secrets: split lappy.yaml into per-secret files
This commit is contained in:
parent
318efe09e2
commit
974656a80a
|
@ -32,7 +32,7 @@ creation_rules:
|
||||||
- *user_desko_colin
|
- *user_desko_colin
|
||||||
- *user_lappy_colin
|
- *user_lappy_colin
|
||||||
- *host_desko
|
- *host_desko
|
||||||
- path_regex: secrets/lappy.yaml$
|
- path_regex: secrets/lappy*
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *user_lappy_colin
|
- *user_lappy_colin
|
||||||
|
|
|
@ -22,7 +22,8 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.secrets.colin-passwd = {
|
sops.secrets.colin-passwd = {
|
||||||
sopsFile = ../../../secrets/lappy.yaml;
|
sopsFile = ../../../secrets/lappy/colin-passwd.bin;
|
||||||
|
format = "binary";
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,2 +1,6 @@
|
||||||
- nix_serve_privkey.bin:
|
- nix_serve_privkey.bin:
|
||||||
- generate with `nix-store --generate-binary-cache-key desko cache-priv-key.pem cache-pub-key.pem`
|
- generate with `nix-store --generate-binary-cache-key desko cache-priv-key.pem cache-pub-key.pem`
|
||||||
|
- colin-passwd.bin:
|
||||||
|
- see <https://search.nixos.org/options?channel=unstable&show=users.users.%3Cname%3E.passwordFile&from=0&size=50&sort=relevance&type=packages&query=users.users>
|
||||||
|
- update by running `sudo passwd colin` and then taking the 2nd item from the colin: line in /etc/shadow
|
||||||
|
- N.B.: you MUST do `sudo passwd colin` instead of just `passwd`, i guess because of immutable users or something
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
{
|
||||||
|
"data": "ENC[AES256_GCM,data:W7xHuJ3ho/mHPzKWv0gUdWglfXFzSqpYpIxLXs8lsJB0v3krbAE9qFBmUs6/SHwhoPzbG7rdqtvr3vQ2lb8HSoQT1/KIr6iFnDXmgcHYwWcVphuiVLaoyG0ItWMDB9LM1N40cWxH8oPtDeA=,iv:29TiYxS8rcRbfDKrcNZbyHT4aIuSIBgqLIbgZhDoz3U=,tag:KWxHdYXlTk4Qz5ARNZ00VQ==,type:str]",
|
||||||
|
"sops": {
|
||||||
|
"kms": null,
|
||||||
|
"gcp_kms": null,
|
||||||
|
"azure_kv": null,
|
||||||
|
"hc_vault": null,
|
||||||
|
"age": [
|
||||||
|
{
|
||||||
|
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvdGN1NWp5MXZzTU9QSFky\nYUVqeDJRUFJHL2M5RUhaOXJGYWZuRFIxMEUwCmRIcUZKV1c0Ym9oS1NiS0cxQW05\ndzlXY1UyZWdKb0RGRWtIZ0g5OGxJWnMKLS0tIFpicm1IYmNubDlEdGNhUVhvNHo2\neVpYNDgrcHkrYk1kSFVmRWY3RklDbjQK3KAogqfqO50ePP0Y4s3MtI8w0WhJ8XLy\nGBh5oBSfRF2ZPi6RkM2orS2KMZ9RYJUvWFxmJ/BXCoWIK6db06e50Q==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRE9rcW9TaCtodGZTNDlu\neU9DV0tiWUNESEVFUjVUQ3Y5RFA5MkZtYVVrClIzK1BtcjlyMUhoNVVYVHJqWHp0\nYmU3MTRMYUVlTEJaWkVlTVpRVU9ZYzQKLS0tIDRzK3NlNS9OQW9oOEhhenN0ZlYx\nT2p1QS9BUGpMY0VPK2hnYUF4VmhUSjAKzvfYXnecRin7PFuM0gD7GZFXO69iHd0E\nibBANVpZzl+8IP4HlCWTtIQqfhWO0vG1jqaWdrk2d3hdR8BHUCvp8g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWejBzK3FWbklkekxkdmpm\ndlhzYWtpNXZ4dGwwMk85L2JWS3Mzd2t1eFU4ClZ6V25OSEVBNzJVa2NFU2M4VTAr\nQXZqK0s1V0xVaXZqMmVsajdPTTU1a2MKLS0tIEQ4K0VwUDJwTE9melUvYjlSV0V0\nM1ZibDhzTzNhUjN0NCtxUDlTN3hFVzAKlpBaCCRM5a/PsV69QlN4Yuyk3L9omD0a\nZu3T7vFkHU3GgsX3F0Or5ocDdoZiQiax5mu4HXNXIZix+NKypdp9Pw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"lastmodified": "2023-05-14T02:32:01Z",
|
||||||
|
"mac": "ENC[AES256_GCM,data:XoW5mume3kEABRoVr7YHQ6MeL2zyojLoQY5I51rMBcUnoOHbN6YUM1m7helWt/Ctc5oQO5hux79Mpo7zfd94CoWpoxxd8rJppwGefyRjQIld8cPW6iYF5C3z8+u3L6O/sqkBdkO+EG+AXcIH8SzwD4/lwCmhb7b8XLRq6qMxfYQ=,iv:zAkHdws6jylx4lhLfMcjBxgGqJpQ4js2DVKKWtNAiA0=,tag:+//AMU7Bb8ZSNYn2lKskrg==,type:str]",
|
||||||
|
"pgp": null,
|
||||||
|
"unencrypted_suffix": "_unencrypted",
|
||||||
|
"version": "3.7.3"
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue