colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

secrets: split wg_ovpns_privkey out of servo.yaml

Browse Source
This commit is contained in:
Colin 2023-05-14 08:38:46 +00:00
parent 4a448a1bf1
commit 6b1c3d02c1
4 changed files with 39 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/by-name/servo/secrets.nix
View File

@ -42,6 +42,6 @@
};
sops.secrets."wg_ovpns_privkey" = {
sopsFile = ../../../secrets/servo.yaml;
sopsFile = ../../../secrets/servo/wg_ovpns_privkey.bin;
};
}

8
secrets/servo.yaml
View File

@ -1,7 +1,3 @@
#ENC[AES256_GCM,data:LMfqz2Rih6CR7RcCbA==,iv:MQ7z93Mhus2Z2q7HZMk4BzkkY/apBIR+9hIiZlknolc=,tag:HU5McecdYk12I3AcvVHEBw==,type:comment]
#ENC[AES256_GCM,data:zhL2iNWZ8xPbBneffWcc93ZCW/SDv5FH,iv:P3a8+oucJRM8o7hnHUxAvefHdZEAbKJKhK2Y1+r75GA=,tag:VFvFucE5c780RmspW7p8Qg==,type:comment]
#ENC[AES256_GCM,data:N0wn6NUjQKXFbSULhrKzqDc4bHVbM3JLWJwOu5Zoi00gCKSiMA==,iv:9NhoT+OM+bjz4DwRRm2c4rTBZ3Jr6eMOY7F1l4WeE1k=,tag:inkd6kw8HvT5Tz3UAbIklw==,type:comment]
wg_ovpns_privkey: ENC[AES256_GCM,data:+SdnhsPyg6Vbl0itNLq4fBPONLBknkjFCr/4shTr2HjeGdaD7LxPud1VvfM=,iv:Rf647IlLImPu7l2CHqetjs0y6QkWdqXUO70OKfcII00=,tag:ykvKJ9BeTDbQqR7K5S6Rfw==,type:str]
#ENC[AES256_GCM,data:857w7AqbAbVTOKFLxKcMkcQjJ7EkHZFwBRwtCJFspOk8do2f,iv:bIrXzdrhRYk79ZV+JCdIw4UVxq11/tTZUDL6Bwf+NoE=,tag:igMRz5UPX//JrF9NGCOwHQ==,type:comment]
#ENC[AES256_GCM,data:KzCOrdCiXHrVx+oGj2mz/+zkZ8eRRnFhHadx6FlXj8OXQDMvDkSPi6G2f6j5FE//G2F321mZCiMJ1Mf32tItGb0SxoEhyO9wxTesNn45hmA7M0z5HqTxACU=,iv:ksdz8j2fq1W/xnzu0y1JaIgbKzjiqj2KHCEYhkEKsrM=,tag:dbH/vy4JgL1eUeNpv7afSQ==,type:comment]
dovecot_passwd: ENC[AES256_GCM,data:GsXT6PQjCibzyr5G4W3IOIRL4xBuYqFYHpRJOjS2TvXIlTSwVrHbx5Vw5wLHI0zN14rvYy5sycJvEMiCC1YPVphAYNm7VHdo97sUGLpjZ1BpUaJ2KBx77jErxbPrJUSpAroojQFtXFYA2t2bTpOSjZGH7UeyZoLckZtdDqXmnBDvirwVDPNaPv04RrhnqehGyh8EN+b2b5KAm99U9H1oyxIL6mAMJo6FtduVejiVqJB2sl/myI5fJ+bvwkW1CLRmVi0JdVHs4BlTQpi5Q8Kx2SMOH02TP+QDSHv/O8ROpbZ8m0oTk2YbgAG7U8K0t55j8jjWX/7OD4nMv485PgzAMINdzI46g9l9afzo,iv:8MqpUkRPpGJiuWtrdTJAIDXrKZMI73LcwzOiqVMWR88=,tag:+zXmEPV90loAMJtL/+v3vA==,type:str]
@ -54,8 +50,8 @@ sops:
cWplOHBNWjlJdGI3ZWtJc0t4Mk9URG8KE+9IPGYZsIs2PaDJ2AUE4gB4QEj5zo6P
aZVbubu6Tbg+tD/98RkfWAkNvoVeDYuLNPDNgqOL0UgCQiTrPPaTjw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-14T08:36:58Z"
mac: ENC[AES256_GCM,data:2gMKos8YZ/hhdOVbcRNFFh9OLQyeUZHoQOZRLNbmxRg48+gwBtNz1gUfkS3+7RjITt0xG+kwftKtwc0VlUwSZYlwtCcFym13cRs4Aqr1ITuR243lRz8lzGGt6eF0GZcf5mpFzratR6r3PBFFmXxrYqa6MpFgLd0J1l26WqNwsuE=,iv:pnDwYOWaFRw7fEUhxK6Csz21NxPdZ3e8UK3Twf54v84=,tag:ZA3w1r4w4kIqQ46gXj+ehQ==,type:str]
lastmodified: "2023-05-14T08:38:31Z"
mac: ENC[AES256_GCM,data:N/SO2dqrhfzkKnMCl160IMfZXUzEWhSQyVseHUfVSUIUDJB4dCIX9b2Zz9f3DITJBWRktsBwhRlRtb7ZmG8wCJ+agRhq/1mjioEFfpt1a6n9+eF/bIWol1tmpE1G09C5KOHzlERE+h+/z2A2sQ7TorHacCUczAKRBCPlRkMl/qE=,iv:Rf8h74You2lnjX69tzfIxBrNUE+FOfvak9piSGGm7Rw=,tag:jUgElnKgZyKdluGwRoU44w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

4
secrets/servo/README.md
View File

@ -1,3 +1,7 @@
- ddns_he.env.bin: Hurricane Electric (he.net) passphrase
- ddns_afraid.env.bin: freedns.afraid.org API key
- viewable: <https://freedns.afraid.org/dynamic/>
- wg_ovpns_privkey.bin: wireguard private key for OVPN
- to generate:
- wg genkey > wg0.private
- wg pubkey < wg0.private > wg0.public

32
secrets/servo/wg_ovpns_privkey.bin Normal file
View File

@ -0,0 +1,32 @@
{
"data": "ENC[AES256_GCM,data:Qd0BDxy5uggFgJSaohdXG5J/copzeCIY7hnwquXjYbeYKH465ELxkFQXZcvv,iv:C/a7dQcGH8kUaydupAqbnP34smi/dpTSv/lRl+WDaSo=,tag:O0GvldqETifBwmzDuwBN2g==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRThIWE84Z0RvUmk0QlZP\nLzBFdDJNSzhTbU9CY2VCSXFsYm1LdFFZT21rClkyUklzZnZHZmRTTXNQaUV6S3Zh\nOFUrWXRZWXJHdXdEMUw1aVMrbUM1azgKLS0tIEhFQXA0cVhzNHlhZk5iTnhzelQx\nOXZyMWwxNGx2MTFlTjl0YzdYTEFvcVkK6dMdsLufBsqN3BmjQY+6DzxdIXfMA5j8\nnXSYv42V7DF8VurInTbFV0aDJ10IAbPyjggpWgLI3nsLq7cEhjon/A==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTms2cFphUGJadTBNaHNm\nNUYxTVB1ZC9PK0RCdmszeVNSb2EvbkZpaHpVCm9mbVhOcHRCNzRkeThjVTN0bDNV\nMUN4Zm1reU5RYURvYUJSM1hLbktXL28KLS0tIGFEdVEzMG0zSkVKVm1DZm40WlNM\nNU40ejZxSzc2bjJvd0szQUtneFhkWW8KtqY55Jn2uT5S+fT+aPyChunc4e7yF1Kq\nLodoLBTVQ2zEt/od1E+gkHKPpj7BrIRnLtVYYax16F80Ezbp3vLIxA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveFYzWmpzUXQvMHNRbkg3\nVGR6b2NRZ0wrdXNsU1ljaGtjZ0hTQkNmUG4wCnlXaG5mTWN0Mno2VHp0bmNwdHpI\nRSt6QjF0bENsYURVSzF3bEhjOUhaMlkKLS0tIDJOQ255TUQ4T3JwWERoWVB0TTcx\nTC9vRjF0cS90Uklrb3NGdHJsVURSUnMKoClcQFA2avQgcFeOo3bL6YhIntrdOG+v\nLbhIZXuT3xNnvcmU54SBWCfu//LD+VBkw53iYTQnJmCvWAZxk8DksA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZ29SUlhIRE0xbExuU2No\nakFxaEoxU1RvZmFGak5DbWIwYmpSMWtDemt3CkkrSHFGcXRQenZOK2N3Tk1ReW43\nM3c3N1J1WFhMaXBmVFJTTnU2bDIxdW8KLS0tIEVuYjM0T0I1dmNkQmxReURYemxK\nV3pIUUw0dTMxSWNlTTFta3VjemlEZU0KIUOwzoJXFGx5EbqRSObMTNrop/du5cfJ\nH01x46zgTAQOQOA7qlYdO429SMsQaPH3XX33M2plm4/0hKzlLZ4rRg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-05-14T08:37:29Z",
"mac": "ENC[AES256_GCM,data:GqTK4BvWgN1e8PViUcpGUimZnBmGjwZnrQrVwCIVj2KNgS5jqNYT91gLJ+CHsS5nbBfTGTJ0aRdoM5fOTLOFN+K6GZD/FIhDPrhvc3nyUK0qudWm1L+kAVnB5RYLewVYeWGKtuEGUHZSieOFRfiptXwPRPTccz9XCDYi7oIGTU4=,iv:TemQfusctCqSL/qjs72Unk6eYYFVHnIeo1zvEAiV4Pg=,tag:AG+FroYCsLgJeKtR0RX28w==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}