjJMRg + ukIHh9za/HI6PuR/uNGSOVZeI9AKx9ZeokaDa7Ysh7xsGjCpBj0Qxw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:23:53Z" + mac: ENC[AES256_GCM,data:WwC9G0vMI9SRZzTRoR1GEkDo8E824C7I2XzaG2CDyfWPx9IoviYxIGMLrJOtsG20EmYOndeFT4Zi+eEC5hK+9+ns8Yyl2/SS6jAblV4egdHl6n9OyJL3kjYgpd7Y43VRI3RORXOh1Dn1uY+fM18SyTon+QnuZ5y0+8gggQAmSUA=,iv:osio9+NcHab3GXsOw/aP9qRVityZXKQsDbuk3YJ3unQ=,tag:arNGu/HzQPbSuRxeeJwvUg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/wireguard/yt.yaml b/secrets/wireguard/yt.yaml new file mode 100644 index 0000000..83be6e4 --- /dev/null +++ b/secrets/wireguard/yt.yaml @@ -0,0 +1,23 @@ +wireguard: + private: ENC[AES256_GCM,data:hdGsRnF76tNlmv+bqn2xzykBwskDrtYis9f7RKCvGXRnjJxuLhdVlYPf93I=,iv:UT/u+Qei9lODaMHLiHu0xmzkW2iTLqG70xfpMYAKJ7w=,tag:PfNzJBr6l92fwlakxEmwTA==,type:str] + psk: ENC[AES256_GCM,data:3ILdJJbYWwj6fY/6d40EPFyij3f/0RiZBlnGGTkhvQVll+pqksSLck4sBKo=,iv:0nJZtSH9nIDMCnoksfc8PmNJ9SGPkvKxh3j7NlNWQj8=,tag:cwvgTyeyQgEobOfEgzNAVw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3RW5aazBWNmwycnIvbjc1 + a2tMbnF6R295bGdWT0hhYmx4aVhFWkllNmlRCkpjVFFXZW85QlA2ZTdRaWlud2xk + ZmorZjVwNm9ndHZpMXduWDh4QTNVdFEKLS0tIGpPdnZCSFRyMGFzcVZyaFZ3Q3U4 + aFFObDErQ1V0bzFRQW1TdFpTUUYvS0UKxyQ4KxEp+cHwq7eDAFSZVOofuZJ+8R3U + QQCMK/Q7px33KvIBaxI3dGTtaO3PdJ13p7Xp+Vj8ftKcC1xr1yuObA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:09:22Z" + mac: ENC[AES256_GCM,data:zkbor5pSdB0eG4dM5i0DrYDDgrw/Jgi4HWXQkOpGXhJIijm4L1I8gC8T6LFkEC3GGs8If6CY0dzuKkNDTA/r4hQ6oMunZNfdg8cV8+NZFNUJpca9S4IwUgPf35kV2QeDSB5w2h3pxz0QL/cmAOugXnI6LCrqZsbTzXfA9g51dkA=,iv:aO8zj3bqmmHdJq0Km02/qDVqnFxJv8ocGm/6CnAX5BA=,tag:2ziWeBd49Nr76f6wBDgF0g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2