From e25a4bbee6f5ba54a672b9aa87121cf9ca1321eb Mon Sep 17 00:00:00 2001 From: Colin Date: Sun, 14 May 2023 08:41:27 +0000 Subject: [PATCH] secrets: split freshrss_passwd out of servo.yaml --- hosts/by-name/servo/secrets.nix | 2 +- secrets/servo.yaml | 5 ++--- secrets/servo/freshrss_passwd.bin | 32 +++++++++++++++++++++++++++++++ 3 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 secrets/servo/freshrss_passwd.bin diff --git a/hosts/by-name/servo/secrets.nix b/hosts/by-name/servo/secrets.nix index e30acd68..ce5db286 100644 --- a/hosts/by-name/servo/secrets.nix +++ b/hosts/by-name/servo/secrets.nix @@ -17,7 +17,7 @@ }; sops.secrets."freshrss_passwd" = { - sopsFile = ../../../secrets/servo.yaml; + sopsFile = ../../../secrets/servo/freshrss_passwd.bin; }; sops.secrets."matrix_synapse_secrets" = { diff --git a/secrets/servo.yaml b/secrets/servo.yaml index 078026cd..2cf662d6 100644 --- a/secrets/servo.yaml +++ b/secrets/servo.yaml @@ -1,4 +1,3 @@ -freshrss_passwd: ENC[AES256_GCM,data:MilteAOk+MZjta+E7Zhxq80y,iv:VigZk0nNHvQNlm36jVN5YXY7bhxmx2CFBizbVFCA8O0=,tag:DKsxGsv53SsJsp3J7UIsgg==,type:str] #ENC[AES256_GCM,data:1zQ8X9W4ZGquYEjEsN8YNLhwBt6kaRCKYMjM8GiZbKzsaqwt/cFk+4cC85+QKWF0FNlX38Uba7bI2FvC8fTIO8eoZ5VymJ9Du3NcExE1976FSIze44FhtkSKQkm/vQw5cb2sPNKBGFLSNV/IpdPu,iv:xwv2+Fns0k2STkS760v9p1XZ5s2HAz3wLb8xyIOGTGA=,tag:OGtHxQgyWxGKtg5I9nJAag==,type:comment] nix_serve_privkey: ENC[AES256_GCM,data:JlLuslwyjKARo3Mo36SeRz6ctVuV+jzDMXACekaGs/UjP+Jm8PoxZsWjMcN+qq0tJB9xGMfi7TKHDi+XnK2k60h+7+yDyeqJQfjID6axMYmgxYUivq4CugutFVB27FmDPljUs2M7CRqe1IHrdjc=,iv:1iQVr9rP80hHCRSVD95KW7bpOWj3oZReJAvqa9TllJ8=,tag:6DDGtHF4suOyy2kcnqSDsQ==,type:str] #ENC[AES256_GCM,data:cyptbs4VfXY4P4+W5e2LRZOHkpqvWzn2JEpV80w8cIaQ0lTZa/Hg7IwDNQcsYobmBFO2yLrKawHDKlDos2fMy0KgIhUrw4f8WksxdC06oMqS0mDtgA==,iv:StB34bvA8GWR+7nwOOpsiJ3yqGgeSg5frAgRMhff8nw=,tag:b1LYFzII2Ik1nmGXxgMZuw==,type:comment] @@ -47,8 +46,8 @@ sops: cWplOHBNWjlJdGI3ZWtJc0t4Mk9URG8KE+9IPGYZsIs2PaDJ2AUE4gB4QEj5zo6P aZVbubu6Tbg+tD/98RkfWAkNvoVeDYuLNPDNgqOL0UgCQiTrPPaTjw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-14T08:40:10Z" - mac: ENC[AES256_GCM,data:NRmdPcCnqHOYb1TqkkIZMERg2oFnVelBaxpHkSraaJcvGIe5JmsqyAWr6IYoeCubdkybLIEqbfvJwiuQkMIRbdgKS02gEX3Rkiq7sK7a0vGjR7WstAm+s0TCwwAuO2Ts9QHVh0oGJ1zfNYVfNMXuA/IjRmqwWFm+Ktp+McH4S14=,iv:C4El88w7kuuHAO2AJ6Rf0sFLUrJX/3r/PQxmGSj1irI=,tag:buJFtZBH8zOm+DVSsy/riw==,type:str] + lastmodified: "2023-05-14T08:41:14Z" + mac: ENC[AES256_GCM,data:mrtj8Yr/0SROpjW5XPDOuzmCOOb8F+BoqfxVZGtUx+1I5EYTOaiZ7emejthBtrF1+nnt4WmspLTE3xdBssU+kyPszbF+E+r6hl7huHYMpElT2oTAyGCCXGRyct75EvijwZB1uFxB4lJ2rPWO8zxvaoMt3J3/0OAMFrsRbjTpINE=,iv:vUyy7TN/6oWSNbf/s3qwsRADb+7TGXe2tG6CTmAjE80=,tag:TR+rRcKue1oRBYnqRK+w4w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3 diff --git a/secrets/servo/freshrss_passwd.bin b/secrets/servo/freshrss_passwd.bin new file mode 100644 index 00000000..83fd9ed1 --- /dev/null +++ b/secrets/servo/freshrss_passwd.bin @@ -0,0 +1,32 @@ +{ + "data": "ENC[AES256_GCM,data:5nugQ72DGNyxougn2gl4ZSsZng==,iv:fbJuw2fCSx3GuCD7FrwZ0/FzhgtB2xjtgEfK3zq9/Tc=,tag:EpF9tXPUnbyZ/C6LkC0m6w==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBQlRyZGhjNlJFUVlSYXEx\nWDZNellOeFlaMDlxZ3IvZEkyVDlMYm5VaFI0CnBuTGxNd3pGT0V3RUJSQ2cvNFJw\ncWtUVy83TGJIamdhc0Q2RS8xU1dsaXMKLS0tIGx3VUVKaE9PZkJPdnYwSTd1Y2Mx\nQ0JSUFBhTE42emxiazd6RWtPeHE0SjQKPj7i4QDkf8R+QUt2/1ziE17FqFCbAcxX\n4PkWUgnES4LcWCJGhgw1MAqVerqjMkGYUee/uC1MLMtceniv2It+vg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2V1IzdGFNSFJocURaVEta\nRWNjVHFCUms4UG1xc0c5UkhyaGtTTFRwSXcwCnY5eU5KMlNmaXpPTU9SNTRYeTdU\nbUNYV2l2N2szL3d0WVpCekxtOHBoQncKLS0tIHhVQ3c2MlIwd1NjeTkvbkwvZVBP\nTXVzUnMwMjRadFc5OFo3WlZGQlZWR2sKvUndVBQGu71wKbOeEL01Q+eJe3iDX5A0\nL64mUYWzQiiVwQfbYERuyno4+Vndf3aYWW3tFgqEraFEcpaDaEhtOw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Q0dYTFhmRUNCNGZHVDNt\nNGdDdmJKWmdZcTJlczNRRFJSRWhCZGl1bFVNCmJoQVBsSVVVdTYvSzROdDVUd2lh\nVHN1S2JBbG5kaEUwS1dlTTJFNDJVajAKLS0tIFNmNERFcThGcVE0WFpvOHZvZGhk\nVXNIcSs0TSsybitRSy9oSHVHNEh5dncKmZHxWhXNDDrv0y6YnkgUg7IWpI6sRwJF\n8G47THj/AN6QlSTpT1dz65TPpIkkbUxWo/2MrXsWfpExgZWSEFlgHg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5OU5rT3dCR0dzZ3dXNXNI\nMEVaRjZzK0l3QzZTeVBYbmg0QUdjeTBjMlJnCnE2cSswM3NROVVmSytEZjBvWmFH\nVGRBTm0wZHRIRnBYZGpIRjNLN1ZwTk0KLS0tIFhxbjRINkx0Y2FydTRocjRRdDQr\nYzBVTGtORU1KMnRMUEU5M3NaaDNBWlkKPoxpKu7AXlsX6hUzwMI5pLf/AxdPTZSA\nc+aKFFx7RDxq4DcTL+lYrf65U2iwP4cjNW3NvB+FmjcwJzzdQv6yhw==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2023-05-14T08:40:59Z", + "mac": "ENC[AES256_GCM,data:sEUzfI5a6zVECGX14LS6bOkK/hYw4y1p2RB8iamLXFInTvPlq7F3DchWLOI5DwpnAOkpuKw1yi3M1b73dM4URjgprhLiTQX0JtA5doI9RvqiuZoLS9k0C/2yiAy12aUPje+ssE7JI0lo38giQMJthbZC4UR6QqrwZ1wq2Sg+BIw=,iv:dsyvMYM518EWmQ74V8A2J40b75V4387jkW83sivURvs=,tag:klVYbSYif5wFepAOWapILw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file