From 452a55c5e1e32c3b9bce4b5cc8c0f3240cc0d002 Mon Sep 17 00:00:00 2001 From: Colin Date: Sun, 14 May 2023 08:36:04 +0000 Subject: [PATCH] secrets: split ddns_he out of servo.yaml --- hosts/by-name/servo/secrets.nix | 2 +- secrets/servo.yaml | 6 ++---- secrets/servo/README.md | 1 + secrets/servo/ddns_he.env.bin | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 36 insertions(+), 5 deletions(-) create mode 100644 secrets/servo/README.md create mode 100644 secrets/servo/ddns_he.env.bin diff --git a/hosts/by-name/servo/secrets.nix b/hosts/by-name/servo/secrets.nix index f259362f..8e4b1653 100644 --- a/hosts/by-name/servo/secrets.nix +++ b/hosts/by-name/servo/secrets.nix @@ -5,7 +5,7 @@ sopsFile = ../../../secrets/servo.yaml; }; sops.secrets."ddns_he" = { - sopsFile = ../../../secrets/servo.yaml; + sopsFile = ../../../secrets/servo/ddns_he.env.bin; }; sops.secrets."dovecot_passwd" = { diff --git a/secrets/servo.yaml b/secrets/servo.yaml index e6a038da..9d73ee61 100644 --- a/secrets/servo.yaml +++ b/secrets/servo.yaml @@ -1,5 +1,3 @@ -#ENC[AES256_GCM,data:5uf2kYCg8ZqoOLv50QNI73MYV0HDl4ML2xEKHPOEvCf/Z3aeM6ED,iv:ljqw6IBTPDodejMO2dcjLYyv+LlS/7r9nQ7RyiKC2Dg=,tag:Jko9tIhER4ByDbv5qhsfaQ==,type:comment] -ddns_he: ENC[AES256_GCM,data:zAKbEAIMIsENUctG9bNAAjAty6g+w3QW5VM=,iv:ncIjblXnTiU3TQcHJutz9lCl0wBdWs+FybY0sZcnaH0=,tag:7O6EIob2/if1fcVDVEkVzQ==,type:str] #ENC[AES256_GCM,data:s9NlxWPP5H3OV0PNEWz81XuPX3EXCz7GWcoJcicXpMatLM8d7MvvUJzTWCX29KIcpfXnN/ASjhML+SnAN4l+JLm2ltTJbcIVnpcWvcQ=,iv:9q73OtDm2o0YwpOYB5x5NH1Wr+QQN4lmbgJkCY/UW2c=,tag:qO6UvqGQCCl04pr2nNFauw==,type:comment] ddns_afraid: ENC[AES256_GCM,data:fTjwU7DoPDXulmjUNXSe5FVLGv4DvPvIHYCLwagVmKXlWOc39Rsco2YGf/kcoAk5oXqUdtdwuA==,iv:x0QwZb2xne8w7BaOXq4Srh5YbFldwLFsgdfK7WE2LGI=,tag:s8QyDBma/ljcSzAY4V1vkA==,type:str] #ENC[AES256_GCM,data:LMfqz2Rih6CR7RcCbA==,iv:MQ7z93Mhus2Z2q7HZMk4BzkkY/apBIR+9hIiZlknolc=,tag:HU5McecdYk12I3AcvVHEBw==,type:comment] @@ -58,8 +56,8 @@ sops: cWplOHBNWjlJdGI3ZWtJc0t4Mk9URG8KE+9IPGYZsIs2PaDJ2AUE4gB4QEj5zo6P aZVbubu6Tbg+tD/98RkfWAkNvoVeDYuLNPDNgqOL0UgCQiTrPPaTjw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-14T08:33:55Z" - mac: ENC[AES256_GCM,data:O8Z+pu7JSmogJGiK2brTvRE9vpzCQDqaHG14U7N7f6xl+uH20cUZWI3pTj6BeMm3zgM/n0rM3Fdv9ydZEUShXOAN0BIEsFT0fLhHNyi1N3d9SgH+AQ7dZ3GqgKW/GhyLwpdWolkUGkBGGs6TsMcZ3VcoblAm63YpF+N33sEHivc=,iv:LAvt+dEBiylCqihrS3IBGBn3wuAx65opQi6X4fuMybs=,tag:zmSoS2Olfvi9j+OWSdsxpg==,type:str] + lastmodified: "2023-05-14T08:35:31Z" + mac: ENC[AES256_GCM,data:YwsU9d+FIRzH+aHLNkmyXS3dUC/hd/RZQSCuJSK5SiHsla/3OFPZ1m3WQjPGdz1f3y6J8mENfIa/HWjsKBQvC7TSozUpAmEYlJvU9tMHL1xfZOgWTMbc02k49wx6Qmgc13kYhEnFq6ilsxc6zJEzf6q04v4n8WhNbHx91YpeE+k=,iv:EgMKr98SBYDP3KZ9Ys51EcRbCBxmekjmMkRm41OrrTQ=,tag:geRl7b+blhFscycy6mOTgw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/secrets/servo/README.md b/secrets/servo/README.md new file mode 100644 index 00000000..d2eda349 --- /dev/null +++ b/secrets/servo/README.md @@ -0,0 +1 @@ +- ddns_he.env.bin: Hurricane Electric (he.net) passphrase diff --git a/secrets/servo/ddns_he.env.bin b/secrets/servo/ddns_he.env.bin new file mode 100644 index 00000000..94fb365f --- /dev/null +++ b/secrets/servo/ddns_he.env.bin @@ -0,0 +1,32 @@ +{ + "data": "ENC[AES256_GCM,data:cXySdeP9f3ANUZXJywjbxlur9SXYZ16EGSsV,iv:7iUkPPc4If3IdHqcqyQyYoYYnznKjXBr+T8SeE5CEHM=,tag:1EU3l0OQkMJ3jIFSMMX01w==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPczBXRytWY1dyRFNzYmZi\ndnFxNFp5T3FTaXQxbGtOUUNZQlJTQ0NmdnhRCkNGVVhrMHNaeExabkNOV1JGY2V4\nRkExVzJqYk5mQlJPRXYvd21keXNDb28KLS0tIHpMc3VpOVkwbnJyNDNTZ2dNMS93\nbkNMMDJBcHVNWEpsSFBrTnRTRkxsUWsKxfnknM2JwmGOLIWTwn6RQTafGPv5Xhn1\n61vgTsAUxApOHAx6FdWwqsGPvnc/ImE4JIsP4acFBH1EhktHJbTdmg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZUhWZTNjYzBsejc1cFpm\nTmNHSVVwcU9OM3F4RGxEcTdrQm9pZGtaSlNnCmFFV1N0VlVFYUFJZ293VzVVOG9t\nOGRFcGZUdWI1N08xQjhMZnpITVhoeU0KLS0tIFJqR1BLM3FYcERRUHUzcDFEYktK\nazBKdGt3SGtTdEYzSFF2eDJkR2lHQXMKa4Ir6JvAGVUqmshxvz2SkxugbkW6o1aa\nC6VXV+hoyBvx9t3lzrMUrYYAxq3JsNqdHH+292r6LSo+VYqwk1We2g==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5UngvZEVuOFQwcTRoMVBs\ndGtSckZCTVJQZlEvZ1NxOUZZT29kd1FaekVzCjlXUm16OHEzWlJFOXlLckllaWRG\nbmdWZEJzaDRFeFE4R2tScEVtUnRjVVEKLS0tIEhZeHM0L29OTlJUdHBhSHhFUzZ2\ndWl6ZUxpSTBzN00wNS9iQm9lUnNPUFUKZVht+A2x6pJdydKoVCqcukwJbekgy9TI\n+T5WqBqfJhfczrm+t7griqyoilzt/nZXzaXy6eizSZv+MoKIZFO7ow==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcC9MbllQM21hdzk5WXFR\nMmNVSFFTZ1JmSlZhR3RVOXp4Y2tOQWsvWWw4Cm1MaVpUZ0FtWlQweFE5QisvemVO\nUDNkKzY3MnJwRjczM2lueEdyZlQxQnMKLS0tIGtqNjdoakpWRlZFRzJYWWxlWGUr\nK2paMHhZZGsvMXJNaURpamc1dTJuUVEKjZZBHzaNfOEoMEJN5YiAxcZWg5AP2jYR\nebpa0RNeZQpkwCYmMNmD1p/6fbEWljpGglFY/VWJY5CBP9EIcEB2mQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2023-05-14T08:34:55Z", + "mac": "ENC[AES256_GCM,data:EEke6qXzxf4U/dk1VczJ4qSnIT6nOekIRJPAOnj+HKT4l+m5esiZs29jYyjm1TOJzgYwsSMKPlqI23CzfbTdK0pkSn4YqZKiKvtEcdfTzVjXPWIYdKIlH3u4VO/uP/f7DZDgwNBF0PvVAe1f1KX8eZzU2RmEQejGjlg6Q7ayvXk=,iv:vxT2jJXPemmLxQqkIps9HAmVZhk6kBNk0dtsm3Gd1vU=,tag:8x/SuhJJ+bqMOInDjDHYtw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file