colin
/
nix-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

secrets: split moby.yaml into file-per-secret

This commit is contained in:
Colin 2023-05-14 02:42:07 +00:00
parent ff01155efc
commit ed020b56c0
4 changed files with 35 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.sops.yaml
View File

@ -38,7 +38,7 @@ creation_rules:
- *user_lappy_colin
- *user_desko_colin
- *host_lappy
- path_regex: secrets/moby.yaml$
- path_regex: secrets/moby*
key_groups:
- age:
- *user_desko_colin

3
hosts/by-name/moby/default.nix
View File

@ -16,7 +16,8 @@
services.getty.autologinUser = "root"; # allows for emergency maintenance?
sops.secrets.colin-passwd = {
sopsFile = ../../../secrets/moby.yaml;
sopsFile = ../../../secrets/moby/colin-passwd.bin;
format = "binary";
neededForUsers = true;
};

51
secrets/moby.yaml
View File

@ -1,51 +0,0 @@
#ENC[AES256_GCM,data:akcgE1j3wiKoyB9Uara51P/DPVcKyzt5lZ0kTuxqotjBvVtsGdPVHaeMPMi5blNyPIuiWxo9Jn0MJGyknCs9AL+g96G/yDvvD7or44sK1v8ED+2glfdMi0cjDm80anh7SMchyA6tmtgJhMW1EtkhZ/b/xpysNBzsn5e+zb9jXS4a7LF23jJr7d6tbJo9jks7vVJ7/p33cONglhO573TD,iv:M+S7WCO3V6pQg0UuzWF2y9IgH7p/P4at+qm2Y38To1o=,tag:DPlXsDSYySaHNgSzywiJRQ==,type:comment]
#ENC[AES256_GCM,data:De/BSe24Uf4Ch+JBzJMOEc7W+E72vYrqQWG4LeEk8vVHa/3eGHyKylHIgkMTr5CvwhX7/uCkjm8fgz1QHuRb8jLru8n2u/AxoY9kLUTZ/7VyYes3t9tawZ7tTFzbcqMxjV0Xy5eTzw==,iv:q3bDj1iYv3JBPzSoRU2ANCpfwWtLyCzyn81r5kl2tcw=,tag:f+d6+cWQEb83qK8I/oOCkw==,type:comment]
#ENC[AES256_GCM,data:tYLNlC3Ov2RRnaEH0QAALmMYRc4fyDDM5A7J2sfJbMvoDmkgKoP0HYWy3diJMEcLsw3ZoDGibcU03QduisxjP0eWfEHkzE4R2+tWY+yWYy7TFx7Qg3BfSTtnMt5V9vSWcVLMAgoYaRUMqykIRMRaCQ==,iv:81HzxZyAJvXa5fQDOIIqRTL3dhKA4S2TftE3yfw6VIk=,tag:9+3stfyHrrmkfZpLGpmMOA==,type:comment]
colin-passwd: ENC[AES256_GCM,data:+2uEyJX6FUbOSoJpJpjF+TmwWu3eJlrN5S9J1kRtTbS84c23E4AKTHojk5zEcPZZ9RG3vYjH6C37dRj4/SK/Z1/G31B31RgzwkLnmf11JXK+HSQZHZATgSvH07ANEYIg5VR78IQUz6qbGg==,iv:jyF/QzLyrQU+ebRfBrWRcu5/dmwY9LB4D1FxHVo8+TQ=,tag:3u7HO1VYzenIqvq0iZwuRw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpck5EWDVkWjdIU2YzQ2Mx
VUpJbW96dXIvM0pPK2Vnd3ZZU3lmSlVheEdRCmVXNFZWV0FjT2p6b3FZOW1vaFNO
MCtubi9QL1Jtd2FQL05vZmd5SjQxelEKLS0tICtaa3VRQ2JJZXpnd3pRd1lndUQ3
d1JCZ3JtZENsSGR4SkVrNHIvTEhndTQK6pQqmcq7xmhZ9E099rBy9MtCdZghBTmU
UCVWxq8zWanK11GLyh6cvs8hHSLIyvpbODnBYA1WM0AeIJoxtRRWEw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0OWl2dlcyU0VoRW90Q3ZR
eURXS1hPSG0reFFhUmxyTGRFNVdIZVJHYVJ3Cm0rcFpjQjQzVGVEcjhNR2RldkVL
WnA4U3N1ZUFUTTBkSEdCbHZCeGxNNFkKLS0tIHY3RFdxUC9SaFhVTFBLemVEQytZ
R01wWFBYR1dYNWlNUkw5M2VNK04yWE0KBPcJduySzwhAnx4BshPX/7QVdeN+L3fH
4sZqC4gYFj3KXZhIOkUcCtwS/dObBoy02EhPsUtSKRheacFVs46w8A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZVBzNG5pOGlXZzI0c3J4
YnFsTDdsQjFwZ3czenlUVkJYcWxJbDAxNkFjCjYyK3VDOS8xRkhBSVRFYTRFSTZ5
Y0htSE13Q1NFNDg3czVuZ3dPOUFlekUKLS0tIDJpRHBWdU9hMnpUSWV0cSsvNjF5
cHVGRXdla0NGZ2lOMVQ3Ym43dDMvaVUKmx7p/TMj5uu/RJjRe4yCKt87brs7E7s0
F88swQCwY41lCdFwISM0jRbY/MymTtbtP+2gcSYlq/S619ytQqf7SQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbWlCZW1VR2FXNHZ3VjZP
R3UrbGgvZEdYdWhBcFJnV0FZZkJWZ3pxcVJNCjR5bzE3M3dHQWZSbWhqS0MrTURp
NnBPQS9xeE1nZFV1VFd5MW9NaFFlM1kKLS0tICsrUkpOaEFFMVExUHhJNSs4eHdB
SlMyTGQ5SWVCU3NLeVcvWmhUc3VSVGsKHJSSl1QFrHq6iefNEL7kpM+XYQ5abz8H
aL6KiK6wvPOWB2RAT5DDicPYSEPXWGpHYTzNT+/hVFk5fXk/zqzOhQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-10-24T15:24:12Z"
mac: ENC[AES256_GCM,data:cYWayG+pAQv1wTsx4ozbx33cl5QwuR+a480zQVl2RVJF028NlVR3yuYdndvwIT9QY79UVcix0pYtK3pm/zTpPLMz59oLIv1TNUdE4/10o3RGw+6fllKdxNftNBcos/1n6ENZRw6K7lviuG4ZKEZMDO3tvPC+XPoPofROyu9WMQE=,iv:Kddn/71vylvLkK7gT4p5juW2nI/qWB3Q+oCQ5hN4Zqk=,tag:AOrjSII1zWXPB0VPpol6Zw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

32
secrets/moby/colin-passwd.bin Normal file
View File

@ -0,0 +1,32 @@
{
"data": "ENC[AES256_GCM,data:LxxmHcRKeF4OBpJ7/xXvIJZKiZwKYinM8S+af3B/mslOnzfKI2KxBSdcoIzZtFGsXjA28BBm57PK+1z5eqtgzDJaXnn9PTFuBevWxjUmhYon81uEN+uPATYvikrFu7rE7bUeIjzfcR+rEek=,iv:opQ+Kmto/J6xgjuH9zP6I9PUOzYVlNCR1zA9373fgtk=,tag:7N5mAfvy77jlu3kPADO00w==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzem9SeDcrbTNwSUk4MlM2\ncEVvdFZILzAyUUJpb0c4RXV1SXJFNHZFYkEwCmgxTUYyNVoxQ0RibjlDd3phekdI\neWgxWVoyZWtXWGtSV1k0S21jRlUyQUkKLS0tIFF5cVRzeFBtWWZ3UmhqYzgyeC9D\nK3cxSjhmejVkT3NuYlNWWXBzc2RqSm8K+Ik9YT2w1Dbx7DM5ZbA79c8Au3mNPCha\nYEK6QLUJwRB8uzqh0mXVq8avkbufOO3z0Jjc4z/BY9GvOHrR1w7Q+Q==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvakoxV0ZIWlY3cFR5YWxu\nYUp4TzlIbW81MmdZbVRQTnJEUHRLUGdkODNNCkpScTdvOVd5UjE3Y2R0dDMyRzRE\naEkrOUpNMzMrRWxzbGhtd2pnVHNyT0kKLS0tIDE5R2hmeTZ1a1cwSy9BUFBGK2xz\nb1U5YVIwVHY0RnJSSEtiQTFpVXBzT1UKyQmDc0XC3oxM2wDYWkGC4aYlMm174ElY\nmmbGr/MAPdHTIWM0GcFjZsPNIqf3OXecR0wuvZfj4/Qx5PmE0YphwQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zsrsvd7j6l62fjxpfd2qnhqlk8wk4p8r0dtxpe4sdgnh2474095qdu7xj9",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZWxPRWdLVmpFVXZsUVVx\ndG04WG9JckUwOTQ1enplaHljWXcrZys0d2hRCkh4VmR1T0lGNmpnYmwvRHZQaExa\nTng0eG90aHVJc0I1NFUxelVDRDBoZXMKLS0tIG44cGdHOExERlA1cE5oU2Z6YmFH\nMlRpcUppRW1KeTFZZ3EwdHlCWU5UT0EKt+POC7svnPck6T9dpCy3lzH6w0X074s1\nEyEArfBEIqeEvXtFO7m+tL5eURngmdcxZjSd7nlM6tuz24Y6EtJ14w==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age18vq5ktwgeaysucvw9t67drqmg5zd5c5k3le34yqxckkfj7wqdqgsd4ejmt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZW9CamlQWjE1bDJMa09j\nL2ZSZktnUzlZczdiRWxKRTRzODYyTWlZRlNBCkhhK1RxZThSWDk2d1Nia3U1NHE3\ncWhvZWNia1lmNTlWWHRPRHV1SUR4ZjgKLS0tIFRrZVpMaVZubEZFQkZ5bXhYS0tN\neStrVzZyaXBzKzk1THpna0laL3RKSjgKEAT4wur+5uN8c0PWwFjSpzzMmT/HWkpA\nr/LS5B6sLRDZ06qS5UKDb710MyTzR1FBCi0YGdAEbZZOmjaELXoapg==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-05-14T02:36:18Z",
"mac": "ENC[AES256_GCM,data:u22p276cZXc/B1h6HEX1YHAyPQf8+FkQg3Vyi0IS7c+YtZLVNW445DgeS4Rku87oyOU93ZTyaPRnkbWr/w29sM3cdB7Nmtvc7psDtPQ5ntLDlSESN6g+s7EXcQHWPFdaVvpKUIf0tOgnwRFXVGCLKJO/Bl+b1SBeMDjiOpG8LXU=,iv:EAhdMJIDqRRMln71faPmnfkn0EAx+fvUXWkPubHfY98=,tag:KNNhViFGtsTfLEtxOrCWTg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}