colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

secrets: split matrix_synapse_secrets out of servo.yaml

Browse Source
This commit is contained in:
Colin 2023-05-14 08:46:40 +00:00
parent 147b1c50b2
commit 0822ed34d7
4 changed files with 36 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/by-name/servo/secrets.nix
View File

@ -21,7 +21,8 @@
};
sops.secrets."matrix_synapse_secrets" = {
sopsFile = ../../../secrets/servo.yaml;
sopsFile = ../../../secrets/servo/matrix_synapse_secrets.yaml.bin;
format = "binary";
};
sops.secrets."mautrix_signal_env" = {
sopsFile = ../../../secrets/servo/mautrix_signal_env.bin;

49
secrets/servo.yaml
View File

@ -1,49 +0,0 @@
#ENC[AES256_GCM,data:RdKGF5jpu91pgr8dkekaBED+3vlA8C/ccWSeS8fNFXZ0JcWaeDq+za6JO2X13+7QHIMQ0doOFJmvVmAlrV7pM6tenCqXxyvYmNL1dfHS/x7s8XJFCzDzubzFbWc=,iv:SisRMWRBHOkBIvdNmbdpaWLQ6Nt3JuPpddGdg+ufwSs=,tag:r+7lgrucNMIc07sG7RVE7Q==,type:comment]
matrix_synapse_secrets: ENC[AES256_GCM,data:bjqs4r8g2RHNnlr+nr0EH+gfLkh2xntLZgd/ArMXvmpkW3ldjzrUPQGVlJLUkrkHG03NaCVCNthnb3PxurowjLh2J3fPXMvDXWQlmOIwOAq7Bixq3LIA5ejNFLieRLe5lacPVkkrBrdJEzXeUISuuTaEw4QPrpntXuqlQ36HNgfXLQvOjTWbo0cI51AKjz0SHzFsPw0gYRsUkvbnVu9dYEhj+tybZjWTKvYeVVXFegop50z3utLJPZf5G9bjUE/7U/AburW3iMyvdpyEJQG4pc+4Yw+cMoZIWbUBQkTK6lQJZVTDRffj4vfyVlQm5D0ZRv/QhRsKa1jy9PvmrNUCiAtMfSh0OThlOd5CwGcMKnaQZfl5jG3E/Q6/GoeJzzhN0Oe20x5hJFEh3qlsEeuHTyzP4/rL6ZVuwZH/IpDEL8lWgFSKeud4VSPfacpstNmtEhwMXrr+JNsw6WoJYpItqJ2oaYXL7NlVO7TK7nsu0vuT9H2pRcfweqfdHwkje2Af965QEM3zT4qEgHXf2ZFPrLgySCibCV4IxxV72Y60FN9kSq5zEVA0WhkaiHjqc8T7QZ4NnU78GT5w1SSVQR11hgq0R7/MgSp7egDGuEbuMoIuqqHTWvaNeOUZRFcTSgHLt1A3Mb0War5ngNLnyRrJ79P9DrU=,iv:q2LBAhexpFSg/EFCYzCc8TcQuqLkPPM+8fGaFYhnOQA=,tag:vIOLhtadKkuxBS4cVWzwvA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TUlOMTlaemdpa2RxWDVL
MFVPM254czF1VWh2MTljZTcwekpiVzZCTlNFCkJGeTVCRE1zMERJclRwU3JzbW5m
WEdOSGxtUzJSS3JhS3NPK2Q4MXc3bG8KLS0tIGdBWEdYVXJNYitzTFVlUzkzekpJ
enFjWnhIVGR3WWVMMFRGSldhRWZPKzgKHp6QWSNQBy8a6odEiELsr+FV05kGiby7
4Wc+AyGTvuvIpoN4SQlYlUslHCHGd+Yk0hVutNVozLCY1//IpH8Dmw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZmU5OUVQNkRSL0ZRKzNU
R3RIMERDV1NRdi81TkV0OVdGQlFIRG0vekFvCjg3dHI3WWJic3h5cTQrdjFINDdr
bndHSEc4dWk5WGM4K29FRXh2WCs5ZDgKLS0tIFY5UlNrQ0dtNW5IYXlUNnltelJX
Y0xFNFFtek5hZFZMWXhWQy9GWlBneEEKZqsFgGGCIMH58kaZJoO8yn8KlrJooDvp
iGO4qMjjgM5WvJjZbfk7trO1dNAhpKzjiJyirw9+lToqWPNnRw2Zwg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCNEl5K3dGQWVFRFI4SVlt
NFpvSFZaMGs0ZzYrWW4vbldaOWVpa3ZWV0c0CmxqOFR3RkdKNWUvQWtnSWZSUVlL
SUlHbWIvWGpsN1Vsclk4VWo1dUR2OGsKLS0tIFhRVU9NUzlnQkhDelEzalVFOHFM
UW9YZG9DUSt2OU03Sll5d1RZYlcySzAK9LneAD2s+me3ZkRGC098nhUlcVgRwMt9
yVgTCleC9groGaUq0J4rwhVQ4CuUHV2GL188QtmqVTBGLEftfHIDmQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpMlNZZGpVU1h3NkUyNkND
RnVpSWxrRmNxMjJ6dUJ5RkdaTWx0SHZMQlRNCjQzUFI5ejhuZ0RDcHNYQnZ5eFN4
Z3djZ2g3ajRxQXNEcUMzQWl0QzYyV0UKLS0tIFlDYXlhNFB5ekVKblJudmM3TEU0
cWplOHBNWjlJdGI3ZWtJc0t4Mk9URG8KE+9IPGYZsIs2PaDJ2AUE4gB4QEj5zo6P
aZVbubu6Tbg+tD/98RkfWAkNvoVeDYuLNPDNgqOL0UgCQiTrPPaTjw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-14T08:44:24Z"
mac: ENC[AES256_GCM,data:xJpopjd+RE0BDoRuZYYj9+jqDN0BR9fejcCX4/XuqB3gsZ0xGoF1ir4mth0Gl1/7R+sMfkOrPGw2XsQ6AKqQJeAEHRuKtfmJOrTYIOhbRp+dW9QnLYQaJQhHzHwZV7OtsdrWRdMQ6/VXCXpW4QFOUoFGR1/6Z/tjH2tQV03J/To=,iv:e5GLYo4lavAjs6zYfExTDEkiWUZ00ZYqEsB1iBDS0JE=,tag:ij70qxpqvhKwMD9R142L5w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

2
secrets/servo/README.md
View File

@ -4,6 +4,8 @@
- dovecot_passwd: auth for mail accounts
- passwd file looks like /etc/passwd
- generate pw hash with: `nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "my passwd"`
- matrix_synapse_secrets:
- for the smtp_pass; the rest isn't sensitive
- nix_serve_privkey.bin:
- generate with nix-store --generate-binary-cache-key nixcache.uninsane.org cache-priv-key.pem cache-pub-key.pem
- pubkey: nixcache.uninsane.org:r3WILM6+QrkmsLgqVQcEdibFD7Q/4gyzD9dGT33GP70=

32
secrets/servo/matrix_synapse_secrets.yaml.bin Normal file
View File

@ -0,0 +1,32 @@
{
"data": "ENC[AES256_GCM,data:gl3MhbeFWc51cvQD3s2LV4o22qDwoC6vXHlE+hEJDZLXQDtN0XmpSO5kRzgNY5eJzpTS7GaIX/B1jXJuW3KYD3EL4TOwW7O7ehsFslZjsmRn2gwvc5w0ZW6epTnDaGofgavCSlVBvvIsWoUwIs8gQmqMbqXUlDF9NLPavKWZfc95grRI24CGnWI3lrrOg2vXDBX4jb5suWX9CG5MdUAZri81vL+xktROAJI9cAjteP3ZkZT82Z9PyyMQ8VtZ+kTqem70PfHi5lExNcyeoLrFc7SmZvWyzb/wcgsPfPjJ9It0yaSC0dqlRQRu4q4q8zuRkeOyrt+hdOQ8Z/VMr6rIHVc5SMOo61xszVTZYG3rY7WFYYjIhYtT+0rgCDuaiQCHl0l9XUptxWnjtRIXP9iUk/9d21XqscnKmhdiZnelCLbQfao4K63j5Ew8/lzIBxdzwNdc0Xn66tqb2PfdieaflZ+6lbmmeOxliUjpFobD81VilTAIThqwmpWpJkQ9Y7hQcsYJiKUnKnCp8wLslz9zXC3aGFy2AiAmt02ao8nQU7Cd0FCmVsmHu/4j4tTJQJxFztlrR9BGWlVwoXQqynl159Oph+bAejujylhCPGgiIPA01MzZ56uCnbvwDC3ZJtwo2tUUe3+wWyUU4AERGTpvVAZ83Ac=,iv:Oi3OA2NVGOj8BSrWNHEurh2CFHRF0nRqGX9qnEhzTTY=,tag:CMwnww/kjfynhffgvOKK3g==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFckpIcmRmS0xFZUt3R3dB\nM09BaTVLZFkrTE5pRlQ2c3V6bEdjNHNCalVVCkxtNjZsT3BEMkVlRjBQdDJ1NzJF\naExwZ1BmN0dod0szL000b0VpanNMdW8KLS0tIFlNcEs5SndObzBPMXphenVEcE1z\nZFBFN0ptV2VxWnJ5T0o1dXNISytxS2MK3kDDt42jKMiVyYviOQ9dNoBPm6+jEQTj\nTSqvdHu8EbUulBZmwXBSc5F0D6FfPVaowZ69EkwggRRgFAqXkY6/cQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzUnhyUFg5RUxmRWxPQSsy\nbHlBS09DN00xZWYwRGZ4bFIvSXpwS3VDeTFzCkJBQkxGWXc3VnN3NDYyKzRzNlNv\nMXhmMWNOZE9GVWhuOWY0a1ovQndLWGcKLS0tIFRyYi9wSGt2YkU5L1VWWWZZMU1u\nWDZ1bFVqblhmZWRCY1ZUdXNpU2RQQkUKDcFGOPH7k++0RgJBEfb12Qiomhq5jepa\naWTSdoX8cQgbMHVhbCxHYb95VhTdGXwbNli2PrTrb9JVYmjVsaxrlQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhWjlHSmFiclBZRGtibVYx\nRlY1aUhKb3ZoS0RTQWQ4Q2R6dzVXY1RjQ0ZNCnQ0eitzY0NMS3NIcitpODAreGtK\nT1VkN2NTQUpzR0JvUlFZMFQ2aTZkelEKLS0tIDE0cjVIWkdYQXFaa2dkRGZQb2hz\nNi9PSS8xajJLS3Z0VUdLT29hbk1iMFUKtyh3nGZ26W5b+BM6joacQI5d/sQRRPBT\noO/QrnpRM5ZKkFuJwnGRy9jqZYn89OnfEzD86GBtpjIYXQmpJSPayA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZDk0WUZqT0VXY3JxSnI3\nanVZVE9HdVpJQi9yQWZjR3Jzcms3NDJVWkJJCm5Zbmh1ZHJ6KzdJYjQ5dXpibjMz\nbUZQTjZmdURnVmlOL0FsRk9xMlFxTWcKLS0tIGh3RTczQnJUS1d5bkZNSk9hbE9V\nc1pWb3RRVE4yTWVFTGFwMmZ3cFBOT28KjPp0qJ6bqGbG7f5/+BlzCvbkF7lYPRJd\nFSf78mZcjRoOv3bUQJxFW7nWpqp8wjCiB/ngKXps0NdAEIZnGsYWUQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-05-14T08:45:12Z",
"mac": "ENC[AES256_GCM,data:7tYq/12tfdBj6OuCsQGyS4xKte2AT6O826/zlYil0uz87ad2T0Y8+vdpd3VkFJ/8ksaMDBK+HvjWq8gtXIQGotuJKcN9BLyOeP2JGAlYrzNAACM9iJV2G6aLts+Ax0xFYKbjFK12n1Oc6NmfZrYgNHK9iJM4wYs/UTdLyaGHeWQ=,iv:bkZi9ZzoaVxwXwyqkIHh0M20FfInHjqXBwFlVPK10j4=,tag:Kb/5gYd+/9PR6uP0PXeYfA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}