colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

secrets: split dovecot_passwd out of servo.yaml

Browse Source
This commit is contained in:
Colin 2023-05-14 08:40:35 +00:00
parent 6b1c3d02c1
commit dbb9e00bed
4 changed files with 38 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/by-name/servo/secrets.nix
View File

@ -9,7 +9,7 @@
};
sops.secrets."dovecot_passwd" = {
sopsFile = ../../../secrets/servo.yaml;
sopsFile = ../../../secrets/servo/dovecot_passwd.bin;
};
sops.secrets."duplicity_passphrase" = {

7
secrets/servo.yaml
View File

@ -1,6 +1,3 @@
#ENC[AES256_GCM,data:857w7AqbAbVTOKFLxKcMkcQjJ7EkHZFwBRwtCJFspOk8do2f,iv:bIrXzdrhRYk79ZV+JCdIw4UVxq11/tTZUDL6Bwf+NoE=,tag:igMRz5UPX//JrF9NGCOwHQ==,type:comment]
#ENC[AES256_GCM,data:KzCOrdCiXHrVx+oGj2mz/+zkZ8eRRnFhHadx6FlXj8OXQDMvDkSPi6G2f6j5FE//G2F321mZCiMJ1Mf32tItGb0SxoEhyO9wxTesNn45hmA7M0z5HqTxACU=,iv:ksdz8j2fq1W/xnzu0y1JaIgbKzjiqj2KHCEYhkEKsrM=,tag:dbH/vy4JgL1eUeNpv7afSQ==,type:comment]
dovecot_passwd: ENC[AES256_GCM,data:GsXT6PQjCibzyr5G4W3IOIRL4xBuYqFYHpRJOjS2TvXIlTSwVrHbx5Vw5wLHI0zN14rvYy5sycJvEMiCC1YPVphAYNm7VHdo97sUGLpjZ1BpUaJ2KBx77jErxbPrJUSpAroojQFtXFYA2t2bTpOSjZGH7UeyZoLckZtdDqXmnBDvirwVDPNaPv04RrhnqehGyh8EN+b2b5KAm99U9H1oyxIL6mAMJo6FtduVejiVqJB2sl/myI5fJ+bvwkW1CLRmVi0JdVHs4BlTQpi5Q8Kx2SMOH02TP+QDSHv/O8ROpbZ8m0oTk2YbgAG7U8K0t55j8jjWX/7OD4nMv485PgzAMINdzI46g9l9afzo,iv:8MqpUkRPpGJiuWtrdTJAIDXrKZMI73LcwzOiqVMWR88=,tag:+zXmEPV90loAMJtL/+v3vA==,type:str]
freshrss_passwd: ENC[AES256_GCM,data:MilteAOk+MZjta+E7Zhxq80y,iv:VigZk0nNHvQNlm36jVN5YXY7bhxmx2CFBizbVFCA8O0=,tag:DKsxGsv53SsJsp3J7UIsgg==,type:str]
#ENC[AES256_GCM,data:1zQ8X9W4ZGquYEjEsN8YNLhwBt6kaRCKYMjM8GiZbKzsaqwt/cFk+4cC85+QKWF0FNlX38Uba7bI2FvC8fTIO8eoZ5VymJ9Du3NcExE1976FSIze44FhtkSKQkm/vQw5cb2sPNKBGFLSNV/IpdPu,iv:xwv2+Fns0k2STkS760v9p1XZ5s2HAz3wLb8xyIOGTGA=,tag:OGtHxQgyWxGKtg5I9nJAag==,type:comment]
nix_serve_privkey: ENC[AES256_GCM,data:JlLuslwyjKARo3Mo36SeRz6ctVuV+jzDMXACekaGs/UjP+Jm8PoxZsWjMcN+qq0tJB9xGMfi7TKHDi+XnK2k60h+7+yDyeqJQfjID6axMYmgxYUivq4CugutFVB27FmDPljUs2M7CRqe1IHrdjc=,iv:1iQVr9rP80hHCRSVD95KW7bpOWj3oZReJAvqa9TllJ8=,tag:6DDGtHF4suOyy2kcnqSDsQ==,type:str]
@ -50,8 +47,8 @@ sops:
cWplOHBNWjlJdGI3ZWtJc0t4Mk9URG8KE+9IPGYZsIs2PaDJ2AUE4gB4QEj5zo6P
aZVbubu6Tbg+tD/98RkfWAkNvoVeDYuLNPDNgqOL0UgCQiTrPPaTjw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-14T08:38:31Z"
mac: ENC[AES256_GCM,data:N/SO2dqrhfzkKnMCl160IMfZXUzEWhSQyVseHUfVSUIUDJB4dCIX9b2Zz9f3DITJBWRktsBwhRlRtb7ZmG8wCJ+agRhq/1mjioEFfpt1a6n9+eF/bIWol1tmpE1G09C5KOHzlERE+h+/z2A2sQ7TorHacCUczAKRBCPlRkMl/qE=,iv:Rf8h74You2lnjX69tzfIxBrNUE+FOfvak9piSGGm7Rw=,tag:jUgElnKgZyKdluGwRoU44w==,type:str]
lastmodified: "2023-05-14T08:40:10Z"
mac: ENC[AES256_GCM,data:NRmdPcCnqHOYb1TqkkIZMERg2oFnVelBaxpHkSraaJcvGIe5JmsqyAWr6IYoeCubdkybLIEqbfvJwiuQkMIRbdgKS02gEX3Rkiq7sK7a0vGjR7WstAm+s0TCwwAuO2Ts9QHVh0oGJ1zfNYVfNMXuA/IjRmqwWFm+Ktp+McH4S14=,iv:C4El88w7kuuHAO2AJ6Rf0sFLUrJX/3r/PQxmGSj1irI=,tag:buJFtZBH8zOm+DVSsy/riw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

3
secrets/servo/README.md
View File

@ -1,6 +1,9 @@
- ddns_he.env.bin: Hurricane Electric (he.net) passphrase
- ddns_afraid.env.bin: freedns.afraid.org API key
- viewable: <https://freedns.afraid.org/dynamic/>
- dovecot_passwd: auth for mail accounts
- passwd file looks like /etc/passwd
- generate pw hash with: `nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "my passwd"`
- wg_ovpns_privkey.bin: wireguard private key for OVPN
- to generate:
- wg genkey > wg0.private

32
secrets/servo/dovecot_passwd.bin Normal file
View File

@ -0,0 +1,32 @@
{
"data": "ENC[AES256_GCM,data:+k0lG0Fkqi33rDPn+SaKvQ/l3/mfsjkX/Y9VuN8bwBz2HuK1763Lnly+GdypsKPLxB609vOotrjXpm3trYPpglI7tUQasv3xZhEOWBGyhSqfcOpXV1gxZ+vmf7qJlVRPrmlmLDgRlY26YXNcl2KqYTmekj6EUwJ7dh7wN+y8XGzLVYMDh+1Mb6pXqtELySbnG8SsQ+x3NjVu0xYiXehPLkaIKM0yofd3tVrTsnthero0KlmPKqzYTOVBsOfzjL9DFM4y4BH5uh9UdSVV4Ye8TPKJrKhoIcd0FWG7AindYtjyQ8/O6PpJARWR1sYIzlMbYiTuP7O/hYnx2AXWL/1ek43+Nxko1y4/qr1q,iv:z+3K+paVj+L32+IdUDAMm+7iXehveJUt1IivfsiJuKw=,tag:4eGaTPTyZbsHwB0nv+sfKg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrN0E3Y1ZON2RTUGhCOGhv\ndVRJeWNvdmF5OExJWUF4dThTRkYzZUg3K25ZCkNPb2cxR0thdklQbWlUV1czTVRN\nTlM2K3psNGQ3Um1mdnpFMHhBekpEd1UKLS0tIGN0cFR2bDBNbXF4eUd1VGFIcWZQ\nS3hyeW1mQUhZbk91MWlWNVdzSFI1MzgKbbcXqBTkfBGYanv2+w3XHMJiJsEy8Crk\nB/mfomezXrmpe7/nbUvqGAwNe8cnXVPHXugmg36KOiyZIC79AJ47XQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZ01VYitQVDRPTUc0ejdJ\nSEJoanlvcC94cXBhYzhTbkc2THZCTWNPUUdvCklrMkE1ZnlycERscXRWL2J1VktY\nZWYxKzV1eFJIclVmeVlEeEZJWEZHQmMKLS0tIHBINlhzWVNkZ3BlWW9PUG9HL1hr\nTFBXc3d6YnllVFBxajVlREIwYS85S28K2KgEZRtKxg/x8HY5M0afS6MRdRjoWTWW\nto6Djn/JCxSVgKPCEmPwI9Fb0VOKd0YuwJPru6w5kZ9o1S5BzL23qA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPNlQ3d0sxa3BpUStTOHJD\nMUhNNEZFazBoRUNzdkd6aGEwTFU0RStlbUVZCjU0VDZDWnkvUDZubVBNSnJkeDVI\nbEtCdmdPSkZhd3hPbEZEZk51L3RYdW8KLS0tIE1mVTJhRjZGNzVaUkN0QktRVGRR\na1IzZ2VtQW45alNDZlRFWXFJWm1MTkEKO6rJskNNyvHwjNBluy9bgwHH9zgO5OvZ\nzgnQ5jDASD0sQCB46DA0c6Esya6CRRdAxGa4zJ59KT59scc21XInYw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZHpxRkJZZVlwcElkWHJJ\nMCtpR1FIbEhsR016bnJZUFMzVElqVzRVMHprCjROK2U5WkNlb2JtQmk0Q2ZibkJF\nZUNabDBNdm45OHQrREhQdSs2NU91L1UKLS0tIFpFOTFTRmx3RC9YSmRXQ3ZwZDRE\nbGRLL0t6NHR0K3Bpdk9jUklDS1BBcFEKOY0k9NEH3PFz3nOye/Ywb0rDb78b7vet\nZlDErcG5wyMXodV961ZVXBcqbMeX+iloWWcyT9S+ZgEi3jKBWNJTlg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-05-14T08:39:54Z",
"mac": "ENC[AES256_GCM,data:MUMXrQ+yJplxVXVDFAcZL/zxlQ9L/WLtWgkOO+1jiFlcPPXOIyi32Olbv1KpQNgB8wV5jikDXHBG1wVI9x+pjSpxhwaamfLLytl4OtGQpGJ8PaROJe44f2GfngynWzUdCBEa/L7ftxGeiqFL7/FDm3v+bYufsqVRdxc/dwrNyZE=,iv:PYcdMEr3MeL2eF656TedLE6WymOO+M1zh8pR5Z/0pqQ=,tag:I3O+Gb3Mditr3pl87Ljiag==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}