From dbb9e00bed49d755475336fdd0c7fb3d46c68b6e Mon Sep 17 00:00:00 2001 From: Colin Date: Sun, 14 May 2023 08:40:35 +0000 Subject: [PATCH] secrets: split dovecot_passwd out of servo.yaml --- hosts/by-name/servo/secrets.nix | 2 +- secrets/servo.yaml | 7 ++----- secrets/servo/README.md | 3 +++ secrets/servo/dovecot_passwd.bin | 32 ++++++++++++++++++++++++++++++++ 4 files changed, 38 insertions(+), 6 deletions(-) create mode 100644 secrets/servo/dovecot_passwd.bin diff --git a/hosts/by-name/servo/secrets.nix b/hosts/by-name/servo/secrets.nix index 3ed1601e..e30acd68 100644 --- a/hosts/by-name/servo/secrets.nix +++ b/hosts/by-name/servo/secrets.nix @@ -9,7 +9,7 @@ }; sops.secrets."dovecot_passwd" = { - sopsFile = ../../../secrets/servo.yaml; + sopsFile = ../../../secrets/servo/dovecot_passwd.bin; }; sops.secrets."duplicity_passphrase" = { diff --git a/secrets/servo.yaml b/secrets/servo.yaml index 3121af93..078026cd 100644 --- a/secrets/servo.yaml +++ b/secrets/servo.yaml @@ -1,6 +1,3 @@ -#ENC[AES256_GCM,data:857w7AqbAbVTOKFLxKcMkcQjJ7EkHZFwBRwtCJFspOk8do2f,iv:bIrXzdrhRYk79ZV+JCdIw4UVxq11/tTZUDL6Bwf+NoE=,tag:igMRz5UPX//JrF9NGCOwHQ==,type:comment] -#ENC[AES256_GCM,data:KzCOrdCiXHrVx+oGj2mz/+zkZ8eRRnFhHadx6FlXj8OXQDMvDkSPi6G2f6j5FE//G2F321mZCiMJ1Mf32tItGb0SxoEhyO9wxTesNn45hmA7M0z5HqTxACU=,iv:ksdz8j2fq1W/xnzu0y1JaIgbKzjiqj2KHCEYhkEKsrM=,tag:dbH/vy4JgL1eUeNpv7afSQ==,type:comment] -dovecot_passwd: ENC[AES256_GCM,data:GsXT6PQjCibzyr5G4W3IOIRL4xBuYqFYHpRJOjS2TvXIlTSwVrHbx5Vw5wLHI0zN14rvYy5sycJvEMiCC1YPVphAYNm7VHdo97sUGLpjZ1BpUaJ2KBx77jErxbPrJUSpAroojQFtXFYA2t2bTpOSjZGH7UeyZoLckZtdDqXmnBDvirwVDPNaPv04RrhnqehGyh8EN+b2b5KAm99U9H1oyxIL6mAMJo6FtduVejiVqJB2sl/myI5fJ+bvwkW1CLRmVi0JdVHs4BlTQpi5Q8Kx2SMOH02TP+QDSHv/O8ROpbZ8m0oTk2YbgAG7U8K0t55j8jjWX/7OD4nMv485PgzAMINdzI46g9l9afzo,iv:8MqpUkRPpGJiuWtrdTJAIDXrKZMI73LcwzOiqVMWR88=,tag:+zXmEPV90loAMJtL/+v3vA==,type:str] freshrss_passwd: ENC[AES256_GCM,data:MilteAOk+MZjta+E7Zhxq80y,iv:VigZk0nNHvQNlm36jVN5YXY7bhxmx2CFBizbVFCA8O0=,tag:DKsxGsv53SsJsp3J7UIsgg==,type:str] #ENC[AES256_GCM,data:1zQ8X9W4ZGquYEjEsN8YNLhwBt6kaRCKYMjM8GiZbKzsaqwt/cFk+4cC85+QKWF0FNlX38Uba7bI2FvC8fTIO8eoZ5VymJ9Du3NcExE1976FSIze44FhtkSKQkm/vQw5cb2sPNKBGFLSNV/IpdPu,iv:xwv2+Fns0k2STkS760v9p1XZ5s2HAz3wLb8xyIOGTGA=,tag:OGtHxQgyWxGKtg5I9nJAag==,type:comment] nix_serve_privkey: ENC[AES256_GCM,data:JlLuslwyjKARo3Mo36SeRz6ctVuV+jzDMXACekaGs/UjP+Jm8PoxZsWjMcN+qq0tJB9xGMfi7TKHDi+XnK2k60h+7+yDyeqJQfjID6axMYmgxYUivq4CugutFVB27FmDPljUs2M7CRqe1IHrdjc=,iv:1iQVr9rP80hHCRSVD95KW7bpOWj3oZReJAvqa9TllJ8=,tag:6DDGtHF4suOyy2kcnqSDsQ==,type:str] @@ -50,8 +47,8 @@ sops: cWplOHBNWjlJdGI3ZWtJc0t4Mk9URG8KE+9IPGYZsIs2PaDJ2AUE4gB4QEj5zo6P aZVbubu6Tbg+tD/98RkfWAkNvoVeDYuLNPDNgqOL0UgCQiTrPPaTjw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-14T08:38:31Z" - mac: ENC[AES256_GCM,data:N/SO2dqrhfzkKnMCl160IMfZXUzEWhSQyVseHUfVSUIUDJB4dCIX9b2Zz9f3DITJBWRktsBwhRlRtb7ZmG8wCJ+agRhq/1mjioEFfpt1a6n9+eF/bIWol1tmpE1G09C5KOHzlERE+h+/z2A2sQ7TorHacCUczAKRBCPlRkMl/qE=,iv:Rf8h74You2lnjX69tzfIxBrNUE+FOfvak9piSGGm7Rw=,tag:jUgElnKgZyKdluGwRoU44w==,type:str] + lastmodified: "2023-05-14T08:40:10Z" + mac: ENC[AES256_GCM,data:NRmdPcCnqHOYb1TqkkIZMERg2oFnVelBaxpHkSraaJcvGIe5JmsqyAWr6IYoeCubdkybLIEqbfvJwiuQkMIRbdgKS02gEX3Rkiq7sK7a0vGjR7WstAm+s0TCwwAuO2Ts9QHVh0oGJ1zfNYVfNMXuA/IjRmqwWFm+Ktp+McH4S14=,iv:C4El88w7kuuHAO2AJ6Rf0sFLUrJX/3r/PQxmGSj1irI=,tag:buJFtZBH8zOm+DVSsy/riw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/secrets/servo/README.md b/secrets/servo/README.md index 19f97349..cbff0cad 100644 --- a/secrets/servo/README.md +++ b/secrets/servo/README.md @@ -1,6 +1,9 @@ - ddns_he.env.bin: Hurricane Electric (he.net) passphrase - ddns_afraid.env.bin: freedns.afraid.org API key - viewable: +- dovecot_passwd: auth for mail accounts + - passwd file looks like /etc/passwd + - generate pw hash with: `nix run nixpkgs.apacheHttpd -c htpasswd -nbB "" "my passwd"` - wg_ovpns_privkey.bin: wireguard private key for OVPN - to generate: - wg genkey > wg0.private diff --git a/secrets/servo/dovecot_passwd.bin b/secrets/servo/dovecot_passwd.bin new file mode 100644 index 00000000..13546c16 --- /dev/null +++ b/secrets/servo/dovecot_passwd.bin @@ -0,0 +1,32 @@ +{ + "data": "ENC[AES256_GCM,data:+k0lG0Fkqi33rDPn+SaKvQ/l3/mfsjkX/Y9VuN8bwBz2HuK1763Lnly+GdypsKPLxB609vOotrjXpm3trYPpglI7tUQasv3xZhEOWBGyhSqfcOpXV1gxZ+vmf7qJlVRPrmlmLDgRlY26YXNcl2KqYTmekj6EUwJ7dh7wN+y8XGzLVYMDh+1Mb6pXqtELySbnG8SsQ+x3NjVu0xYiXehPLkaIKM0yofd3tVrTsnthero0KlmPKqzYTOVBsOfzjL9DFM4y4BH5uh9UdSVV4Ye8TPKJrKhoIcd0FWG7AindYtjyQ8/O6PpJARWR1sYIzlMbYiTuP7O/hYnx2AXWL/1ek43+Nxko1y4/qr1q,iv:z+3K+paVj+L32+IdUDAMm+7iXehveJUt1IivfsiJuKw=,tag:4eGaTPTyZbsHwB0nv+sfKg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrN0E3Y1ZON2RTUGhCOGhv\ndVRJeWNvdmF5OExJWUF4dThTRkYzZUg3K25ZCkNPb2cxR0thdklQbWlUV1czTVRN\nTlM2K3psNGQ3Um1mdnpFMHhBekpEd1UKLS0tIGN0cFR2bDBNbXF4eUd1VGFIcWZQ\nS3hyeW1mQUhZbk91MWlWNVdzSFI1MzgKbbcXqBTkfBGYanv2+w3XHMJiJsEy8Crk\nB/mfomezXrmpe7/nbUvqGAwNe8cnXVPHXugmg36KOiyZIC79AJ47XQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZ01VYitQVDRPTUc0ejdJ\nSEJoanlvcC94cXBhYzhTbkc2THZCTWNPUUdvCklrMkE1ZnlycERscXRWL2J1VktY\nZWYxKzV1eFJIclVmeVlEeEZJWEZHQmMKLS0tIHBINlhzWVNkZ3BlWW9PUG9HL1hr\nTFBXc3d6YnllVFBxajVlREIwYS85S28K2KgEZRtKxg/x8HY5M0afS6MRdRjoWTWW\nto6Djn/JCxSVgKPCEmPwI9Fb0VOKd0YuwJPru6w5kZ9o1S5BzL23qA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPNlQ3d0sxa3BpUStTOHJD\nMUhNNEZFazBoRUNzdkd6aGEwTFU0RStlbUVZCjU0VDZDWnkvUDZubVBNSnJkeDVI\nbEtCdmdPSkZhd3hPbEZEZk51L3RYdW8KLS0tIE1mVTJhRjZGNzVaUkN0QktRVGRR\na1IzZ2VtQW45alNDZlRFWXFJWm1MTkEKO6rJskNNyvHwjNBluy9bgwHH9zgO5OvZ\nzgnQ5jDASD0sQCB46DA0c6Esya6CRRdAxGa4zJ59KT59scc21XInYw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZHpxRkJZZVlwcElkWHJJ\nMCtpR1FIbEhsR016bnJZUFMzVElqVzRVMHprCjROK2U5WkNlb2JtQmk0Q2ZibkJF\nZUNabDBNdm45OHQrREhQdSs2NU91L1UKLS0tIFpFOTFTRmx3RC9YSmRXQ3ZwZDRE\nbGRLL0t6NHR0K3Bpdk9jUklDS1BBcFEKOY0k9NEH3PFz3nOye/Ywb0rDb78b7vet\nZlDErcG5wyMXodV961ZVXBcqbMeX+iloWWcyT9S+ZgEi3jKBWNJTlg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2023-05-14T08:39:54Z", + "mac": "ENC[AES256_GCM,data:MUMXrQ+yJplxVXVDFAcZL/zxlQ9L/WLtWgkOO+1jiFlcPPXOIyi32Olbv1KpQNgB8wV5jikDXHBG1wVI9x+pjSpxhwaamfLLytl4OtGQpGJ8PaROJe44f2GfngynWzUdCBEa/L7ftxGeiqFL7/FDm3v+bYufsqVRdxc/dwrNyZE=,iv:PYcdMEr3MeL2eF656TedLE6WymOO+M1zh8pR5Z/0pqQ=,tag:I3O+Gb3Mditr3pl87Ljiag==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file