From 6291f8d4386aefa94350935df6dc0d2ae3a1a4ee Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Sun, 1 Dec 2024 01:03:21 +0100 Subject: [PATCH] Reorganize some sops stuff --- .sops.yaml | 21 +++----- machines/gamepc/configuration.nix | 5 +- machines/gamepc/nixos.sops.yaml | 39 -------------- machines/gamepc/pim.sops.yaml | 48 ----------------- machines/sue/configuration.nix | 16 +++--- machines/sue/pim.home.nix | 3 +- machines/warwick/configuration.nix | 7 +-- machines/warwick/nixos.sops.yaml | 48 ----------------- nixos/default.nix | 53 +++++++++++-------- secrets/gamepc/colmena.yaml | 32 +++++++++++ secrets/sue/colmena.yaml | 23 ++++++++ .../nixos.sops.yaml => secrets/sue/nixos.yaml | 7 ++- .../sue/pim.sops.yaml => secrets/sue/pim.yaml | 5 +- secrets/warwick/colmena.yaml | 40 ++++++++++++++ 14 files changed, 152 insertions(+), 195 deletions(-) delete mode 100644 machines/gamepc/nixos.sops.yaml delete mode 100644 machines/gamepc/pim.sops.yaml delete mode 100644 machines/warwick/nixos.sops.yaml create mode 100644 secrets/gamepc/colmena.yaml create mode 100644 secrets/sue/colmena.yaml rename machines/sue/nixos.sops.yaml => secrets/sue/nixos.yaml (65%) rename machines/sue/pim.sops.yaml => secrets/sue/pim.yaml (93%) create mode 100644 secrets/warwick/colmena.yaml diff --git a/.sops.yaml b/.sops.yaml index 7f7295c..1a955ff 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -8,32 +8,27 @@ keys: - &niels age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga creation_rules: - - path_regex: machines/sue/nixos.sops.yaml + - path_regex: secrets/sue/colmena.yaml key_groups: - age: - *sue_root - - path_regex: machines/sue/pim.sops.yaml + - path_regex: secrets/sue/nixos.yaml + key_groups: + - age: + - *sue_root + - path_regex: secrets/sue/pim.yaml key_groups: - age: - *sue_pim - *sue_root - - path_regex: machines/gamepc/nixos.sops.yaml + - path_regex: secrets/gamepc/colmena.yaml key_groups: - age: - *sue_pim - *sue_root - - *gamepc_root - - path_regex: machines/gamepc/pim.sops.yaml + - path_regex: secrets/warwick/colmena.yaml key_groups: - age: - - *sue_pim - - *sue_root - - *gamepc_root - - *gamepc_pim - - path_regex: machines/warwick/nixos.sops.yaml - key_groups: - - age: - - *warwick_root - *sue_pim - *sue_root - *niels diff --git a/machines/gamepc/configuration.nix b/machines/gamepc/configuration.nix index dba7c99..8151e87 100644 --- a/machines/gamepc/configuration.nix +++ b/machines/gamepc/configuration.nix @@ -6,10 +6,7 @@ config = { pim = { cinnamon.enable = true; - sopsKeys = { - root = ./nixos.sops.yaml; - pim = ./pim.sops.yaml; - }; + sops-nix.usersWithSopsKeys = ["root" "pim"]; }; facter.reportPath = ./facter.json; diff --git a/machines/gamepc/nixos.sops.yaml b/machines/gamepc/nixos.sops.yaml deleted file mode 100644 index 7145f77..0000000 --- a/machines/gamepc/nixos.sops.yaml +++ /dev/null @@ -1,39 +0,0 @@ -sops_age_key: ENC[AES256_GCM,data:v0/grOgffNcl1IbfdHr7uzbwvIL1CpfvSSFnuQS1ZEkuuE2Bfbvl8G0i6dHQSnFBtNJXkgAajCdapUlRcaX60EuXToKB14nHP1A=,iv:ZruuYlZJszgmztMXqya7InCLlyihS59QJCoSk685q34=,tag:bN3NZsWeg12GfUTjubb4Ug==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMkRLNHNYTm55TjA4YWhF - SENVSlVVYWRQUVZNU29iWmk4dVgvSHk3Z1RNClFqcTlUcTlqNjZrMFdUTGQyU2hO - ZktIWXh5VVVsR3d2dUhDQ296RXBJSGsKLS0tIGtWQ1Jwd3U5VmxyMjExMXlQVVZ4 - aTNmRFhEaE9nbGduK2tLallTcFBSWVEKMhULgc6jkA+qJ9LrYtxcUO2k78L4LxHl - 7Okpr5UJlTVn96swt/aFEEfA1gnzGgPWU6Oir5uETBiqTVVytW16wQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbHp6WkhjdDRkeWpTeTBN - ejRXMUwrSkFTTUlGMC9LNTRwemcxWXVzN1FBCkZlazlBbVM4RlJuTUtZQ1hoWkd3 - SUs5RS9Ba2k2cjhsOGkxaUt5TzF5cjQKLS0tIHFRcWFIL1EvcURURmR3a2FSSjRW - OUpUcFJ1N003OUJlMDJha09nQ1l0OWsKuxMX8dZbn75yUs5E5/hu+LjHRslcUldL - YmQl7phWnWMfgwphERpOhdMn2pczVGygriG7c0LOe6SiEiXxnUHiWw== - -----END AGE ENCRYPTED FILE----- - - recipient: age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArc1pmV1cwTmt1RnFBb1VO - Yzd4OHNwbVBORHU1ZVRpVFpsMHlYM3BSaVhnCm5vbURWZ1kzbVZIdE9FY01Qc2tI - cVFtQTY4WnpNOEI2T1BTYkp4OWQydm8KLS0tIFE0eXpJMWxCMC9yOGNRdGNKUmll - S3I4UmRYZzRBUk5jcGtoUzFjcWdGeEEKGYB4kTpjNaAZWuu/wnBNYcSFwFEtX+pu - zzt9Nd2ahPnTMdcSLz/mwOHxyiAgBDUGsNm60EitKxl+LgmR7mBjnw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-17T21:42:29Z" - mac: ENC[AES256_GCM,data:dFwV6VpyoXRkhfL+uSiiH2EcetAb0qV3AbED2XzNwvbE+TbItcoQ6JQ/2+lItZ4iULxGOxMvD8n0ZO/aASC8fDlqsNMwf2KmNFwjl4sVJBtTLKH4Z1/5rZmECwdiTMKOf/oTv3VNgbzkcrAuKEZywl+c4iXd5w4YaJgA0M6aSWI=,iv:Zxvr8vBcDZavSbAL8Ar+Du546H1Dhp/ZXRtsjcik2RE=,tag:Od08FmjlhNYPEpMC4rQR8A==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/machines/gamepc/pim.sops.yaml b/machines/gamepc/pim.sops.yaml deleted file mode 100644 index 15e151f..0000000 --- a/machines/gamepc/pim.sops.yaml +++ /dev/null @@ -1,48 +0,0 @@ -sops_age_key: ENC[AES256_GCM,data:acf7kA1ceRLqw0TYPFzkNAMLz0TbNTFBN8MtsYX2y0+xuyFX0oJzIZAMTP7fjVBEcuPE55ewoXjXpP18iDwRUDT4f9Y1dorQD/g=,iv:vx4Inly+Vg8pENlBvijTv2hgTJTFLAfp+f4Nn2leO3A=,tag:i+KXl1V4OxqDnjK62ijBbQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWlpYcTV2TEw3TmwyaHhZ - M3hJY3VOT2NwaVZUU1cvNnRHVnhOZFRCd1cwCi8zM09icUZEUlIwTy9jVE9Takhr - T1ZuWWtkOHBGVGpHeU1VdXpvV2RRSE0KLS0tIDNyL24vWmZhRzBBRW5iMW1tSXhs - ZDhDVTcyVzk1bzVOcjJ1aDlOWEt4RzAKCuuSJ/aLZldfysSFhmUNNZULcSiBrNe9 - hTRra+FLCbNqsNt2iuImkOQwINqdlUIaC36TtXUucV3C2SyDdLo1rA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZXkyN1FxMzFiSzlVYjV4 - U0E0TWNkb3VFMjJZYUdxM0QzZmg1cUxuMWxVCnFZNkM0SmFDRFE4aHJuQnNzOHNW - ZVc2MTBMWENYeFpYT3dPZERiMHpRUVEKLS0tIHhFL0JjdURYcldTbVNUYkNKN3VR - aUQ2ckVrb3k0L2hnSUdTb3ZzeE54SkEKzh55hsegd28yvwI93xQUYCFBHz7LFQ60 - mrkrWHDBjzxH0VnKT/59YFI1QitLgxI2db6PGQl5i5LYzeBVzG58LQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUTR2enVtK3hEcExSL0lL - VWVHQ290WTB1cmlWbFB4TTRQaVdPRjQ2bGlRClNWeWtWMSsvL2NMbE54aDNTMmhJ - aWNSazdMMlJUaE5teDh1SWlBMFFMbVkKLS0tIG5QaktGZitaem1DaU5mL2hDZUUr - RW5RNXhpQklCQ3B5K0VoRUFZK3JEQUkKRCGn35rQOpgwxxUSvpWVxJG3gMu+aTnW - B3a/0I0QqAgcPZ3Lj/HIUDN5GUDxdmZhuMdBRKtm5uHMPzDDOXJOKA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSzhDb29pUmNvZ2Q5a3hO - R09lRThlNFpTd1FiZjdFajNMekxvQ3gvekQ0Cnd0SytUVi9JZUcvZGt4YjU3MENX - RWxMcUlRR3ZiUnVacGhBUTVseTQ4dkUKLS0tIDFabnNQbDlUcHRjUVRTVTFkTkJE - SURWUVdNYVdNRXpXYVpBVDZRS204ZVUK9DcgnwXI4cBcnl2xZWrJ1uLY8GHqL6HG - 1cGGG6WEI/EyRH0x80/Djj1d3mEUs7H66uVjbNgid6vOjLi4qTS83g== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-17T21:42:43Z" - mac: ENC[AES256_GCM,data:0qHov3SY7SM0+kp4HqPi/AxnI2k2oDDmRkqFTEsqe7pJ793ldu/io027GOlmg9ZHs+aZflSl6tzMKXWAb0FR3ZCUi4pap5ZLANTYbnHN+X5/dhxoUwCwJxdhyFYntmfaFjxhPiPbhRfs/CGDhij8KyQASA/G1C2rFdH7xCYJIOA=,iv:AjnOkA9/d5+/X1Z0+if/jUBBnqFnK9by58C99VghI9I=,tag:u6EDtD2NK6dvFs6FIbur1Q==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/machines/sue/configuration.nix b/machines/sue/configuration.nix index 79a422f..8041dd3 100644 --- a/machines/sue/configuration.nix +++ b/machines/sue/configuration.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + self, + pkgs, + ... +}: { config = { pim = { lanzaboote.enable = true; @@ -8,13 +12,7 @@ wireguard.enable = true; compliance.enable = true; - sopsKeys = { - # This is the root of our secret system. - # Don't deploy this though; if it fails, - # the key will be wiped. - # root = ./nixos.sops.yaml; - pim = ./pim.sops.yaml; - }; + sops-nix.usersWithSopsKeys = ["pim"]; }; users.users.pim = { @@ -36,7 +34,7 @@ sops = { age.keyFile = "/root/.config/sops/age/keys.txt"; - defaultSopsFile = ./nixos.sops.yaml; + defaultSopsFile = "${self}/secrets/sue/nixos.yaml"; }; environment.systemPackages = with pkgs; [ diff --git a/machines/sue/pim.home.nix b/machines/sue/pim.home.nix index 3663294..3664f01 100644 --- a/machines/sue/pim.home.nix +++ b/machines/sue/pim.home.nix @@ -1,4 +1,5 @@ { + self, pkgs, config, ... @@ -22,7 +23,7 @@ }; sops = { - defaultSopsFile = ./pim.sops.yaml; + defaultSopsFile = "${self}/secrets/sue/pim.yaml"; age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt"; secrets."keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini"; }; diff --git a/machines/warwick/configuration.nix b/machines/warwick/configuration.nix index d2ec7d2..f7fd098 100644 --- a/machines/warwick/configuration.nix +++ b/machines/warwick/configuration.nix @@ -9,7 +9,7 @@ config = { pim = { tailscale.advertiseExitNode = true; - sopsKeys.root = ./nixos.sops.yaml; + sops-nix.usersWithSopsKeys = ["root"]; prometheus.enable = true; }; @@ -31,10 +31,7 @@ users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels; - sops = { - age.keyFile = "/root/.config/sops/age/keys.txt"; - defaultSopsFile = ./nixos.sops.yaml; - }; + sops.age.keyFile = "/root/.config/sops/age/keys.txt"; fileSystems."/" = { device = "/dev/disk/by-label/NIXOS_SD"; diff --git a/machines/warwick/nixos.sops.yaml b/machines/warwick/nixos.sops.yaml deleted file mode 100644 index 839acf6..0000000 --- a/machines/warwick/nixos.sops.yaml +++ /dev/null @@ -1,48 +0,0 @@ -sops_age_key: ENC[AES256_GCM,data:xoZAEBVDGyq3mpq7+eeXJVYR0LJXktE64aPPayO3BAAeLE9qyfru5LEuJiKmswmT4GehgRV4iDIM35a62nuHkf1SEp4bQXQJ6dE=,iv:DPdp1iuIrGcVjbUbhmiy8dIdnripIC7KU+JGveajwvc=,tag:oqlSl5ydnr4/r9/lFSUlLA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cWpBQk40cTNZSjFCVW5p - ajJlZUpFMFdzZEpJM0VDUTNoUWNVZzdZRkYwCjNNQjJUZThCU2RiQnVKQjhjVWZL - V1hNQXNBMGw0bUtmTnJVM2hoWWtyOUkKLS0tIFJFQVBpaXN6WFk2VFVSdExNcUl1 - KzVQV09IUmFEVFpzbS9tdTE5cjhkVkEKnX1/AvxwSeo6p0EPGU5KnqxwdhEDSQQA - FB3JiU12vy0kh1NYWT+roUYT39BJCk/tjRgHJ6E5qc9LKwthXFdi/A== - -----END AGE ENCRYPTED FILE----- - - recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWkxEV2ViREFzSE1ZOU9w - ZDNMYnlSSzdOWVZIc1oveHByVVJrTU1SbGx3CmZjRlF6MkJnTXNHK2k3K0hCcEdW - SkcwWE5XakthWHJxWEpud3ZuY2ZFNkUKLS0tIFdRL3JpSWFHZ2hYQXVEOVgvaElN - RnFzNUkwVWVhd3RCOFVZaXZRc3hEM1kKlk5bPXaDkVCk5/4hZF2aoFAr8LEVX/Te - I90BMUglu4qsUjNNhiZVGMV1LIk9mue4sxBP25BZpDLJVR+Mw7J61g== - -----END AGE ENCRYPTED FILE----- - - recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YkwyblJRd1dpV3lQSTNr - RlI4cHlXYXdleE9HL2E3YThka3pkZlBFcXhzCmtvZWc1cjIraldtazgrZXRod09U - WlRoYTFvM2t4ZmI5bzYxcGJlZmlzencKLS0tIEdxZU5QaVZWYkp0WjhKWTZZTXhr - REtoU1UxWUR3TUI0RUZaMEpwNEsvbHcKFAaqhhC92VHBr0c1yLlx7f3+yEWVaEtg - K+/JE0GTpcvWsrtGRslhcIP7zEFHlJ0hnOH/PUu1E9xEDF09c3gkBQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2U1lwdlFZTlphdTNMTXh2 - Q3F2UEJQSzBjRC9EY1Y0dExlcW9wUzM4NFc4CmZuaFcwc1hEcmRSQ0lDZ3BUSGQ4 - Uy9STGVRMVg2NEpOaGVtTzhab3d4RGsKLS0tIFBCN2FtN2dOSjlIejRJNEFqWEVW - TTE1QzlIWlBtaFVBdkkvczFtaG82Z1EKlzD1POogze+J3C+e1Wf8n2JcWZxPUGSn - SZPp3j2NvvK/OrlcgPYJYt1513QzS5JYY5Sleqoj/GcF48+lq8523A== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-30T18:11:28Z" - mac: ENC[AES256_GCM,data:Yi0IWmRPVHeO+GptuJN1gfDUldL/nKcx3BsIPuvSCF0/cpwVIWQ3BwfTZFfYOZlWAWTnmVbzuPSdbWmAUNmAb7E8A88VERCjY1z60mQ5uuW+LwbwLS6IY3/mXK6CQrnptH5etTNUoE+PrAVOPT7nBq/MohW0T5X09WW/63t0+Uc=,iv:JF/Yg/i8jtFxfiyk0OjoIdakXjVTLU6JHKiO7c8GwkI=,tag:g8kP1HLxGp8uNYfWpj5wBQ==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.9.1 diff --git a/nixos/default.nix b/nixos/default.nix index 6a47dba..552bd0d 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -4,6 +4,7 @@ lib, inputs, self, + name, ... }: { imports = [ @@ -25,9 +26,16 @@ ]; options = { - pim.sopsKeys = lib.mkOption { - type = lib.types.attrsOf lib.types.path; - default = {}; + pim.sops-nix = { + colmenaSopsFile = lib.mkOption { + type = lib.types.path; + default = "${self}/secrets/${name}/colmena.yaml"; + }; + + usersWithSopsKeys = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = []; + }; }; }; @@ -53,24 +61,27 @@ }; }; - # BUG: this uses root way too much. - deployment.keys = - lib.mapAttrs' (user: sopsFile: let - homeDirectory = - if user == "root" - then "/root" - else "/home/${user}"; - in { - name = "${user}-sops-age-key"; - value = { - keyCommand = ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" (builtins.toString sopsFile)]; - name = "keys.txt"; - destDir = "${homeDirectory}/.config/sops/age"; - inherit user; - group = "users"; - }; - }) - config.pim.sopsKeys; + deployment.keys = lib.pipe config.pim.sops-nix.usersWithSopsKeys [ + (lib.map ( + user: let + homeDirectory = + if user == "root" + then "/root" + else "/home/${user}"; + sopsFile = config.pim.sops-nix.colmenaSopsFile; + in { + name = "${user}-sops-age"; + value = { + keyCommand = ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_nix_keys\"][\"${user}\"]" "-d" (builtins.toString sopsFile)]; + name = "keys.txt"; + destDir = "${homeDirectory}/.config/sops/age"; + inherit user; + group = "users"; + }; + } + )) + builtins.listToAttrs + ]; systemd = { services.NetworkManager-wait-online.enable = lib.mkForce false; diff --git a/secrets/gamepc/colmena.yaml b/secrets/gamepc/colmena.yaml new file mode 100644 index 0000000..ac26c35 --- /dev/null +++ b/secrets/gamepc/colmena.yaml @@ -0,0 +1,32 @@ +sops_nix_keys: + root: ENC[AES256_GCM,data:mlihmoW4fk6B/TeEC3MbxfZCltUd2WRP6f2zPf6Tr6EEtJgbk4d1cghHNWr5GKp0cqCnayrFTE7ueYdyPfYQjp9tynn43WAt4BY=,iv:q76g1uVT8tlspaOZk/mSpMf42r3spdQse4szRazPdtk=,tag:3tPGB3iU+6K6uBKXPY/z4g==,type:str] + pim: ENC[AES256_GCM,data:pCMESWXN+rPXHbP8d3L4yLU4ayRIKfMfziR1ACdcURSTCusnyOFcBswAUqjGWSgrFG7WRPp8Z2rW1vzI3h5ZIk5d+3MuWZrksNY=,iv:mfgG5NVE69IP3AyPvAOFJgdlk54+SDkmSZY6LGR3398=,tag:1HVa3BFHMWXKfonlagAulQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bGc3TTd2SER5azdoMnNt + eXF1ZjhVbkxXenF6TGJvekIxc2E1aHlFcTFBCmlrdDdoYStzZFdlRTJaWDN5Z1lM + OTBCcEQxUmsrc0U4SHd5ZWxvdUxiTG8KLS0tIDZiSW1IK2liWmV6cDEzWEgrTnZS + WCtuK1FienllRVF6SUZ4N3Z2Wk9PUEkK/trGncXxOKLpfJ49etieeo9OVZyNIENm + 3cODe7/IZbq65yJmtPyKAKRsXjvGngIbhy7YrIqF1+wmo58sZmLgUg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOGdidDFZV3F4UEV5WWlk + WHpDRjFNb1JFU25rdmZXRUNLL3V4UEt0SVhBClBSUXBRalI3YTVLMmlaenE0M1NY + enNVVDI1ci9sUS9XemVXdmNoUVdaM2cKLS0tIFhIaFc3VERpaDNoWGNDTVA2b0ZZ + UVk0S29Ealo3S3RCOWxpWmVpbE9LOFkKm1hofRV8U6EEoffCHCHeRIfSxxiGXbxD + LogWwPblnLRC4qch2JAWzMm+CtEvgn1QJB1Wh5ibIEzDusxHFAI5nA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-30T23:31:36Z" + mac: ENC[AES256_GCM,data:Bp9KYK17k2XKlgx+PGmXOvZcxCEzmofc7H3Xrmkq3JwH5Gseem8aJwqLF0jfNlrbpNFVwsSzC+mz4dr9GvxEQxhqAsyajFwwVVcq404iY0FZsavP13w7PJ/uxBcTyTXmMJwdegnnE35ll6rCnbzJ69Br29iY434INXPG/eXnwOo=,iv:s6Radz1cdr7ks3oXsuRafTMVthvUv7/4r2ae5KZZ4w4=,tag:c3cCIG8aztytZX7KprRWnQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/secrets/sue/colmena.yaml b/secrets/sue/colmena.yaml new file mode 100644 index 0000000..7d468b0 --- /dev/null +++ b/secrets/sue/colmena.yaml @@ -0,0 +1,23 @@ +sops_nix_keys: + root: ENC[AES256_GCM,data:CxF2wjcQ2OFuS7Pgjnc8zc7sqGEz3dcHt4NXkL+V6w7kGPP+b4wBhOlT7b+bEESNslpK2htLY7x+IZWIA8JQpeRKHAKymAUK86I=,iv:5qNFDb86/Vr9Iqzx1eES4wUVY5XTq3iOR4VQliuP1lg=,tag:gx/Q7t52l9kMhPRXdpsB6A==,type:str] + pim: ENC[AES256_GCM,data:PWFlRBaqImbCpj3IXU+BtNIRvwru+GRwxDQO4QwINRvxRqC36LE6JpMqaJNrTdCPy+aQ01brTN8y99qXTDlrul32cZnopc37r78=,iv:1tG7rDB5D7D2myes6Ro8hXC140ugjXpiwNpivWFw/xw=,tag:BNm/Ep55tt7xBWZFyzTR5g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFMWdWZUZQdm9nUWVlUW1w + TU81QmRUZ2s5UzdkVVpBZFNZNmJoQlNtM1JBCnZrSE4xV0xuaXRtOG5UbGw1Mk9x + ZkpkajBzaVVrSEpuYWtnZ21pa2VWR0kKLS0tIGJTWnAyQ0daVTJJTHU0TmdKcGRJ + NkJzL3JSN2sxbnF6NGNhQlJqTHpHRTAKK+3FqqBAGxdlMtnbsySEcZT1lkQwJWvK + GFB+6CtH9UtyIGrdK8Pm/0ahsolYGAim2OjeiKBbs3Q8kLm5WAsgRg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-30T23:42:51Z" + mac: ENC[AES256_GCM,data:fo856uaz54nxHDJVDpMOPc6GHAzMdVJTfqBiMtJkEwm3AVICtRcI8ucceBnmfKZf9DM2MC2DffU1tvJd5iqpqFZMXCElRnBxWVZGhvrZqIZtmoAin5zBgwOudf1o6msmdNGmZk1ECq/HpHNO/QMQ3rnFdBvOZwL0zu6iZm9XwC0=,iv:T6Tv1ukk0CWbTRVWYdfn/bWQoETk8DRVMOzpJE9mCWE=,tag:eICIYTBvAJLUTpRcMYqc5Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1 diff --git a/machines/sue/nixos.sops.yaml b/secrets/sue/nixos.yaml similarity index 65% rename from machines/sue/nixos.sops.yaml rename to secrets/sue/nixos.yaml index b0df14d..8066caa 100644 --- a/machines/sue/nixos.sops.yaml +++ b/secrets/sue/nixos.yaml @@ -1,4 +1,3 @@ -sops_age_key: ENC[AES256_GCM,data:xKGTAF5cVgysZPbcDgs0QF92Bw6wW78n9fm2RMdeLtywn0ga4qBO8YlrIQWCc2SfFQOTZUlz0e7QWsnbZpxN4p03XF1zusU0ceM=,iv:cDjqDYR3PKx3AbLQL5QbeFK26+Cnsk2m74mHPHIozNs=,tag:C2MzZLR2cQY/gHQNTId8UA==,type:str] wireguard: home: presharedKey: ENC[AES256_GCM,data:nFOqWcdo8zG83v1ceod8Uy4wX3w2LHmDPp2PaAAJ/lUexU4DhY9RZ4wtgC8=,iv:UvzQSZZ62I+QVFHMkHczC2KPeqX8z+DodS7nxLmXr4U=,tag:otwdNc2636DJdkzg22puqQ==,type:str] @@ -18,8 +17,8 @@ sops: N1Rab3RNZ00vd0xPOVBYRHphaldWU1EKNKnKPWO1l8NwWXG2e15Y3td9I0rN9Wwn QdoeVf2+cPJOO5g9stZpl2DBF3QxJojt+dQhwjuEbP9nQtlVQPAlMQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-21T21:16:17Z" - mac: ENC[AES256_GCM,data:Z2mYTek91FLKgMpAFdRl8s2eE6r/03f9/E/XDvkwJZutI40qN6tFrDmhdPIb1U96oPGekcK9WkShIQekQIK6CiDhOAr048x2kSXvrHMZ1hg1hwO7H6jBJiFSRxM1BVBAlbcvZp5IW7e3CqfibVOgXOQvMl0CDS41ucQWV7odO6Y=,iv:7rb/VemE+cFhJ+8XUeLyp+K7FmY0XdAbgs6XWHLrV7M=,tag:vmPRTB9+EYjPLgX4qiFlXw==,type:str] + lastmodified: "2024-11-30T23:42:09Z" + mac: ENC[AES256_GCM,data:nHLeqi4DAoyIi0CfARfx9b753BFdMmIR/fkOrhV5yehl7rUWvSh0+H7sb/ncgW6Blrc5g6Ek8BxXAt8a2SXfCEQaFU6tI1wJ/3mPtEPSvWQnZ75wAQLRgaBE3oxdL2FxSu3sjXMRjipPa/ACbau60FpNFzVbGuwNYfQAquwWtFg=,iv:LYn+36pfIw8zCnhQE4nCyt9yhetoHZRVNrBXL8N12Jo=,tag:aZsxtfEdK99+aBQS6OEwWg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.9.1 diff --git a/machines/sue/pim.sops.yaml b/secrets/sue/pim.yaml similarity index 93% rename from machines/sue/pim.sops.yaml rename to secrets/sue/pim.yaml index 42f63e0..066fc91 100644 --- a/machines/sue/pim.sops.yaml +++ b/secrets/sue/pim.yaml @@ -1,4 +1,3 @@ -sops_age_key: ENC[AES256_GCM,data:7+Q7B11nLI1jYgI+KCtGOYsCO9r3blXGrGk9x4wR8a1/FbnhCFJgtrv9uGMFDpw7sLWYAeM7hRajEQfAuQV+ikUhgO8XGMd3/do=,iv:RWfKq6OQksKWPOrrY/hRsKgIh1Kw0wz4CxbI55P6tDM=,tag:GOtqISlAqtn8s3kRaCYyeQ==,type:str] keepassxc: ENC[AES256_GCM,data:OLAzLx07hFjoa3Hqdp6xhcGZKX7IoPt+Y31WPVS7PRrowBup1tyI51JlKeSsmHIwJ1kSF+7Jhfw1vOgylFcQzZc00hCgiK3ksFkjYUrzLnPsuKPgBi4Jc3Lnb5K+rqJY8P/7OLWhrAFvscKbMo1trQIZ74qKOGxP45DYJL8kDBRsY9+/6nq9bbIaiWXsp8BUiKXeM+O7XnQ+Ir+vTCF7DTNNArD/wT/x0omZL8SzP29ekhQIBSSiyuAIzQ3EYg5rwa9l6xmfatCnKkwXvqDiEGsTGAZj1hUvkHNCgELwRkyYZXyvw10B2/A1x96LryVBGRB0AxXuLgW3kApWLpxLo5lxUwZXv/TjoOhhKkz92S1hMUJg8nQPmBmBEmTQtfT9NF8t1f65MRaRHwXnaSYDChGoa6YEKWt6/FF874Vw9FsZ87SJXdm+hdrgPiSH7O/dJEJoO103WbrzzumYBbLCtjSDBSbn5xxjb4mfCJVatKTSTuWXNUiXJd0Fy78t8kz+zsASLQskSKpl1/csXsErpKDLSjEfObTx0n2ZNpM8z1KFcLFbzy1WyGHReZ4aJDXEWUnhpFT0bYMNSy8cFNw40XKAptiUq16l41uMkT1nsF+tp+bbGDVZjVy8fQb1P6xmcMWviYw88F2AFFWF05ppE+oXJ51e1W8Fs1NhdVnVRds1sMcLJjx/HTs8rZnUBy7cDwmLAo/V5swkV2eUC7sD1CnZHciuHlVXPVRBkRmE+i9Zanrx9SXr+psvAOV9/t6/8UQxVcs+x4/iqtZcf9vfOwaAufH/lci45WpUcAQb7KhsvnYUmzoOn4t3A4tMe9nCb9fQwNxqIHhZ/lWl5lsxc+uP/5cuYNvCSsliSChDJaNDLt9NnIrBtqLzrsaIfqSK1vFuzYYIh5yuyxPh+TfPFR/KqzjIbVyar0UGmISXJ+9DGPvb9J6GkXggyO4cNY9E9Gfb+8nWOtCPnEFXG36oZAmI4QTCDpjJ0Gp+sROQIvLnpT1uREeDc2u+P7V2Y04h1OVJSPZDUlR8bKqlOXZ3lq/g/rNDxTKit6XLRUnz8u3DtiH2tmSZZ7OhyKhvuwcNgV++3isFP216wJ/x59bUSCJ6SNss3wBgtmk0GTsKU3rWa9MYWpBbS++ZcJ2F5anj5stpmTZguFNL3hYZQLPUoSxUd74dwYUTab3mfK7TeKZFruzE8BapPgjH8rtBnhrhl/88r0N9Vo1poJFBdiaJ3KkYn7vOQCYgPQPXLt1IrlOoplkEzGbtQC7gLSjgMtsT2tQYVqJqJ3DHDMrcVd2iBMENn82Bgnf8vTKz4OTWwy+5AgRD/IOsVHbUqtnS0pAx58S8TEm840mnYWYZV+AprPqLHfi/G0tU54J4McEwxmJsKwP+p0LCACC2dFRjLPg6ssvXStYk/AfE58fIZxkgOf6TjXTH90a7STmN8E7IrbPGNywI/OeOOgt+Li1WfJzyS0lE9IDvXwwNkzHJhlDFTCg95q2FWXvjyF68JMMtesiqz8SXKSjDMzjsRm37obTDvmdBGAO0NuC236GcYvF15KNSuDjcVWyoWPd2xMzCcM/dXHfg3/dlheju2g1TwskoSKnVCcRK8B4V/rSqJfUSTrAsKOkFS5x9ZK1Wm2SEe+lhHr9sYC1fUcU077geCj6OimZ0H3Aky0/KI1H5/zDxlmoS73z56S5nQjII8IWS+LjvSp4j8i28NS/SGqdrgVUQatV5sCctast/U32MbnGn8zdHYJJWHYqY+nXH/n6Vg0e/i7ut0/uqxDbFngVmJbWKwN5dLO6Epv9qskdleWCruvAh7y9qhvmz+k/lxwHiZkdMdOgoUrmIoC3Yn+lGG/xF87PG9TsBF88vius85O8HxY3o3td/awbkUD5x7+OiLdIVnM0iUQDSbdrvFla6qHVkB/kUqcli6GYhaP9HgLUWKm0YgrU+V5eufTG5fu449Q0RcpsSLpncRXghiiZUK/V2z31tVuILeZmlqPBRthQz4xfDgfmzohDu71ttX+2Ih4np/uWIMPx+7ppGWarkp2wsTq92hVAT+U77r9vSQo3H6+8CSpA2AY6q1MU9VPtA0Ze2ZyF8GI08qtVRPiJ6W1q9D3SEBrI2STnk/KdvVu7J1q1HJ6yEVtGBGogXivQiqK/BzXWnDMIzsclU/UZESRVrn+E055kXYDFzKZFNFg1Fa1QimhBs1Ayd4z/aOpWbaXBxOL8jIcmUlRskRU8mQte4vglBNQ06YDZ8OAx8pfaKAz2Xplte07vphWrUnXnFCcQdVrpHHKKN26QhMiObJ0NTUQdWUyiFAiYqmMROanUjVHz3qQQJqW8qq9Z14jXU1lPCOBkcIhvF8hm00Y6OLR7CrOwBWV1t46LC90fyi1VVMcEIKYdNVAvHVVH8jhM5oo6pVcEs7PL3UNHaAldW5KqeFHK0hM4VKUs2vUS5kunYsBBqNFGTYHTewonm+DmB2GM+QOIak53buaygQ37wP4Z4j/QrlIIxtGtUPQo4rENJuCs8fTb1DobDtQrta0NY42vf20VGiS8AJ9kpvj0jC+536RPX1tmu7s6pbsOtvwy1CbDjQyvCmpb24Pv72XtwGn3TQ0GIS0i2iDtRPMgywFbQ7/GctHr8+ikW5QehqRyL1nVtTO876hpYPsztvcqpzA3ZTXHGvAAODsYuHMXNze6xRuQyO0zReT/1aqaL7RH5W7vN6owH/brbsZlnSgaMktTpUNk0F4gQ7/0IxG5Pp4gGoMfXo46D5nGhr57oaSL/RWfMcTQ+f/A4HMMqnPfI4M3MO3bcfs6C75EXiy4EAOyP7uivcCvhRD440195rydqqjIliFFIuIToDjQNZfpU0HnrsSynn5qf9Z8DAuLN9NgbaKq2CbeXxYExOoM7VszulP8XaNpl4gLWONaWvZiQz7+IySlvPu6FpHxAGSNlS6CO0OCGKgcr485/q4T5h6/cH99kvWlNy1sEpoJOOu9bT04fKsSutJ9VihAZy/6s88Jj2IM1OGiU0dP68/GL12X99nYXtVeGTkM7CZYJujOJUf7wx+/UrFFExbUtT+Iv/rlpDjECHcnmrDJcvhEDw1DOAUYyvTd7F3n+rkXpw9MocwY03xuuNcZ/cYijbAe3P5OeCbph9NEFh+E/D5l7G8WS19xLIfb2NP/J0LV98F+o+kq4dqXje1rurdZvWhvjYIpkcfa2MP5QpC9ptSdJwL/Fh9ZF30qsUg1QDeM6jM8Umzk+OWJEMJKQjgxn/KqTlOFDd2MUANsNqxKfvt4PArpJao7CBp1Kywb1Wj8iPCrOviCe8YT1KDcisGhbWhAlr0Bmf2vMk1ynaJg7gf2dpEUNP5L/yRIJQq/+i/6zJnEmu8kf9YEmRvEZKEwFNkkPVztBiub87u6TK48IwXMC4VUQVZyOzd82nLdwdVmdsx5puSm6KLFRNDU1VV25f5KCGcFlBqiRDucg/Em5wYvuTtsTGEm+ff3veP9BeOinzA94wzf0XnZ37fizTg7lv8LoFo6CdqM+/OTPrGubdHTPCKfAmbYWHN/Oa6UEnO2QeOKtpbXenughSoUClsVi/cFYFPx7QWHfqyazjTkJwX8W1SXCu6b3D116NszcrEadTpK3TVOxlVLCG7jZ+bPpT29/Lezrcn6Itsab8uDZEdejflU1lm9d78/bCLcodxcl2Z9DVrsmuYfSkHuOrCVuZ2nh6tjr6IuB072mkkPZN72xuLbFcp7sIcaQF7kO1yk7Z1tQsHkqhl4xo80z6vr8IkmKrHpcxvnrysTxfy2qHCimieAa0OEy7c1SMFyRKUmgB3L1CQQeoNF+rHspZdI6bpCEdU9QKGI570HsE/UsYbyHg15i8wmXlxO7zBv5ER96qlou5seeJCXH170xE5uiKkFAI1KSR7SdY4dFnLq2Z0yLNbtf/3NiUKX2F32UEzk5YRw1dbCpV2l8FhO+bW8oYrUEWeDxSb1PFnNNALVl9DCyvIQsZtsWVxIY51gB+L5fL17otuzKKJn9YUppIhlYkJ+fPs3AxLKIcL/IBd7XW79o/TFscQcCwzK7FmqPKGvOiqpN2I1IFyTuLCkFjIB7k49idnxDfCbCfqPRdOHj6nu+qKNhLAPijEnnUzX2PdiedalObpb2/1Z74jyl70VNSgiH7ZgHtd5mFZDiRTAtX8RuSHM9v7DHqoDtZthjFsaJUG/ORHnQkr0kMLKFbhR/dvk/SuSpGlUcBpGqHmlveeQoaZdV7pXFM8qNha3VIOiC6M8NDfMOyVb7mh68aNKI8G3S8O4U3VXtKXlWN61S0TO/ZFYE4znHUcjUkgpZkK4sgfVXXfl6J8k9DtBy2tLdU47Ev9s33AbMBt97lBRy4xHCFhTsXOvJf+wznc3djEs5x+ZjEMoID91wsK9tU0bCAr54j0HgdXBYbmXMNO0vpecy61jRJU8RhDkQOtKtbsOysStVejJzQKuOrTuUVAvbBjfjipHent9q2pVXXFtXmvAY0RgX8Johhf1KHvIvvmOB329TQOm/xEHbIQn+bWc44OvQo9bqxHK7e/dgzD1EDGKQVJkT/eM5KJLECDxMRrsUR5d+GOc46kxvajQMXiyhgAZ2uMoVbNWtmcJjO3WfkpRvjHw1ruUUFMojp25jYaPs169Uay3p18o0a+plpfd4j41uh0mdLrthgkGaoRPC5m35k5zrPYH0KXJWPUWiaTtCzbkQbHrJ4wHpbb8HpRghmaTKp/ucrox83qUl5q/fOl3zSFnCLzZSgqiGDr49S6Zhz3Kn0vlVPnJXOW9VP8fA20VfO13uFeNVoRa4vKufUlwxI0ru3RgihIX+Pqaf2Utc16YAY+eD3NQdU3QCBY+HTy7Tdx5rdli/wjGO0f51cgZxisJ/IiD4g71wOmuARhSm9aG50K5J2W75I33eKOxzv5IsdhKfsSsNPNPW/UCAQed8OOcxAV1QlbYQmuX9nbe49GEMv8mvVM+BdETIblpzql8jimq+yFn7hu4bSXSc77zpqAo5yFjZqNRlltMFoUDcCdg2Vhk0EegVFJcAm97ofI3VxyWsjfr8XE7hPkKMExf7jyyzeB85AQ5r6SFLqgqsHReD+D3loNmAs4KBUlit4Y9wSyFZhOpfLBFKA9b7kLDPhBn/nd7+ytl2YmX9LpcxTgTHWuwuUCcW5/4unWUlwQz/lwB+fxd4XZi1lfzr+C6sx3K32vfxoJD9BbGUFZ3rnsk58Hv9V8B16k0jQi4xtk64n7KqUI284QUkT6BUODDMD5PqNPw=,iv:ZuPrxGdtL7yfvU9mD9NFJlNTzfRY1af2tUAXhvGvQoA=,tag:ZBu+pR4LbdfOxsw/nTzTfg==,type:str] syncthing: key: ENC[AES256_GCM,data:RynMajMIyEL7E0q5/Rk9ev2/Pd2dqeseaMKiZGEmd59PLuKISuXoNWpy2HNh6rHt+uYPnr43Np7+w13lp8LDz8G5FgW/jy2tHSTBOaFamOpzvKSJAr6yFvuRvbzcO2SW7WKLsVwVFxzj3gLUoG1cJYiuIX03pOB8ljQerMN0mlA8wHBLyIvCGfFy/XekiLpwfl1RjXhCvA0EMn+8o5l4cexXVqh779MEhw6/SbC7g/B5nobT/AQh9z/m4DKxYKB8v2jFdCJck4Lqbz97HL7KaDme4l3iMlOek6kWkYMQiXnr1/tDhDlaI0uBSMCL8MXrhq509S4iNhdtsn2Dq6bjhilTw5fdqTuD2miaU0soF7XEmRMtx3vIz8ju56iEXwFq,iv:pN9P/AoJwnvU3Rg0hngjqM7IonqWSze8qcAURIG++7E=,tag:UueCEDULSy1mf3d3WEdoww==,type:str] @@ -27,8 +26,8 @@ sops: TFdneXZpaVZKdUsrWnludHpCQW9Mc2cKElhSussywXB3XAEN5cE6QVqXpQsebMqF t4CmpKyxzi+JSX1S5Jy2RgHCSHafW4WFeQTt9qseBKQOQPVdwGWVhQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-17T21:12:25Z" - mac: ENC[AES256_GCM,data:m9TJL1G7D0l5f6ZIC6NfKvRDuHY1l0cp9hFbsFy9f2f/ixCRM2JFuAZ4muL6eyvZqAiGgB76u26hFU+yO/E3vtnAYSrLCk1JaRe3rajZIpu+Dwe4zht7ysJ/NeybWB7KzetS8BijDjp8YDHDcX35xwT8ScWBVqj/hjxls4JRe/c=,iv:Z3tRizJNpVHyErL2iFo6ALGO97IarZPiKzyBDPm7sQA=,tag:1sH+wHJoAHfsIju+OWMTHQ==,type:str] + lastmodified: "2024-11-30T23:43:28Z" + mac: ENC[AES256_GCM,data:G4nH63a7yVX56rG+YRnMteVtBYImm9vHs90in6CxBCO7e08LPq+/s1+3lQL7qmG9f0B77Cz3rte2/eYS0beRwgkz7XHdGq96A+3f0tWDSXZmiELVjwsiC+jp4NYdW192Pi36j1CaJiwelJPM7SozvgmqvPOHy9Xe9seqmfzq/qU=,iv:PJvtx0/NQZBE6fG6hdAqNDNYPpjFoq4SZkAqq0mhcsk=,tag:bjCTIR0sSejJNvIEpG1KVw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/secrets/warwick/colmena.yaml b/secrets/warwick/colmena.yaml new file mode 100644 index 0000000..067f9d2 --- /dev/null +++ b/secrets/warwick/colmena.yaml @@ -0,0 +1,40 @@ +sops_nix_keys: + root: ENC[AES256_GCM,data:hu7AbU/RYst/DKBacsRBSpnQY0k3GtvbpB74v0H26FFkbBvAUz9qsW9Mw/5ctwmQ1pIhSWkT9sauAtrvoHRtjYeS43wpnk5qyMk=,iv:4B05pU+pI+MvO3Q6xE8ZYfIJ92q6AOI4KxMIRl0tvfg=,tag:GnbOAHTLaBqx/UxoxSbdIw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcTBrYTdBdEZlNTlSdDl2 + L05NTmwwY2dGQUdRVG9RS0h3amRQM3dadWg4ClM0Y0NGNWc3aDlwTFhOclJScks3 + TjZMWjBOdzZWZU1vMXZBVGhBT1UwbmMKLS0tIDVjMkxMeklZbXJvQkpiK3h5bG9s + dHpUOW95Z0tWRHNLTXovUTBrNUtxcmcKFcsYkVInDOnioltWt7+EPQ3V75/yqY1H + 1N/ZdCEvBTrs4K2akaQWFdAhBWExtuIxoQIABEH6mzjVkzvYCR+W0Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhV0xzbVhjRWxVWDFjVXdi + aU9hbHpzS3dRZE5JaHVaN05MMjRRVVBENFJBClN0V0VBM0RXN21nSElTZmN6dG1k + RE1jSFEySUU4NUtadGNqRlQxY0syRU0KLS0tIEVzQ3hWdTN2KzkyVzIwY1ByTEVp + L1EyUVNnaHBIWTc3TkR1aEpnVk1FVWsKKYNvixUgDmqeqn3dwj03xvP4BTnUdn0X + geXvXzuAByusiSBxFH7xH2C5YURLlgnUM9AH/K52jlKpD0hx6pSQ1g== + -----END AGE ENCRYPTED FILE----- + - recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkb0FOS0RscXM1SHMxNTNz + QVRuMlJjc0Q3b2dzWS9lRGdrNUVsSW5wb3hJCkE3NGpQck5aQkgrUHNaNVFHeldv + U2wySkZRejFMK1V1U0svZ3Y4c2w2N0kKLS0tIE90VDNwNjdGUzZYU0tqMnA1UDN1 + alhaVkVGUlFFaWVaUFN4NzNrUklQdWMK3USFGZy/XkYx6WNNXlzF+/tfIOFqTZzz + gH8EWuRcIbKB+ViTZ6rLZmKDUbSlAzlsKRdWXZCAKZOf19C9SAdtkw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-30T23:14:28Z" + mac: ENC[AES256_GCM,data:2aGEk+UkrkMmqxGLnoemDrPfQx8twhNAiIFXlrXYM0dMhQPbtgwonZ57IqPRNXzuG9ycchKLuEq7p3Mdki+2gYK/7Z6AS8lICsMZGLaqa36CkBvSeImfKSWkH822XV8OC4OIzO0ZkMt2R9NFiwMubbQPARtIFYUJwfay7EO/RIE=,iv:oKwSILwmGcU4633mR2FGwaj7d42PBSvUOlQhVZbgoL8=,tag:etx/SEFpLaMWCNTT7L5Axg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.1