colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
10541698a7
nix-files/secrets/lappy.yaml
colin b658b93c64 lappy: store the hashed user passwd in git and decrypt it into /etc/passwd on boot 
this approach lets me persist the password. persisting /etc/shadow
directly wasn't so feasible. populating /etc/shadow at activation time
is something nix already does and is easy to plug into.
so we store the passwd hash in this repo, but encrypt it to the
destination machine's ssh pubkey to add enough entropy that it's not
brute-forceable through the public git repo.
2022-10-23 06:53:06 -07:00

43 lines
3.2 KiB
YAML
Raw Blame History

#ENC[AES256_GCM,data:s512crIo2ylwy1pWPDs6324+NpP3dHvW0QmuZzvOOyrepTQvmB4NW07NFXYzY/UUPn7E4HrB7mzhvQYxVYDBlZKAMr9llT80Nnpt0AqrxnLiqnnY79EvP+aXvNmi0yWsTGqh6k36BWNTUyPSzgjGtvjQgTLSvr9uRzfy9e4C6NVWBm5sTEbYg9y3ZslToVSsEyGHYMVT6fSKM7ewH8wV,iv:sbBWcHYP5Ak4h7gWbdu8JyL2SEeUgrvkjji11Sp2GoA=,tag:yQTWlrrcBxotdKBbB54x5g==,type:comment]
#ENC[AES256_GCM,data:XcQaEDhsAG2kY0Rdw2AKOwaHQIm3/zrWMjpQlU8pWlifNY9eoPqndzIbCNDKhbEJqrzeAuxGYFRBgohRcHQz2O/cbgr8GwTZ3Uo+NHsX6qcoUhzUKd1xlUnIKLjNcV7vlxofrmXikQ==,iv:OKSw1bw2TiPweUJeqCqwr8V+A+ovIT+meygH9l9m4cI=,tag:aTROLuGpTgoxF1JV/w2Cpw==,type:comment]
#ENC[AES256_GCM,data:GFdHTjsr2DJtg/BIyOSeM6EQw92Q/8JFdqXLwpg/FWn9olTws2KDchSWRDlkrEbgoXSMP3Atd33YgckUebDYMIK8ctJai2SUxLJK5fW8LX1JbKUAC5PHUygAIkWYsHlNse7Qbgrw1rtBuR43L6NbMw==,iv:5beGhtM2wja2GgrLCzizsqamfakDIBlZ74ZJhNr33lg=,tag:Ej1za572vRpPcvcHXliQDA==,type:comment]
colin-passwd: ENC[AES256_GCM,data:QiO9RQnaveqScqf8n1cjWLduQ72GN5jztlHB9I9hNLl/Wuyd32QSkpQzylhFbE1z+G+R02opHdanWAQKicbCXwfW6E0gjBSCS0qb5yZNuTwT+KCtr6U+73pkPduX+8VT0XbVpFCijqjN0g==,iv:m/lS30RChEZ7gFrlt2U4MhVwn/mVxNu6WvzySTZ59co=,tag:R3XEMyfe4yIqA4xBciMnnA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4bzFLUFloMU1uUWRmdkZu
TllhSGxvNzBJQTZRaE9EbTA3R3JLNGpVT25nCmd0SG1BWEJWL1JlKzhmSFdFS3Fk
SnRGbUFqdzVFTy95eVhiZGN6a3VMOGcKLS0tIHFJQUtEYVhGWWlTRlQrbEpoQ2h1
VXJ5SXNlS1ZNNjhuVDFrMnlrVHp2NlUKwD3ZznQVcz1ZLb/weULpXET9uZb4aj/U
FnY9ktEEtKeSl10jzU3/sUla6Ap6K6b9KLmmqd5Rnp0ZhbxVOR8rkg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOa1dpZHVoY2tTWVJ2bG1J
Z0xjVGplMGZqajFlcWtPL0YwUXcxWThNOWcwCmQvZllaZ1JSK3N1WmIvV2F6YjZv
U1ZtMVVSSU1LZ3M4SWExSm9yRzRTR3MKLS0tIFU1dERKdko1SVZLcmVXQXMydExm
OWVEdDJsbENOYkJNSzc5MzlEanVSL0EKbKVgN0/LUiC92N9/MvoXJouiIRHE5aWO
R7xPtxYG91vC+HVj8ThHbu0fcUIqD7LTX82XCrWoYMwkplbTC/F2cw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w7mectcjku6x3sd8plm8wkn2qfrhv9n6zhzlf329e2r2uycgke8qkf9dyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3SGk4YzhEaldpcTBRSG1T
Nkpla0s3d2ZRU2RsK2ZDRlhEdVY0NkRYUVU0CjYrTjhxZDVyYUlmbnRQQXBQZVhD
OTcrbmV0YjdyeEhEaHVRUm03Z2hTNTQKLS0tIGVrTjhCL3RlZ2dIOFduVVdSbnJ3
L2JhVWhmQk9qZzdnYkYrQTBCZnI3eE0KHju7x28mP5jLt4u6T6CnQ3ThiEYFhG5P
D7c0h2YhqeqdewuwQWjqJMbUc308N5f0Hz/BsUgYZNanl9qqQRXkrA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-10-23T12:29:53Z"
mac: ENC[AES256_GCM,data:aa97qTkzP6rE4Pq/hdKAITUhWW7GzAs8iC7W6dzYZHJp/k1vYTOqcJ6JZnLva2e8LZKSlsKTEu/0nu3gmY4YgNw0/o0UlWSN7v58bA6Ybzb/ABiQfVv7FxnWD3978xCTNkzCd9wB53LtP01kAQ42lJx1R+AkohsHBN7pHsQg54w=,iv:BZZuEC5dGsMzXYNHK7UgA52yDhYfl1WHzYUzaTsq+qM=,tag:gYzH9dNe5OAc/dccN/d6GQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3
Reference in New Issue View Git Blame Copy Permalink