summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.sops.yaml15
-rw-r--r--common.nix2
-rw-r--r--hosts/cez/secrets.yaml29
-rw-r--r--hosts/kay/secrets.yaml45
4 files changed, 61 insertions, 30 deletions
diff --git a/.sops.yaml b/.sops.yaml
index f5a3fe1..295431c 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,4 +1,17 @@
keys:
- - &sinan 'age1hngjn65pvc8458z5uxz6qjktp45fp8s8jqxgqklsndkdp0s26gtqdxqazm'
+ - &sinan age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
+ - &cez age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq
+ - &kay age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm
+
creation_rules:
+ - path_regex: ^hosts/cez/.*
+ age: >-
+ age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
+ age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq
+
+ - path_regex: ^hosts/kay/.*
+ age: >-
+ age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv,
+ age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm
+
- age: *sinan
diff --git a/common.nix b/common.nix
index 7ee8c70..a737373 100644
--- a/common.nix
+++ b/common.nix
@@ -21,7 +21,7 @@ in
sops = {
defaultSopsFile = ./hosts/${host}/secrets.yaml;
- age.keyFile = "/var/secrets/sops.key";
+ age.keyFile = "/var/secrets/${host}.sops";
};
system.stateVersion = "23.11";
nix.settings.experimental-features = [ "flakes" "nix-command" ];
diff --git a/hosts/cez/secrets.yaml b/hosts/cez/secrets.yaml
index d786971..f72eba6 100644
--- a/hosts/cez/secrets.yaml
+++ b/hosts/cez/secrets.yaml
@@ -1,23 +1,32 @@
misc:
- sftp: ENC[AES256_GCM,data:/UuNJt9BlrheSQpFcUuIr/syKWtoDT6J4GRFtVCMOTCt8uPwnNZgi5JFb4JWMfVnBoUYMms9aDMFN4yF6xYT2FL6Tq44Uxtg8Ig4L75l34+zy/BPfQ8y7KeWCffLtGvOh8cdIKPa5UGQjsoT91cBw340oQOhG8x8oLWzwPL8ySJbWnFAZ53NIV8w7MqL/CsePN16SnBSi5pGgQIxcti8miLxaKVen6JOw+DCe6sWM2s/IEKpGjnTcUBSRMikbJ5qftGl9+wjHolNFiMP0gveK7UxP32OsgGvFDvASqVnY+SogvavUE6fqUroV3extzVIfMUEUQukeDBc4YSDNCk5YSX+0DRcO8pKRwBA2brLGteOaXhxsMxvJKlzXt6dSGKlMyNjEnlKgGDcR0V3Wx1AF/EwGl0t+zlTyiXCN3Fq+pwErx7r3JxMnUbSiGIWv+1djNt5CtTWNp+kMd9Kbz9d8Hubn5Ae3UUvnXpm2Je52CJkhqDrq0AE1RM3UvnMV44mmvvTrwoqX6FJ8o3EqNiB3DXEk6viQuYJqclPNReYSgLYGMxfieEAwvbjTtiTsBI3fakbfEeP0RUe2JxUTA8=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:SKNSBPj8IG0aeooIoo7vAQ==,type:str]
- wireguard: ENC[AES256_GCM,data:4N0ZJd4p+Oik55XMhaEzZKpR66zEZxKfoqSnhYqf3W5BWsuDXGZFRi8xleY=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:0cJq8LFuNdkIiVgMgX/O2w==,type:str]
+ sftp: ENC[AES256_GCM,data:xic1JI1RHo3Xc/izQBubMQ5TEvQxeFIOEbkFj/MWjw7UOgQrQEozfhvmGvB3lqjdgO2e2RXYHc7RvwAfquZN9QWFFp7vS7JqhqGTg4+I0JNh28LDsdzeAXe7d4yLkJ5cl4EhU5a6Zd9Qo60JyO8HRAMSXQBuHMzTW0A4achARcTguyJUiCntxvyLiKPZGdGj7HsHfxr32S1ieejGDqxuOLTrssOgyxikWT+PqibWie+JDH20+ZP8l6ip8FdNaWcyzfED/SJybpRbDBvL3iXw9tb67SeRWKR8I91nyyLh69hwLHrp/IgboDlCW8/ZmOYoRWCJF4lH86v3312wuoU60x8IoSL7YhWW5N3WQpWxWeEmLlMFD0x6LcJclUeoIlpVNvR8wDNKeayHhdLChIs2ZiEUAAIaTcUKdWWccY7JraMosqKgS9BmnjLJLEei9kFEF+y97QxQ/q4AfyFPbajxSd7aujqXuUfqpL1aLgt65h1TyOKN3E3Y2faiTaR76EALyv2d4PdYHWhkhxXVATRhsG+N2Mg9FSCciGnD7wlu9IR28HrbLuvX7W2KsLDVdI2oBtfExTf8YQwPSk1vp28=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:KIoEb/dkEPpeaCJaNkAflw==,type:str]
+ wireguard: ENC[AES256_GCM,data:WUHMeYro1PS25wEtsQKHHtpLXbtox8JtqX5863dHelBIA2SB7YZ+eWyv5hQ=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:4qpU9Ue4QtfBINdy0CSdvw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- - recipient: age1hngjn65pvc8458z5uxz6qjktp45fp8s8jqxgqklsndkdp0s26gtqdxqazm
+ - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnVFkwNkVDTHRlWnFKUkh6
- NUxNZmMyb0x1dEF5SXFydSs2anMzcTNobXpVCjlQU2NTK1BKbHZGamtTTXhmMldC
- VUQzY2hjNkZmQU5xeXA0UUZPdDRENUEKLS0tIDBvYlNnYjRuNmo1cFRxMXRmVU4x
- OHpabE5RaGl6d3F6K04rSGcrRGVMWE0K+1n6tSJYovD1BBuHlR8VRoHq81ZuKlKx
- S956gXSTXxqCpPjE7K4PXE8lEsPq6Yh6sMxd6TPZ9QnSRibV7gnsGg==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLd3E0NC9Vb25ySXR0R0xL
+ b0pLcUdsNjYzZ0F6SkdodFZjT0s2OE5TZ0E0CkM5RHY4MmpBNFR6TWJLejlqS2FC
+ TmpRRUdMRkQ3SnhvY2ZtN3ZzYjRQYmsKLS0tIEZlWkRLVWJOaXV6V3Zmb2hUV0xj
+ d0N3S0ZIR0MyOERHV1k5RVBVVWVHQkkKZVtPjmpOPJM8STs70/nki6vTeo4mp47A
+ xEVUzxeUGpoyAewxSCo9W6IGtKyZQl0TEL3ucAmhOsjX4BWe2JShMA==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-01-02T10:58:46Z"
- mac: ENC[AES256_GCM,data:rjLgSUpCiQ+I3Mi5Sres030O6Af7hpR0J5EZ9b0HTM0aqi5WXp84b/I/zmJuMBaWFGrckZqVnuKDPpGtK45BIb8xU9EaNjFiP5CllVJXbEvysFloEAC6dPViYmx7xDxdcGzF7cuCJS1+vMaIuOFiK83x2jet5+fI0aivBnS2O7Q=,iv:sys4yBcsSGRhmplM8fDEQqpdbDdWNDLzc5qP9cyntn8=,tag:RAjr3rVHrBO40gO+dcu3zw==,type:str]
+ - recipient: age1nur989fnjmfgfk54ctczrwg25epqqr0xgkl5d4swfxka9aw6cdrqdawvaq
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWENJNzlDL1FpTkYwV1ps
+ V1VWeW4yOFZwZ1h5SGwzV2oyVkJaaHF0a1JRCmpFWWRLZzdUTUliZHpCTzJDYlhu
+ Yk51d1orS0tsMitBM0ZKSTQ4T05sNVEKLS0tIEVuZkY1bld2RldZOVNOc1E3bG5X
+ dVZ3V0VUQzF5VzN0RFM5c0RjZHpJZ0EK09qgyPHEhHgRZt2GZQB5IM9Z/nfYXW28
+ fcfmF6pko9qOYQ72P7vwv8Xub0SEI8GKGQwz2QPDJT9gd1qtipuhuQ==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2024-01-09T06:00:09Z"
+ mac: ENC[AES256_GCM,data:WkXFwF0bHvFvNTlLKrGk6iQpk5RqMIapluqyv3rcKATP4S1rQSCXwlUn88TNfKeOsJ6pSqoBmwPNjufr9SNrPZZNKYZ4sA4yft9jgCeBcyX6TaPPA123qL8xM3C2TcaE1oBrG9fwmMgEJMYJA7LxBAXz4sW17geb/y4TZgUDwBw=,iv:VJzYR0dbT761ezejxOwPO6x8cKPAzMZtwZHWvPhiDzI=,tag:Xu43SfKeGgCJivfgk+vp3Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
diff --git a/hosts/kay/secrets.yaml b/hosts/kay/secrets.yaml
index d9c40e0..ac5d61e 100644
--- a/hosts/kay/secrets.yaml
+++ b/hosts/kay/secrets.yaml
@@ -1,34 +1,43 @@
ppp:
- chap-secrets: ENC[AES256_GCM,data:4POH1o4VOKg0ZGYOZ+gIZJGlSxaRq101zMjjp/+BSlmZAz+cOc9+Kw==,iv:IC1Ii+rnTvFa0F2bi0fnEAEO7XWV7Wues9T+28bhDnc=,tag:Yatte1K8N3rrTFppc0p7Qw==,type:str]
- pap-secrets: ENC[AES256_GCM,data:K92+nAzZtBEUijXUq26eidWNJL38VvoCx8PlCtWxxgAcZCA/CW1DVg==,iv:4kNHSZ3+FMA9ROLEgrU38IWd+MBt+vf8CV3WGHkRCCc=,tag:YLiRrrCiymVOCcVzs+AVFw==,type:str]
- username: ENC[AES256_GCM,data:Xa6wBxpAtaKwsbEeudVvkpsX6CPG8E3Aku1zTi0o6Kdy9Q==,iv:yTRruKpMda4N2J3Z8MEesrFxqV4g1usbYoxTeKlWf4M=,tag:gTsn7HzgE3tHTIo2MVN12g==,type:str]
+ chap-secrets: ENC[AES256_GCM,data:oTwucN94iWIzrCCAQySpkG+uEBERmEjXfoPm6piook8bS/q3kCd/DQ==,iv:IC1Ii+rnTvFa0F2bi0fnEAEO7XWV7Wues9T+28bhDnc=,tag:239vrwVzeTIVCIw8U30jtg==,type:str]
+ pap-secrets: ENC[AES256_GCM,data:S72mx8AP8MDWrYZ3TIOnwoKcVWiUzms1ZpckghHjjFcWhW5orOjPOA==,iv:4kNHSZ3+FMA9ROLEgrU38IWd+MBt+vf8CV3WGHkRCCc=,tag:rBtSZH8i7fE7fJhRRda7eA==,type:str]
+ username: ENC[AES256_GCM,data:GzRdyvnRKSS8iH+RuFU9g6zxXhxl0DeWWkAyF3sefZc0QQ==,iv:yTRruKpMda4N2J3Z8MEesrFxqV4g1usbYoxTeKlWf4M=,tag:8h9cpYn2Zy/32+2HJ76dFw==,type:str]
hurricane:
- username: ENC[AES256_GCM,data:NXfBArIE7B40,iv:stBkppjkDC9nvV/fHaEtfs6KskoiqqEKxCp/KC+Xxeo=,tag:UeSZc20JghP8oT+R8RubXw==,type:str]
- update_key: ENC[AES256_GCM,data:5qYBHLJngitUoy1vzEho/MJtXUxKY8imsjW0trvyl37LdnVZs3ZKPQ==,iv:b93JvsfWppqlJtZxGAa3xbXgLEFs0A5Seq5pNjTnRW4=,tag:6ZlWGmgaMuxHsR3rSpV0fw==,type:str]
- tunnel_id: ENC[AES256_GCM,data:Fb8qazGD,iv:W8k0pyrAQz+UWtm76uvmzodJ2lZG4ioxrVMWjX1kIVM=,tag:DpmLdvR1oOC4TKmQv/VqIw==,type:str]
+ username: ENC[AES256_GCM,data:pe3igN9AIbc1,iv:stBkppjkDC9nvV/fHaEtfs6KskoiqqEKxCp/KC+Xxeo=,tag:pH5CJXOOp/is7dQmt6wlog==,type:str]
+ update_key: ENC[AES256_GCM,data:wwd+QWTgKEqstY5d2eWBnWJYq2EisTTaa/Ow4WwBNkyh5FYP+7PEyg==,iv:b93JvsfWppqlJtZxGAa3xbXgLEFs0A5Seq5pNjTnRW4=,tag:+W1t1M+Mm4LopVbcI1x+eg==,type:str]
+ tunnel_id: ENC[AES256_GCM,data:WUDOxjmA,iv:W8k0pyrAQz+UWtm76uvmzodJ2lZG4ioxrVMWjX1kIVM=,tag:2Q25MXzlptg/rc0HQ1k6rg==,type:str]
matrix-sinanmohd.com:
- key: ENC[AES256_GCM,data:+DAQ84NBNo0lsvrk9npFfbLqJCv9UKxhUShjkDDDu4ZZcmFxW4GBYB/f8W/vyxeOlKcRq1dKk1Vp2qO6YGxM/jTsj5o74ndbHU1jxUxEoRzljYaEb1q4rbVBUflKXYPAQKE3AIMSAZa7pcVPHkDcCs3XCClwqt1nrZEo9ncsbBtwV6X4z7V5xg==,iv:KJtqrGNPgMDR6Sg/fOUzVAiwnPZwve9wpVfDQPc4g/c=,tag:unlv3OLWZ+vrOs89GxshUA==,type:str]
- sliding_sync: ENC[AES256_GCM,data:WxjlO9qjtYGA9Tr8feRKKkQcImDkpf3m7VfCNf6bpxdzsUtitcuC2mMUruhyib193x3vehNK0Ksx/LT457ZThY3g4/qz98EBQsauJUOM,iv:P8VD8utVEwNoeQEZUdS2R9GuDe20nKiXYCfKJl0Id3E=,tag:E7LZM9mhisTzwkucgBaXYA==,type:str]
+ key: ENC[AES256_GCM,data:xsSYua3g+ySUVBtfVZ2uZR4761MC5LeJGxmcgf+dWb5+tBSmgzAQL9FFcl7GLzhTmvlq13lARUr599wShS/C9IyMVGOOT9A8hxLFF9Kak64hmM7ERGrwbmzBY1mdTtvibJqzHaeybUVIMbDagczF54zpjDGLmdC5V84wduPFCndSA5FW+4Hhqw==,iv:KJtqrGNPgMDR6Sg/fOUzVAiwnPZwve9wpVfDQPc4g/c=,tag:E2jlbt5WbRA9wu16Lr69Bg==,type:str]
+ sliding_sync: ENC[AES256_GCM,data:ubFeb/OgYYHaIHVky6KS3icORbpqf7PO3p8bONA8mwG8vU1LB0TDqVm6vQTa8G9pe96JzJ8+IAgSZafG9PaEJc/Bpj53aWRFO3HEV0Pj,iv:P8VD8utVEwNoeQEZUdS2R9GuDe20nKiXYCfKJl0Id3E=,tag:VksV/4IaKN0C2g/alw6r4Q==,type:str]
misc:
- namecheap.com: ENC[AES256_GCM,data:8sN1/APumZDclTAeYEy4nidGbvooDK6Us0yOZBbG4oU=,iv:WGof33ezbBpFmnWTWS9gzDayJpz2BVMTPsShYY+nuXY=,tag:ky/ucGEHWBtWwGcwK+1nhw==,type:str]
- wireguard: ENC[AES256_GCM,data:4GIb92p8VE/TUqLc7AztSKRc6soS7n+O/i4v1ltSqZkU8cEPyZMNRpIvXRQ=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:wr1YJbcG1L5wI01rCwv1zQ==,type:str]
+ namecheap.com: ENC[AES256_GCM,data:DADZZitG7oLHKJzEJgVe8dFuDFWgISrby8yOYj1XwZ0=,iv:WGof33ezbBpFmnWTWS9gzDayJpz2BVMTPsShYY+nuXY=,tag:pXWXkqqcXx746xu/0XhNtQ==,type:str]
+ wireguard: ENC[AES256_GCM,data:kbUtxJv3xSmikJWgtu87TSo5N8tUb2BiH3dH3oOV36waYyXI3bp2aBeAl1k=,iv:yB4UIyMDNRS+JmSnt9XuBhNRTLz+k0FqkK4ofjosRto=,tag:BDSD9SfQuQppKT4+6Cu65w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- - recipient: age1hngjn65pvc8458z5uxz6qjktp45fp8s8jqxgqklsndkdp0s26gtqdxqazm
+ - recipient: age1q5sfy74d53n6jxlgsc2zrsz4wcl9d830nxuagc3wfmdkrrp55ckq9ev6nv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cGZsN2RDSVRhSUpHdUto
- WU1UVHZ5NEcxelgvZWQyYlUzaURVM3MvOEhvCi9CaEowWlp1Y3prZ1hUaTV6T01P
- T3Z3LzliTjV1SVQ5MC9maG5oK2xTczQKLS0tIEFXOEo2WWwydjJQd0Z3a3hFN1oy
- bUY4eisvWDIxdWplQjlod0hIcjVGNlUKYkA9hUTHuWgST3UUr7ACtmgC9s5SGEAp
- ker5KUGGi1fHgGlsPKHmnJSvikkVFlOVAhVa8R6X02l8FJf0lcjOYA==
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2T3NSZ09xUDg5Q2VKM3FB
+ RXNwNTJrVkxScHR2eksrVlZQMFduOGRFT1RFClhQK2xTWXBUMzdlektSWFhHNDBN
+ bEMxelVjK1owZHczMVV3MWI2WlU2TncKLS0tIEovSk1uMnlvWFBya1YxNjArQTdh
+ Unk0a0tvR3VZQmtIU3RZSWNnazZJZTgKe0mjQHEkagnftc2zEbza863dSlnPOM6Q
+ 0Me0paRmqzsYBizp12SHjaXYiXFpvEeGmOVOMoGvD8UzTa+V5klS0w==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-12-23T10:23:55Z"
- mac: ENC[AES256_GCM,data:feUTBRfI9IMpqd6RsA/zF9FjXK5ckhJw9JEUGByw4XiEZ0ccnpaQGhj/nUh53VrU/o0eo+IW4nutBHXMaqqJNVymtOOSnzkfH8SiEc7+N4i4FAcvwwXKN05oeArVbeHqEvtjMSRYQbS/TlOjK8YNkKdc61/7RjOQhdpiJIHkMko=,iv:1STxqdkSKWWgKa9MOdhzdIDjR0g0pJHAHIMyy0DbtRM=,tag:i71mRqXea/1hC8PwtJJw7w==,type:str]
+ - recipient: age15989j5lkkf2kn5wa2p6qc8wlxjjksc63k5ync8rz8t4e87394pzqm7h4rm
+ enc: |
+ -----BEGIN AGE ENCRYPTED FILE-----
+ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5NDVlc2crekF2b1lVZnZM
+ YU95N3lRWFhUUzczV1h4eUU0dHdSbWdpWVhZCmREdmFDSzRzY3pZUHpERkhCK1FS
+ cmxRam1vZ2U0dHBYc3hJWG9CRW13bzgKLS0tIFBpMFFXYTZDT09mTTJkWDhoYWVr
+ OXgwSml4bkc1dnloNUFsRGFFcXFHc2cK26l2eiKbZUkogmAXoha6HTUs3YFKixYz
+ bTkpKKyOAIIin3YM975wwvkCuWNG4tbnHBHQFh5JGK2OEyLDXuV7Pg==
+ -----END AGE ENCRYPTED FILE-----
+ lastmodified: "2024-01-09T06:00:27Z"
+ mac: ENC[AES256_GCM,data:PcxMwCjDMaL07OT8rtYxNDHmuL15AcTw5jrR/Z1Xu1FZGmc3SK0kr0nithHx+4hhqeq4dkk/w33WHrtW6ZAcu10PoO1jgzntN/PgzRRFcpGgf9VUShUpLp8NLK7yCABzCQNCqrRclgTeqsdUITONqf6ZjzHDhrvF+JxIGpdIWs4=,iv:2uSV2fWd+pDVOt3jZRXYs1YOO3F3aYsVOL5y9mDPSCc=,tag:6n6cuEljItK67O1oig7C8Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1