From 530baac45df6d444d4450b2b9964e61d1e21b8fc Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 16 Dec 2024 20:03:01 -0500 Subject: [PATCH 01/10] init --- .sops.yaml | 54 ++++++++++++++++++++++++++++++++++++++ secrets/de3911/chunk.yaml | 21 +++++++++++++++ secrets/de3911/yt.yaml | 21 +++++++++++++++ secrets/services/ntfy.yaml | 30 +++++++++++++++++++++ 4 files changed, 126 insertions(+) create mode 100644 .sops.yaml create mode 100644 secrets/de3911/chunk.yaml create mode 100644 secrets/de3911/yt.yaml create mode 100644 secrets/services/ntfy.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..c50cb04 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,54 @@ +keys: + - &chunk age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + - &yt age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 +creation_rules: + - path_regex: secrets/de3911/yt.yaml + key_groups: + - age: + - *yt + - path_regex: secrets/de3911/chunk.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/services/ntfy.yaml + key_groups: + - age: + - *chunk + - *yt + - path_regex: secrets/restic/*.yaml + key_groups: + - age: + # only yt uses restic + - *yt + - path_regex: secrets/borg/yt-rsyncnet.yaml + key_groups: + - age: + - *yt + - path_regex: secrets/borg/crash-rsyncnet.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/wireguard/yt.yaml + key_groups: + - age: + - *yt + - path_regex: secrets/wireguard/chunk.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/services/caddy.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/services/hedgedoc.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/services/miniflux.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/services/gitlab.yaml + key_groups: + - age: + - *chunk diff --git a/secrets/de3911/chunk.yaml b/secrets/de3911/chunk.yaml new file mode 100644 index 0000000..f357b81 --- /dev/null +++ b/secrets/de3911/chunk.yaml @@ -0,0 +1,21 @@ +id_ed25519: ENC[AES256_GCM,data:4KDp3uxoV+uAF2drnCYzhtjHE4rb05Cb7gGH/z+PkqYIJ4UoOHCDyCXGX9ghB9VejCTLbSD/jfPzhPlE6v5a4nKqjFOzbVqz/58MnOdLT49ml6fu8dvUZ4hgTGURdrkRTUtss8OAwqxUV0/S0w0lF+LA+nxEntZEdgx/wyPcykAkMaWTXLjpWQ/KeJoOvtZlG8YQTSebh2Z+sJrEDV4N86R43xCJlZt342lA1r+EmMS5tmrUydREX67WY4TulzLMt7AeedCDtzQ1vLMjkSA+zmh5IyjitgBv8PsQNbg66S7PcmegNucIq1RorXiOi3sTs8YFi2vF8VgZEqPJxfmviXtwHZHwknLmhyzjUFtEtQ8+ZhykNyGAcxhpooWJ2vJCozTLBEATNQ90w2GMCIfTbp4pzz15VnF8y++eyRLlA9uAIMBkzp19mpGRb/065mwiHTe0ZgtFZxtXOEx8Efuf7szQLxymUL6DmfkZiUjbqASdgTr+58EOaW+tA2piY2Nr38fC/oz7HfFzUVIetN4f,iv:7xOY4UXr8RV/MXjGEDAdYsi5XDpOdRLdOYH1EencRUc=,tag:WdRNHTiCK3goJFHTXx5jDA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzWFFJaWVYZXRPa05pcVNl + VnB3K3YrbnFuS0RUTHBFRVcxS0hpcWVYRzFRCmpRZUhQSGRKS1BPd0l4MGFROS95 + eTBsYU0yamZYbEZGZTl0ZHNRVTF1UTAKLS0tIHVwN0d3SVJDSEFnaUhVQ1VsSmYr + cXJsSUtTVW1xWFBaMGIwNXZpSjhwSEkK1q5yXlJgHrnyuvtuzTXurl93LDXqWSaV + g09SQVF3tzU8zye6aBidhJJnMBrR6jHxK0P6rPYYE8a0U5DMP7D5wA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T00:34:54Z" + mac: ENC[AES256_GCM,data:4wPwi3H7sTRXFrkFrT/He5wdjGEg2LVlClyUQcBxt8e17s0sX/UQFMztfJmt+PGLrhPY8b1F9J+8oJcmvU0n7sLTtKaLinuBtZgNYXrNpGVQVeiN2YDYjkkLj2IdmloP5KiD8Sdzar1gPRxx4VeyYNAr9e0rsDMBq3qmLjVfKDs=,iv:mK9/Dw3EhDvnFm0lhM1djChlTeZoH+C5hIcPtopuJmE=,tag:TGfS2ER+Cgib6xHv5UGyUQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/de3911/yt.yaml b/secrets/de3911/yt.yaml new file mode 100644 index 0000000..9693b37 --- /dev/null +++ b/secrets/de3911/yt.yaml @@ -0,0 +1,21 @@ +id_ed25519: ENC[AES256_GCM,data:Yli80jZgpicXecVdgCezbp2XV57XoDgb/6oymt5H3509QLvADkulzx2M/be0vbR5PL3iX2cn8K6yqDNNSA3+Yv8fqPshBPUUIigPIk0bIOudxVpdZwy3jbQRtU7mvQL+pLtuk4Z/wCRPU+EpQldpw05m6dJll7wIWTjWoOgL6ZYFDnK0F4q5PviL4qNuHRlzaxK4Yp3U6TasBcKnrV2OZW5EnDTllHTdbOfRB3vI15YF25a1sxYvq9DveyOok0d/XjD43tfWTXSRFXpbJEmeuqP3akPRTYQGrEP0uRXsx6MIf0USbnAdA4MLGPSL4A4sy6ManvRvn1wQaKckDE+rfAZ3DnLTmE60PO+LEn9KVp/zGtvVEr9m5gHgzcb/2+S8BY4ECg4QZHiEhthVLjnf5Ys3E9/uEb4lMnKjNzZ7QIDYFx/fIiJf2+2FxSr2ApWFl1O3bl8pfNFq2hJzmgi7J/wPypt7nt3G0nTTmwvIB4f4Xy7HSWI+bA3OQT6Nv0T2cDk+DukAZSZ62EVI0ydF,iv:1DyqUOoaHPYAc1zUlAOFBEZhM+JuYm6ggcwrWOTZVQA=,tag:zMR4QlktyL3dZ/S5u7eriA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2bWFJR2JmY0JIdzU5OURp + MHVDbnMra1hCUklLMjNQVVdyYUZwaFFaMVJjClBsWlIwNm40RW1taGVLaFB5d3BH + VHNVUEJoOHNwSWRUQlNjUTk2WERieEkKLS0tIDlVZ2I5VEdJa0hIQ3MxT3RZb0Z1 + bmVVUjZTVGJzOEdFTno1ZmhZWnkrUFkK0R6GoBKaixAAoRnh89kTvFW7tUvJh7Ce + Lxc4pTd/ZDAaNjMy8KCJvAo1CQBb/Hqytl/dERm99RL6C/MifDAodw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T00:32:05Z" + mac: ENC[AES256_GCM,data:XSJKbq0mvSMbDmNMqY+Fnnt59VgRiEZVVSXcgf3cytVEAqfMthaBi/f9OhMykvTy7lPwe9CHXWI0/1UAZHwEK+gGlIWnMAaqAYSFC+xoLbhRlkDYNUAntC1jhwcK48acK9TWlQirFZsukyWIvsvx1ap2PD/QgotwVNKxMuS0Gig=,iv:BowPffBLvInPh43TVliKudtP3mMtk+eFrniSfFnkThA=,tag:OpZCkPOywDSooOX/TnU8ow==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/ntfy.yaml b/secrets/services/ntfy.yaml new file mode 100644 index 0000000..05c28d6 --- /dev/null +++ b/secrets/services/ntfy.yaml @@ -0,0 +1,30 @@ +ntfy: ENC[AES256_GCM,data:0UkHARZmRniWu7QJGA==,iv:lMC1o866fg+JdIP7HXkBdAEJep4i/TJyNMnKF89Ta9U=,tag:iNu4Ro7ey9JFjh2LrxvbSg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZjBEMjlmZnYwemdjcEov + V0xRUnpUZVNVeUwvVmJrQ05FVThjMUJNeFVjCjZUN1ZXQkZPY3lKVll4UENGM3Qz + Z0xxVDVGRWJ5WmtOVWw5Z2hQMUpOa2sKLS0tIEM5bWxzaE5RN3gyNjF0WFlBanFz + UzR4S1BQLzVhbXo3TnlWVXZIVWFxR1EKZTLkZXWc/7ItdcsMSj0HgbRsq3RARU4b + lPsGhz/h3/D4xLnkkA/l52MAiL76SDflU5AMbNQg1iC+BHvpWD8qpg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGVU9MSkZIaDArRGQ4bHVR + NFRZc0VKSGxnQm1HTkRrMm1LVDZ1cWdjUWxZClY0TjUyVmczNEJNSC8vUGNxTmY4 + c3hBNTBrZy9nSGE4K1V1aFZZNzl6VFEKLS0tIFhpZlVla01vK0dNczR0T0VyWjF6 + NUxQNDUyNHpaWW4wYUlDdHZ5d2VyWWsK7pv4z6+RBtzokkcsi6HzuDqUXr/DsK4x + ORJS3S8ZloiUF2QZHhjOIqdUtAija1CUreRF3RjFjGLms4/NL5M8Xw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T00:39:06Z" + mac: ENC[AES256_GCM,data:lsvfZ+uOpu/mA+R8qqfnIOqziH+/jeBRZX6+Sv6Q/bErJ8q2p0dNXNBZ4OcZLVkAE2LQaqk2e4zZeMiI3d6HjwmBRzZ29Nk+EVui5SrD4qU9eHKbOx94O/jNVBN9OwHwXtnhbW82HA8lq0vFFuRJ9N/AnOITiPb55A+dgQgiQVU=,iv:xbncdaZcCjbh5y+WacbwXMjFTbFRIWBw0y+AMdL5tOo=,tag:Ko564HfgVXJBc0swCgVuhQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 From b0e39c2d36ced2254c7c35a8b8306fec722606e3 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 16 Dec 2024 20:16:08 -0500 Subject: [PATCH 02/10] more yt secrets --- .sops.yaml | 3 +-- secrets/restic/yt-azure.yaml | 22 ++++++++++++++++++++++ secrets/wireguard/yt.yaml | 22 ++++++++++++++++++++++ 3 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 secrets/restic/yt-azure.yaml create mode 100644 secrets/wireguard/yt.yaml diff --git a/.sops.yaml b/.sops.yaml index c50cb04..bdfa9c2 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -15,10 +15,9 @@ creation_rules: - age: - *chunk - *yt - - path_regex: secrets/restic/*.yaml + - path_regex: secrets/restic/yt-azure.yaml key_groups: - age: - # only yt uses restic - *yt - path_regex: secrets/borg/yt-rsyncnet.yaml key_groups: diff --git a/secrets/restic/yt-azure.yaml b/secrets/restic/yt-azure.yaml new file mode 100644 index 0000000..ba7fc85 --- /dev/null +++ b/secrets/restic/yt-azure.yaml @@ -0,0 +1,22 @@ +restic: ENC[AES256_GCM,data:ve8425OEixiEDAW9Ag==,iv:BcD+ohQRIbqqxxMyisGX6w5d/H668iHYd3hMFkS3MGA=,tag:Ig4R8TVFM2/LKik/yPNY3w==,type:str] +azure: ENC[AES256_GCM,data:zcAeDgtNEffH/sPNfYfT/9xZuIn61maVUNA/PNIYE5nY159gIOmJFR8R6zaJT5Ij3mxx5KUCeChjMbDtb/ZnYbKeiaNRd9Xw1zVOuuBZAbONhCU5iksUGLzJzJk0j3j9MnRTIwl7903m/052DvbzFcFdCaKvKZn7KRH2sggGjqQ+1UxSb/yez/QtF2I0duMBvC4SKI1Gr6GXoV+sYDckpGKj5mdnxMu+rZsIFFICtFvpmIObk0l36Zc=,iv:XRcNGGEX81KC0+EIoFqBnMIMMvi7yJmSpZjeCG8TutU=,tag:rBq1SLuZrys8kxJqWcjoyQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCWFZ4dEFyRVhlMnNHampS + eTJUcTlVWWRVNG8vSjIvaTkzTzBLWGVmT3lBCmhONUhjZFMySEMyY1VXeGJwRVJq + bVlNcUF6ejBTK3Z4WEhXenlvY3plSVEKLS0tIFMxUitCZC90d1NOTzFLd3pic2I4 + MkhJUGxHRTBnZVFFbG1najJFZno1YVkK+R5gpmJ7Tx/tdFRvg9TIa0yIwAqT8Sah + ib5ORCby6GwhW2J2r2b9qCd1827zQH/2hngk4D7Y7x7ys1yifrIKww== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T01:09:43Z" + mac: ENC[AES256_GCM,data:DNBezHHAQtRkpZ8870C6qfICTf9Ehw3I7IB16G/dbmXqi0IRmhGfcAHB3iDQhcqNemyPM4fbc4x0zw6/mGlJYEy1dd1v9X/qc3AzTvh6gEKUuKWm30tt7/G/02k+zyzwRCN7w7J7y1jqeSVZaQC2EjI2noHOLr1phMkwRQuAhu0=,iv:gakZYnxilXtRqWR+hyNP+VsUFybfvxg44Ey+afMg0Hs=,tag:0vgloDNEj6msJE2yQ7O0Vw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/wireguard/yt.yaml b/secrets/wireguard/yt.yaml new file mode 100644 index 0000000..c5f6b44 --- /dev/null +++ b/secrets/wireguard/yt.yaml @@ -0,0 +1,22 @@ +private: ENC[AES256_GCM,data:LOC8vGmfyLomE/5izQDE6N1rFlAzIypw5wIPc264DCcmMR3b0e2Ng5zh1F4=,iv:MImAKrEkoSghfj6uaI+TqPKmLn+XaqinNFWwSyEPFrA=,tag:VMDRGslWmmrLj5fwPJe6Mg==,type:str] +psk: ENC[AES256_GCM,data:D7sbcGvTyGEOfevUbxfLzaxQ/1e+n14ZIt3xdIiR1ZCM2ZPCVstAERQB5+Q=,iv:m1N9ZgU0LIV1DwuLSW80Re3e7EEzn1rMFFzOoKzH4ao=,tag:pQdd7U+ZzteLGfYzgSrKiQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3RW5aazBWNmwycnIvbjc1 + a2tMbnF6R295bGdWT0hhYmx4aVhFWkllNmlRCkpjVFFXZW85QlA2ZTdRaWlud2xk + ZmorZjVwNm9ndHZpMXduWDh4QTNVdFEKLS0tIGpPdnZCSFRyMGFzcVZyaFZ3Q3U4 + aFFObDErQ1V0bzFRQW1TdFpTUUYvS0UKxyQ4KxEp+cHwq7eDAFSZVOofuZJ+8R3U + QQCMK/Q7px33KvIBaxI3dGTtaO3PdJ13p7Xp+Vj8ftKcC1xr1yuObA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T01:13:00Z" + mac: ENC[AES256_GCM,data:7hWz/cPZLsPrax74EJe0pQCVhXrPTdzAJUOWmBk/Nm/hG52EjWSTKHJdA7mq2L3OAd/3NwJLw9EXIopR53O+/VsUH99DKtRGl9MV4zsZkEpFA04V3er66pjGgVNcS2jChrc95IggBXRybDXCy6yfqU1HqSSoO1jPM75sWYGcd3Y=,iv:kUsypdUupCRAdM1vGjtz/s0MVrsimxLAeUdm33GuMHI=,tag:f1cIFPiFhyj3EE+DOevntQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 From 00a3e353bad9fd650114eaddddc7a846f042e046 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 16 Dec 2024 21:02:06 -0500 Subject: [PATCH 03/10] secrets: add chunk secrets --- .sops.yaml | 6 +++--- secrets/borg/chunk.yaml | 21 +++++++++++++++++++ secrets/restic/{yt-azure.yaml => yt.yaml} | 0 secrets/services/caddy.yaml | 21 +++++++++++++++++++ secrets/services/gitlab.yaml | 25 +++++++++++++++++++++++ secrets/services/hedgedoc.yaml | 21 +++++++++++++++++++ secrets/services/miniflux.yaml | 21 +++++++++++++++++++ 7 files changed, 112 insertions(+), 3 deletions(-) create mode 100644 secrets/borg/chunk.yaml rename secrets/restic/{yt-azure.yaml => yt.yaml} (100%) create mode 100644 secrets/services/caddy.yaml create mode 100644 secrets/services/gitlab.yaml create mode 100644 secrets/services/hedgedoc.yaml create mode 100644 secrets/services/miniflux.yaml diff --git a/.sops.yaml b/.sops.yaml index bdfa9c2..e094326 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -15,15 +15,15 @@ creation_rules: - age: - *chunk - *yt - - path_regex: secrets/restic/yt-azure.yaml + - path_regex: secrets/restic/yt.yaml key_groups: - age: - *yt - - path_regex: secrets/borg/yt-rsyncnet.yaml + - path_regex: secrets/borg/yt.yaml key_groups: - age: - *yt - - path_regex: secrets/borg/crash-rsyncnet.yaml + - path_regex: secrets/borg/chunk.yaml key_groups: - age: - *chunk diff --git a/secrets/borg/chunk.yaml b/secrets/borg/chunk.yaml new file mode 100644 index 0000000..5b13db1 --- /dev/null +++ b/secrets/borg/chunk.yaml @@ -0,0 +1,21 @@ +rsyncnet: ENC[AES256_GCM,data:GSNYk3JhQtL/9dFkr38JH3DdyubKI36ePg==,iv:m0iGJxazJl/JKoOZUg2NCOF7H+2c+pVJDacXSc8WsQI=,tag:R91vNMOYS4eUQRgtTSYN8g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadVRSb3R2Y3h2WUQvbUJp + SlN1Z1E0dnN6YkVnczVqayttSTNjRkJ5SndvClk4ZmY4cTM3dVV2c3BMMGJOaXRr + bENjVHBNeXZXZFBZNWJHL3hYT1RDd3MKLS0tIC90RFlxRjNTbW13Tm9pYW0rdVZn + NlRDMzBHZEoxVndneFJldFZMWWgzbXcK1tCG0a4wlTDSiDC6v6eJvc/REJ8z5ZlI + PxXOcrZNKwFwYMsh29U8iZNBGO6ykSJYCYjac50d/me9QC6rFlXNWw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T01:52:26Z" + mac: ENC[AES256_GCM,data:2KDfJ9MkDF+r4Fp67TZsZkBtIWJk+GZ/3NZscJpIxyQuBQEJokpjFi0dAo6IL5bdIe2Ef15Y+AApu99ygwVGqH2BvEyrtG2zm44clELRpnmuoT9WNsSGW8FzuD2QTM7rlBNyy/DQz15GfLFnlLidIOx9xADTgFlAuclIE9yABWY=,iv:8ymO08+fXBOLXOesW4W4tUe1FHwM3TZQH6amWf0efjw=,tag:vui12FGVUhk3AZgClm6+zg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/restic/yt-azure.yaml b/secrets/restic/yt.yaml similarity index 100% rename from secrets/restic/yt-azure.yaml rename to secrets/restic/yt.yaml diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml new file mode 100644 index 0000000..74f0055 --- /dev/null +++ b/secrets/services/caddy.yaml @@ -0,0 +1,21 @@ +env: ENC[AES256_GCM,data:gXXwWb90Y61kHl3OLxcwfqDBH12czdIWy8AG6LVvykgDcTtgWFxcA7oFQ2bwcDUzz604WaIF2ChlNXH+3U0SEJepH2yNOHYIB6qmdAktHN/VOE4iryLwytXuMCaDkO/N5RFTH5KtWZ54DziEYy1KShhmGOSpDqnBHnrq753C7akrJZa3Tg==,iv:2UC6RqRKAyxSVpeM2onjnZi3ZR+4MoLV6G3tepyOel4=,tag:kVx0Il63mcdQo26ObUoLVw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUQ01HQ01LUVpTYmx1U3Ro + QUpRQjdkMEVIK1RpVTdxbCtTVmZoMmo1cUJFCjhMajlWQll2MHAwZ1JXMmJ0Ym9Q + RnJ3QVBUck9tblRrcVVibmFmVTN1cnMKLS0tICs0c0FSYXo2Y1g0TG41ZWR4ZDNY + RVdNL2dWQ2JGL2ZlTTZyb2dzY0V5bFUKDd0iSl1f0Qm6H3rku7zf4nNZhe/mdaai + t2xTH0mSIOzy2D8TYSUG7EwhdqSa8qa21TRKppCRIClYl1/DzoDl1g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T01:53:50Z" + mac: ENC[AES256_GCM,data:KNPkt7ydX80C5ZQehLbvNej/ipgWvWGhNAuxHyF5lbORgPlztdK6c/M/VV8MqA6qYXxpyBGtMaiu0vTB5/qJAd99AfKoJ9p9amaQEG3oxxbObHupX1qjdlW4ZPgqODJSN6f2ma905YQgAsxlKYhz2yKg+KWz10hlz4hhTASYca8=,iv:PAptqJbpDvSe7lRFUaMXU/TpMbQWGjQflUmQ9bxkUrM=,tag:6qVF/3PKv2fSKBTZ+IWMzA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/gitlab.yaml b/secrets/services/gitlab.yaml new file mode 100644 index 0000000..83b7d23 --- /dev/null +++ b/secrets/services/gitlab.yaml @@ -0,0 +1,25 @@ +root: ENC[AES256_GCM,data:2cMLOiz/bbjFAGg3OFdYpr1aYg==,iv:JLtUg62woGKmpbQJ4/uJqdFvkwabZWTSjl1Y+SaScew=,tag:r/pdVABOZX/QksI+dIcB5g==,type:str] +secret: ENC[AES256_GCM,data:dvvtgwDx0gl8lBg4jHLMIiCSYd+FiQpt3ok1Dyi3XAfKfxA=,iv:7qT5iBOR/CkPRdEfVdjW0mRcgCVIj1VnFybT1N0JZ6I=,tag:KgVCHhfB2F1PT40Mx0MjaA==,type:str] +otp: ENC[AES256_GCM,data:PAVEASd5V5mQSbLP8xXpOO3fdwyJkAQ1cB36SQGLorOdj8s=,iv:pA/J4R11Vtci89rIEwsDT8+IXIeOiZ+nMR1D7BF/nSA=,tag:3aQDmuw7BTFtQwyu9/1pnw==,type:str] +db: ENC[AES256_GCM,data:/h7YXXi6HlZN16Jyy2+kwFKAkziAlzOPzv2zGmMT/pwWxf8=,iv:B9p6x6y7P4DTUIwZ4M4QGVluWEAOJThQzPQLphGSA9A=,tag:KFO773NVblCSzi6ViqvJ3Q==,type:str] +jws: ENC[AES256_GCM,data:Z28Fzs6lI+ngGDHfpmX5fw6vvr2Q9pc5DC+LwIwefxIJFE812w/BU5qnIGO7Yvb+DczO13nK7Ceo0JH/ZBcX0iNxQQjPbFSd8MxwIggWB1n944D5dZl5CUSKJJmPq4wjQpSGydaKwSzneXZp/k/O9hjD9RK+6k/tGe6W4ODpIAxymBIUt1AIOKmdwp7u9ZGqMlOnVvU0eClFSIB49zx3cJduygIdhEkEoV6QvYzm2wTPg5elxbV4DcXQdfHIMekjQG8GvvxryC2pE3zz0oK6uKF8wx02NoOPNXwB+/5ONWpbzQHeqyzb2v93UWY8JbQDz1GxlVVKES3kR/vHsbh4PbzyHb+v1gkGzjHnDzX+bW7MQoBmiqqlW3dMN1ZC3r5hjC/xb4gVrzxgu1lOxbgbid8h/e8jPA4vajyIlrlw9nEoi9o4PeaLLEm/ByLdsf/WEw9Q0W6HyZwLzhT8iwNWpJc0mXkeZ5T1kBtPMV2RTZ/ek124So6vOEWbwgRb3kNEsaudfmtSUj0av22PmUQgzWw/+7ZWzFLjp8Txl7Rrf9QuISj3YDEBbjJh6AcBHlVoYHdNX2elsdEqTdKspDtr3+5ZnM+ajO1JyeboWsC8GlF2Lf0YcDwzrn2aQwUY0gwgxE2LHizsc2OW3ESnm5UfbZXhM+SJ2s0Ovw/4PbVHkN0myn4vVENjZED+SmsUmxOAXgP5LVBvmSnVFX+5H5Qb6xP136FBCE8n2cu/aPsKePTWugpNlrOrkfnA4DQiuYIT2owI2vvnkLmpJmXi2pu+gSWrN0qj9Fe/2b0afcubUwvZEE3PmCBjHk9Bcs0OeTW0GK2vJfVG4UKrJHLys+EwDYlkYVIN02e0BwxIdoShgtyYp2MzBbY24OHco9UxoL+JLP61eb7QHegPe6B/f/Cr0t4tbu8DwGCgMJtJVaT8aRVfT/gb2Jlu0OrXZF6DHJegRvbXvD+g7wDD3E25vdDGVD3BFXrxWg3MuqFFKyDxuZrGoiURiMJQtZ3i/eDTQN8OYo9m1AaB5p1xgRwXkupRmcaPhSj/CQ07xLsIW0SxBnLQZbE+l4eKEtkBvku89w2oE5qMqscPvfhzG+T2fQjeUMEIOl4YCRYNp9I/OAr4Wi3wRgNFpGGjXdhHBG+ip1caJHoBRVfTotBXwNb3uNiaFuofotEYOTc+7ew73E4XV12wFr+UwXcftTqy5yApnQ9TKwQDB1DYVfERsVr9atdxTxcMEBJsRC9mGVluVcdCEx0XTEHh5+nZtDeZWt06wEK+OWN5wi6e1iPEX49O4YIxKbdiY0upD9en1j3gkTlL4VbgAdYpSIl23SWVnERLqZrHVu04RuQWoghShQejJN/CVpEWfL/z9oAe6T8xZNAJXcpgOEfI+vv2J7SDhcLZdjB+pZYo7+jtfhGd101yAgZH1ykeVxQA6rBgrCcX6JnNcoKf/yUEGjk81pjsSOb57I6dgKF/K1FjYPOTIWg6dkHMSSUMr9aiKTm21hF00bYIfbKFAv4/xtTexPpjvZQtc3VMFLqIF5+YJn3ZUalRJIFetnhWzDHRspT8e3Gv4PoUtFtwEy/qsGx8AK+xD88khVxjcoJdFOzQUrMh9fmkti3KdpBdKSCLPI6NdZVHdwUKuuCfotj2o+QLEUzp13RoKnePsVMUmdoq4mrywACuLAMZibhMw243qVSFgvBAziLgTrwMs28pmA6pcgYiDqjsJoAeHqSzf9bPKf/L5lP0+S/Uq6Rxdj/kA0WWX7EFg5yIiyKznEJhOqB6Cm0LD+qO8tCdIxaMAQ8HKrtOCCE8ZQeRcLmPQpYuY2mOSF3pqc/U7GUc+TIx9fwdaydPKCn7KJyH/nqoPC6yH1Lp7YPNIkv2DoTFNnl6Z28aQkT3wEDtA0Lm3F5TaVQBGuv/XvccdzsH4/XZGjzh04D38bR93bBm4AU+dj5tG+adGyFFwz1l0vC3ArXbWQTioqavAVTCSQXEViBPjBPzOVbQ0pV1cyck+r6GIHm67zCv04AMRy+LwgMBECv4foPsafGqHz04Z9eHDAX+WH8vyzsNfMqsF0hrrBFJpgEzX+uZvSoZh5ae5+oniZCisPLzzaPPm0n2r6kPKmY01uOsRYzb9jk3cFU1KKLrLEL8D3hHwf+7oG+rBFIYoLnSHH5fUJJvji0DhwqzCzP8oviAsHl1GV19sVwVzZI3Cesr3gAipOdwgCeTPxlqT++M6UW+kho4gOwfHXPTg3k0F8/rPxXEZxP6uVgS6TcmWb4PGolj8RCeHnz8TwTnxLSE/KvZsNN3pPBMfn/sU+9uPQCgEieaE5nmfEmyki6UtpndFAxacvfgGiSHtQL9P4De+xslDwTruM/+omUggZ5FqxQoL9nn+L09IwhEMswc7dhmjCGzfRD4jQfnbIAJSDf1PX159qKkMA7nASz/z01L9aTZVB7W+gcY5jE8fEh+ia/k+raBuvXsJuTXXosqaclVbs6mEwZcnoFHgV6CjzcdL9yNBxcg3L8Ay0IpRLOzIdGuopfa3ikqA4V79p5aSQAbxUQWUcDx6b7E1p4iPuyND5gUX2+RJz0MGY03YMvoTMI5FZU0J7A06srqhIyXKhzD0iwH8bnRsnB2rtkCB0B+Sva6+0B62XYJPC11AUZq49NcTt4Fgy3qj3xlYb+MhS56V/lHmJqegVDEERMSD8wMPYo/bgIvQCh2ts7IQZBUogNHHz+YvGpvcbag48ANN3ss9yN0WPS/RY9gZ/T9tqe2A45FdmjO/QzvJDQ5MsexCBmaZo6vf4oTHg0ld8NRpTEjcB6Au+LO7kmJhIcv+tBGdgQXyKHGmcKBjyMw/a3EidalRMp7w3puOKuLOwS+po0xbsniYweoJDsiw9xRhbztLQcAZRmS9r8Dapzo3quRG2LABXSPikE7vZ8qJYB3/6frwQ32OovvvxNH7hvrxNELgxeqZftCner9oEWwMWXBFmUBSDZ3iBQhnT8CtSJ8CS/PQo3hnVczY/0gELnattPPQp1mybLJSEsGl6Lqtrl3LIHE2HQ8jD6sCuHkUQ0QGsiljO+0tdIlqHbfFwGuTrbhv0E1iqSTwgz7UUv2bQmT2yDvhAEcDkUyMo5NXIaohqrzX9io+gOwyXAiaum5jV8m+fwfmEZSttAnceb84d6BDnLkbjCN+bq6C7KnekgcPkGv8XpjdwmIIRgRuaI1sHSvsD2M6/MLBf8WQYA5r4IeKSTahKzDTL7Gd9OT8QqHNvSjO519tBrTahfRkG7GRoG5U6bntSrRMXci7+8Nx3t+75dbd8cUrJPfHImzlZC16pjoDyBOLWkAwoenTrexgoleMLACZv7oah95qmDRVl6D5IerUfeQCvjC0ex7feBC2OYwEz2uJ+pKnnNXoH/2I6CG4CbvtRY4tjBZ2w3boOwlYKgG4IXkp3y0gf0DpZWCdgFeVHkn7gx7FQPYjLEmxdj3fEBWQ+pOsl3uNlfYzmrV+tqb2aSP2BB1wsnwPMyd6qyi07YuEtpKH1WlCtcXszU93wF8nNVVtBmBgpY5ml0j6/JGgc6jb3o9G5kVWgNkCAO7sCUw7EU4PVaF9q24dRXlYVER3MN1HKHI1KtwUQreIWIba/fIcfTCKWdwgemjcwi5DHgc/y/BgWjU5IJ33sFWBHSXQr7oawJDQLca2xlSMzQofGr9XtSlctllthdfd5llxTNku9j3JzQzf849p8qzBvSp1SWubIoSaLQpz0aAQLs54iL/+QH5deSJpusf1np0WAAKICd6MHHEcUBoRd6jxFm0Rz4ET0+sYyDd7JTsSSn2wSrsdpDEREYxFautqaxT6WDM+ziuMOkMvl8mlF1RJ2uiZCIYiMHLp7rf3b9B/2siDLJTFDLCFVfRQl4ToCQg6/jaizplkA73rDSjHMGxSipEt9fWufmCzXw+gNYYOsYPjbm9NrrD4u4TNzcYUi3SexzQuX1e9AM7+NdLVYRpTsKxUcsbILNJivT02nXo/UvL51f1TI1RmuVSA/Fe6OFIs1hIl2KbR0p/quhAbuW0uTBUuy0k96HOKHHULLt0kVggyW3L/YSG8h7Xd5qH2Mbp6qb4j17AFbUeJSLIzQ7EaCblRe7ZDvkNWuXB4m+Zv9FVnW8aRtOJ8bolwK8LHKqTCm/1rGMPkrOY74CO2MB2hYlBGLdLalHv8icgP6T8uXWUGX1p01++iBcTweMipjR50akldUp+4m/IYKP4m5u1NAJNRMcn7lDT0q7VtYt96RpjyMzXOOlSdTz1+skNmt+lE1MHHaKRnNfYHBnDKZ2U8gtrjJgcuoALuYli6Lgq79H+jyiuN+k1ECfHI7g+5Yh9DbEfmpZ35YbKYWUAa9emllVbh5k=,iv:n6CpxBdyWZABkkfRBHefBmx4Bh8eCpNs9bzIFvSEttI=,tag:BYOUQwdmCFy04M9K81mcSg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBocHUza3ZYMXF1bWVpTCt5 + bFMwY202SVFpbHl4MmNaVitUa0xVaFRGRFVBCnRua2NraWdwK0IvZW44OVFnWk9y + QU1kQ1FLRFJ4VEpOcWZRTnFrZW8xL2sKLS0tIEEzNzNvWWZ5QzY5ZHI4Ui9CTXox + NDJub0VsOHBWRUdmaS9MVjdsR0w0TWcKakkE1WPj8foCbEvhgy08yQXPUzGEYxiM + m92v1LS7QiCNkzcrN3CvqyTS+StgGK7W+TMrTDbTSpONnpHC8DH7Kg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T01:57:47Z" + mac: ENC[AES256_GCM,data:bU67R1Vw3C6omcGTfg4l0MloS4r9QAHcguCRwcs1WAinW2ZIRE0hDi06fONnuuMiswq/z4YKeKkKUzEgDv6H6KvDOsqcS/F2RFXrkyW9eyrTjvpAjQbagYfDgKlL2U4RJrwbIj4y9ooL+eo0u8JbptnywCxR4sGodIMVA0OxRKI=,iv:4XueQn42JiI2SLLluEwrCBFEinnyzLQMhWhV+5LsWvs=,tag:YRwb5Qom1+5xDfhIV5TbiQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/hedgedoc.yaml b/secrets/services/hedgedoc.yaml new file mode 100644 index 0000000..9bc6aab --- /dev/null +++ b/secrets/services/hedgedoc.yaml @@ -0,0 +1,21 @@ +env: ENC[AES256_GCM,data:lbr8wYzoJtUyktBoubaVJcSoxnuYkymkg821pPBUCrf0xFENkbMdGHZwiXKqp7P2vV8szcAly262xedjlcvdPGlgQ/A8K7xdF1Lqgc4tAoX9YE1F,iv:Q9vYpDyGy+f7xZWpR/HHrIgZL7OyYyu1ofGvPMOFxCg=,tag:DWm8jQ5TVSy+w5xd9eAsgA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUY0NtM1pLd3FvUmpkZWxv + bVpOTlFXVE1FWDdaNmpPd2owdUQyaWh1d1J3CmNDQWdSZE5MZnBhUjdIMUlodklq + bXkyMUtBSzV6L2tqeXFtdzh3NFdxZEkKLS0tIHMyZ0dGOWwydzlSdVAyeFdxc21C + NkFoeERWQkNGSU9yRTI4MmlrK2VNS0kKb+aWjkg5OlNanSNrJtwR0Whxg3EEYXyC + ZfZFYeXyheCPiu9/rYiKssVrHpJZFHR6a2sE1yKw0+3BP6DiKIp/nw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T01:54:16Z" + mac: ENC[AES256_GCM,data:u7Zo2zpBSt7z2SdZzpOHuDQBODSljtUmbRCL8WzpySeI1OYkPhpKkrxtWtfH6/e6xIXMB2obyAyVSKnZddgaHB5ssRFhvP2uSaZmJkyHn/XzPa8+Lfk84Rm0hFgWw+6AzXg0CIdzI8XYeq7q/8DNe+HH9vUxkC7gnNsqvemwsKc=,iv:2AaBl2BQ9AXlrlnvhT1bC/XzRqNbbLWrBBYc3R2FhMo=,tag:1FeZh9ojqRwKu+5XjJR+BQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/miniflux.yaml b/secrets/services/miniflux.yaml new file mode 100644 index 0000000..0970673 --- /dev/null +++ b/secrets/services/miniflux.yaml @@ -0,0 +1,21 @@ +env: ENC[AES256_GCM,data:CXZHx5BFTT4YrynsqlmeuGyavUSrslPKhymWpNWYcUIrTLGeC0AH0ssuWdGB8zRA,iv:R0jMQUlMrQdG9WorSZChV4pNYrnVyC9PoqtqxUdrs/Q=,tag:BInjaI3oPLnavLSH9jbB3Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuL05LU3AxMmowM0cyQjJX + Y3VkTzZmNU84K1E1KzNLNXFRR0xscVpKY1JjCnR1aGh5bHFpcWV0RXlObXhFblhO + djYvYVdWMS9rWWZnRkwxSHh5bWE2aHcKLS0tIDJQcDBUTEpMUVZlMGJEUGtWcVps + anFWdCtvMU9ZMitRa1JtUjJvWTBrVkUKJqNVPXLEC27RKYICFySy9ZRfp8na8P7G + vf0vJ5y0mmlNOiETfQEaHNYu+cBlMr+sfNjgsLtff00LHHnmkE8WQg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T01:54:59Z" + mac: ENC[AES256_GCM,data:CIIPZiTQy+rOaI+0qKJS2f7s+0T5kCDZI12D5l8gveCilsOrCTGBY5dzIqnqWC7bMzn+0WEOoj8yTHx2mCWrKRK8ZvkYjeSMurHpvaPnYyA0uJLsHec5U6zyJKso+/4odjVX2BEIttkFehagDVGKKWrceO9njkPchgEyoWxbSqw=,iv:DgCG0UbNieNlgpUQEIINTQWHB1WrOGf1nARpFStTlBY=,tag:nZmpYEpfXhG2C4cD+UbrOw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 From 8aeaaaf74d256a12e1a15a09e8c6b0b528d5d1f1 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 16 Dec 2024 21:20:10 -0500 Subject: [PATCH 04/10] secrets: add yt restic key --- secrets/restic/yt.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/secrets/restic/yt.yaml b/secrets/restic/yt.yaml index ba7fc85..6f1601e 100644 --- a/secrets/restic/yt.yaml +++ b/secrets/restic/yt.yaml @@ -1,4 +1,4 @@ -restic: ENC[AES256_GCM,data:ve8425OEixiEDAW9Ag==,iv:BcD+ohQRIbqqxxMyisGX6w5d/H668iHYd3hMFkS3MGA=,tag:Ig4R8TVFM2/LKik/yPNY3w==,type:str] +key: ENC[AES256_GCM,data:1yjpaRXeie+8nC/GcVk2mmMDdPTHOyaAWLuilWE=,iv:sAjl7Q2o0ELfysRGnM3182dI9eRo/XjZNLi3ubLY734=,tag:BYDRqd3Zirg0FQgKRRQg1A==,type:str] azure: ENC[AES256_GCM,data:zcAeDgtNEffH/sPNfYfT/9xZuIn61maVUNA/PNIYE5nY159gIOmJFR8R6zaJT5Ij3mxx5KUCeChjMbDtb/ZnYbKeiaNRd9Xw1zVOuuBZAbONhCU5iksUGLzJzJk0j3j9MnRTIwl7903m/052DvbzFcFdCaKvKZn7KRH2sggGjqQ+1UxSb/yez/QtF2I0duMBvC4SKI1Gr6GXoV+sYDckpGKj5mdnxMu+rZsIFFICtFvpmIObk0l36Zc=,iv:XRcNGGEX81KC0+EIoFqBnMIMMvi7yJmSpZjeCG8TutU=,tag:rBq1SLuZrys8kxJqWcjoyQ==,type:str] sops: kms: [] @@ -15,8 +15,8 @@ sops: MkhJUGxHRTBnZVFFbG1najJFZno1YVkK+R5gpmJ7Tx/tdFRvg9TIa0yIwAqT8Sah ib5ORCby6GwhW2J2r2b9qCd1827zQH/2hngk4D7Y7x7ys1yifrIKww== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T01:09:43Z" - mac: ENC[AES256_GCM,data:DNBezHHAQtRkpZ8870C6qfICTf9Ehw3I7IB16G/dbmXqi0IRmhGfcAHB3iDQhcqNemyPM4fbc4x0zw6/mGlJYEy1dd1v9X/qc3AzTvh6gEKUuKWm30tt7/G/02k+zyzwRCN7w7J7y1jqeSVZaQC2EjI2noHOLr1phMkwRQuAhu0=,iv:gakZYnxilXtRqWR+hyNP+VsUFybfvxg44Ey+afMg0Hs=,tag:0vgloDNEj6msJE2yQ7O0Vw==,type:str] + lastmodified: "2024-12-17T02:17:42Z" + mac: ENC[AES256_GCM,data:tdKRHS6RDKYUF2hM+/XDvezt2iNuT3IXBxWPnBjDfYEoanJEeT4LgqvSz9r/Cu8XNMF78bWykuSDgj+KNo0XUfLqv9AxYS5EhdBdMHcJKj4T6FuQ5j7hMPg9vKzv4I3ZzDBUJeOV6qso7VhLkaZXzqIsuDJia2V0rJ3nwhkTvzk=,iv:uEJ4zE73E+kbFYmTl/PNjv9CKbi2b3qtYk4Bth/iy6I=,tag:8/+3hdG/3MVLgfyNNQuGUA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 From fc58bb2740200c6310f1c4b45aad022a6a723ccd Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 16 Dec 2024 21:25:30 -0500 Subject: [PATCH 05/10] secrets: add wireguard chunk --- secrets/wireguard/chunk.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 secrets/wireguard/chunk.yaml diff --git a/secrets/wireguard/chunk.yaml b/secrets/wireguard/chunk.yaml new file mode 100644 index 0000000..0a62eeb --- /dev/null +++ b/secrets/wireguard/chunk.yaml @@ -0,0 +1,23 @@ +private: ENC[AES256_GCM,data:GNuMYM9qSuyrS81iOuidDC+3y7DOepjC2oDboM9k2zyww0jOeWiiOu5coEw=,iv:elByELlsvLA1DJMKMZfiYAY6SLS4R6KMpVyvbSYehRE=,tag:sQLaxLqMUO/84/snFWHBmw==,type:str] +psk-yt: ENC[AES256_GCM,data:yz6I+OvzIXltix30b1otqyutPjArjufORYLF42zaKb9/nuwIQyrpVfI0s3U=,iv:5Cbv1r2cBsfFSRUvqHOlUk8HnngWXmihkHdcvb1kgKI=,tag:ew4OEvRpjAc1bD6F/CtSZQ==,type:str] +psk-phone: ENC[AES256_GCM,data:fPks6k32Z4wp8teNvvgYUgE33XCKp4/W1hlO0vOpXzZxX2iGmC08uBtdPeg=,iv:lt8eR1Pu4HCh0zGjCDzdC9zHXg0oxNSe3ctHhC8FNog=,tag:gUhQKf/o0rY82t7tvt3mAg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIMUliZlRiaXN4QUlvM2pJ + YkpiTm9iSnhLZnY3QTdwMWNKRUE1K3hLN2pJCmVOUE1QbnUzU0lPQXdVaDlHaVVH + S0xhK2FBb3o5OC8xK0t2OHoyeWFSSDAKLS0tIHkxMHIreG5QS3VsbUhPa0dXRVM3 + ZnBkTllKWWwyOXdaTEZhVndVNDhtV0EKGCAYXiYwbk0b0w/FuE5gkp7597YjJMRg + ukIHh9za/HI6PuR/uNGSOVZeI9AKx9ZeokaDa7Ysh7xsGjCpBj0Qxw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T02:24:05Z" + mac: ENC[AES256_GCM,data:PSzME9YfcPaqueXUjw13P3HgvQCRU5Q70YdsiJ2aLltuUJe4oNJUNRQd/VIVGCAreNb115JlpSmWfhBRefUlhdDlY2Bf/mKfOYTrk+5q0P4uF+l7Hvt2CGw6TZljr4081JEvxggBzYS7PeDJmA2k3bnsLrePEeoYVPumFrKBIPM=,iv:GxpqKJSczE48V99TCxhWB66sQZXPBdZeD4ZuQKG/ojI=,tag:CEenUUYN1yjCNwxok3PjEQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 From 59fc4229a09d290d434e330c648798c01465b0cf Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 16 Dec 2024 21:27:54 -0500 Subject: [PATCH 06/10] secrets: add yt borg --- secrets/borg/yt.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 secrets/borg/yt.yaml diff --git a/secrets/borg/yt.yaml b/secrets/borg/yt.yaml new file mode 100644 index 0000000..650956b --- /dev/null +++ b/secrets/borg/yt.yaml @@ -0,0 +1,21 @@ +rsyncnet: ENC[AES256_GCM,data:bRkLcWrMtlY3/7yMedzFMX5nFdRHawftDg==,iv:8Ip1vS0DpBOdD8VYlSK9pTQj2MC8Tx6eSUXRMtvKgmU=,tag:/Alv4F86wCR7ZvoMnHc0gg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMS84NVY2eGdUWHBPNjRG + bVY0UjRaci9kMTRHa1o0V3YzN2VtNWhJaVVrCnBma2xsLzVKOERLVXNhQU1vTCth + azQyaUpPbHF5U2dMbEs1VUhFeUI0RGsKLS0tIGNtTjEvWk9ZMzVlVmdURlU0cWZy + bGhLRU15QUxXNjQ4TDBIWmlYMndJeWMKCY1djq72Fow3HiVP+cG63CMEtshIve2k + sHhU3UWPidxcZxdDmK/Sw3NKoYncxeLJUS/W7UhNYr3Z7UZCW6+D9g== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T02:26:35Z" + mac: ENC[AES256_GCM,data:ZSbrAQIb2XXew6hcsGzuY02SHF8w0cyuyA6OyflHJ82gBTLqnw/ZpfIq6soFJiISWIr0PbM0vDb47lE/h4pJ08tGdR+8krBqJ1urPtkplg3eweQ6R9S4Kn5EfUfZ3ofVC92kcWgee9venjBWq/HPRT+9tvhsjEWOcoK8xWC9pww=,iv:XGkJb88no7qvdmBydFjt3EcLDh+Xj/qK5t+Jdkf6LH4=,tag:lkCzudpAA6XmEhX3KXZT0A==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 From ed8a15bfeab7ee568bf8abc67309a730afa58b6b Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 16 Dec 2024 21:45:58 -0500 Subject: [PATCH 07/10] secrets: migrate ytnix to new structure --- hosts/ytnix/.sops.yaml | 7 ------- hosts/ytnix/default.nix | 28 ++++++++++++++++------------ hosts/ytnix/secrets.yaml | 29 ----------------------------- 3 files changed, 16 insertions(+), 48 deletions(-) delete mode 100644 hosts/ytnix/.sops.yaml delete mode 100644 hosts/ytnix/secrets.yaml diff --git a/hosts/ytnix/.sops.yaml b/hosts/ytnix/.sops.yaml deleted file mode 100644 index 99be1e4..0000000 --- a/hosts/ytnix/.sops.yaml +++ /dev/null @@ -1,7 +0,0 @@ -keys: - - &primary age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 -creation_rules: - - path_regex: secrets.yaml$ - key_groups: - - age: - - *primary diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 72c495b..5c8868b 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -11,15 +11,19 @@ ../common.nix ]; - sops.defaultSopsFile = ./secrets.yaml; - sops.defaultSopsFormat = "yaml"; - sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.secrets = { - "borg/yt" = {}; - "azure" = {}; - "ntfy" = {}; - "wireguard/private" = {}; - "wireguard/psk" = {}; + "services/borg/yt" = { + sopsFile = ../../secrets/services/borg/yt.yaml; + }; + "services/ntfy" = { + sopsFile = ../../secrets/services/ntfy.yaml; + }; + "wireguard/yt/private" = { + sopsFile = ../../secrets/wireguard/yt.yaml; + }; + "wireguard/yt/psk" = { + sopsFile = ../../secrets/wireguard/yt.yaml; + }; }; boot = { @@ -183,7 +187,7 @@ repo = "de3911@de3911.rsync.net:borg/yt"; encryption = { mode = "repokey-blake2"; - passCommand = "cat /run/secrets/borg/yt"; + passCommand = ''cat ${config.sops.secrets."borg/yt/rsyncnet".path}"''; }; environment = { BORG_RSH = "ssh -i /home/yt/.ssh/id_ed25519"; @@ -195,7 +199,7 @@ # warnings are often not that serious failOnWarnings = false; postHook = '' - ${pkgs.curl}/bin/curl -u $(cat /run/secrets/ntfy) -d "ytnixRsync: backup completed with exit code: $exitStatus + ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus $(journalctl -u borgbackup-job-ytnixRsync.service|tail -n 5)" \ https://ntfy.cything.io/chunk ''; @@ -284,14 +288,14 @@ # wireguard setup networking.wg-quick.interfaces.wg0 = { address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"]; - privateKeyFile = "/run/secrets/wireguard/private"; + privateKeyFile = config.sops.secrets."wireguard/yt/private".path; peers = [ { publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0="; allowedIPs = ["0.0.0.0/0" "::/0"]; endpoint = "31.59.129.225:51820"; persistentKeepalive = 25; - presharedKeyFile = "/run/secrets/wireguard/psk"; + presharedKeyFile = config.sops.secrets."wireguard/yt/psk".path; } ]; }; diff --git a/hosts/ytnix/secrets.yaml b/hosts/ytnix/secrets.yaml deleted file mode 100644 index 4b93538..0000000 --- a/hosts/ytnix/secrets.yaml +++ /dev/null @@ -1,29 +0,0 @@ -borg: - yt: ENC[AES256_GCM,data:CGcdcA9LnDDlTYJwsT25uY9h70yJtKhxgA==,iv:F25VTezkd4RQd7BZ3DD39hPiPj+Z3H01IgPhCGUQ5aM=,tag:mxLPXR/ffBXkByk1R1PYvQ==,type:str] -restic: - azure-yt: ENC[AES256_GCM,data:s8TJ5cNVW2Jr7kyul8mrBGwdLoTlNTb2MfpZgPU=,iv:sC0DbgFbFl6vvLqwOFDwRa3nabrIWxOTuz7GXn17IHk=,tag:2MYprYgNhh1aFlzuyw5eGQ==,type:str] -azure: ENC[AES256_GCM,data:UdHmasRElCFC66dxnnGTOw6vgOzrOIMiSLsczK0Qew2WBdZUKVnRTfSCxQrB7P8k+j3N2CDt5Y4GXvf9GVFrWCMOInOqYXcyycGXsdli2DbqpXTa3f13ykvc/aoKyw3YuFQdrNci3Kae9PYZ4v5f7fH8n4WgOKuYj3mO9k7WHxM1JBzYRRZP41Jghnb9SqVhl9UXVPI5ONBd6JI/FiezSMZPYC2FxNgQ7zHUQJ7qQ6aJTgRljslJK9I=,iv:bRoYEA1hbEXRG7PoU7Dfba9uRu3cAqfeuvSIfavZZ8M=,tag:cHXUe/njZNoG6EuHYYz0Yg==,type:str] -ntfy: ENC[AES256_GCM,data:ZfTVhdzA1+L3B+g7tw==,iv:1dXDqYi5/zBQ9iphzjn/GHGDcl90J1NYHvHQpTsVPlg=,tag:RfB1/Zz9ITJQV89cuk9OcQ==,type:str] -wireguard: - private: ENC[AES256_GCM,data:hPfJis6gbPPguuhNBViiZDmeFSaUXsgRrCGrhTFzbySIytVuaieU0BJSJQo=,iv:tYU41JTeB7Y50RQr1b+zGCgB5voZec2Vfmd350J1Tgc=,tag:aFMZoJhMToJDuuV8dc5Acg==,type:str] - psk: ENC[AES256_GCM,data:NhQ1lYFpjTpqbkhYyEpEcBTf6vewSeGevUnvCmruoZMSGA2ZWs+le8a0tAA=,iv:aBeVhzUwzBgochk4vtdqnUv61dZ5jELh28amx8XqyFI=,tag:9TvGx+sJaicX52FitOpOdA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhUmhsRDljYWJLS2tzUC90 - a1oxZGZBUy9LaFpJeTF2MmZWQnl1NU0vQkc0CklnTGszaHRCRW5GYUU1OU9NVjVH - SW02OWVXNDNSMTFyV2NUU2xTV1dlTGMKLS0tIGpKT3lQd3I0T0xEMWo2ekd1MmM3 - a1MwYjB0Tm03bzJnWTdoZ01KbXBPUkUKUr6hOsdZDJK6bFyEnBf4Vkms8EJsIvZY - ML481g9d9Vlm5x7X74nUcWemFSzttSdWEM3Y/IOHpXDbvC/Tbw+z7Q== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-14T23:07:47Z" - mac: ENC[AES256_GCM,data:GQUbR/ApVo6E5jqkGo79GDkRv7nj7Sa16ROCTg0uYO0xDmv9h/bPWBTUOfsU0G/0g3OvohLkBbmYA+hMx24xlLQzQkh8Z3dyAn9CcAJ2j9JLY7qHtSBpvafyPptvKzmPU0mnQpShgqYPCUhF6A2B2YAAvW+TknBih7eiKKeidkc=,iv:XLKIad/LZWuWUrrcXtF0UyNccLhoB0VSWXYCGDq/7Uc=,tag:lNyMV8Ses28gOj+KINem5A==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.2 From 455b1d8dc3721e170418f146f14ad3c4942ae1c3 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 16 Dec 2024 22:17:39 -0500 Subject: [PATCH 08/10] secrets/ytnix: fix structure and path --- hosts/chunk/default.nix | 2 -- hosts/ytnix/default.nix | 20 +++++++++----------- secrets/borg/yt.yaml | 7 ++++--- secrets/de3911/yt.yaml | 7 ++++--- secrets/services/ntfy.yaml | 7 ++++--- secrets/wireguard/yt.yaml | 9 +++++---- 6 files changed, 26 insertions(+), 26 deletions(-) diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index 95fbf9d..e0286bb 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -24,8 +24,6 @@ ./tor.nix ]; - sops.defaultSopsFile = ./secrets.yaml; - sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.secrets = { "borg/crash" = {}; "ntfy" = {}; diff --git a/hosts/ytnix/default.nix b/hosts/ytnix/default.nix index 5c8868b..992c852 100644 --- a/hosts/ytnix/default.nix +++ b/hosts/ytnix/default.nix @@ -1,7 +1,4 @@ { - inputs, - outputs, - lib, config, pkgs, ... @@ -11,17 +8,18 @@ ../common.nix ]; + sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.secrets = { - "services/borg/yt" = { - sopsFile = ../../secrets/services/borg/yt.yaml; + "borg/rsyncnet" = { + sopsFile = ../../secrets/borg/yt.yaml; }; "services/ntfy" = { sopsFile = ../../secrets/services/ntfy.yaml; }; - "wireguard/yt/private" = { + "wireguard/private" = { sopsFile = ../../secrets/wireguard/yt.yaml; }; - "wireguard/yt/psk" = { + "wireguard/psk" = { sopsFile = ../../secrets/wireguard/yt.yaml; }; }; @@ -187,7 +185,7 @@ repo = "de3911@de3911.rsync.net:borg/yt"; encryption = { mode = "repokey-blake2"; - passCommand = ''cat ${config.sops.secrets."borg/yt/rsyncnet".path}"''; + passCommand = ''cat ${config.sops.secrets."borg/rsyncnet".path}''; }; environment = { BORG_RSH = "ssh -i /home/yt/.ssh/id_ed25519"; @@ -199,7 +197,7 @@ # warnings are often not that serious failOnWarnings = false; postHook = '' - ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus + ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus $(journalctl -u borgbackup-job-ytnixRsync.service|tail -n 5)" \ https://ntfy.cything.io/chunk ''; @@ -288,14 +286,14 @@ # wireguard setup networking.wg-quick.interfaces.wg0 = { address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"]; - privateKeyFile = config.sops.secrets."wireguard/yt/private".path; + privateKeyFile = config.sops.secrets."wireguard/private".path; peers = [ { publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0="; allowedIPs = ["0.0.0.0/0" "::/0"]; endpoint = "31.59.129.225:51820"; persistentKeepalive = 25; - presharedKeyFile = config.sops.secrets."wireguard/yt/psk".path; + presharedKeyFile = config.sops.secrets."wireguard/psk".path; } ]; }; diff --git a/secrets/borg/yt.yaml b/secrets/borg/yt.yaml index 650956b..1f66b9e 100644 --- a/secrets/borg/yt.yaml +++ b/secrets/borg/yt.yaml @@ -1,4 +1,5 @@ -rsyncnet: ENC[AES256_GCM,data:bRkLcWrMtlY3/7yMedzFMX5nFdRHawftDg==,iv:8Ip1vS0DpBOdD8VYlSK9pTQj2MC8Tx6eSUXRMtvKgmU=,tag:/Alv4F86wCR7ZvoMnHc0gg==,type:str] +borg: + rsyncnet: ENC[AES256_GCM,data:o1z9xwXqjceO6b/k9da33DyltLt+k9cS5w==,iv:Buu2gHB+MH2Ma/d0cGYyoNAZxcHE7dK/uLZMR9y2VDo=,tag:hNZyZQqAqRF7HXkT7ypTHg==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: bGhLRU15QUxXNjQ4TDBIWmlYMndJeWMKCY1djq72Fow3HiVP+cG63CMEtshIve2k sHhU3UWPidxcZxdDmK/Sw3NKoYncxeLJUS/W7UhNYr3Z7UZCW6+D9g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T02:26:35Z" - mac: ENC[AES256_GCM,data:ZSbrAQIb2XXew6hcsGzuY02SHF8w0cyuyA6OyflHJ82gBTLqnw/ZpfIq6soFJiISWIr0PbM0vDb47lE/h4pJ08tGdR+8krBqJ1urPtkplg3eweQ6R9S4Kn5EfUfZ3ofVC92kcWgee9venjBWq/HPRT+9tvhsjEWOcoK8xWC9pww=,iv:XGkJb88no7qvdmBydFjt3EcLDh+Xj/qK5t+Jdkf6LH4=,tag:lkCzudpAA6XmEhX3KXZT0A==,type:str] + lastmodified: "2024-12-17T03:08:48Z" + mac: ENC[AES256_GCM,data:Zxdfy547x/RQF7Q3ip6163nD07F2L49u9yNvCQcxrjfFbVQNYspkX+aZJNOW+9KzIpmMcmVe9llN9IyA2b3R3Yzz6hBzP2LCxO9iQt+XQVpv5rCQRC3E+4SgkX6KpZ0TOhjiA9+4KvwfYkXH5P6JS6jjw5u4v16i1X121quBemk=,iv:86EoZpSSqZ5q2DZP4B9NTASFOzX1ptdRcw5o+3eQKkw=,tag:c/D7Mus6d8X1Q8hMPziGqQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/de3911/yt.yaml b/secrets/de3911/yt.yaml index 9693b37..49ccf64 100644 --- a/secrets/de3911/yt.yaml +++ b/secrets/de3911/yt.yaml @@ -1,4 +1,5 @@ -id_ed25519: ENC[AES256_GCM,data:Yli80jZgpicXecVdgCezbp2XV57XoDgb/6oymt5H3509QLvADkulzx2M/be0vbR5PL3iX2cn8K6yqDNNSA3+Yv8fqPshBPUUIigPIk0bIOudxVpdZwy3jbQRtU7mvQL+pLtuk4Z/wCRPU+EpQldpw05m6dJll7wIWTjWoOgL6ZYFDnK0F4q5PviL4qNuHRlzaxK4Yp3U6TasBcKnrV2OZW5EnDTllHTdbOfRB3vI15YF25a1sxYvq9DveyOok0d/XjD43tfWTXSRFXpbJEmeuqP3akPRTYQGrEP0uRXsx6MIf0USbnAdA4MLGPSL4A4sy6ManvRvn1wQaKckDE+rfAZ3DnLTmE60PO+LEn9KVp/zGtvVEr9m5gHgzcb/2+S8BY4ECg4QZHiEhthVLjnf5Ys3E9/uEb4lMnKjNzZ7QIDYFx/fIiJf2+2FxSr2ApWFl1O3bl8pfNFq2hJzmgi7J/wPypt7nt3G0nTTmwvIB4f4Xy7HSWI+bA3OQT6Nv0T2cDk+DukAZSZ62EVI0ydF,iv:1DyqUOoaHPYAc1zUlAOFBEZhM+JuYm6ggcwrWOTZVQA=,tag:zMR4QlktyL3dZ/S5u7eriA==,type:str] +rsyncnet: + id_ed25519: ENC[AES256_GCM,data:KHFv0P5JLHCXKXb3UFmZrgLG7mrSDSi6CAYZTMSxJH6FgakFhPY/u1VE0wlHaBEwUSHbh6xhVbITiAgrqQXbPeo72moUhBD1/+X1fGUV+0rbHHhZecaEoqXseNEWfxAypUWnmKQ3DwCjO0wb9A+UohLCTMUzHBucX0AKVBxW2VEYkvMXu3du2ryWCDNYKukdwLYXxTxrBmIbjSJ2Myq22vcqLpMAIOJ85QWoCrVypVxB6TD7xi6KwQmqDHpE7KEdDg6Eq0Gzu7RWIdUiUddvWJwBFr/v+dJguk93er/K6azFfbzPMXL8IuogAr/Aly22tu5MQm0i1oSmMgovQqfYCQdaDnelVgopWn0KRrlmEDHPyA5aiEg4sPfUDGmyRIFLy5avKv7bPo+Xk9iRt0tuu09lUJl9PxiyDGoeLoh2qD+jJA76DO57A1EB+JdoKJZiRgkfSg1IOtYXUkV5XQfK0sIkc+VdoDKOdVvIqM7stoSSIqycbf8knekYVpgSVQkrPg75lQd8soOFJoID8xB6,iv:pidCcX4V6PKCNnUDDq11zTGOoketZ80nCqm0R5BYx4c=,tag:Z3Sq1+FVAAqQikaBFQ6M5Q==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: bmVVUjZTVGJzOEdFTno1ZmhZWnkrUFkK0R6GoBKaixAAoRnh89kTvFW7tUvJh7Ce Lxc4pTd/ZDAaNjMy8KCJvAo1CQBb/Hqytl/dERm99RL6C/MifDAodw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T00:32:05Z" - mac: ENC[AES256_GCM,data:XSJKbq0mvSMbDmNMqY+Fnnt59VgRiEZVVSXcgf3cytVEAqfMthaBi/f9OhMykvTy7lPwe9CHXWI0/1UAZHwEK+gGlIWnMAaqAYSFC+xoLbhRlkDYNUAntC1jhwcK48acK9TWlQirFZsukyWIvsvx1ap2PD/QgotwVNKxMuS0Gig=,iv:BowPffBLvInPh43TVliKudtP3mMtk+eFrniSfFnkThA=,tag:OpZCkPOywDSooOX/TnU8ow==,type:str] + lastmodified: "2024-12-17T03:07:54Z" + mac: ENC[AES256_GCM,data:d9k3j80zF6yvIBWy32HUt4d26DR4ygrU8kRxlWutPd2pcEnyGOFq8mbgJCQeqpngek51ECwnuCGemVvTBJq0szy9zExeGRtZ8wWIDReTOCPMAKITTEsiwr14eOpeNbjKnbMz9RNI4T7Uwy7JV+rPaZh2AzG64ajkTGv4uA0JT3U=,iv:79AEtjqS/Bf79jdFasEKDJrWN6T/RVUvdm03N8rg694=,tag:ZDS6dwH7TEp5pxTuZ/LUBQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/services/ntfy.yaml b/secrets/services/ntfy.yaml index 05c28d6..6edc64c 100644 --- a/secrets/services/ntfy.yaml +++ b/secrets/services/ntfy.yaml @@ -1,4 +1,5 @@ -ntfy: ENC[AES256_GCM,data:0UkHARZmRniWu7QJGA==,iv:lMC1o866fg+JdIP7HXkBdAEJep4i/TJyNMnKF89Ta9U=,tag:iNu4Ro7ey9JFjh2LrxvbSg==,type:str] +services: + ntfy: ENC[AES256_GCM,data:94sCR5zF5ck3R9uvng==,iv:fRtWRzx5oGXxMRpx1Iv0vMELlwB1T7kiujSQu+AXQXo=,tag:3f6WgbL+Xfy1X36/9Cozgg==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +24,8 @@ sops: NUxQNDUyNHpaWW4wYUlDdHZ5d2VyWWsK7pv4z6+RBtzokkcsi6HzuDqUXr/DsK4x ORJS3S8ZloiUF2QZHhjOIqdUtAija1CUreRF3RjFjGLms4/NL5M8Xw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T00:39:06Z" - mac: ENC[AES256_GCM,data:lsvfZ+uOpu/mA+R8qqfnIOqziH+/jeBRZX6+Sv6Q/bErJ8q2p0dNXNBZ4OcZLVkAE2LQaqk2e4zZeMiI3d6HjwmBRzZ29Nk+EVui5SrD4qU9eHKbOx94O/jNVBN9OwHwXtnhbW82HA8lq0vFFuRJ9N/AnOITiPb55A+dgQgiQVU=,iv:xbncdaZcCjbh5y+WacbwXMjFTbFRIWBw0y+AMdL5tOo=,tag:Ko564HfgVXJBc0swCgVuhQ==,type:str] + lastmodified: "2024-12-17T03:08:24Z" + mac: ENC[AES256_GCM,data:K1XW1n6umC/qayF9SFanVVhOfN5AXmzD9FsaXx74IoPiLMz6ZCJ547Je4f5mKdt5Gc5aUjNOALXGxXG/hSB+L8h6S/k/iGbx0zF3iwEFvURa7P/ScTMzvnABdqdjA4mah/QsfsFXnBhhCUzHpvo4kBge30U4V8uLjw6seEZ42Vk=,iv:1AQFbv6bFxIKSrJZr6AqQB58OfGNnFD8RHNZKP2ePwE=,tag:m/lKEBQ7Ij6ieIspVsqE9Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/wireguard/yt.yaml b/secrets/wireguard/yt.yaml index c5f6b44..83be6e4 100644 --- a/secrets/wireguard/yt.yaml +++ b/secrets/wireguard/yt.yaml @@ -1,5 +1,6 @@ -private: ENC[AES256_GCM,data:LOC8vGmfyLomE/5izQDE6N1rFlAzIypw5wIPc264DCcmMR3b0e2Ng5zh1F4=,iv:MImAKrEkoSghfj6uaI+TqPKmLn+XaqinNFWwSyEPFrA=,tag:VMDRGslWmmrLj5fwPJe6Mg==,type:str] -psk: ENC[AES256_GCM,data:D7sbcGvTyGEOfevUbxfLzaxQ/1e+n14ZIt3xdIiR1ZCM2ZPCVstAERQB5+Q=,iv:m1N9ZgU0LIV1DwuLSW80Re3e7EEzn1rMFFzOoKzH4ao=,tag:pQdd7U+ZzteLGfYzgSrKiQ==,type:str] +wireguard: + private: ENC[AES256_GCM,data:hdGsRnF76tNlmv+bqn2xzykBwskDrtYis9f7RKCvGXRnjJxuLhdVlYPf93I=,iv:UT/u+Qei9lODaMHLiHu0xmzkW2iTLqG70xfpMYAKJ7w=,tag:PfNzJBr6l92fwlakxEmwTA==,type:str] + psk: ENC[AES256_GCM,data:3ILdJJbYWwj6fY/6d40EPFyij3f/0RiZBlnGGTkhvQVll+pqksSLck4sBKo=,iv:0nJZtSH9nIDMCnoksfc8PmNJ9SGPkvKxh3j7NlNWQj8=,tag:cwvgTyeyQgEobOfEgzNAVw==,type:str] sops: kms: [] gcp_kms: [] @@ -15,8 +16,8 @@ sops: aFFObDErQ1V0bzFRQW1TdFpTUUYvS0UKxyQ4KxEp+cHwq7eDAFSZVOofuZJ+8R3U QQCMK/Q7px33KvIBaxI3dGTtaO3PdJ13p7Xp+Vj8ftKcC1xr1yuObA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T01:13:00Z" - mac: ENC[AES256_GCM,data:7hWz/cPZLsPrax74EJe0pQCVhXrPTdzAJUOWmBk/Nm/hG52EjWSTKHJdA7mq2L3OAd/3NwJLw9EXIopR53O+/VsUH99DKtRGl9MV4zsZkEpFA04V3er66pjGgVNcS2jChrc95IggBXRybDXCy6yfqU1HqSSoO1jPM75sWYGcd3Y=,iv:kUsypdUupCRAdM1vGjtz/s0MVrsimxLAeUdm33GuMHI=,tag:f1cIFPiFhyj3EE+DOevntQ==,type:str] + lastmodified: "2024-12-17T03:09:22Z" + mac: ENC[AES256_GCM,data:zkbor5pSdB0eG4dM5i0DrYDDgrw/Jgi4HWXQkOpGXhJIijm4L1I8gC8T6LFkEC3GGs8If6CY0dzuKkNDTA/r4hQ6oMunZNfdg8cV8+NZFNUJpca9S4IwUgPf35kV2QeDSB5w2h3pxz0QL/cmAOugXnI6LCrqZsbTzXfA9g51dkA=,iv:aO8zj3bqmmHdJq0Km02/qDVqnFxJv8ocGm/6CnAX5BA=,tag:2ziWeBd49Nr76f6wBDgF0g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 From 029e608eaa2598690979d5df64f841764afb92d4 Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 16 Dec 2024 22:26:40 -0500 Subject: [PATCH 09/10] secrets/chunk: write secrets correctly --- secrets/borg/chunk.yaml | 7 ++++--- secrets/de3911/chunk.yaml | 7 ++++--- secrets/services/caddy.yaml | 7 ++++--- secrets/services/gitlab.yaml | 15 ++++++++------- secrets/services/hedgedoc.yaml | 7 ++++--- secrets/services/miniflux.yaml | 7 ++++--- secrets/wireguard/chunk.yaml | 11 ++++++----- 7 files changed, 34 insertions(+), 27 deletions(-) diff --git a/secrets/borg/chunk.yaml b/secrets/borg/chunk.yaml index 5b13db1..f6d0602 100644 --- a/secrets/borg/chunk.yaml +++ b/secrets/borg/chunk.yaml @@ -1,4 +1,5 @@ -rsyncnet: ENC[AES256_GCM,data:GSNYk3JhQtL/9dFkr38JH3DdyubKI36ePg==,iv:m0iGJxazJl/JKoOZUg2NCOF7H+2c+pVJDacXSc8WsQI=,tag:R91vNMOYS4eUQRgtTSYN8g==,type:str] +borg: + rsyncnet: ENC[AES256_GCM,data:sBqE+gZg58J1iYO5hww8SfqDj2MMZMux8Q==,iv:jjw2Z05BdbH0kB1EN6R01rD1bI4iELKpuIMEGYb+1gQ=,tag:tBDd6+wxEuBgyIZzjJIl1g==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: NlRDMzBHZEoxVndneFJldFZMWWgzbXcK1tCG0a4wlTDSiDC6v6eJvc/REJ8z5ZlI PxXOcrZNKwFwYMsh29U8iZNBGO6ykSJYCYjac50d/me9QC6rFlXNWw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T01:52:26Z" - mac: ENC[AES256_GCM,data:2KDfJ9MkDF+r4Fp67TZsZkBtIWJk+GZ/3NZscJpIxyQuBQEJokpjFi0dAo6IL5bdIe2Ef15Y+AApu99ygwVGqH2BvEyrtG2zm44clELRpnmuoT9WNsSGW8FzuD2QTM7rlBNyy/DQz15GfLFnlLidIOx9xADTgFlAuclIE9yABWY=,iv:8ymO08+fXBOLXOesW4W4tUe1FHwM3TZQH6amWf0efjw=,tag:vui12FGVUhk3AZgClm6+zg==,type:str] + lastmodified: "2024-12-17T03:22:24Z" + mac: ENC[AES256_GCM,data:6OGZTa2SpLSDmhRqYSgJn6BfsPPvkpIamNGemq6nh3gKUVm0GvQ2FFE5w+X2o5BmQhzTtU0zfbjvV0Z9utH0wrO9E2f7yI5FTb+AoZKl0Y2W/uXAEne0+L4Y5NfRimiLc4yXp//GK9eORBd9jcPx2MQFi3jRA3vrn79HEofVIcg=,iv:A5srnfngS5HCzgPuRdGtrRAbj8o7WxaPwcbIHn/6j2s=,tag:uPAFfjOTz0qKzidd4GMlhg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/de3911/chunk.yaml b/secrets/de3911/chunk.yaml index f357b81..4e7ec88 100644 --- a/secrets/de3911/chunk.yaml +++ b/secrets/de3911/chunk.yaml @@ -1,4 +1,5 @@ -id_ed25519: ENC[AES256_GCM,data:4KDp3uxoV+uAF2drnCYzhtjHE4rb05Cb7gGH/z+PkqYIJ4UoOHCDyCXGX9ghB9VejCTLbSD/jfPzhPlE6v5a4nKqjFOzbVqz/58MnOdLT49ml6fu8dvUZ4hgTGURdrkRTUtss8OAwqxUV0/S0w0lF+LA+nxEntZEdgx/wyPcykAkMaWTXLjpWQ/KeJoOvtZlG8YQTSebh2Z+sJrEDV4N86R43xCJlZt342lA1r+EmMS5tmrUydREX67WY4TulzLMt7AeedCDtzQ1vLMjkSA+zmh5IyjitgBv8PsQNbg66S7PcmegNucIq1RorXiOi3sTs8YFi2vF8VgZEqPJxfmviXtwHZHwknLmhyzjUFtEtQ8+ZhykNyGAcxhpooWJ2vJCozTLBEATNQ90w2GMCIfTbp4pzz15VnF8y++eyRLlA9uAIMBkzp19mpGRb/065mwiHTe0ZgtFZxtXOEx8Efuf7szQLxymUL6DmfkZiUjbqASdgTr+58EOaW+tA2piY2Nr38fC/oz7HfFzUVIetN4f,iv:7xOY4UXr8RV/MXjGEDAdYsi5XDpOdRLdOYH1EencRUc=,tag:WdRNHTiCK3goJFHTXx5jDA==,type:str] +rsyncnet: + id_ed25519: ENC[AES256_GCM,data:+Pkqd8Dpl9/VkE/+/y/sx9EFDWjYNVctJSUDtE3NWlBAqlnXifXOHPxRL00NUJv+zsLpCk9eF/0N0ygzZhaQP76Tsv1fB00LaBfnMMDaC0aaHJoV+RnJLVMNYfddZ9ZeNwFmFnO2UQTZNVmcxgWc/okkmrsf8ERepb9AZktmLjq0UEGm9S+GifLmaL7xWtIPjtOs1HHQmODW/2oUL+ZOfZGZ4YM629Unxm44KTVf0ffY2nBkCpXcJVssXCqANYVtfDRq8s+PKppppEdmUPQkr23nqVldP71BBbYVjHNRoCHf9O6ag4+aFVlLiJyj9YDVtGRRNg5xORonOr4pcdvBdxC9GNgo0+XpMTBMnP1eqU2+lTPWBLiHx2tpNwl1gv7F8lBHG3yN3GxK02otrh2aheiEE/gthohrk6XzCcr+0C/BHEilB6MqhBw0TYJKq0r1ooE5LWmlh64+BSsOYXCSwEoo4Rgxkwagl0/JRkjfHhxRPJgitdOP9AugcnihYJJ8iVcYWOUuxWNtB4oXM2iZ,iv:zB/1QrQ6j/kJYfFdQFFYAVbZSm0AYARXjUtfgv+nems=,tag:49eeO5FyD301SsmB2OlvvA==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: cXJsSUtTVW1xWFBaMGIwNXZpSjhwSEkK1q5yXlJgHrnyuvtuzTXurl93LDXqWSaV g09SQVF3tzU8zye6aBidhJJnMBrR6jHxK0P6rPYYE8a0U5DMP7D5wA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T00:34:54Z" - mac: ENC[AES256_GCM,data:4wPwi3H7sTRXFrkFrT/He5wdjGEg2LVlClyUQcBxt8e17s0sX/UQFMztfJmt+PGLrhPY8b1F9J+8oJcmvU0n7sLTtKaLinuBtZgNYXrNpGVQVeiN2YDYjkkLj2IdmloP5KiD8Sdzar1gPRxx4VeyYNAr9e0rsDMBq3qmLjVfKDs=,iv:mK9/Dw3EhDvnFm0lhM1djChlTeZoH+C5hIcPtopuJmE=,tag:TGfS2ER+Cgib6xHv5UGyUQ==,type:str] + lastmodified: "2024-12-17T03:22:54Z" + mac: ENC[AES256_GCM,data:iJyPss8kVZTI6f8WXZbNgVKBR8fbTWqFjPacXfzVthSQEbVAmEuldQdquWWfY/EiqPQO9WRmbqSXAED/AtSRu1up3C29ZByyWETxm9O7K0iLVDsR+9Rv1n0Dgc3YhHU8GUS8RWbe6L731FIpq9Nqv5Nw6Xgw2ZteApriT1YMVgY=,iv:t4wAeVuvk+C1ebWSklT4L/+Xy5tUVHRfaUh2uSjnZbE=,tag:Tj11XkvTfoxNd8znGM33cA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/services/caddy.yaml b/secrets/services/caddy.yaml index 74f0055..b8078ca 100644 --- a/secrets/services/caddy.yaml +++ b/secrets/services/caddy.yaml @@ -1,4 +1,5 @@ -env: ENC[AES256_GCM,data:gXXwWb90Y61kHl3OLxcwfqDBH12czdIWy8AG6LVvykgDcTtgWFxcA7oFQ2bwcDUzz604WaIF2ChlNXH+3U0SEJepH2yNOHYIB6qmdAktHN/VOE4iryLwytXuMCaDkO/N5RFTH5KtWZ54DziEYy1KShhmGOSpDqnBHnrq753C7akrJZa3Tg==,iv:2UC6RqRKAyxSVpeM2onjnZi3ZR+4MoLV6G3tepyOel4=,tag:kVx0Il63mcdQo26ObUoLVw==,type:str] +caddy: + env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: RVdNL2dWQ2JGL2ZlTTZyb2dzY0V5bFUKDd0iSl1f0Qm6H3rku7zf4nNZhe/mdaai t2xTH0mSIOzy2D8TYSUG7EwhdqSa8qa21TRKppCRIClYl1/DzoDl1g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T01:53:50Z" - mac: ENC[AES256_GCM,data:KNPkt7ydX80C5ZQehLbvNej/ipgWvWGhNAuxHyF5lbORgPlztdK6c/M/VV8MqA6qYXxpyBGtMaiu0vTB5/qJAd99AfKoJ9p9amaQEG3oxxbObHupX1qjdlW4ZPgqODJSN6f2ma905YQgAsxlKYhz2yKg+KWz10hlz4hhTASYca8=,iv:PAptqJbpDvSe7lRFUaMXU/TpMbQWGjQflUmQ9bxkUrM=,tag:6qVF/3PKv2fSKBTZ+IWMzA==,type:str] + lastmodified: "2024-12-17T03:25:37Z" + mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/services/gitlab.yaml b/secrets/services/gitlab.yaml index 83b7d23..91239ba 100644 --- a/secrets/services/gitlab.yaml +++ b/secrets/services/gitlab.yaml @@ -1,8 +1,9 @@ -root: ENC[AES256_GCM,data:2cMLOiz/bbjFAGg3OFdYpr1aYg==,iv:JLtUg62woGKmpbQJ4/uJqdFvkwabZWTSjl1Y+SaScew=,tag:r/pdVABOZX/QksI+dIcB5g==,type:str] -secret: ENC[AES256_GCM,data:dvvtgwDx0gl8lBg4jHLMIiCSYd+FiQpt3ok1Dyi3XAfKfxA=,iv:7qT5iBOR/CkPRdEfVdjW0mRcgCVIj1VnFybT1N0JZ6I=,tag:KgVCHhfB2F1PT40Mx0MjaA==,type:str] -otp: ENC[AES256_GCM,data:PAVEASd5V5mQSbLP8xXpOO3fdwyJkAQ1cB36SQGLorOdj8s=,iv:pA/J4R11Vtci89rIEwsDT8+IXIeOiZ+nMR1D7BF/nSA=,tag:3aQDmuw7BTFtQwyu9/1pnw==,type:str] -db: ENC[AES256_GCM,data:/h7YXXi6HlZN16Jyy2+kwFKAkziAlzOPzv2zGmMT/pwWxf8=,iv:B9p6x6y7P4DTUIwZ4M4QGVluWEAOJThQzPQLphGSA9A=,tag:KFO773NVblCSzi6ViqvJ3Q==,type:str] -jws: ENC[AES256_GCM,data:Z28Fzs6lI+ngGDHfpmX5fw6vvr2Q9pc5DC+LwIwefxIJFE812w/BU5qnIGO7Yvb+DczO13nK7Ceo0JH/ZBcX0iNxQQjPbFSd8MxwIggWB1n944D5dZl5CUSKJJmPq4wjQpSGydaKwSzneXZp/k/O9hjD9RK+6k/tGe6W4ODpIAxymBIUt1AIOKmdwp7u9ZGqMlOnVvU0eClFSIB49zx3cJduygIdhEkEoV6QvYzm2wTPg5elxbV4DcXQdfHIMekjQG8GvvxryC2pE3zz0oK6uKF8wx02NoOPNXwB+/5ONWpbzQHeqyzb2v93UWY8JbQDz1GxlVVKES3kR/vHsbh4PbzyHb+v1gkGzjHnDzX+bW7MQoBmiqqlW3dMN1ZC3r5hjC/xb4gVrzxgu1lOxbgbid8h/e8jPA4vajyIlrlw9nEoi9o4PeaLLEm/ByLdsf/WEw9Q0W6HyZwLzhT8iwNWpJc0mXkeZ5T1kBtPMV2RTZ/ek124So6vOEWbwgRb3kNEsaudfmtSUj0av22PmUQgzWw/+7ZWzFLjp8Txl7Rrf9QuISj3YDEBbjJh6AcBHlVoYHdNX2elsdEqTdKspDtr3+5ZnM+ajO1JyeboWsC8GlF2Lf0YcDwzrn2aQwUY0gwgxE2LHizsc2OW3ESnm5UfbZXhM+SJ2s0Ovw/4PbVHkN0myn4vVENjZED+SmsUmxOAXgP5LVBvmSnVFX+5H5Qb6xP136FBCE8n2cu/aPsKePTWugpNlrOrkfnA4DQiuYIT2owI2vvnkLmpJmXi2pu+gSWrN0qj9Fe/2b0afcubUwvZEE3PmCBjHk9Bcs0OeTW0GK2vJfVG4UKrJHLys+EwDYlkYVIN02e0BwxIdoShgtyYp2MzBbY24OHco9UxoL+JLP61eb7QHegPe6B/f/Cr0t4tbu8DwGCgMJtJVaT8aRVfT/gb2Jlu0OrXZF6DHJegRvbXvD+g7wDD3E25vdDGVD3BFXrxWg3MuqFFKyDxuZrGoiURiMJQtZ3i/eDTQN8OYo9m1AaB5p1xgRwXkupRmcaPhSj/CQ07xLsIW0SxBnLQZbE+l4eKEtkBvku89w2oE5qMqscPvfhzG+T2fQjeUMEIOl4YCRYNp9I/OAr4Wi3wRgNFpGGjXdhHBG+ip1caJHoBRVfTotBXwNb3uNiaFuofotEYOTc+7ew73E4XV12wFr+UwXcftTqy5yApnQ9TKwQDB1DYVfERsVr9atdxTxcMEBJsRC9mGVluVcdCEx0XTEHh5+nZtDeZWt06wEK+OWN5wi6e1iPEX49O4YIxKbdiY0upD9en1j3gkTlL4VbgAdYpSIl23SWVnERLqZrHVu04RuQWoghShQejJN/CVpEWfL/z9oAe6T8xZNAJXcpgOEfI+vv2J7SDhcLZdjB+pZYo7+jtfhGd101yAgZH1ykeVxQA6rBgrCcX6JnNcoKf/yUEGjk81pjsSOb57I6dgKF/K1FjYPOTIWg6dkHMSSUMr9aiKTm21hF00bYIfbKFAv4/xtTexPpjvZQtc3VMFLqIF5+YJn3ZUalRJIFetnhWzDHRspT8e3Gv4PoUtFtwEy/qsGx8AK+xD88khVxjcoJdFOzQUrMh9fmkti3KdpBdKSCLPI6NdZVHdwUKuuCfotj2o+QLEUzp13RoKnePsVMUmdoq4mrywACuLAMZibhMw243qVSFgvBAziLgTrwMs28pmA6pcgYiDqjsJoAeHqSzf9bPKf/L5lP0+S/Uq6Rxdj/kA0WWX7EFg5yIiyKznEJhOqB6Cm0LD+qO8tCdIxaMAQ8HKrtOCCE8ZQeRcLmPQpYuY2mOSF3pqc/U7GUc+TIx9fwdaydPKCn7KJyH/nqoPC6yH1Lp7YPNIkv2DoTFNnl6Z28aQkT3wEDtA0Lm3F5TaVQBGuv/XvccdzsH4/XZGjzh04D38bR93bBm4AU+dj5tG+adGyFFwz1l0vC3ArXbWQTioqavAVTCSQXEViBPjBPzOVbQ0pV1cyck+r6GIHm67zCv04AMRy+LwgMBECv4foPsafGqHz04Z9eHDAX+WH8vyzsNfMqsF0hrrBFJpgEzX+uZvSoZh5ae5+oniZCisPLzzaPPm0n2r6kPKmY01uOsRYzb9jk3cFU1KKLrLEL8D3hHwf+7oG+rBFIYoLnSHH5fUJJvji0DhwqzCzP8oviAsHl1GV19sVwVzZI3Cesr3gAipOdwgCeTPxlqT++M6UW+kho4gOwfHXPTg3k0F8/rPxXEZxP6uVgS6TcmWb4PGolj8RCeHnz8TwTnxLSE/KvZsNN3pPBMfn/sU+9uPQCgEieaE5nmfEmyki6UtpndFAxacvfgGiSHtQL9P4De+xslDwTruM/+omUggZ5FqxQoL9nn+L09IwhEMswc7dhmjCGzfRD4jQfnbIAJSDf1PX159qKkMA7nASz/z01L9aTZVB7W+gcY5jE8fEh+ia/k+raBuvXsJuTXXosqaclVbs6mEwZcnoFHgV6CjzcdL9yNBxcg3L8Ay0IpRLOzIdGuopfa3ikqA4V79p5aSQAbxUQWUcDx6b7E1p4iPuyND5gUX2+RJz0MGY03YMvoTMI5FZU0J7A06srqhIyXKhzD0iwH8bnRsnB2rtkCB0B+Sva6+0B62XYJPC11AUZq49NcTt4Fgy3qj3xlYb+MhS56V/lHmJqegVDEERMSD8wMPYo/bgIvQCh2ts7IQZBUogNHHz+YvGpvcbag48ANN3ss9yN0WPS/RY9gZ/T9tqe2A45FdmjO/QzvJDQ5MsexCBmaZo6vf4oTHg0ld8NRpTEjcB6Au+LO7kmJhIcv+tBGdgQXyKHGmcKBjyMw/a3EidalRMp7w3puOKuLOwS+po0xbsniYweoJDsiw9xRhbztLQcAZRmS9r8Dapzo3quRG2LABXSPikE7vZ8qJYB3/6frwQ32OovvvxNH7hvrxNELgxeqZftCner9oEWwMWXBFmUBSDZ3iBQhnT8CtSJ8CS/PQo3hnVczY/0gELnattPPQp1mybLJSEsGl6Lqtrl3LIHE2HQ8jD6sCuHkUQ0QGsiljO+0tdIlqHbfFwGuTrbhv0E1iqSTwgz7UUv2bQmT2yDvhAEcDkUyMo5NXIaohqrzX9io+gOwyXAiaum5jV8m+fwfmEZSttAnceb84d6BDnLkbjCN+bq6C7KnekgcPkGv8XpjdwmIIRgRuaI1sHSvsD2M6/MLBf8WQYA5r4IeKSTahKzDTL7Gd9OT8QqHNvSjO519tBrTahfRkG7GRoG5U6bntSrRMXci7+8Nx3t+75dbd8cUrJPfHImzlZC16pjoDyBOLWkAwoenTrexgoleMLACZv7oah95qmDRVl6D5IerUfeQCvjC0ex7feBC2OYwEz2uJ+pKnnNXoH/2I6CG4CbvtRY4tjBZ2w3boOwlYKgG4IXkp3y0gf0DpZWCdgFeVHkn7gx7FQPYjLEmxdj3fEBWQ+pOsl3uNlfYzmrV+tqb2aSP2BB1wsnwPMyd6qyi07YuEtpKH1WlCtcXszU93wF8nNVVtBmBgpY5ml0j6/JGgc6jb3o9G5kVWgNkCAO7sCUw7EU4PVaF9q24dRXlYVER3MN1HKHI1KtwUQreIWIba/fIcfTCKWdwgemjcwi5DHgc/y/BgWjU5IJ33sFWBHSXQr7oawJDQLca2xlSMzQofGr9XtSlctllthdfd5llxTNku9j3JzQzf849p8qzBvSp1SWubIoSaLQpz0aAQLs54iL/+QH5deSJpusf1np0WAAKICd6MHHEcUBoRd6jxFm0Rz4ET0+sYyDd7JTsSSn2wSrsdpDEREYxFautqaxT6WDM+ziuMOkMvl8mlF1RJ2uiZCIYiMHLp7rf3b9B/2siDLJTFDLCFVfRQl4ToCQg6/jaizplkA73rDSjHMGxSipEt9fWufmCzXw+gNYYOsYPjbm9NrrD4u4TNzcYUi3SexzQuX1e9AM7+NdLVYRpTsKxUcsbILNJivT02nXo/UvL51f1TI1RmuVSA/Fe6OFIs1hIl2KbR0p/quhAbuW0uTBUuy0k96HOKHHULLt0kVggyW3L/YSG8h7Xd5qH2Mbp6qb4j17AFbUeJSLIzQ7EaCblRe7ZDvkNWuXB4m+Zv9FVnW8aRtOJ8bolwK8LHKqTCm/1rGMPkrOY74CO2MB2hYlBGLdLalHv8icgP6T8uXWUGX1p01++iBcTweMipjR50akldUp+4m/IYKP4m5u1NAJNRMcn7lDT0q7VtYt96RpjyMzXOOlSdTz1+skNmt+lE1MHHaKRnNfYHBnDKZ2U8gtrjJgcuoALuYli6Lgq79H+jyiuN+k1ECfHI7g+5Yh9DbEfmpZ35YbKYWUAa9emllVbh5k=,iv:n6CpxBdyWZABkkfRBHefBmx4Bh8eCpNs9bzIFvSEttI=,tag:BYOUQwdmCFy04M9K81mcSg==,type:str] +gitlab: + root: ENC[AES256_GCM,data:m5eqqSMECu1wOIdtY4pJ4WwAWw==,iv:fK1ZEtzP0vqj6S1yqsetDVJui80NI5GBlqyJ1a8vVV0=,tag:V7zTH+O2Q4SWdPsEbjoEVw==,type:str] + secret: ENC[AES256_GCM,data:rDYuTSE/mU/61iUUMOtegt77OLfb6udkn2f73HuN1SCoqLo=,iv:Y5L7PZbsoCQ5Evv8G9S7Bm5OKKrHEPb/jjgTKgFKlfo=,tag:Bx7UUERT0dRA6DM93ZpA+A==,type:str] + otp: ENC[AES256_GCM,data:xQqNUbGbjYUYAfy3E1yaFh9Xms7B0hDal7Y/U7GaxTV4Cpo=,iv:hWcyYorFPHBJoGVB9Agc20qUkY8LvJCIxI4AMwtB6U8=,tag:tqLO/NVIZ+lr3vy/ctI4mg==,type:str] + db: ENC[AES256_GCM,data:VTVxgJ5N7jnbSLC62fHqhlo9BHJsfmqvoBrM+BKaHfglEz4=,iv:2lhj3nRfx1efLZR8PWczs3NOxbjm1nQ2Rsp4TSZAC20=,tag:WFAu5SE6pBboxKHHyooJgg==,type:str] + jws: ENC[AES256_GCM,data:cOpTmTxcQutV0gRZyD44NTqYcuKo+amH0tm6nifViqTDjNGgOuaSMW526+FB66eg7fJ5KK6UVVwuv1Vkv1gNXc4AcVJiFxMRAfXB+68vQivqCJvcN4YhgiuyRcfJCvMciELBySiJs9yckCwVd/PZrZGwRbJ2NGuDiZDxobfzVsH5lJWPAUzv8+kuhKrb3IVRS4ahluZY3Him0EnkU8ZWQy09iOjYP673zEyvSQutAbzDwHFKk9amV9RZqIfN68f1VL+lqNInU82ZxudAYuFDeoSJYol8d1D28gnQBZy6UutZjQat3HTktVwW/7I79eohXKKMt2i8lJtgJgmR0ht3f2DEXyI4B7r7ORlA0qaxrPmiVIjareRwswEkdpumjW1GtAHqvBLHrEHtJtELMm2JuAF5my90m7TWdgPIxwLzwCP/YqnRixzW7ON8tmamHpVIucmHmaSdTTJMhJH/WXLEzYEHcH/0M68jd3GHjvNM0lhXAbMWPJ0nx5eRBXGnEzSgqAG0AwGUEPHyK2WKyhtaKWz9TDo7yiJfRd8uaprdgCyQPbiBGHCNJkwD55oytqCKZmruEsR56VzZ5OBSWSoWKCr7nt8rCmOKVpWyI0wxW+7zFjETFhnHYPqF6Ms+9DeUmcFI8rxFNFpcCpGUUlOxjA/dWdxpQaw5AoQw3OCQYG1FzCLZc2GfFKtHor7UzmoCpp8vPdVp7tE0s9vwVffGyPxoyzGm2sJWe5vCrk5Bo4E9X+U2lcGC0jfKA3K8e0m8EBBujuhBFSrMBzylY7F046J7GMQqbzMBM+TFVg3IeA24yTxkuzUqypYkSRnQPCJtcr6alvzU840FcRwBHigQvPMW+X/kg6W6Krp9ocbjF41pYQaM90Ba5JWYCnEl3/I2fyjDK9+Vm3wYwso10e6DmrIFVAx6uH+ZOxE7JRaYJGDYGRes6q1BBr9vEgD8+ghQZ5wIp0/BZ/gzvhH22Gh6YuAUPiG1bjeECXAXF5e9izUIoR2MdYD0ljKFJp5/qeMoP/ncbUYzh3qUIRdhHrPJs5E6IOXFHLR0tN9K/IdtIyFuz9c1Y6IfnX97/P+teH5GANTJl+E5lRHxGWpkwRksqkuyOY7ND8oggHpXjl8QqsdvfgaPHknoc3AJnTQcaU6R/BOmEwv5JQt3HKHhiv+1Rk14OawRj6P7sHv0Nwgb3r/lpBdyRCVeHZoZcRSKMh7SS2M6teDqkCpBOrSugf7iFPWSGhR6QOxC4T73V1D6NjAi2doIoUbPEZIvLOB4Umud032gWJ9p0oRMQwObe345xQQHVx6qnDI8FCKt7JD+9YhI3qCWIe892kKY3UotJe5a4f+0ZN070ZPfdHegzu+CETl9TZIB4AERaMejC45A0d2/ymtuP7cYeW/swdxGcyLUm56rCj5uafz/Qsvra3dOsPbilh1+FYb+5YjhJrS80ixMC9RJ6YWl5zCopAmbXXPaTLSXNwc8LT1IXeIYAWp/IjMqtMGxiiS7N7PNpYZeNnpkz37jDlzFbY99WvxAgIvHWi52JamdztCnZdzfeF5FDqCnSGV0IdB0IfmiSbIF9erP00A7xcPPVMJvUo0N/7OtkyyqreowyUC46zuC3cQBWodd2HF4mfhXzhm5jBs8kHZW+ZX8z8LOgvpAoGiXQMpx4MeqERZpdB8z83okzdj0E8XfgjJ1XYuz3IH6ziiyVwCetn2hc+LkOA04VB8IPpMqAtNB0O9C3M8DU2t+3ob+kZ9Y40p7JeCX4JPmPTIWOtoVi5Vf3cLfEDiu5D5Y0L5Mpi6dZhL8F17M0gNvUA5pjFRZNz+qsJXc6UteUqaoyKxBM3B6PEJV4trzwRGQz95cu35w5TW18Dj9iA9ypkguqyQU4VTTVjITnNauhbYEcsz0bhj84d4KcEAxb0RuhP77b4rIQAAji70+qW7JFBNa+0Vt+zhMSwWbNNcFWPOrUsgOcB0Gh1XaW5UJvWSID1olF2ftbVChfgnStbCk6GT9w8864sckNKOfwbQbDmy6AgFGR10BFUWY4fVQjl36vzowdje6DgtW85weJ58xoAtOxrXgpFJK3+m+7kJHdkwE1A2Q5OQk1YsMnJWUU2nhU+/W0gdm4HpRq7ltQe5RfZGd1vKGbXY7NvPeO4GUnp564ROuijOCN5IXFpDkhPXNPRiQNY586Upq0iU3inQH3GAp11ZTRlf25IkrOC9dI50vcGNqFzvS2GsAfLZptdVHYXVZw1wo9ZJqpW04Skstspfb6jR57WgTLgAvBZi+wSM3NtcW7jbjmJR/qjqZr6Dk/jE3R0Lf1F41FrUltOR56u5SRQsLF5y9CvTG+wiGK0tk25OPlRFLqrv61Nrnw0XN3bTIps0JFWPGZi9hKyn7kFFAOvWaXcpoPwiw7rNupKvrw4tQ++xW/7xAnodtumSgBn4lpee/45yieFJLQLAaU9qwIqerFbuioKxrcAoYdqMNMM9oswmamiAw1CzpOKl3brh0ttTddZ5waLwxBLk4YdPqjTVQk0mBaPBaZXwWiIVUmm5XmaN3Wc6PdlIHsv+h32zEXadJCdArOxEw1HDAq6ZBivbHRF2DK8UaTg7zu+xG/okmUgeObtO01MPXIxOJa12rlAXOf3KvZPFstTL35BTgQuoiAUCsNShZhm8IxxDSt1F9lFljMzZ+Ik63mC1slXZLijWAi10vJMBIB08uex4AfpXNCN3Ur0+Hs52jnEvYJXg8inq5dOcLsmK1CgI1jX0vUfh/5R+/SJSOgqL6bX16ZIRr+BsS5Qj1ls/yreEuGmhlggf88mAAf0D9Y6VUF2I9rl03QmRFhX1uIIeo5lOG7FZl0E9w4a9iBQB8axmO5cym5lddVXqsNCR5aqVt6m+BqHNaZIlz6vgKKwwC4L6LoU6PGpmMz10PvU37EQ84NimuqGNbQJ4J8nr9Jxi3TPZ0mXwW6GpqJTNji56fapoDydN4Pu3t08Xn1QLnI8Z97BFGUJp7ypIWbW9nL0DA6vhO5+Mfhjm39l5ef31l8nUitot/xUpRdlmbR+tUNYaxcUh2N2c56pNp140ZRM+BEObWhKiQ62R5RhqjUJk8A67kRYFyifMemPuz3wqMrREIkIGJn4MmIvDMIcQkzhtV8b3WBCwbt35kg8AhF+4/X6vQd0rYY1XDIjl9PppyOJXb9T1bkninyFZRQxUHk8cRohsfGApo9sWGr8r9afapVOxj0Y/oMjy+oWH5+4KU4PEUcYnpFi/MpD8YtBUiEhvmqSRCYR8pjTkgC+QSjFv4bz+9C7ALN7Mk0o5n5sCxqBUCwb94K4cYAiKatVWs330Jawsea3I06pMw9XO5yflDUhsQJk45QNFaXNrMDfDitDje3KnfaudC3oV0aGKQvGj71O/Km7VyWx7H8Gray4jVGleVqwflbBeaBerVgm7dhbVislupydeJSmXIv4MvacFTTu0SJK2qAb/6FV+29ZvLUyFGk2W/NVog13dJmoSw9lYJppGAiLVBLkOUloFe5YMaPnl89I+8n34Mfl9TM8Bey1lZbT/Z6RjjRQIrfJNKrq5x0t/duAY7g7Y8pIkc2UnjaUr+BUpruRR2M3+4caA5qIiRW8lePvQ149NkIUGLEuK5RyB4Q2nhfbXIwhb8tTh+k0zv8o7ePxkZKTWRth4ZJ/PTzYKzGJENpd4cy10BE3GM53kAjp39diBwhOFJzN1Y/iNVgTMchtAEpxj1ry4PhYynjTdZpKQRrsMkzUfrMIQpIpUIr3JJBG6c35Vof6hM51QIU/b1wnbH1XPQtgDoHPuTNJooyYrXYxxOXzVnOJIVERe/IVNJ63mFQ+dqxAn2aYKrZyayG/R3Blc8WOlZGQNirBkd66W4K8dtdQTkdfHWapd9LZ9eoZKekSmaLzOUCJZV5IReVOLxp4ZjPAubSLBTtITfW7TVtylbHMjCEwV18/1u1pb3vKIYwoGfCIzGMJ92V3QmuMbtKUs2brre7ZeT4TFfiPlBK6qUkqSVMeArMhG84hsyZ0lCeqi5BXVy19NYODZayC7c6WAXXV+ws21sPSzuunjZuEMPJCoJs16m+NLzTvozot/hEZyTTS7866aA6TP+DF+/b1RJmaZvaec2hECBm8Qa+jOT8beT2JU/y7DsykQMyAUhV001nPpBpLF2734Hk+77hdaZIJRDLxhyqLWBXCXH7JmYx74NZrXKOrj+4JPyS4UFnWn33Ci475KaBwlY8djHaf7t7BZMI+bFhwCvZjdqPIam4LcpkU6T98803oBXXodoTZphvAYM4E3UqE8cZsz5BfaA/HioPW1d8d3/whdIqlN48ZsoTMIdI+OPjxU+dSTwIUQ4GoRDiCF8p9wwwNIg64g=,iv:oD/HCuULodDgHrJepgm4b2TXGT/Fxj0ak0mfIRh6zfs=,tag:Iw9O/DK5FBQBwV6qYd0qAg==,type:str] sops: kms: [] gcp_kms: [] @@ -18,8 +19,8 @@ sops: NDJub0VsOHBWRUdmaS9MVjdsR0w0TWcKakkE1WPj8foCbEvhgy08yQXPUzGEYxiM m92v1LS7QiCNkzcrN3CvqyTS+StgGK7W+TMrTDbTSpONnpHC8DH7Kg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T01:57:47Z" - mac: ENC[AES256_GCM,data:bU67R1Vw3C6omcGTfg4l0MloS4r9QAHcguCRwcs1WAinW2ZIRE0hDi06fONnuuMiswq/z4YKeKkKUzEgDv6H6KvDOsqcS/F2RFXrkyW9eyrTjvpAjQbagYfDgKlL2U4RJrwbIj4y9ooL+eo0u8JbptnywCxR4sGodIMVA0OxRKI=,iv:4XueQn42JiI2SLLluEwrCBFEinnyzLQMhWhV+5LsWvs=,tag:YRwb5Qom1+5xDfhIV5TbiQ==,type:str] + lastmodified: "2024-12-17T03:25:06Z" + mac: ENC[AES256_GCM,data:HWRWYCu0iNQZxHnYJyfgtW7pvDjgnl5+lnRL649WkbsvsA4zuw32DdUwyTa+lmqMBNwVa6QOHIde+gPzHH8aieXQ6q1QMzytu/X0t5AWcAIhzrWL2l8MNQcuatMF2aPyt45ip1Ojv4gdfpeTXINgEU/AIUPP3ZYmGSH88xhCdGo=,iv:lVJeCiPNbICou3EqTn6LMaqtNoLRfZiNd4hyORT0Hgg=,tag:YCtvl9Cx00/3NV7QbPM97w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/services/hedgedoc.yaml b/secrets/services/hedgedoc.yaml index 9bc6aab..c96f0e2 100644 --- a/secrets/services/hedgedoc.yaml +++ b/secrets/services/hedgedoc.yaml @@ -1,4 +1,5 @@ -env: ENC[AES256_GCM,data:lbr8wYzoJtUyktBoubaVJcSoxnuYkymkg821pPBUCrf0xFENkbMdGHZwiXKqp7P2vV8szcAly262xedjlcvdPGlgQ/A8K7xdF1Lqgc4tAoX9YE1F,iv:Q9vYpDyGy+f7xZWpR/HHrIgZL7OyYyu1ofGvPMOFxCg=,tag:DWm8jQ5TVSy+w5xd9eAsgA==,type:str] +hedgedoc: + env: ENC[AES256_GCM,data:15rWiIYWyIJ0Hxl5I8m+EBV+FkNDT/OHlLK9shVS46UE7SQtuIh45N5hvwgs0rg9E9Tawu+lyE2aozWNh6HSDUZ1h4FYrB+JHwIetGkOqXSLHfXi,iv:v9ohLTtlxw3fsRoJJoOY5VYxVsxUyDEsQHRjcGKg/GY=,tag:Wncm1reqNblnVhRTYjU3Pg==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: NkFoeERWQkNGSU9yRTI4MmlrK2VNS0kKb+aWjkg5OlNanSNrJtwR0Whxg3EEYXyC ZfZFYeXyheCPiu9/rYiKssVrHpJZFHR6a2sE1yKw0+3BP6DiKIp/nw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T01:54:16Z" - mac: ENC[AES256_GCM,data:u7Zo2zpBSt7z2SdZzpOHuDQBODSljtUmbRCL8WzpySeI1OYkPhpKkrxtWtfH6/e6xIXMB2obyAyVSKnZddgaHB5ssRFhvP2uSaZmJkyHn/XzPa8+Lfk84Rm0hFgWw+6AzXg0CIdzI8XYeq7q/8DNe+HH9vUxkC7gnNsqvemwsKc=,iv:2AaBl2BQ9AXlrlnvhT1bC/XzRqNbbLWrBBYc3R2FhMo=,tag:1FeZh9ojqRwKu+5XjJR+BQ==,type:str] + lastmodified: "2024-12-17T03:25:54Z" + mac: ENC[AES256_GCM,data:1cxiK/HhqYzatT2PhZxjvtizII2QMHqbbyOujUtx4cT8x488j2wecu6hOfSkuHbQ43AxA8kDH1NAruPCSdCpj3PytMR+np+R/5WuRcK+OF/FCnWvWvvHqgDnBs/wYjllnR6HyWBlhrROpINxu9ch4fzN0Def3I7O+wJgpojnPiU=,iv:PKPykPv9zSHj9+HXnrg1v8Ty78te66D9ZH6c1V7Qlh4=,tag:JQk68u6p317r3Df+hv16+g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/services/miniflux.yaml b/secrets/services/miniflux.yaml index 0970673..60f56b3 100644 --- a/secrets/services/miniflux.yaml +++ b/secrets/services/miniflux.yaml @@ -1,4 +1,5 @@ -env: ENC[AES256_GCM,data:CXZHx5BFTT4YrynsqlmeuGyavUSrslPKhymWpNWYcUIrTLGeC0AH0ssuWdGB8zRA,iv:R0jMQUlMrQdG9WorSZChV4pNYrnVyC9PoqtqxUdrs/Q=,tag:BInjaI3oPLnavLSH9jbB3Q==,type:str] +miniflux: + env: ENC[AES256_GCM,data:KwV/iinyB+B/QDtXpY0e2GoC58PaVnUURa0gk028OKwGGvGtVXPse+QyfYD8Wu5A,iv:JZsgfwnAwMF07HREnrSEeGYtylx/ua6Il0plSryLeRQ=,tag:hSnm/Qb2lnzbOVGwM5lSyw==,type:str] sops: kms: [] gcp_kms: [] @@ -14,8 +15,8 @@ sops: anFWdCtvMU9ZMitRa1JtUjJvWTBrVkUKJqNVPXLEC27RKYICFySy9ZRfp8na8P7G vf0vJ5y0mmlNOiETfQEaHNYu+cBlMr+sfNjgsLtff00LHHnmkE8WQg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T01:54:59Z" - mac: ENC[AES256_GCM,data:CIIPZiTQy+rOaI+0qKJS2f7s+0T5kCDZI12D5l8gveCilsOrCTGBY5dzIqnqWC7bMzn+0WEOoj8yTHx2mCWrKRK8ZvkYjeSMurHpvaPnYyA0uJLsHec5U6zyJKso+/4odjVX2BEIttkFehagDVGKKWrceO9njkPchgEyoWxbSqw=,iv:DgCG0UbNieNlgpUQEIINTQWHB1WrOGf1nARpFStTlBY=,tag:nZmpYEpfXhG2C4cD+UbrOw==,type:str] + lastmodified: "2024-12-17T03:26:08Z" + mac: ENC[AES256_GCM,data:3dysNrXhu+T5ke7INsjx+erobRZ7iMTRDY2BkxCC/LBNFbHlBnZpPffmAdWNDUT9QS6p7a7cHR+Xu7e+aHkLIxVpJrx3tN0YSvN9u6kCwRFSc/GPIDi++bdxwRuq6WwiswJu8l5oXrWFta61XeuNQucPyBcrI5OXGRXoPsZXvvo=,iv:d7glk+gNpLYl7U1jGWDvgLJGX2eckCvaRZgAkab8JZ0=,tag:r8TH7eTAEg+n+9RDGpyh3A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 diff --git a/secrets/wireguard/chunk.yaml b/secrets/wireguard/chunk.yaml index 0a62eeb..d063296 100644 --- a/secrets/wireguard/chunk.yaml +++ b/secrets/wireguard/chunk.yaml @@ -1,6 +1,7 @@ -private: ENC[AES256_GCM,data:GNuMYM9qSuyrS81iOuidDC+3y7DOepjC2oDboM9k2zyww0jOeWiiOu5coEw=,iv:elByELlsvLA1DJMKMZfiYAY6SLS4R6KMpVyvbSYehRE=,tag:sQLaxLqMUO/84/snFWHBmw==,type:str] -psk-yt: ENC[AES256_GCM,data:yz6I+OvzIXltix30b1otqyutPjArjufORYLF42zaKb9/nuwIQyrpVfI0s3U=,iv:5Cbv1r2cBsfFSRUvqHOlUk8HnngWXmihkHdcvb1kgKI=,tag:ew4OEvRpjAc1bD6F/CtSZQ==,type:str] -psk-phone: ENC[AES256_GCM,data:fPks6k32Z4wp8teNvvgYUgE33XCKp4/W1hlO0vOpXzZxX2iGmC08uBtdPeg=,iv:lt8eR1Pu4HCh0zGjCDzdC9zHXg0oxNSe3ctHhC8FNog=,tag:gUhQKf/o0rY82t7tvt3mAg==,type:str] +wireguard: + private: ENC[AES256_GCM,data:ki5PV+6YoVtvafc+1WbD95hhOwKUOi6FrnymdeFcAMepngwv7s+IT2LuhfE=,iv:r08egXi+QmLS4oDnoz3sxfhTO4Z5pfWwsIt435TxyJk=,tag:jrbLbN/An/xokIRKCIKJsg==,type:str] + psk-yt: ENC[AES256_GCM,data:iAE6vh4jowQnoS+qqNqJh8NtjP+pBowVpC6ItfgAoL4W0sn8rR2V1aKYQxU=,iv:MK5Xum3L9iYSmfYxkVpkWhCsVsnKR1tZgtPQ5dgjc3c=,tag:nXCJihnlkuoLcS0QW9oAPg==,type:str] + psk-phone: ENC[AES256_GCM,data:UzL+T7D+huI+m+eH/JsDOi7LD8MfbRSsnLaeMUyJXLxBRLpcE+vcVX6j9QQ=,iv:XtSYHcYtg+B3/Cs7pNTcZrSP599VMQC54c3y4h2jEZY=,tag:/BSk3OxkiYzFlm3xUsaA1g==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +17,8 @@ sops: ZnBkTllKWWwyOXdaTEZhVndVNDhtV0EKGCAYXiYwbk0b0w/FuE5gkp7597YjJMRg ukIHh9za/HI6PuR/uNGSOVZeI9AKx9ZeokaDa7Ysh7xsGjCpBj0Qxw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-17T02:24:05Z" - mac: ENC[AES256_GCM,data:PSzME9YfcPaqueXUjw13P3HgvQCRU5Q70YdsiJ2aLltuUJe4oNJUNRQd/VIVGCAreNb115JlpSmWfhBRefUlhdDlY2Bf/mKfOYTrk+5q0P4uF+l7Hvt2CGw6TZljr4081JEvxggBzYS7PeDJmA2k3bnsLrePEeoYVPumFrKBIPM=,iv:GxpqKJSczE48V99TCxhWB66sQZXPBdZeD4ZuQKG/ojI=,tag:CEenUUYN1yjCNwxok3PjEQ==,type:str] + lastmodified: "2024-12-17T03:23:53Z" + mac: ENC[AES256_GCM,data:WwC9G0vMI9SRZzTRoR1GEkDo8E824C7I2XzaG2CDyfWPx9IoviYxIGMLrJOtsG20EmYOndeFT4Zi+eEC5hK+9+ns8Yyl2/SS6jAblV4egdHl6n9OyJL3kjYgpd7Y43VRI3RORXOh1Dn1uY+fM18SyTon+QnuZ5y0+8gggQAmSUA=,iv:osio9+NcHab3GXsOw/aP9qRVityZXKQsDbuk3YJ3unQ=,tag:arNGu/HzQPbSuRxeeJwvUg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2 From 3d927f8372d16181d52f20b34fafb74f7ea67d7d Mon Sep 17 00:00:00 2001 From: cy Date: Mon, 16 Dec 2024 23:20:51 -0500 Subject: [PATCH 10/10] secrets/chunk: add missing secrets and rewrite everything to new structure --- .sops.yaml | 8 +++++ hosts/chunk/borg.nix | 10 ++++-- hosts/chunk/default.nix | 54 +++++++++++++++++++++---------- hosts/chunk/gitlab.nix | 12 +++---- hosts/chunk/hedgedoc.nix | 4 +-- hosts/chunk/miniflux.nix | 4 +-- hosts/chunk/rclone.nix | 10 ++++-- hosts/chunk/vaultwarden.nix | 4 +-- hosts/chunk/wireguard.nix | 12 ++++--- secrets/rclone/chunk.yaml | 22 +++++++++++++ secrets/services/vaultwarden.yaml | 22 +++++++++++++ 11 files changed, 123 insertions(+), 39 deletions(-) create mode 100644 secrets/rclone/chunk.yaml create mode 100644 secrets/services/vaultwarden.yaml diff --git a/.sops.yaml b/.sops.yaml index e094326..8499766 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -51,3 +51,11 @@ creation_rules: key_groups: - age: - *chunk + - path_regex: secrets/services/vaultwarden.yaml + key_groups: + - age: + - *chunk + - path_regex: secrets/rclone/chunk.yaml + key_groups: + - age: + - *chunk diff --git a/hosts/chunk/borg.nix b/hosts/chunk/borg.nix index e06d83e..6e2110b 100644 --- a/hosts/chunk/borg.nix +++ b/hosts/chunk/borg.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + config, + ... +}: { services.borgbackup.jobs = { crashRsync = { paths = ["/root" "/home" "/var/backup" "/var/lib" "/var/log" "/opt" "/etc" "/vw-data"]; @@ -6,7 +10,7 @@ repo = "de3911@de3911.rsync.net:borg/crash"; encryption = { mode = "repokey-blake2"; - passCommand = "cat /run/secrets/borg/crash"; + passCommand = "cat ${config.sops.secrets."borg/rsyncnet".path}"; }; environment = { BORG_RSH = "ssh -i /home/yt/.ssh/id_ed25519"; @@ -18,7 +22,7 @@ # warnings are often not that serious failOnWarnings = false; postHook = '' - ${pkgs.curl}/bin/curl -u $(cat /run/secrets/ntfy) -d "chunk: backup completed with exit code: $exitStatus + ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "chunk: backup completed with exit code: $exitStatus $(journalctl -u borgbackup-job-crashRsync.service|tail -n 5)" \ https://ntfy.cything.io/chunk ''; diff --git a/hosts/chunk/default.nix b/hosts/chunk/default.nix index e0286bb..94d384a 100644 --- a/hosts/chunk/default.nix +++ b/hosts/chunk/default.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - inputs, ... }: { imports = [ @@ -24,36 +23,57 @@ ./tor.nix ]; + sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.secrets = { - "borg/crash" = {}; - "ntfy" = {}; - "rclone" = {}; - "vaultwarden" = {}; - "caddy" = {}; - "hedgedoc" = {}; - "wireguard/private" = {}; - "wireguard/psk" = {}; - "wireguard/pskphone" = {}; - "miniflux" = {}; + "borg/rsyncnet" = { + sopsFile = ../../secrets/borg/chunk.yaml; + }; + "services/ntfy" = { + sopsFile = ../../secrets/services/ntfy.yaml; + }; + "rclone/env" = { + sopsFile = ../../secrets/rclone/chunk.yaml; + }; + "vaultwarden/env" = { + sopsFile = ../../secrets/services/vaultwarden.yaml; + }; + "caddy/env" = { + sopsFile = ../../secrets/services/caddy.yaml; + }; + "hedgedoc/env" = { + sopsFile = ../../secrets/services/hedgedoc.yaml; + }; + "wireguard/private" = { + sopsFile = ../../secrets/wireguard/chunk.yaml; + }; + "wireguard/psk-yt" = { + sopsFile = ../../secrets/wireguard/chunk.yaml; + }; + "wireguard/psk-phone" = { + sopsFile = ../../secrets/wireguard/chunk.yaml; + }; + "miniflux/env" = { + sopsFile = ../../secrets/services/miniflux.yaml; + }; "gitlab/root" = { + sopsFile = ../../secrets/services/gitlab.yaml; owner = config.users.users.git.name; - group = config.users.users.git.group; }; "gitlab/secret" = { + sopsFile = ../../secrets/services/gitlab.yaml; owner = config.users.users.git.name; - group = config.users.users.git.group; }; "gitlab/jws" = { + sopsFile = ../../secrets/services/gitlab.yaml; owner = config.users.users.git.name; - group = config.users.users.git.group; }; "gitlab/db" = { + sopsFile = ../../secrets/services/gitlab.yaml; owner = config.users.users.git.name; - group = config.users.users.git.group; }; "gitlab/otp" = { + sopsFile = ../../secrets/services/gitlab.yaml; owner = config.users.users.git.name; - group = config.users.users.git.group; }; }; @@ -146,7 +166,7 @@ services.caddy = { enable = true; configFile = ./Caddyfile; - environmentFile = "/run/secrets/caddy"; + environmentFile = config.sops.secrets."caddy/env".path; logFormat = lib.mkForce "level INFO"; }; diff --git a/hosts/chunk/gitlab.nix b/hosts/chunk/gitlab.nix index 7ce1425..9a4b7a6 100644 --- a/hosts/chunk/gitlab.nix +++ b/hosts/chunk/gitlab.nix @@ -1,4 +1,4 @@ -{...}: { +{config, ...}: { services.gitlab = { enable = true; https = true; @@ -10,12 +10,12 @@ sidekiq.concurrency = 10; databaseUsername = "git"; # needs to be same as user initialRootEmail = "hi@cything.io"; - initialRootPasswordFile = "/run/secrets/gitlab/root"; + initialRootPasswordFile = config.sops.secrets."gitlab/root".path; secrets = { - secretFile = "/run/secrets/gitlab/secret"; - otpFile = "/run/secrets/gitlab/otp"; - jwsFile = "/run/secrets/gitlab/jws"; - dbFile = "/run/secrets/gitlab/db"; + secretFile = config.sops.secrets."gitlab/secret".path; + otpFile = config.sops.secrets."gitlab/otp".path; + jwsFile = config.sops.secrets."gitlab/jws".path; + dbFile = config.sops.secrets."gitlab/db".path; }; }; } diff --git a/hosts/chunk/hedgedoc.nix b/hosts/chunk/hedgedoc.nix index 6aed82b..001bf37 100644 --- a/hosts/chunk/hedgedoc.nix +++ b/hosts/chunk/hedgedoc.nix @@ -1,7 +1,7 @@ -{...}: { +{config, ...}: { services.hedgedoc = { enable = true; - environmentFile = "/run/secrets/hedgedoc"; + environmentFile = config.sops.secrets."hedgedoc/env".path; settings = { db = { username = "hedgedoc"; diff --git a/hosts/chunk/miniflux.nix b/hosts/chunk/miniflux.nix index fff4967..b6f2d59 100644 --- a/hosts/chunk/miniflux.nix +++ b/hosts/chunk/miniflux.nix @@ -1,7 +1,7 @@ -{...}: { +{config, ...}: { services.miniflux = { enable = true; - adminCredentialsFile = "/run/secrets/miniflux"; + adminCredentialsFile = config.sops.secrets."miniflux/env".path; config = { PORT = 8080; BASE_URL = "https://rss.cything.io"; diff --git a/hosts/chunk/rclone.nix b/hosts/chunk/rclone.nix index 0e4e84d..f70bc83 100644 --- a/hosts/chunk/rclone.nix +++ b/hosts/chunk/rclone.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + config, + ... +}: { systemd.services.immich-mount = { enable = true; description = "Mount the immich data remote"; @@ -10,7 +14,7 @@ ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --transfers=32 --dir-cache-time 720h --poll-interval 0 --vfs-cache-mode writes photos: /mnt/photos "; ExecStop = "/bin/fusermount -u /mnt/photos"; - EnvironmentFile = "/run/secrets/rclone"; + EnvironmentFile = config.sops.secrets."rclone/env".path; }; }; @@ -24,7 +28,7 @@ Type = "notify"; ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --uid 33 --gid 0 --allow-other --file-perms 0770 --dir-perms 0770 --transfers=32 rsyncnet:nextcloud /mnt/nextcloud"; ExecStop = "/bin/fusermount -u /mnt/nextcloud"; - EnvironmentFile = "/run/secrets/rclone"; + EnvironmentFile = config.sops.secrets."rclone/env".path; }; }; programs.fuse.userAllowOther = true; diff --git a/hosts/chunk/vaultwarden.nix b/hosts/chunk/vaultwarden.nix index 581ca88..af2acce 100644 --- a/hosts/chunk/vaultwarden.nix +++ b/hosts/chunk/vaultwarden.nix @@ -1,8 +1,8 @@ -{...}: { +{config, ...}: { services.vaultwarden = { enable = true; dbBackend = "postgresql"; - environmentFile = "/run/secrets/vaultwarden"; + environmentFile = config.sops.secrets."vaultwarden/env".path; config = { ROCKET_ADDRESS = "127.0.0.1"; ROCKET_PORT = "8081"; diff --git a/hosts/chunk/wireguard.nix b/hosts/chunk/wireguard.nix index cfb8f7c..37a0b00 100644 --- a/hosts/chunk/wireguard.nix +++ b/hosts/chunk/wireguard.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + config, + ... +}: { networking.nat = { enable = true; enableIPv6 = true; @@ -9,7 +13,7 @@ networking.wg-quick.interfaces.wg0 = { address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"]; listenPort = 51820; - privateKeyFile = "/run/secrets/wireguard/private"; + privateKeyFile = config.sops.secrets."wireguard/private".path; postUp = '' ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/iptables -A FORWARD -o wg0 -j ACCEPT @@ -30,12 +34,12 @@ { publicKey = "qUhWoTPVC7jJdDEJLYY92OeiwPkaf8I5pv5kkMcSW3g="; allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"]; - presharedKeyFile = "/run/secrets/wireguard/psk"; + presharedKeyFile = config.sops.secrets."wireguard/psk-yt".path; } { publicKey = "JIGi60wzLw717Cim1dSFoLCdJz5rePa5AIFfuisJI0k="; allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"]; - presharedKeyFile = "/run/secrets/wireguard/pskphone"; + presharedKeyFile = config.sops.secrets."wireguard/psk-phone".path; } ]; }; diff --git a/secrets/rclone/chunk.yaml b/secrets/rclone/chunk.yaml new file mode 100644 index 0000000..9149cb7 --- /dev/null +++ b/secrets/rclone/chunk.yaml @@ -0,0 +1,22 @@ +rclone: + env: ENC[AES256_GCM,data:e8O4cUbgFMseJTvzGyBhsD/beCkhuh/Sl4ZHqV/kQodcuKi3V9XHyeCAnBb/,iv:rOySfX7vQ1mduFEL4gSbM8rYk9Gp7aEcieV1CW+aGDk=,tag:aWmdde3Xv9IqLRigPZBH1w==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTUnBqMU56ZS9QZnpETmZ6 + a2tVRURyTU1LakR3bi90QXNpR21JcEI0ZFZzCm9jTDlCNk1xSTgwcmRqc3ZNbkJG + RzloNTZHQUJXU2J4UUttcjdIdFl6dWMKLS0tIDNaTUpZQ3lwYk1lNTlZMjF5d2VR + U09rb0kvcU1FdVBsanQyM3grTWdKRkEKAxZyWISPu4XUBevUhdOwd6ZJHfbvpAch + +jGrLXGBYlvp2oKdWHBXjv3HZ3N0IyEj07LyYsPBLchmUxhOCn4Piw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:32:29Z" + mac: ENC[AES256_GCM,data:TTaw6wv7cidgcB7c2igUPo6urQ87d0btr5puTr9yA8ppJ0iTKdLQT2nIZI0OHnP/cFE/at0YrhDNNk5AL1y9fuATRWveu1Y2KmjlYNXLlZS4PdAr3rsUs3FqSECdTqXR8ZYGodA5mOSjzWu1eYuoubVk2wtXV0alMUY7bwrnr6E=,iv:1zslrT0FX6SIEIRHPloLa2Fy8pVJVqMDIghR46l5+xg=,tag:qpw9iQAetUIoqvDQzufh8w==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2 diff --git a/secrets/services/vaultwarden.yaml b/secrets/services/vaultwarden.yaml new file mode 100644 index 0000000..62ed08d --- /dev/null +++ b/secrets/services/vaultwarden.yaml @@ -0,0 +1,22 @@ +vaultwarden: + env: ENC[AES256_GCM,data:VBYfmsrB5LLcEyFqKGvMz9U7LRix8Yo5IBoyIelwKY0g/TfaaFO8QTo84CQrkgB1faFex2xX/nbnsaUslSgxYu36f4XmaMUzMJ6FneDUnbAU2wp09bxek7iEqfRSrennfwAa3cTpOr3RkWG8AfW9xDMFhduqSSr3emqrXSGSnPSI5BuDjru5NbVmcPSdw9U396rkGZd5znxnIa+2f63+ox45tHxsOsC9iVlnnX4KMfJl+8QufX19atxGZwH2OVWn7ehesOd+DuvRMWkProoUERbGz51EvBQm3Ixm4WSQ3M9vFSIuup3ppNBYKHG6a9XAGiEyFDZEEiYhVQ==,iv:tCE83OE3c9bUXb8Z4sPJc/YwjOCftj4dmW0M//3ncQU=,tag:TyLR+5hNcQnXLZUxZiIKmg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGcFBzNi9lcFNyYVM0VzF2 + UGtralRTNi9qVG9waElST05BZTU2U1Y1endvCjFRT2FtbEFKZUt5Wm1WQ2lITzlL + TXNjZlMrNnB4K0NsSVd4TnFKa0thSTQKLS0tIElkR28wMUNKd090Z1M5eG9nVzFO + L0I2TWZackFkbDMzRnN6NXV2eXNjOGMK3jJFBU/aMtH11l9V2FgHgAJdGRJvYfIQ + DAwMwUM+pz7/uJJ/PmDx1aF8SRGPbG+CjcNz2SSo/u99GX5q08jVkg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-17T03:33:07Z" + mac: ENC[AES256_GCM,data:Voh0c1sqoT3CBGyjDXkFAjuHRlQG8JwNLwWF0TMBaQ/Ihz1zplEeHfsM23IceEhBggbEHqhcRipqTkSH24tkXD9wqvg0GsZZLiQ52o+JYPmPCaXZFqfLqjNKFS1y6+rokQaFy4rphWSBv0uS52MaOx8WIZr7m7s3/NNnaEy059E=,iv:Q8EswVeJdsQUDxnj4fTJESCYYHXn648sKVghLtRtBpU=,tag:cveD+MXcTn+xfU8fBkRZYQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2