reorganize secrets

2025-01-19 20:46:38 +01:00 · 2025-01-19 20:46:38 +01:00 · 76e043171c
commit 76e043171c
parent 42128ebbe1
14 changed files with 49 additions and 58 deletions
--- a/hosts/cloud/default.nix
+++ b/hosts/cloud/default.nix
@ -1,10 +1,21 @@
-{ ... }:
+{ config, ... }:
 {
  imports = [
    ./configuration.nix
    ./hardware-configuration.nix
    ./networking.nix
    ./proxy
-    ./secrets.nix
  ];
+
+  sops.defaultSopsFile = ./secrets.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+
+  sops.secrets = {
+    "wg/0xa-mgmt" = {
+      owner = config.users.users.systemd-network.name;
+    };
+    "wg/0xa-proxy" = {
+      owner = config.users.users.systemd-network.name;
+    };
+  };
 }
--- a/hosts/cloud/secrets.nix
+++ b/hosts/cloud/secrets.nix
@ -1,14 +0,0 @@
-{ config, ... }:
-{
-  sops.defaultSopsFile = ../../secrets/cloud/secrets.yaml;
-  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-
-  sops.secrets = {
-    "wg/0xa-mgmt" = {
-      owner = config.users.users.systemd-network.name;
-    };
-    "wg/0xa-proxy" = {
-      owner = config.users.users.systemd-network.name;
-    };
-  };
-}
--- a/hosts/cloud/secrets.yaml
+++ b/hosts/cloud/secrets.yaml
@ -0,0 +1,43 @@
+wg:
+    0xa-mgmt: ENC[AES256_GCM,data:Xbeo+c8F+0JcTEE/LICWH4tEiqyGwCJ7JJZhkWxNFgKC9hVD6t3sPDWcJ2U=,iv:B0cbrPHdr+eA6FebKL/UrJpE06yOi+nUeyZ7x+Y65go=,tag:yTgVkzSKVhYyNPauVdNZxg==,type:str]
+    0xa-proxy: ENC[AES256_GCM,data:LAcfaMPF4IHPtWSUMH2OK/Ez2Ec3YBdtYUiRtu1ApWmww7IdnDze9inl5L4=,iv:NnNzSPfUqQFDoo21LRrlnuLZMzN2uIBBu85wlzOzrd4=,tag:U2Ama40ONwIlEO+hwJymbA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1j3xpuuqaph5z885er90mftfsu6g3hw4q469k37a3veqktwntzdpqgue4z5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPTStCSnBiakNsbHFmaEFU
+            dEJYVjdMZ0NlSkcvQWNha2VPLzdjYmxETG13CitSUis4U0h2eWNnRGJBWlJkZkVm
+            OUJLdWI3K0txNFJHSER1NjZDdFQ4L0EKLS0tIEtmMytkeFRmeWtKd0RCaEprREVy
+            aC9tSTVrY0RFcys0LzZONXhhczNjckEK+3E6zeUkyikrZUD8WFkwWgldVfOez51y
+            EgDsxxynkRx7nX8ASne7pdP6e26hooVsrS2oWW45JXpuKkn0ELv7Xg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-01-11T17:28:20Z"
+    mac: ENC[AES256_GCM,data:ihAoc4uJ6hjsUCVYbI1fzVoC1JfkMWGJYW4xE3AcKxdpkHqgvI/yLNY/awNTDowv5Cy3Ubw/dkocgszf1WThMLDkhWoZNWP1CcYtHp8Kc9moSnPxDutGXGVmCC30jTfG8DqmR0evtgBp4oqriW3trlHHuDyVGhYZeiplW4o9L1A=,iv:ggmE88UwdnKJn46fp81Mw7q56s2nGDssFwIrqCnfIRQ=,tag:Ejrmg/+hbAWbzXoygNJUpQ==,type:str]
+    pgp:
+        - created_at: "2025-01-11T01:25:31Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA7zUOKwzpAE7AQ/9Ew7Ubwz4AQ4S/a3fD6jscD3bDFgTM7UbaIyIb9iNf4MI
+            j1IJtNVEVbLf7gg/CVeRZaD1OzRB8LYWkkVwco7JPsSygtRA4ntVBUTpZfpCKD5R
+            Z2CvamM1Lzkap4Yk1oYWAbOtKp/8mZsjlKv9+Xaf/XuHXg06ZumThtQBxGBVOMSX
+            v+ClGxUY7nYSOf+jrqcfyq/zCCyD19AmMw/DfpqJ9w4x6mQ2T4yiQz+FugXDVqHI
+            LCaiyCvg96Jk/5zega0ePtXOKFaBPgSi+0sWuvoLIbCTbLJKGOliWfyQhMLit/XB
+            BjV7McHIgNpwQ9E+TX20GEVCukQDmL8LiB5DVPaOxiFzT7ZVWUU60BrM04RBZA5f
+            DYm9a9njaZ76L67VGyS1WiHmfKMIYWQanLattsMpBs3kH6YoRVLDEN44LXVHq3gJ
+            gcQj6piT+GyKdrmCP0J5KznvK7UGUF1L/blEZMl4x47K2La+ehlBT7V1AAMf0Pjp
+            VlstcqFVJAaYl/Y/+jiHvgTgazSuWQWlhjfjMn/gbvEKfnVf154AHGbM6xsytTya
+            hgBgrU+Dtow0IIgcHEofDuAYgQG33w/WQwOG3aeCIG3gRr5nt8rfEd8kYxaRgsLN
+            PzCIB2h7Nz4BVoPxIYqajA4D0XYRtZt0/akqXk+sbEwdY92Qrt9nJ5pBUMTpYSHS
+            XAGflfE1sdOQvDiKsftF+3V1MBzrm3qhoz9XIP/X0x1CktgJHK41lz7nEzXWu5Fg
+            G+OhkAN27nNOgyaHq5AGVkE+XpsXqUNzV/gH/cmyqd2MJ2KCzb5+MqGPNsv6
+            =x2MX
+            -----END PGP MESSAGE-----
+          fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2