secrets: split lappy.yaml into per-secret files
This commit is contained in:
parent
318efe09e2
commit
974656a80a
|
@ -32,7 +32,7 @@ creation_rules:
|
|||
- *user_desko_colin
|
||||
- *user_lappy_colin
|
||||
- *host_desko
|
||||
- path_regex: secrets/lappy.yaml$
|
||||
- path_regex: secrets/lappy*
|
||||
key_groups:
|
||||
- age:
|
||||
- *user_lappy_colin
|
||||
|
|
|
@ -22,7 +22,8 @@
|
|||
];
|
||||
|
||||
sops.secrets.colin-passwd = {
|
||||
sopsFile = ../../../secrets/lappy.yaml;
|
||||
sopsFile = ../../../secrets/lappy/colin-passwd.bin;
|
||||
format = "binary";
|
||||
neededForUsers = true;
|
||||
};
|
||||
|
||||
|
|
|
@ -1,2 +1,6 @@
|
|||
- nix_serve_privkey.bin:
|
||||
- generate with `nix-store --generate-binary-cache-key desko cache-priv-key.pem cache-pub-key.pem`
|
||||
- colin-passwd.bin:
|
||||
- see <https://search.nixos.org/options?channel=unstable&show=users.users.%3Cname%3E.passwordFile&from=0&size=50&sort=relevance&type=packages&query=users.users>
|
||||
- update by running `sudo passwd colin` and then taking the 2nd item from the colin: line in /etc/shadow
|
||||
- N.B.: you MUST do `sudo passwd colin` instead of just `passwd`, i guess because of immutable users or something
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
{
|
||||
"data": "ENC[AES256_GCM,data:W7xHuJ3ho/mHPzKWv0gUdWglfXFzSqpYpIxLXs8lsJB0v3krbAE9qFBmUs6/SHwhoPzbG7rdqtvr3vQ2lb8HSoQT1/KIr6iFnDXmgcHYwWcVphuiVLaoyG0ItWMDB9LM1N40cWxH8oPtDeA=,iv:29TiYxS8rcRbfDKrcNZbyHT4aIuSIBgqLIbgZhDoz3U=,tag:KWxHdYXlTk4Qz5ARNZ00VQ==,type:str]",
|
||||
"sops": {
|
||||
"kms": null,
|
||||
"gcp_kms": null,
|
||||
"azure_kv": null,
|
||||
"hc_vault": null,
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvdGN1NWp5MXZzTU9QSFky\nYUVqeDJRUFJHL2M5RUhaOXJGYWZuRFIxMEUwCmRIcUZKV1c0Ym9oS1NiS0cxQW05\ndzlXY1UyZWdKb0RGRWtIZ0g5OGxJWnMKLS0tIFpicm1IYmNubDlEdGNhUVhvNHo2\neVpYNDgrcHkrYk1kSFVmRWY3RklDbjQK3KAogqfqO50ePP0Y4s3MtI8w0WhJ8XLy\nGBh5oBSfRF2ZPi6RkM2orS2KMZ9RYJUvWFxmJ/BXCoWIK6db06e50Q==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRE9rcW9TaCtodGZTNDlu\neU9DV0tiWUNESEVFUjVUQ3Y5RFA5MkZtYVVrClIzK1BtcjlyMUhoNVVYVHJqWHp0\nYmU3MTRMYUVlTEJaWkVlTVpRVU9ZYzQKLS0tIDRzK3NlNS9OQW9oOEhhenN0ZlYx\nT2p1QS9BUGpMY0VPK2hnYUF4VmhUSjAKzvfYXnecRin7PFuM0gD7GZFXO69iHd0E\nibBANVpZzl+8IP4HlCWTtIQqfhWO0vG1jqaWdrk2d3hdR8BHUCvp8g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWejBzK3FWbklkekxkdmpm\ndlhzYWtpNXZ4dGwwMk85L2JWS3Mzd2t1eFU4ClZ6V25OSEVBNzJVa2NFU2M4VTAr\nQXZqK0s1V0xVaXZqMmVsajdPTTU1a2MKLS0tIEQ4K0VwUDJwTE9melUvYjlSV0V0\nM1ZibDhzTzNhUjN0NCtxUDlTN3hFVzAKlpBaCCRM5a/PsV69QlN4Yuyk3L9omD0a\nZu3T7vFkHU3GgsX3F0Or5ocDdoZiQiax5mu4HXNXIZix+NKypdp9Pw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2023-05-14T02:32:01Z",
|
||||
"mac": "ENC[AES256_GCM,data:XoW5mume3kEABRoVr7YHQ6MeL2zyojLoQY5I51rMBcUnoOHbN6YUM1m7helWt/Ctc5oQO5hux79Mpo7zfd94CoWpoxxd8rJppwGefyRjQIld8cPW6iYF5C3z8+u3L6O/sqkBdkO+EG+AXcIH8SzwD4/lwCmhb7b8XLRq6qMxfYQ=,iv:zAkHdws6jylx4lhLfMcjBxgGqJpQ4js2DVKKWtNAiA0=,tag:+//AMU7Bb8ZSNYn2lKskrg==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.7.3"
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue