Reorganize some sops stuff

This commit is contained in:
Pim Kunis 2024-12-01 01:03:21 +01:00
parent a29d10e507
commit 6291f8d438
14 changed files with 152 additions and 195 deletions

View file

@ -8,32 +8,27 @@ keys:
- &niels age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga - &niels age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
creation_rules: creation_rules:
- path_regex: machines/sue/nixos.sops.yaml - path_regex: secrets/sue/colmena.yaml
key_groups: key_groups:
- age: - age:
- *sue_root - *sue_root
- path_regex: machines/sue/pim.sops.yaml - path_regex: secrets/sue/nixos.yaml
key_groups:
- age:
- *sue_root
- path_regex: secrets/sue/pim.yaml
key_groups: key_groups:
- age: - age:
- *sue_pim - *sue_pim
- *sue_root - *sue_root
- path_regex: machines/gamepc/nixos.sops.yaml - path_regex: secrets/gamepc/colmena.yaml
key_groups: key_groups:
- age: - age:
- *sue_pim - *sue_pim
- *sue_root - *sue_root
- *gamepc_root - path_regex: secrets/warwick/colmena.yaml
- path_regex: machines/gamepc/pim.sops.yaml
key_groups: key_groups:
- age: - age:
- *sue_pim
- *sue_root
- *gamepc_root
- *gamepc_pim
- path_regex: machines/warwick/nixos.sops.yaml
key_groups:
- age:
- *warwick_root
- *sue_pim - *sue_pim
- *sue_root - *sue_root
- *niels - *niels

View file

@ -6,10 +6,7 @@
config = { config = {
pim = { pim = {
cinnamon.enable = true; cinnamon.enable = true;
sopsKeys = { sops-nix.usersWithSopsKeys = ["root" "pim"];
root = ./nixos.sops.yaml;
pim = ./pim.sops.yaml;
};
}; };
facter.reportPath = ./facter.json; facter.reportPath = ./facter.json;

View file

@ -1,39 +0,0 @@
sops_age_key: ENC[AES256_GCM,data:v0/grOgffNcl1IbfdHr7uzbwvIL1CpfvSSFnuQS1ZEkuuE2Bfbvl8G0i6dHQSnFBtNJXkgAajCdapUlRcaX60EuXToKB14nHP1A=,iv:ZruuYlZJszgmztMXqya7InCLlyihS59QJCoSk685q34=,tag:bN3NZsWeg12GfUTjubb4Ug==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMkRLNHNYTm55TjA4YWhF
SENVSlVVYWRQUVZNU29iWmk4dVgvSHk3Z1RNClFqcTlUcTlqNjZrMFdUTGQyU2hO
ZktIWXh5VVVsR3d2dUhDQ296RXBJSGsKLS0tIGtWQ1Jwd3U5VmxyMjExMXlQVVZ4
aTNmRFhEaE9nbGduK2tLallTcFBSWVEKMhULgc6jkA+qJ9LrYtxcUO2k78L4LxHl
7Okpr5UJlTVn96swt/aFEEfA1gnzGgPWU6Oir5uETBiqTVVytW16wQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbHp6WkhjdDRkeWpTeTBN
ejRXMUwrSkFTTUlGMC9LNTRwemcxWXVzN1FBCkZlazlBbVM4RlJuTUtZQ1hoWkd3
SUs5RS9Ba2k2cjhsOGkxaUt5TzF5cjQKLS0tIHFRcWFIL1EvcURURmR3a2FSSjRW
OUpUcFJ1N003OUJlMDJha09nQ1l0OWsKuxMX8dZbn75yUs5E5/hu+LjHRslcUldL
YmQl7phWnWMfgwphERpOhdMn2pczVGygriG7c0LOe6SiEiXxnUHiWw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArc1pmV1cwTmt1RnFBb1VO
Yzd4OHNwbVBORHU1ZVRpVFpsMHlYM3BSaVhnCm5vbURWZ1kzbVZIdE9FY01Qc2tI
cVFtQTY4WnpNOEI2T1BTYkp4OWQydm8KLS0tIFE0eXpJMWxCMC9yOGNRdGNKUmll
S3I4UmRYZzRBUk5jcGtoUzFjcWdGeEEKGYB4kTpjNaAZWuu/wnBNYcSFwFEtX+pu
zzt9Nd2ahPnTMdcSLz/mwOHxyiAgBDUGsNm60EitKxl+LgmR7mBjnw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-17T21:42:29Z"
mac: ENC[AES256_GCM,data:dFwV6VpyoXRkhfL+uSiiH2EcetAb0qV3AbED2XzNwvbE+TbItcoQ6JQ/2+lItZ4iULxGOxMvD8n0ZO/aASC8fDlqsNMwf2KmNFwjl4sVJBtTLKH4Z1/5rZmECwdiTMKOf/oTv3VNgbzkcrAuKEZywl+c4iXd5w4YaJgA0M6aSWI=,iv:Zxvr8vBcDZavSbAL8Ar+Du546H1Dhp/ZXRtsjcik2RE=,tag:Od08FmjlhNYPEpMC4rQR8A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -1,48 +0,0 @@
sops_age_key: ENC[AES256_GCM,data:acf7kA1ceRLqw0TYPFzkNAMLz0TbNTFBN8MtsYX2y0+xuyFX0oJzIZAMTP7fjVBEcuPE55ewoXjXpP18iDwRUDT4f9Y1dorQD/g=,iv:vx4Inly+Vg8pENlBvijTv2hgTJTFLAfp+f4Nn2leO3A=,tag:i+KXl1V4OxqDnjK62ijBbQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWlpYcTV2TEw3TmwyaHhZ
M3hJY3VOT2NwaVZUU1cvNnRHVnhOZFRCd1cwCi8zM09icUZEUlIwTy9jVE9Takhr
T1ZuWWtkOHBGVGpHeU1VdXpvV2RRSE0KLS0tIDNyL24vWmZhRzBBRW5iMW1tSXhs
ZDhDVTcyVzk1bzVOcjJ1aDlOWEt4RzAKCuuSJ/aLZldfysSFhmUNNZULcSiBrNe9
hTRra+FLCbNqsNt2iuImkOQwINqdlUIaC36TtXUucV3C2SyDdLo1rA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZXkyN1FxMzFiSzlVYjV4
U0E0TWNkb3VFMjJZYUdxM0QzZmg1cUxuMWxVCnFZNkM0SmFDRFE4aHJuQnNzOHNW
ZVc2MTBMWENYeFpYT3dPZERiMHpRUVEKLS0tIHhFL0JjdURYcldTbVNUYkNKN3VR
aUQ2ckVrb3k0L2hnSUdTb3ZzeE54SkEKzh55hsegd28yvwI93xQUYCFBHz7LFQ60
mrkrWHDBjzxH0VnKT/59YFI1QitLgxI2db6PGQl5i5LYzeBVzG58LQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1y5wgcxmn37drmjtpgld3xc76mw8dckhred8hecusywjlvdyfedfse8y60u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUTR2enVtK3hEcExSL0lL
VWVHQ290WTB1cmlWbFB4TTRQaVdPRjQ2bGlRClNWeWtWMSsvL2NMbE54aDNTMmhJ
aWNSazdMMlJUaE5teDh1SWlBMFFMbVkKLS0tIG5QaktGZitaem1DaU5mL2hDZUUr
RW5RNXhpQklCQ3B5K0VoRUFZK3JEQUkKRCGn35rQOpgwxxUSvpWVxJG3gMu+aTnW
B3a/0I0QqAgcPZ3Lj/HIUDN5GUDxdmZhuMdBRKtm5uHMPzDDOXJOKA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qlldg2c6kptvnmvlkpf9pae3wnczk6eklcmwdvnzyvvnur3aqdcq3c3trt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSzhDb29pUmNvZ2Q5a3hO
R09lRThlNFpTd1FiZjdFajNMekxvQ3gvekQ0Cnd0SytUVi9JZUcvZGt4YjU3MENX
RWxMcUlRR3ZiUnVacGhBUTVseTQ4dkUKLS0tIDFabnNQbDlUcHRjUVRTVTFkTkJE
SURWUVdNYVdNRXpXYVpBVDZRS204ZVUK9DcgnwXI4cBcnl2xZWrJ1uLY8GHqL6HG
1cGGG6WEI/EyRH0x80/Djj1d3mEUs7H66uVjbNgid6vOjLi4qTS83g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-17T21:42:43Z"
mac: ENC[AES256_GCM,data:0qHov3SY7SM0+kp4HqPi/AxnI2k2oDDmRkqFTEsqe7pJ793ldu/io027GOlmg9ZHs+aZflSl6tzMKXWAb0FR3ZCUi4pap5ZLANTYbnHN+X5/dhxoUwCwJxdhyFYntmfaFjxhPiPbhRfs/CGDhij8KyQASA/G1C2rFdH7xCYJIOA=,iv:AjnOkA9/d5+/X1Z0+if/jUBBnqFnK9by58C99VghI9I=,tag:u6EDtD2NK6dvFs6FIbur1Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -1,4 +1,8 @@
{pkgs, ...}: { {
self,
pkgs,
...
}: {
config = { config = {
pim = { pim = {
lanzaboote.enable = true; lanzaboote.enable = true;
@ -8,13 +12,7 @@
wireguard.enable = true; wireguard.enable = true;
compliance.enable = true; compliance.enable = true;
sopsKeys = { sops-nix.usersWithSopsKeys = ["pim"];
# This is the root of our secret system.
# Don't deploy this though; if it fails,
# the key will be wiped.
# root = ./nixos.sops.yaml;
pim = ./pim.sops.yaml;
};
}; };
users.users.pim = { users.users.pim = {
@ -36,7 +34,7 @@
sops = { sops = {
age.keyFile = "/root/.config/sops/age/keys.txt"; age.keyFile = "/root/.config/sops/age/keys.txt";
defaultSopsFile = ./nixos.sops.yaml; defaultSopsFile = "${self}/secrets/sue/nixos.yaml";
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

View file

@ -1,4 +1,5 @@
{ {
self,
pkgs, pkgs,
config, config,
... ...
@ -22,7 +23,7 @@
}; };
sops = { sops = {
defaultSopsFile = ./pim.sops.yaml; defaultSopsFile = "${self}/secrets/sue/pim.yaml";
age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt"; age.keyFile = "${config.xdg.configHome}/sops/age/keys.txt";
secrets."keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini"; secrets."keepassxc".path = "${config.xdg.configHome}/keepassxc/keepassxc.ini";
}; };

View file

@ -9,7 +9,7 @@
config = { config = {
pim = { pim = {
tailscale.advertiseExitNode = true; tailscale.advertiseExitNode = true;
sopsKeys.root = ./nixos.sops.yaml; sops-nix.usersWithSopsKeys = ["root"];
prometheus.enable = true; prometheus.enable = true;
}; };
@ -31,10 +31,7 @@
users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels; users.users.root.openssh.authorizedKeys.keys = config.pim.ssh.keys.pim ++ config.pim.ssh.keys.niels;
sops = { sops.age.keyFile = "/root/.config/sops/age/keys.txt";
age.keyFile = "/root/.config/sops/age/keys.txt";
defaultSopsFile = ./nixos.sops.yaml;
};
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD"; device = "/dev/disk/by-label/NIXOS_SD";

View file

@ -1,48 +0,0 @@
sops_age_key: ENC[AES256_GCM,data:xoZAEBVDGyq3mpq7+eeXJVYR0LJXktE64aPPayO3BAAeLE9qyfru5LEuJiKmswmT4GehgRV4iDIM35a62nuHkf1SEp4bQXQJ6dE=,iv:DPdp1iuIrGcVjbUbhmiy8dIdnripIC7KU+JGveajwvc=,tag:oqlSl5ydnr4/r9/lFSUlLA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1th8rdw4fs3vmgy9gzc0k9xy88tddjj4vasepckfx9h4nlzsg3q3q4cjgwu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cWpBQk40cTNZSjFCVW5p
ajJlZUpFMFdzZEpJM0VDUTNoUWNVZzdZRkYwCjNNQjJUZThCU2RiQnVKQjhjVWZL
V1hNQXNBMGw0bUtmTnJVM2hoWWtyOUkKLS0tIFJFQVBpaXN6WFk2VFVSdExNcUl1
KzVQV09IUmFEVFpzbS9tdTE5cjhkVkEKnX1/AvxwSeo6p0EPGU5KnqxwdhEDSQQA
FB3JiU12vy0kh1NYWT+roUYT39BJCk/tjRgHJ6E5qc9LKwthXFdi/A==
-----END AGE ENCRYPTED FILE-----
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWkxEV2ViREFzSE1ZOU9w
ZDNMYnlSSzdOWVZIc1oveHByVVJrTU1SbGx3CmZjRlF6MkJnTXNHK2k3K0hCcEdW
SkcwWE5XakthWHJxWEpud3ZuY2ZFNkUKLS0tIFdRL3JpSWFHZ2hYQXVEOVgvaElN
RnFzNUkwVWVhd3RCOFVZaXZRc3hEM1kKlk5bPXaDkVCk5/4hZF2aoFAr8LEVX/Te
I90BMUglu4qsUjNNhiZVGMV1LIk9mue4sxBP25BZpDLJVR+Mw7J61g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YkwyblJRd1dpV3lQSTNr
RlI4cHlXYXdleE9HL2E3YThka3pkZlBFcXhzCmtvZWc1cjIraldtazgrZXRod09U
WlRoYTFvM2t4ZmI5bzYxcGJlZmlzencKLS0tIEdxZU5QaVZWYkp0WjhKWTZZTXhr
REtoU1UxWUR3TUI0RUZaMEpwNEsvbHcKFAaqhhC92VHBr0c1yLlx7f3+yEWVaEtg
K+/JE0GTpcvWsrtGRslhcIP7zEFHlJ0hnOH/PUu1E9xEDF09c3gkBQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2U1lwdlFZTlphdTNMTXh2
Q3F2UEJQSzBjRC9EY1Y0dExlcW9wUzM4NFc4CmZuaFcwc1hEcmRSQ0lDZ3BUSGQ4
Uy9STGVRMVg2NEpOaGVtTzhab3d4RGsKLS0tIFBCN2FtN2dOSjlIejRJNEFqWEVW
TTE1QzlIWlBtaFVBdkkvczFtaG82Z1EKlzD1POogze+J3C+e1Wf8n2JcWZxPUGSn
SZPp3j2NvvK/OrlcgPYJYt1513QzS5JYY5Sleqoj/GcF48+lq8523A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-30T18:11:28Z"
mac: ENC[AES256_GCM,data:Yi0IWmRPVHeO+GptuJN1gfDUldL/nKcx3BsIPuvSCF0/cpwVIWQ3BwfTZFfYOZlWAWTnmVbzuPSdbWmAUNmAb7E8A88VERCjY1z60mQ5uuW+LwbwLS6IY3/mXK6CQrnptH5etTNUoE+PrAVOPT7nBq/MohW0T5X09WW/63t0+Uc=,iv:JF/Yg/i8jtFxfiyk0OjoIdakXjVTLU6JHKiO7c8GwkI=,tag:g8kP1HLxGp8uNYfWpj5wBQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

View file

@ -4,6 +4,7 @@
lib, lib,
inputs, inputs,
self, self,
name,
... ...
}: { }: {
imports = [ imports = [
@ -25,9 +26,16 @@
]; ];
options = { options = {
pim.sopsKeys = lib.mkOption { pim.sops-nix = {
type = lib.types.attrsOf lib.types.path; colmenaSopsFile = lib.mkOption {
default = {}; type = lib.types.path;
default = "${self}/secrets/${name}/colmena.yaml";
};
usersWithSopsKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
};
}; };
}; };
@ -53,24 +61,27 @@
}; };
}; };
# BUG: this uses root way too much. deployment.keys = lib.pipe config.pim.sops-nix.usersWithSopsKeys [
deployment.keys = (lib.map (
lib.mapAttrs' (user: sopsFile: let user: let
homeDirectory = homeDirectory =
if user == "root" if user == "root"
then "/root" then "/root"
else "/home/${user}"; else "/home/${user}";
in { sopsFile = config.pim.sops-nix.colmenaSopsFile;
name = "${user}-sops-age-key"; in {
value = { name = "${user}-sops-age";
keyCommand = ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_age_key\"]" "-d" (builtins.toString sopsFile)]; value = {
name = "keys.txt"; keyCommand = ["nix" "run" "nixpkgs#sops" "--" "--extract" "[\"sops_nix_keys\"][\"${user}\"]" "-d" (builtins.toString sopsFile)];
destDir = "${homeDirectory}/.config/sops/age"; name = "keys.txt";
inherit user; destDir = "${homeDirectory}/.config/sops/age";
group = "users"; inherit user;
}; group = "users";
}) };
config.pim.sopsKeys; }
))
builtins.listToAttrs
];
systemd = { systemd = {
services.NetworkManager-wait-online.enable = lib.mkForce false; services.NetworkManager-wait-online.enable = lib.mkForce false;

View file

@ -0,0 +1,32 @@
sops_nix_keys:
root: ENC[AES256_GCM,data:mlihmoW4fk6B/TeEC3MbxfZCltUd2WRP6f2zPf6Tr6EEtJgbk4d1cghHNWr5GKp0cqCnayrFTE7ueYdyPfYQjp9tynn43WAt4BY=,iv:q76g1uVT8tlspaOZk/mSpMf42r3spdQse4szRazPdtk=,tag:3tPGB3iU+6K6uBKXPY/z4g==,type:str]
pim: ENC[AES256_GCM,data:pCMESWXN+rPXHbP8d3L4yLU4ayRIKfMfziR1ACdcURSTCusnyOFcBswAUqjGWSgrFG7WRPp8Z2rW1vzI3h5ZIk5d+3MuWZrksNY=,iv:mfgG5NVE69IP3AyPvAOFJgdlk54+SDkmSZY6LGR3398=,tag:1HVa3BFHMWXKfonlagAulQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bGc3TTd2SER5azdoMnNt
eXF1ZjhVbkxXenF6TGJvekIxc2E1aHlFcTFBCmlrdDdoYStzZFdlRTJaWDN5Z1lM
OTBCcEQxUmsrc0U4SHd5ZWxvdUxiTG8KLS0tIDZiSW1IK2liWmV6cDEzWEgrTnZS
WCtuK1FienllRVF6SUZ4N3Z2Wk9PUEkK/trGncXxOKLpfJ49etieeo9OVZyNIENm
3cODe7/IZbq65yJmtPyKAKRsXjvGngIbhy7YrIqF1+wmo58sZmLgUg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArOGdidDFZV3F4UEV5WWlk
WHpDRjFNb1JFU25rdmZXRUNLL3V4UEt0SVhBClBSUXBRalI3YTVLMmlaenE0M1NY
enNVVDI1ci9sUS9XemVXdmNoUVdaM2cKLS0tIFhIaFc3VERpaDNoWGNDTVA2b0ZZ
UVk0S29Ealo3S3RCOWxpWmVpbE9LOFkKm1hofRV8U6EEoffCHCHeRIfSxxiGXbxD
LogWwPblnLRC4qch2JAWzMm+CtEvgn1QJB1Wh5ibIEzDusxHFAI5nA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-30T23:31:36Z"
mac: ENC[AES256_GCM,data:Bp9KYK17k2XKlgx+PGmXOvZcxCEzmofc7H3Xrmkq3JwH5Gseem8aJwqLF0jfNlrbpNFVwsSzC+mz4dr9GvxEQxhqAsyajFwwVVcq404iY0FZsavP13w7PJ/uxBcTyTXmMJwdegnnE35ll6rCnbzJ69Br29iY434INXPG/eXnwOo=,iv:s6Radz1cdr7ks3oXsuRafTMVthvUv7/4r2ae5KZZ4w4=,tag:c3cCIG8aztytZX7KprRWnQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

23
secrets/sue/colmena.yaml Normal file
View file

@ -0,0 +1,23 @@
sops_nix_keys:
root: ENC[AES256_GCM,data:CxF2wjcQ2OFuS7Pgjnc8zc7sqGEz3dcHt4NXkL+V6w7kGPP+b4wBhOlT7b+bEESNslpK2htLY7x+IZWIA8JQpeRKHAKymAUK86I=,iv:5qNFDb86/Vr9Iqzx1eES4wUVY5XTq3iOR4VQliuP1lg=,tag:gx/Q7t52l9kMhPRXdpsB6A==,type:str]
pim: ENC[AES256_GCM,data:PWFlRBaqImbCpj3IXU+BtNIRvwru+GRwxDQO4QwINRvxRqC36LE6JpMqaJNrTdCPy+aQ01brTN8y99qXTDlrul32cZnopc37r78=,iv:1tG7rDB5D7D2myes6Ro8hXC140ugjXpiwNpivWFw/xw=,tag:BNm/Ep55tt7xBWZFyzTR5g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFMWdWZUZQdm9nUWVlUW1w
TU81QmRUZ2s5UzdkVVpBZFNZNmJoQlNtM1JBCnZrSE4xV0xuaXRtOG5UbGw1Mk9x
ZkpkajBzaVVrSEpuYWtnZ21pa2VWR0kKLS0tIGJTWnAyQ0daVTJJTHU0TmdKcGRJ
NkJzL3JSN2sxbnF6NGNhQlJqTHpHRTAKK+3FqqBAGxdlMtnbsySEcZT1lkQwJWvK
GFB+6CtH9UtyIGrdK8Pm/0ahsolYGAim2OjeiKBbs3Q8kLm5WAsgRg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-30T23:42:51Z"
mac: ENC[AES256_GCM,data:fo856uaz54nxHDJVDpMOPc6GHAzMdVJTfqBiMtJkEwm3AVICtRcI8ucceBnmfKZf9DM2MC2DffU1tvJd5iqpqFZMXCElRnBxWVZGhvrZqIZtmoAin5zBgwOudf1o6msmdNGmZk1ECq/HpHNO/QMQ3rnFdBvOZwL0zu6iZm9XwC0=,iv:T6Tv1ukk0CWbTRVWYdfn/bWQoETk8DRVMOzpJE9mCWE=,tag:eICIYTBvAJLUTpRcMYqc5Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

View file

@ -1,4 +1,3 @@
sops_age_key: ENC[AES256_GCM,data:xKGTAF5cVgysZPbcDgs0QF92Bw6wW78n9fm2RMdeLtywn0ga4qBO8YlrIQWCc2SfFQOTZUlz0e7QWsnbZpxN4p03XF1zusU0ceM=,iv:cDjqDYR3PKx3AbLQL5QbeFK26+Cnsk2m74mHPHIozNs=,tag:C2MzZLR2cQY/gHQNTId8UA==,type:str]
wireguard: wireguard:
home: home:
presharedKey: ENC[AES256_GCM,data:nFOqWcdo8zG83v1ceod8Uy4wX3w2LHmDPp2PaAAJ/lUexU4DhY9RZ4wtgC8=,iv:UvzQSZZ62I+QVFHMkHczC2KPeqX8z+DodS7nxLmXr4U=,tag:otwdNc2636DJdkzg22puqQ==,type:str] presharedKey: ENC[AES256_GCM,data:nFOqWcdo8zG83v1ceod8Uy4wX3w2LHmDPp2PaAAJ/lUexU4DhY9RZ4wtgC8=,iv:UvzQSZZ62I+QVFHMkHczC2KPeqX8z+DodS7nxLmXr4U=,tag:otwdNc2636DJdkzg22puqQ==,type:str]
@ -18,8 +17,8 @@ sops:
N1Rab3RNZ00vd0xPOVBYRHphaldWU1EKNKnKPWO1l8NwWXG2e15Y3td9I0rN9Wwn N1Rab3RNZ00vd0xPOVBYRHphaldWU1EKNKnKPWO1l8NwWXG2e15Y3td9I0rN9Wwn
QdoeVf2+cPJOO5g9stZpl2DBF3QxJojt+dQhwjuEbP9nQtlVQPAlMQ== QdoeVf2+cPJOO5g9stZpl2DBF3QxJojt+dQhwjuEbP9nQtlVQPAlMQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-21T21:16:17Z" lastmodified: "2024-11-30T23:42:09Z"
mac: ENC[AES256_GCM,data:Z2mYTek91FLKgMpAFdRl8s2eE6r/03f9/E/XDvkwJZutI40qN6tFrDmhdPIb1U96oPGekcK9WkShIQekQIK6CiDhOAr048x2kSXvrHMZ1hg1hwO7H6jBJiFSRxM1BVBAlbcvZp5IW7e3CqfibVOgXOQvMl0CDS41ucQWV7odO6Y=,iv:7rb/VemE+cFhJ+8XUeLyp+K7FmY0XdAbgs6XWHLrV7M=,tag:vmPRTB9+EYjPLgX4qiFlXw==,type:str] mac: ENC[AES256_GCM,data:nHLeqi4DAoyIi0CfARfx9b753BFdMmIR/fkOrhV5yehl7rUWvSh0+H7sb/ncgW6Blrc5g6Ek8BxXAt8a2SXfCEQaFU6tI1wJ/3mPtEPSvWQnZ75wAQLRgaBE3oxdL2FxSu3sjXMRjipPa/ACbau60FpNFzVbGuwNYfQAquwWtFg=,iv:LYn+36pfIw8zCnhQE4nCyt9yhetoHZRVNrBXL8N12Jo=,tag:aZsxtfEdK99+aBQS6OEwWg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.9.1

File diff suppressed because one or more lines are too long

View file

@ -0,0 +1,40 @@
sops_nix_keys:
root: ENC[AES256_GCM,data:hu7AbU/RYst/DKBacsRBSpnQY0k3GtvbpB74v0H26FFkbBvAUz9qsW9Mw/5ctwmQ1pIhSWkT9sauAtrvoHRtjYeS43wpnk5qyMk=,iv:4B05pU+pI+MvO3Q6xE8ZYfIJ92q6AOI4KxMIRl0tvfg=,tag:GnbOAHTLaBqx/UxoxSbdIw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age189laethzry4ylnd790dmpuc4xjjuwqxruc76caj3ceqhqug4g9qs0upuvw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzcTBrYTdBdEZlNTlSdDl2
L05NTmwwY2dGQUdRVG9RS0h3amRQM3dadWg4ClM0Y0NGNWc3aDlwTFhOclJScks3
TjZMWjBOdzZWZU1vMXZBVGhBT1UwbmMKLS0tIDVjMkxMeklZbXJvQkpiK3h5bG9s
dHpUOW95Z0tWRHNLTXovUTBrNUtxcmcKFcsYkVInDOnioltWt7+EPQ3V75/yqY1H
1N/ZdCEvBTrs4K2akaQWFdAhBWExtuIxoQIABEH6mzjVkzvYCR+W0Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w99m9klvc7m5qtmtmu3l0jx8ksdzp5c4p9rkvh5fdullfc6afemqv5py2q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhV0xzbVhjRWxVWDFjVXdi
aU9hbHpzS3dRZE5JaHVaN05MMjRRVVBENFJBClN0V0VBM0RXN21nSElTZmN6dG1k
RE1jSFEySUU4NUtadGNqRlQxY0syRU0KLS0tIEVzQ3hWdTN2KzkyVzIwY1ByTEVp
L1EyUVNnaHBIWTc3TkR1aEpnVk1FVWsKKYNvixUgDmqeqn3dwj03xvP4BTnUdn0X
geXvXzuAByusiSBxFH7xH2C5YURLlgnUM9AH/K52jlKpD0hx6pSQ1g==
-----END AGE ENCRYPTED FILE-----
- recipient: age159whjxeyw94xmkkephmtlur8e85xd9d5vnvkwkcayfv7el0neqfq863yga
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkb0FOS0RscXM1SHMxNTNz
QVRuMlJjc0Q3b2dzWS9lRGdrNUVsSW5wb3hJCkE3NGpQck5aQkgrUHNaNVFHeldv
U2wySkZRejFMK1V1U0svZ3Y4c2w2N0kKLS0tIE90VDNwNjdGUzZYU0tqMnA1UDN1
alhaVkVGUlFFaWVaUFN4NzNrUklQdWMK3USFGZy/XkYx6WNNXlzF+/tfIOFqTZzz
gH8EWuRcIbKB+ViTZ6rLZmKDUbSlAzlsKRdWXZCAKZOf19C9SAdtkw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-30T23:14:28Z"
mac: ENC[AES256_GCM,data:2aGEk+UkrkMmqxGLnoemDrPfQx8twhNAiIFXlrXYM0dMhQPbtgwonZ57IqPRNXzuG9ycchKLuEq7p3Mdki+2gYK/7Z6AS8lICsMZGLaqa36CkBvSeImfKSWkH822XV8OC4OIzO0ZkMt2R9NFiwMubbQPARtIFYUJwfay7EO/RIE=,iv:oKwSILwmGcU4633mR2FGwaj7d42PBSvUOlQhVZbgoL8=,tag:etx/SEFpLaMWCNTT7L5Axg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1