From 6b1c3d02c1de26ef6dc530776787df9e38c598b8 Mon Sep 17 00:00:00 2001 From: Colin Date: Sun, 14 May 2023 08:38:46 +0000 Subject: [PATCH] secrets: split wg_ovpns_privkey out of servo.yaml --- hosts/by-name/servo/secrets.nix | 2 +- secrets/servo.yaml | 8 ++------ secrets/servo/README.md | 4 ++++ secrets/servo/wg_ovpns_privkey.bin | 32 ++++++++++++++++++++++++++++++ 4 files changed, 39 insertions(+), 7 deletions(-) create mode 100644 secrets/servo/wg_ovpns_privkey.bin diff --git a/hosts/by-name/servo/secrets.nix b/hosts/by-name/servo/secrets.nix index 4529152b..3ed1601e 100644 --- a/hosts/by-name/servo/secrets.nix +++ b/hosts/by-name/servo/secrets.nix @@ -42,6 +42,6 @@ }; sops.secrets."wg_ovpns_privkey" = { - sopsFile = ../../../secrets/servo.yaml; + sopsFile = ../../../secrets/servo/wg_ovpns_privkey.bin; }; } diff --git a/secrets/servo.yaml b/secrets/servo.yaml index 591594f7..3121af93 100644 --- a/secrets/servo.yaml +++ b/secrets/servo.yaml @@ -1,7 +1,3 @@ -#ENC[AES256_GCM,data:LMfqz2Rih6CR7RcCbA==,iv:MQ7z93Mhus2Z2q7HZMk4BzkkY/apBIR+9hIiZlknolc=,tag:HU5McecdYk12I3AcvVHEBw==,type:comment] -#ENC[AES256_GCM,data:zhL2iNWZ8xPbBneffWcc93ZCW/SDv5FH,iv:P3a8+oucJRM8o7hnHUxAvefHdZEAbKJKhK2Y1+r75GA=,tag:VFvFucE5c780RmspW7p8Qg==,type:comment] -#ENC[AES256_GCM,data:N0wn6NUjQKXFbSULhrKzqDc4bHVbM3JLWJwOu5Zoi00gCKSiMA==,iv:9NhoT+OM+bjz4DwRRm2c4rTBZ3Jr6eMOY7F1l4WeE1k=,tag:inkd6kw8HvT5Tz3UAbIklw==,type:comment] -wg_ovpns_privkey: ENC[AES256_GCM,data:+SdnhsPyg6Vbl0itNLq4fBPONLBknkjFCr/4shTr2HjeGdaD7LxPud1VvfM=,iv:Rf647IlLImPu7l2CHqetjs0y6QkWdqXUO70OKfcII00=,tag:ykvKJ9BeTDbQqR7K5S6Rfw==,type:str] #ENC[AES256_GCM,data:857w7AqbAbVTOKFLxKcMkcQjJ7EkHZFwBRwtCJFspOk8do2f,iv:bIrXzdrhRYk79ZV+JCdIw4UVxq11/tTZUDL6Bwf+NoE=,tag:igMRz5UPX//JrF9NGCOwHQ==,type:comment] #ENC[AES256_GCM,data:KzCOrdCiXHrVx+oGj2mz/+zkZ8eRRnFhHadx6FlXj8OXQDMvDkSPi6G2f6j5FE//G2F321mZCiMJ1Mf32tItGb0SxoEhyO9wxTesNn45hmA7M0z5HqTxACU=,iv:ksdz8j2fq1W/xnzu0y1JaIgbKzjiqj2KHCEYhkEKsrM=,tag:dbH/vy4JgL1eUeNpv7afSQ==,type:comment] dovecot_passwd: ENC[AES256_GCM,data:GsXT6PQjCibzyr5G4W3IOIRL4xBuYqFYHpRJOjS2TvXIlTSwVrHbx5Vw5wLHI0zN14rvYy5sycJvEMiCC1YPVphAYNm7VHdo97sUGLpjZ1BpUaJ2KBx77jErxbPrJUSpAroojQFtXFYA2t2bTpOSjZGH7UeyZoLckZtdDqXmnBDvirwVDPNaPv04RrhnqehGyh8EN+b2b5KAm99U9H1oyxIL6mAMJo6FtduVejiVqJB2sl/myI5fJ+bvwkW1CLRmVi0JdVHs4BlTQpi5Q8Kx2SMOH02TP+QDSHv/O8ROpbZ8m0oTk2YbgAG7U8K0t55j8jjWX/7OD4nMv485PgzAMINdzI46g9l9afzo,iv:8MqpUkRPpGJiuWtrdTJAIDXrKZMI73LcwzOiqVMWR88=,tag:+zXmEPV90loAMJtL/+v3vA==,type:str] @@ -54,8 +50,8 @@ sops: cWplOHBNWjlJdGI3ZWtJc0t4Mk9URG8KE+9IPGYZsIs2PaDJ2AUE4gB4QEj5zo6P aZVbubu6Tbg+tD/98RkfWAkNvoVeDYuLNPDNgqOL0UgCQiTrPPaTjw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-14T08:36:58Z" - mac: ENC[AES256_GCM,data:2gMKos8YZ/hhdOVbcRNFFh9OLQyeUZHoQOZRLNbmxRg48+gwBtNz1gUfkS3+7RjITt0xG+kwftKtwc0VlUwSZYlwtCcFym13cRs4Aqr1ITuR243lRz8lzGGt6eF0GZcf5mpFzratR6r3PBFFmXxrYqa6MpFgLd0J1l26WqNwsuE=,iv:pnDwYOWaFRw7fEUhxK6Csz21NxPdZ3e8UK3Twf54v84=,tag:ZA3w1r4w4kIqQ46gXj+ehQ==,type:str] + lastmodified: "2023-05-14T08:38:31Z" + mac: ENC[AES256_GCM,data:N/SO2dqrhfzkKnMCl160IMfZXUzEWhSQyVseHUfVSUIUDJB4dCIX9b2Zz9f3DITJBWRktsBwhRlRtb7ZmG8wCJ+agRhq/1mjioEFfpt1a6n9+eF/bIWol1tmpE1G09C5KOHzlERE+h+/z2A2sQ7TorHacCUczAKRBCPlRkMl/qE=,iv:Rf8h74You2lnjX69tzfIxBrNUE+FOfvak9piSGGm7Rw=,tag:jUgElnKgZyKdluGwRoU44w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/secrets/servo/README.md b/secrets/servo/README.md index 72c416b6..19f97349 100644 --- a/secrets/servo/README.md +++ b/secrets/servo/README.md @@ -1,3 +1,7 @@ - ddns_he.env.bin: Hurricane Electric (he.net) passphrase - ddns_afraid.env.bin: freedns.afraid.org API key - viewable: +- wg_ovpns_privkey.bin: wireguard private key for OVPN + - to generate: + - wg genkey > wg0.private + - wg pubkey < wg0.private > wg0.public diff --git a/secrets/servo/wg_ovpns_privkey.bin b/secrets/servo/wg_ovpns_privkey.bin new file mode 100644 index 00000000..fbf44b1f --- /dev/null +++ b/secrets/servo/wg_ovpns_privkey.bin @@ -0,0 +1,32 @@ +{ + "data": "ENC[AES256_GCM,data:Qd0BDxy5uggFgJSaohdXG5J/copzeCIY7hnwquXjYbeYKH465ELxkFQXZcvv,iv:C/a7dQcGH8kUaydupAqbnP34smi/dpTSv/lRl+WDaSo=,tag:O0GvldqETifBwmzDuwBN2g==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRThIWE84Z0RvUmk0QlZP\nLzBFdDJNSzhTbU9CY2VCSXFsYm1LdFFZT21rClkyUklzZnZHZmRTTXNQaUV6S3Zh\nOFUrWXRZWXJHdXdEMUw1aVMrbUM1azgKLS0tIEhFQXA0cVhzNHlhZk5iTnhzelQx\nOXZyMWwxNGx2MTFlTjl0YzdYTEFvcVkK6dMdsLufBsqN3BmjQY+6DzxdIXfMA5j8\nnXSYv42V7DF8VurInTbFV0aDJ10IAbPyjggpWgLI3nsLq7cEhjon/A==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTms2cFphUGJadTBNaHNm\nNUYxTVB1ZC9PK0RCdmszeVNSb2EvbkZpaHpVCm9mbVhOcHRCNzRkeThjVTN0bDNV\nMUN4Zm1reU5RYURvYUJSM1hLbktXL28KLS0tIGFEdVEzMG0zSkVKVm1DZm40WlNM\nNU40ejZxSzc2bjJvd0szQUtneFhkWW8KtqY55Jn2uT5S+fT+aPyChunc4e7yF1Kq\nLodoLBTVQ2zEt/od1E+gkHKPpj7BrIRnLtVYYax16F80Ezbp3vLIxA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAveFYzWmpzUXQvMHNRbkg3\nVGR6b2NRZ0wrdXNsU1ljaGtjZ0hTQkNmUG4wCnlXaG5mTWN0Mno2VHp0bmNwdHpI\nRSt6QjF0bENsYURVSzF3bEhjOUhaMlkKLS0tIDJOQ255TUQ4T3JwWERoWVB0TTcx\nTC9vRjF0cS90Uklrb3NGdHJsVURSUnMKoClcQFA2avQgcFeOo3bL6YhIntrdOG+v\nLbhIZXuT3xNnvcmU54SBWCfu//LD+VBkw53iYTQnJmCvWAZxk8DksA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZ29SUlhIRE0xbExuU2No\nakFxaEoxU1RvZmFGak5DbWIwYmpSMWtDemt3CkkrSHFGcXRQenZOK2N3Tk1ReW43\nM3c3N1J1WFhMaXBmVFJTTnU2bDIxdW8KLS0tIEVuYjM0T0I1dmNkQmxReURYemxK\nV3pIUUw0dTMxSWNlTTFta3VjemlEZU0KIUOwzoJXFGx5EbqRSObMTNrop/du5cfJ\nH01x46zgTAQOQOA7qlYdO429SMsQaPH3XX33M2plm4/0hKzlLZ4rRg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2023-05-14T08:37:29Z", + "mac": "ENC[AES256_GCM,data:GqTK4BvWgN1e8PViUcpGUimZnBmGjwZnrQrVwCIVj2KNgS5jqNYT91gLJ+CHsS5nbBfTGTJ0aRdoM5fOTLOFN+K6GZD/FIhDPrhvc3nyUK0qudWm1L+kAVnB5RYLewVYeWGKtuEGUHZSieOFRfiptXwPRPTccz9XCDYi7oIGTU4=,iv:TemQfusctCqSL/qjs72Unk6eYYFVHnIeo1zvEAiV4Pg=,tag:AG+FroYCsLgJeKtR0RX28w==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file