diff options
-rw-r--r-- | .sops.yaml | 15 | ||||
-rw-r--r-- | common.nix | 2 | ||||
-rw-r--r-- | hosts/cez/secrets.yaml | 29 | ||||
-rw-r--r-- | hosts/kay/secrets.yaml | 45 |
4 files changed, 61 insertions, 30 deletions
@@ -1,4 +1,17 @@ keys: - - &sinan 'age1hngjn65pvc8458z5uxz6qjktp45fp8s8jqxgqklsndkdp0s26gtqdxqazm' + - &sinan age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv + - &cez age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq + - &kay age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm + creation_rules: + - path_regex: ^hosts/cez/.* + age: >- + age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv, + age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq + + - path_regex: ^hosts/kay/.* + age: >- + age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv, + age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm + - age: *sinan @@ -21,7 +21,7 @@ in sops = { defaultSopsFile = ./hosts/${host}/secrets.yaml; - age.keyFile = "/var/secrets/sops.key"; + age.keyFile = "/var/secrets/${host}.sops"; }; system.stateVersion = "23.11"; nix.settings.experimental-features = [ "flakes" "nix-command" ]; diff --git a/hosts/cez/secrets.yaml b/hosts/cez/secrets.yaml index d786971..f72eba6 100644 --- a/hosts/cez/secrets.yaml +++ b/hosts/cez/secrets.yaml @@ -1,23 +1,32 @@ misc: - sftp: ENC[AES256_GCM,data:/UuNJt9BlrheSQpFcUuIr/syKWtoDT6J4GRFtVCMOTCt8uPwnNZgi5JFb4JWMfVnBoUYMms9aDMFN4yF6xYT2FL6Tq44Uxtg8Ig4L75l34+zy/BPfQ8y7KeWCffLtGvOh8cdIKPa5UGQjsoT91cBw340oQOhG8x8oLWzwPL8ySJbWnFAZ53NIV8w7MqL/CsePN16SnBSi5pGgQIxcti8miLxaKVen6JOw+DCe6sWM2s/IEKpGjnTcUBSRMikbJ5qftGl9+wjHolNFiMP0gveK7UxP32OsgGvFDvASqVnY+SogvavUE6fqUroV3extzVIfMUEUQukeDBc4YSDNCk5YSX+0DRcO8pKRwBA2brLGteOaXhxsMxvJKlzXt6dSGKlMyNjEnlKgGDcR0V3Wx1AF/EwGl0t+zlTyiXCN3Fq+pwErx7r3JxMnUbSiGIWv+1djNt5CtTWNp+kMd9Kbz9d8Hubn5Ae3UUvnXpm2Je52CJkhqDrq0AE1RM3UvnMV44mmvvTrwoqX6FJ8o3EqNiB3DXEk6viQuYJqclPNReYSgLYGMxfieEAwvbjTtiTsBI3fakbfEeP0RUe2JxUTA8=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:SKNSBPj8IG0aeooIoo7vAQ==,type:str] - wireguard: ENC[AES256_GCM,data:4N0ZJd4p+Oik55XMhaEzZKpR66zEZxKfoqSnhYqf3W5BWsuDXGZFRi8xleY=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:0cJq8LFuNdkIiVgMgX/O2w==,type:str] + sftp: ENC[AES256_GCM,data:xic1JI1RHo3Xc/izQBubMQ5TEvQxeFIOEbkFj/MWjw7UOgQrQEozfhvmGvB3lqjdgO2e2RXYHc7RvwAfquZN9QWFFp7vS7JqhqGTg4+I0JNh28LDsdzeAXe7d4yLkJ5cl4EhU5a6Zd9Qo60JyO8HRAMSXQBuHMzTW0A4achARcTguyJUiCntxvyLiKPZGdGj7HsHfxr32S1ieejGDqxuOLTrssOgyxikWT+PqibWie+JDH20+ZP8l6ip8FdNaWcyzfED/SJybpRbDBvL3iXw9tb67SeRWKR8I91nyyLh69hwLHrp/IgboDlCW8/ZmOYoRWCJF4lH86v3312wuoU60x8IoSL7YhWW5N3WQpWxWeEmLlMFD0x6LcJclUeoIlpVNvR8wDNKeayHhdLChIs2ZiEUAAIaTcUKdWWccY7JraMosqKgS9BmnjLJLEei9kFEF+y97QxQ/q4AfyFPbajxSd7aujqXuUfqpL1aLgt65h1TyOKN3E3Y2faiTaR76EALyv2d4PdYHWhkhxXVATRhsG+N2Mg9FSCciGnD7wlu9IR28HrbLuvX7W2KsLDVdI2oBtfExTf8YQwPSk1vp28=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:KIoEb/dkEPpeaCJaNkAflw==,type:str] + wireguard: ENC[AES256_GCM,data:WUHMeYro1PS25wEtsQKHHtpLXbtox8JtqX5863dHelBIA2SB7YZ+eWyv5hQ=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:4qpU9Ue4QtfBINdy0CSdvw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1hngjn65pvc8458z5uxz6qjktp45fp8s8jqxgqklsndkdp0s26gtqdxqazm + - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVFkwNkVDTHRlWnFKUkh6 - NUxNZmMyb0x1dEF5SXFydSs2anMzcTNobXpVCjlQU2NTK1BKbHZGamtTTXhmMldC - VUQzY2hjNkZmQU5xeXA0UUZPdDRENUEKLS0tIDBvYlNnYjRuNmo1cFRxMXRmVU4x - OHpabE5RaGl6d3F6K04rSGcrRGVMWE0K+1n6tSJYovD1BBuHlR8VRoHq81ZuKlKx - S956gXSTXxqCpPjE7K4PXE8lEsPq6Yh6sMxd6TPZ9QnSRibV7gnsGg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd3E0NC9Vb25ySXR0R0xL + b0pLcUdsNjYzZ0F6SkdodFZjT0s2OE5TZ0E0CkM5RHY4MmpBNFR6TWJLejlqS2FC + TmpRRUdMRkQ3SnhvY2ZtN3ZzYjRQYmsKLS0tIEZlWkRLVWJOaXV6V3Zmb2hUV0xj + d0N3S0ZIR0MyOERHV1k5RVBVVWVHQkkKZVtPjmpOPJM8STs70/nki6vTeo4mp47A + xEVUzxeUGpoyAewxSCo9W6IGtKyZQl0TEL3ucAmhOsjX4BWe2JShMA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-02T10:58:46Z" - mac: ENC[AES256_GCM,data:rjLgSUpCiQ+I3Mi5Sres030O6Af7hpR0J5EZ9b0HTM0aqi5WXp84b/I/zmJuMBaWFGrckZqVnuKDPpGtK45BIb8xU9EaNjFiP5CllVJXbEvysFloEAC6dPViYmx7xDxdcGzF7cuCJS1+vMaIuOFiK83x2jet5+fI0aivBnS2O7Q=,iv:sys4yBcsSGRhmplM8fDEQqpdbDdWNDLzc5qP9cyntn8=,tag:RAjr3rVHrBO40gO+dcu3zw==,type:str] + - recipient: age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWENJNzlDL1FpTkYwV1ps + V1VWeW4yOFZwZ1h5SGwzV2oyVkJaaHF0a1JRCmpFWWRLZzdUTUliZHpCTzJDYlhu + Yk51d1orS0tsMitBM0ZKSTQ4T05sNVEKLS0tIEVuZkY1bld2RldZOVNOc1E3bG5X + dVZ3V0VUQzF5VzN0RFM5c0RjZHpJZ0EK09qgyPHEhHgRZt2GZQB5IM9Z/nfYXW28 + fcfmF6pko9qOYQ72P7vwv8Xub0SEI8GKGQwz2QPDJT9gd1qtipuhuQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-09T06:00:09Z" + mac: ENC[AES256_GCM,data:WkXFwF0bHvFvNTlLKrGk6iQpk5RqMIapluqyv3rcKATP4S1rQSCXwlUn88TNfKeOsJ6pSqoBmwPNjufr9SNrPZZNKYZ4sA4yft9jgCeBcyX6TaPPA123qL8xM3C2TcaE1oBrG9fwmMgEJMYJA7LxBAXz4sW17geb/y4TZgUDwBw=,iv:VJzYR0dbT761ezejxOwPO6x8cKPAzMZtwZHWvPhiDzI=,tag:Xu43SfKeGgCJivfgk+vp3Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/hosts/kay/secrets.yaml b/hosts/kay/secrets.yaml index d9c40e0..ac5d61e 100644 --- a/hosts/kay/secrets.yaml +++ b/hosts/kay/secrets.yaml @@ -1,34 +1,43 @@ ppp: - chap-secrets: ENC[AES256_GCM,data:4POH1o4VOKg0ZGYOZ+gIZJGlSxaRq101zMjjp/+BSlmZAz+cOc9+Kw==,iv:IC1Ii+rnTvFa0F2bi0fnEAEO7XWV7Wues9T+28bhDnc=,tag:Yatte1K8N3rrTFppc0p7Qw==,type:str] - pap-secrets: ENC[AES256_GCM,data:K92+nAzZtBEUijXUq26eidWNJL38VvoCx8PlCtWxxgAcZCA/CW1DVg==,iv:4kNHSZ3+FMA9ROLEgrU38IWd+MBt+vf8CV3WGHkRCCc=,tag:YLiRrrCiymVOCcVzs+AVFw==,type:str] - username: ENC[AES256_GCM,data:Xa6wBxpAtaKwsbEeudVvkpsX6CPG8E3Aku1zTi0o6Kdy9Q==,iv:yTRruKpMda4N2J3Z8MEesrFxqV4g1usbYoxTeKlWf4M=,tag:gTsn7HzgE3tHTIo2MVN12g==,type:str] + chap-secrets: ENC[AES256_GCM,data:oTwucN94iWIzrCCAQySpkG+uEBERmEjXfoPm6piook8bS/q3kCd/DQ==,iv:IC1Ii+rnTvFa0F2bi0fnEAEO7XWV7Wues9T+28bhDnc=,tag:239vrwVzeTIVCIw8U30jtg==,type:str] + pap-secrets: ENC[AES256_GCM,data:S72mx8AP8MDWrYZ3TIOnwoKcVWiUzms1ZpckghHjjFcWhW5orOjPOA==,iv:4kNHSZ3+FMA9ROLEgrU38IWd+MBt+vf8CV3WGHkRCCc=,tag:rBtSZH8i7fE7fJhRRda7eA==,type:str] + username: ENC[AES256_GCM,data:GzRdyvnRKSS8iH+RuFU9g6zxXhxl0DeWWkAyF3sefZc0QQ==,iv:yTRruKpMda4N2J3Z8MEesrFxqV4g1usbYoxTeKlWf4M=,tag:8h9cpYn2Zy/32+2HJ76dFw==,type:str] hurricane: - username: ENC[AES256_GCM,data:NXfBArIE7B40,iv:stBkppjkDC9nvV/fHaEtfs6KskoiqqEKxCp/KC+Xxeo=,tag:UeSZc20JghP8oT+R8RubXw==,type:str] - update_key: ENC[AES256_GCM,data:5qYBHLJngitUoy1vzEho/MJtXUxKY8imsjW0trvyl37LdnVZs3ZKPQ==,iv:b93JvsfWppqlJtZxGAa3xbXgLEFs0A5Seq5pNjTnRW4=,tag:6ZlWGmgaMuxHsR3rSpV0fw==,type:str] - tunnel_id: ENC[AES256_GCM,data:Fb8qazGD,iv:W8k0pyrAQz+UWtm76uvmzodJ2lZG4ioxrVMWjX1kIVM=,tag:DpmLdvR1oOC4TKmQv/VqIw==,type:str] + username: ENC[AES256_GCM,data:pe3igN9AIbc1,iv:stBkppjkDC9nvV/fHaEtfs6KskoiqqEKxCp/KC+Xxeo=,tag:pH5CJXOOp/is7dQmt6wlog==,type:str] + update_key: ENC[AES256_GCM,data:wwd+QWTgKEqstY5d2eWBnWJYq2EisTTaa/Ow4WwBNkyh5FYP+7PEyg==,iv:b93JvsfWppqlJtZxGAa3xbXgLEFs0A5Seq5pNjTnRW4=,tag:+W1t1M+Mm4LopVbcI1x+eg==,type:str] + tunnel_id: ENC[AES256_GCM,data:WUDOxjmA,iv:W8k0pyrAQz+UWtm76uvmzodJ2lZG4ioxrVMWjX1kIVM=,tag:2Q25MXzlptg/rc0HQ1k6rg==,type:str] matrix-sinanmohd.com: - key: ENC[AES256_GCM,data:+DAQ84NBNo0lsvrk9npFfbLqJCv9UKxhUShjkDDDu4ZZcmFxW4GBYB/f8W/vyxeOlKcRq1dKk1Vp2qO6YGxM/jTsj5o74ndbHU1jxUxEoRzljYaEb1q4rbVBUflKXYPAQKE3AIMSAZa7pcVPHkDcCs3XCClwqt1nrZEo9ncsbBtwV6X4z7V5xg==,iv:KJtqrGNPgMDR6Sg/fOUzVAiwnPZwve9wpVfDQPc4g/c=,tag:unlv3OLWZ+vrOs89GxshUA==,type:str] - sliding_sync: ENC[AES256_GCM,data:WxjlO9qjtYGA9Tr8feRKKkQcImDkpf3m7VfCNf6bpxdzsUtitcuC2mMUruhyib193x3vehNK0Ksx/LT457ZThY3g4/qz98EBQsauJUOM,iv:P8VD8utVEwNoeQEZUdS2R9GuDe20nKiXYCfKJl0Id3E=,tag:E7LZM9mhisTzwkucgBaXYA==,type:str] + key: ENC[AES256_GCM,data:xsSYua3g+ySUVBtfVZ2uZR4761MC5LeJGxmcgf+dWb5+tBSmgzAQL9FFcl7GLzhTmvlq13lARUr599wShS/C9IyMVGOOT9A8hxLFF9Kak64hmM7ERGrwbmzBY1mdTtvibJqzHaeybUVIMbDagczF54zpjDGLmdC5V84wduPFCndSA5FW+4Hhqw==,iv:KJtqrGNPgMDR6Sg/fOUzVAiwnPZwve9wpVfDQPc4g/c=,tag:E2jlbt5WbRA9wu16Lr69Bg==,type:str] + sliding_sync: ENC[AES256_GCM,data:ubFeb/OgYYHaIHVky6KS3icORbpqf7PO3p8bONA8mwG8vU1LB0TDqVm6vQTa8G9pe96JzJ8+IAgSZafG9PaEJc/Bpj53aWRFO3HEV0Pj,iv:P8VD8utVEwNoeQEZUdS2R9GuDe20nKiXYCfKJl0Id3E=,tag:VksV/4IaKN0C2g/alw6r4Q==,type:str] misc: - namecheap.com: ENC[AES256_GCM,data:8sN1/APumZDclTAeYEy4nidGbvooDK6Us0yOZBbG4oU=,iv:WGof33ezbBpFmnWTWS9gzDayJpz2BVMTPsShYY+nuXY=,tag:ky/ucGEHWBtWwGcwK+1nhw==,type:str] - wireguard: ENC[AES256_GCM,data:4GIb92p8VE/TUqLc7AztSKRc6soS7n+O/i4v1ltSqZkU8cEPyZMNRpIvXRQ=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:wr1YJbcG1L5wI01rCwv1zQ==,type:str] + namecheap.com: ENC[AES256_GCM,data:DADZZitG7oLHKJzEJgVe8dFuDFWgISrby8yOYj1XwZ0=,iv:WGof33ezbBpFmnWTWS9gzDayJpz2BVMTPsShYY+nuXY=,tag:pXWXkqqcXx746xu/0XhNtQ==,type:str] + wireguard: ENC[AES256_GCM,data:kbUtxJv3xSmikJWgtu87TSo5N8tUb2BiH3dH3oOV36waYyXI3bp2aBeAl1k=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:BDSD9SfQuQppKT4+6Cu65w==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1hngjn65pvc8458z5uxz6qjktp45fp8s8jqxgqklsndkdp0s26gtqdxqazm + - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cGZsN2RDSVRhSUpHdUto - WU1UVHZ5NEcxelgvZWQyYlUzaURVM3MvOEhvCi9CaEowWlp1Y3prZ1hUaTV6T01P - T3Z3LzliTjV1SVQ5MC9maG5oK2xTczQKLS0tIEFXOEo2WWwydjJQd0Z3a3hFN1oy - bUY4eisvWDIxdWplQjlod0hIcjVGNlUKYkA9hUTHuWgST3UUr7ACtmgC9s5SGEAp - ker5KUGGi1fHgGlsPKHmnJSvikkVFlOVAhVa8R6X02l8FJf0lcjOYA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2T3NSZ09xUDg5Q2VKM3FB + RXNwNTJrVkxScHR2eksrVlZQMFduOGRFT1RFClhQK2xTWXBUMzdlektSWFhHNDBN + bEMxelVjK1owZHczMVV3MWI2WlU2TncKLS0tIEovSk1uMnlvWFBya1YxNjArQTdh + Unk0a0tvR3VZQmtIU3RZSWNnazZJZTgKe0mjQHEkagnftc2zEbza863dSlnPOM6Q + 0Me0paRmqzsYBizp12SHjaXYiXFpvEeGmOVOMoGvD8UzTa+V5klS0w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-23T10:23:55Z" - mac: ENC[AES256_GCM,data:feUTBRfI9IMpqd6RsA/zF9FjXK5ckhJw9JEUGByw4XiEZ0ccnpaQGhj/nUh53VrU/o0eo+IW4nutBHXMaqqJNVymtOOSnzkfH8SiEc7+N4i4FAcvwwXKN05oeArVbeHqEvtjMSRYQbS/TlOjK8YNkKdc61/7RjOQhdpiJIHkMko=,iv:1STxqdkSKWWgKa9MOdhzdIDjR0g0pJHAHIMyy0DbtRM=,tag:i71mRqXea/1hC8PwtJJw7w==,type:str] + - recipient: age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5NDVlc2crekF2b1lVZnZM + YU95N3lRWFhUUzczV1h4eUU0dHdSbWdpWVhZCmREdmFDSzRzY3pZUHpERkhCK1FS + cmxRam1vZ2U0dHBYc3hJWG9CRW13bzgKLS0tIFBpMFFXYTZDT09mTTJkWDhoYWVr + OXgwSml4bkc1dnloNUFsRGFFcXFHc2cK26l2eiKbZUkogmAXoha6HTUs3YFKixYz + bTkpKKyOAIIin3YM975wwvkCuWNG4tbnHBHQFh5JGK2OEyLDXuV7Pg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-01-09T06:00:27Z" + mac: ENC[AES256_GCM,data:PcxMwCjDMaL07OT8rtYxNDHmuL15AcTw5jrR/Z1Xu1FZGmc3SK0kr0nithHx+4hhqeq4dkk/w33WHrtW6ZAcu10PoO1jgzntN/PgzRRFcpGgf9VUShUpLp8NLK7yCABzCQNCqrRclgTeqsdUITONqf6ZjzHDhrvF+JxIGpdIWs4=,iv:2uSV2fWd+pDVOt3jZRXYs1YOO3F3aYsVOL5y9mDPSCc=,tag:6n6cuEljItK67O1oig7C8Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 |