From 1b8945ab20d661922e9116e5780583a9d0b5aebf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Sun, 2 Jun 2024 21:56:22 +0200 Subject: [PATCH] Add nixos-test1 to sops --- .sops.yaml | 2 ++ flake.lock | 52 ++++++++++++++++++++++++++----- secrets/secrets.yaml | 74 +++++++++++++++++++++++++------------------- 3 files changed, 88 insertions(+), 40 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 31cc261..88688c6 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -5,6 +5,7 @@ keys: - &server_ns3 age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd - &server_ns4 age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q - &server_ha1 age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l + - &server_nixos-test1 age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini) key_groups: @@ -15,6 +16,7 @@ creation_rules: - *server_ns3 - *server_ns4 - *server_ha1 + - *server_nixos-test1 - path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini) key_groups: - age: diff --git a/flake.lock b/flake.lock index dd9cf28..c3ca3b8 100644 --- a/flake.lock +++ b/flake.lock @@ -1,17 +1,36 @@ { "nodes": { + "backup-helper": { + "inputs": { + "nixpkgs": "nixpkgs" + }, + "locked": { + "lastModified": 1717357414, + "narHash": "sha256-+/FzQJTZYDo4amDGC8dN/4CO5Cm3tQKAF3vNlB/VeCE=", + "ref": "master", + "rev": "8f2ff7db03c24d39ad3873119c01ff3cb7dfddde", + "revCount": 3, + "type": "git", + "url": "https://git.t-juice.club/torjus/backup-helper" + }, + "original": { + "ref": "master", + "type": "git", + "url": "https://git.t-juice.club/torjus/backup-helper" + } + }, "nixpkgs": { "locked": { - "lastModified": 1716633019, - "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", - "owner": "nixos", + "lastModified": 1716948383, + "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", + "rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-23.11", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -49,6 +68,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1716633019, + "narHash": "sha256-xim1b5/HZYbWaZKyI7cn9TJCM6ewNVZnesRr00mXeS4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "9d29cd266cebf80234c98dd0b87256b6be0af44e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1716651315, "narHash": "sha256-iMgzIeedMqf30TXZ439zW3Yvng1Xm9QTGO+ZwG1IWSw=", @@ -66,14 +101,15 @@ }, "root": { "inputs": { - "nixpkgs": "nixpkgs", + "backup-helper": "backup-helper", + "nixpkgs": "nixpkgs_2", "nixpkgs-unstable": "nixpkgs-unstable", "sops-nix": "sops-nix" } }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-stable": "nixpkgs-stable" }, "locked": { diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 0ba9a75..40845b2 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,5 +1,6 @@ root_password_hash: ENC[AES256_GCM,data:wk/xEuf+qU3ezmondq9y3OIotXPI/L+TOErTjgJz58wEvQkApYkjc3bHaUTzOrmWjQBgDUENObzPmvQ8WKawUSJRVlpfOEr5TQ==,iv:I8Z3xJz3qoXBD7igx087A1fMwf8d29hQ4JEI3imRXdY=,tag:M80osQeWGG9AAA8BrMfhHA==,type:str] ns_xfer_key: ENC[AES256_GCM,data:VFpK7GChgFeUgQm31tTvVC888bN0yt6BAnHQa6KUTg4iZGP1WL5Bx6Zp8dY=,iv:9RF1eEc7JBxBebDOKfcDjGS2U7XsHkOW/l52yIP+1LA=,tag:L6DR2QlHOfo02kzfWWCrvg==,type:str] +backup_helper_secret: ENC[AES256_GCM,data:L/Dzkv6LXoEn4pEQJA==,iv:429vRk7dN5fRSpW2sb16kxOwBZZ/mAqxqPu6xxAb9Yo=,tag:UUH9zpuOwAlwBGgdO0UJpg==,type:str] sops: kms: [] gcp_kms: [] @@ -9,59 +10,68 @@ sops: - recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByeUhyd0JVK3VFQ0o3MGpW - Wll5OVoxM3RyZkhTWGd5alNCQ2Q0M08xYVRzCnQ2dzJ6cDE1OEdEYklsblE4TE5G - UXUzMktqcG90WGg1dXRjNVNFMlVGcFUKLS0tIEJhVjd6cW1HMEVQd1BVZzB5Q1Ni - UnB6VlJRUGk3a2tiZm5oOGlZUmlvaGsKvH9dbhN6p7cHGZJt6G97iI7ewdgeOXn0 - vEGUHfTdVNhMJOzI9o7PLL3Q5yLlhpB+0OeVwkiK0dL5lnpbkvwBvw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubWtoVGhXYXRlSlFRN1R1 + Zk9ER3d6ZExUeW0yV1grQkFzMks3akhuaHlVCk4rRmVTaUd6RG9NRldmNFZ0ZXMr + aUh5QTJLSkpISXRkVXJFWDZkdlVnSHMKLS0tIGRVcXRQRTVDK09JSThidTdsOHBo + NGpxMjFhVmg2cHdNS2dTQitEQWlLYUUKgKAgXN4Bwl2A+MRcLsGFl+BDAj8Jqkg1 + 42aUJbVMVhQLVMSFw23AIsAiSkm0l05JVedUayr6EdL0AsZRmArRrw== -----END AGE ENCRYPTED FILE----- - recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3YWdyYkxOalVWNHlXRitY - eEtMTlYzRnZVa1M0U3I2Y2U0K0FTYUtqWUJzCjFWOVlkT1MveS9zZEJKME4wbFdO - QUlJakpFN0ZSNytQVEY3cGRNN0daZzQKLS0tIDJRUktTdEZMb1Avd1o3aFdUTDRN - amJVNVROSmNxU216VVM2eWs0djZ4TUEK47OCGaIR4F4q326vF7fGhX/T9K5Oub// - Rykfsz6jYCN8D6go7onoOOrneyVuOEW3p3GSaYSnkJkgqdAyVCh+0g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVFFxK0RMU3pYVkpTeFQ3 + M1VzVkZnR2RWazdUSEo5dGExMDR6RXlTYlZJCk14OVFIQjF1aEh6NGRseEkyUjdG + SUNIK0N2eEVWRW9mM1E4YzExS3g4QU0KLS0tIDJ2by9wYUlEWlh5Y2cxZzZBUW9w + N3BkNlBEVGl1L09nbjZXZm9seTY1NTAKtVmJ9bh/cN/q+FmZ7AhmdledAL3SKWvm + 69+sx3etiIrZ8tx9hB+shULNkBWI4scopFZdoeRu75Q+Mc86s+wf4A== -----END AGE ENCRYPTED FILE----- - recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdENaMEI1MC9HQ0JsOHMx - Y0x6L1hZQ2NLdGFzaUdpcHYvSlhqc21RMUNZCnE5U2s3NndDRm9RSHFDd3JTTlFs - ZGEwZ1dxbHYrdUc0V0o4eWhyalcvdDAKLS0tIElLVGlzZTA1enV6cnpYR1k4blFm - STZRRll3WXgydklHV2J1b1hLYmNRVW8KNhOEUcPlekuMP5ruXWTj7FpymCjU84FG - NWhlAbLXNgKarvte3qyof2dNK944e6Hjc2VR2PAfGJ3WcCt3VqHlIg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRGtVZk9nL2EwaVlDcUlM + VUZuUHNXNnZEajdzL1RkeFFvNVFEaXVpWVRZCmpQMGoyOGNqemN4VHRzV2QxdWMv + c2V0T1FiMWw1ZzR2bFZmSzVsbFphWjAKLS0tIFF3TE9OcXUzUVI1UC9LU1FJVjhM + NzRoTGt6V3gyQStVbWxITUUrU0k0M1UKTGQ+9FFpFkzYYhvu4SoBYhQNh3IfErVT + orD+RecwMaZqkCh0gjs6pPG675fiWaESo/SUqG5+w38Jh/Q3fHiBnQ== -----END AGE ENCRYPTED FILE----- - recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeUVyQ1o4S0NURXVDMTJT - QithLzFwOVQrZ0IvK3I1bEVGYVFGekliem13Cld1U2VQeTM5Umh5Tjd4TWdNcVkx - VTN2MGpCdlpsWS9zUHNvK25RRExGTWsKLS0tIHhXN1BiMmdHem1BcjViUTNtMzZz - a1VwUXlnYnljc1FsNkltV0VvWWlZalEKwxJfWniozjONme/HGMtPVr1+n3XX+eUO - LKYji0D604eX1H8sO3v00hCXjg+z4atbgd7R23S4x15+4hIhTLqgsQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Q2tBYUVuNzNONk5Kbzho + SHhVUWs0MFNyblVGNDRUTStLa0NpYXdXeWxRCm0zcTlaMUZqQ0dNVXZpak1YSUZZ + VmNvelJiQXJlZXJIa0dncE91TU5sNTAKLS0tIFQ2Z1lSSFhiK3dZSVlxeEt2VXlU + bk0rNjMrbWx4WVdnd0VLSWRUNGI5cVkKUIf+ilyc8N/T8jXk9X643DiASH0Yc8MU + eWw6vttNrIHu69s1jku59JiGGzxaSJOvRwHqu2toIpR0aFm9X87PPQ== -----END AGE ENCRYPTED FILE----- - recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnamhOQkl0aGZOUGdBaTRt - dmxTTHlRZlZwUk10ZmMvZUhFeit2akZwYTJjCjdkNENMVmlQM2NPWm1WN1pURlpy - cXkvd083VE1EbUlNYmVOdFdPMVMvL0EKLS0tIHJ2Y3c4bGFBRDNGa3Z0ak1PRHJq - RDFCQWpIOEVUZXhkNDFSemgzMVlSR1EK6hNpuxydI5SH7/3mDeQhC1iHUP8ipLYD - hx6lCN7sgsDQl4hyg36CdpXnVDsuvW9MKQELtwPZ/7lOEtRcC2BL4w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZmJiek14ZUdnRkJUNDR1 + dkN2blJ6Ykx0TlEvVlA2UGlaT0N5WHp4eGdNCldRL0gwVmlSQ3JBaXhDZ0RHWTVZ + K3BVZmczYis1cHNFbmRLK0t3MlVhQ0kKLS0tIFFMRUFXMWJIRjRWeHFsUEpDTjI0 + czhoVlg3NVBGK2hkK1F1cElwK3ZpZDQKVYL7UmZpDwUUCELJ85dkh4aQgiFuiP4b + ljk7WwMCr2KPOwlqDNSSOZgoh8RmFlKaMsNB5EQMd4loNWgMra7URA== -----END AGE ENCRYPTED FILE----- - recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRRTRxaS9jVGVMdWxGVVNx - dlN5c0lYVHduTFpLTElCa0NzUS9ZZ2cwdnhrClFpaDdjcWprWkhmcDNMZjlTQkJh - OWhiNVlRTHlaNkF0NW56alE0K0xRQVUKLS0tIE5PUlYwY3loblZZRUNLc3NvRU9R - Z3hwdGJEQWNxRm10dEIydEY3ZDFBQVEK1aeBQlOcHRJ88iCRSbB4WTccPJmxwf/2 - lRqyRYXPgXiLrJbd3R/ax0nSwun4eDvNSGX9/CFppOzKWCsvmaPhVg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0MVEwVy94VXd2U1pCd3cv + TFpwNDYrU01Md3pQZXlwbWFNd2xocnMrN3pJCi94alVKajk5eExhbWkwd1ZFNEQ0 + VnN0VExzTEdQNGplS05nVWsxZnNYdW8KLS0tIFVTdWYzbDA0R3FpbjhjVTU3ZnRw + ZHJTUXJQOUFmWEVjQ0ZHellVS2swVmsK4vyeriPn+OcSFQoaIjtErQBwDdOOBxdc + sgYKQOuqjcbDC6T8AgeR1fKz6XY2aBf4NwRje4iqFLDEW/L3WQEiYQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-11T19:25:54Z" - mac: ENC[AES256_GCM,data:GbbdzjkjicbNPoiKXpeAXzkrmQlgLUg90B0ynYfbB9JX0m4W7hfogVJ4Fcx5t+iUeG2LPkCxq7vYnD1+uFJkND1xF0rc9dGi43SBtz74giQTJck8/mK/iWyDdgDlWxtO78ghHMS5OxyapOvk+K2+Ga9zJ1f3S64lc2xqhyVSFfk=,iv:jRDgu1lSuFRv8VeVbiyx+DfywaLlZJ0Xla++M277SBg=,tag:aV757MJJUNg77//tON7h1A==,type:str] + - recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsalA0a0tNQWNHVUlNVTVP + b1JONEpVSzhkK25qRE4zeFlnQmlCdzBPaFVJCnVHNklyNlVNc3lnN04yKzVWdHNy + OG51Y2pEelVjN0pYSEg0Sk9iM3RtaVUKLS0tIGlXNnZBdGxCcGZDVGNJMGJiOXBB + V1FQQ0o4UVhEbWtFMEtFcWpQR0c2aDQKduenww5ggqovBUmU1u3xGNABx4MevBk7 + 939Mp8UtDPblCDBFi2SmxrrsFiQDOWVkz7llHTmLHYDPEejkVc8/sQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-02T19:56:05Z" + mac: ENC[AES256_GCM,data:E80OElIx6ttV4ABVDG1LnUBQ/vmngKRLrAowZIuxZcJLLWfemojRCC697y8tyu4fSxEKvaEoz7FJau1xIZ2ATfYUero5iz5L+6l/t8d7CiF2RWEfMcfwMKCDkjesnf/FaG4poPBc19Y9qyPBB/Ot9uxs1HRAD0niT9sOfb6/kEA=,iv:s4m6C9ffqvfSGRwlO1y3G0mdfGkwbyb6fxS4P4XNMTM=,tag:yQyeFQpzpIm4B59ec2+S7Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1