Skip to content

Commit

Permalink
Cleanup secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@peterablehmann
peterablehmann committed May 19, 2024
1 parent 00563bf commit 4cb9086
Show file tree
Hide file tree
Showing 5 changed files with 29 additions and 93 deletions.
20 changes: 2 additions & 18 deletions .sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,7 @@
keys:
- &peter age1d085lpynkxxf0mfus0rd3qq0r38clwz9d5ddrl79x982z00j6qsqq8f54g
- &system_mns age1s7xs405mkw2gagclktekz27lxhh38se7adrkdfc0x2l28j9xsvdqcdrsyr
- &system_monitoring age1dpaezlv6va4a8pdqc9w8exuy54d8y2q20yu9zc98q326lusyfdpsf6ph93
- &system_sync age1ap6uwhhy4uvq72hwyts7gzl027mnypakvj6svphgw2fm8jk72v7qtccs76
- &system_cache age1tst50yvdtvlggtjcpa47pvywcdaxfv00v04wfwf552wg4wraaexqsaqlke
- &system_ymir age183wgf8xp46chqk049ekyg7vsan2p50zh4lqfllcllzwuekeywdzqn7pz0q

creation_rules:
Expand All @@ -12,34 +10,20 @@ creation_rules:
- age:
- *peter
- *system_mns
- *system_monitoring
- *system_sync
- *system_cache
- *system_ymir

- path_regex: secrets/[^/]+\.mns.(yaml|json|env|ini)$
- path_regex: secrets/mns.(yaml|json|env|ini)$
key_groups:
- age:
- *peter
- *system_mns

- path_regex: secrets/[^/]+\.sync.(yaml|json|env|ini)$
- path_regex: secrets/sync.(yaml|json|env|ini)$
key_groups:
- age:
- *peter
- *system_sync

- path_regex: secrets/monitoring.(yaml|json|env|ini)$
key_groups:
- age:
- *peter
- *system_monitoring

- path_regex: secrets/cache.(yaml|json|env|ini)$
key_groups:
- age:
- *peter
- *system_cache

- path_regex: secrets/ymir.(yaml|json|env|ini)$
key_groups:
Expand Down
6 changes: 3 additions & 3 deletions nodes/sync/mount.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
, ...
}:
{
sops.secrets."storagebox" = {
sops.secrets."mount/storagebox" = {
neededForUsers = true;
sopsFile = "${inputs.self}/secrets/mount.sync.yaml";
sopsFile = "${inputs.self}/secrets/sync.yaml";
};
environment.systemPackages = [ pkgs.cifs-utils ];
fileSystems."/mnt/share" = {
Expand All @@ -18,6 +18,6 @@
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";

in
[ "${automount_opts},uid=237,credentials=${config.sops.secrets."storagebox".path}" ];
[ "${automount_opts},uid=237,credentials=${config.sops.secrets."mount/storagebox".path}" ];
};
}
31 changes: 0 additions & 31 deletions secrets/cache.yaml
View file

This file was deleted.

58 changes: 20 additions & 38 deletions secrets/common.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,56 +14,38 @@ sops:
- recipient: age1d085lpynkxxf0mfus0rd3qq0r38clwz9d5ddrl79x982z00j6qsqq8f54g
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbUJHWGZ0VWVuZDgzTHdU
SmtYK01oTUNDQXBxenhzNVYvUC80Rk5yOTF3CnUxQTFkSytlZzc2RXQ0d3NaZzRB
QlBvV3NVMFZCZWxCTnNLd21ud3Q5NkUKLS0tIDEwejBUdExKRzlOcG9pNmJFU2Jt
ZGk5aWhFZXB3Unp5SnA3c0kxQ0tWQk0KWKalWyzT+V4c9/qqviWyR+C0xZxiGzgH
3LqXw53ha4jcTZSJrqox2yn42HVI7+bsID831VQVKpq9b/c/cm2FXw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3eUJML25MQnhpZWJBN3lQ
amtjNkVtQngzRncyalJJWDhqa0pWc0gxNVI0CnIzU2M3NEpWeWRid1Z1VnNyRFJw
RnpMSUFQMmJybVlyTWZqMC96SzRqWk0KLS0tIFg3V3dJa0pzY1NMV2RQdkhwd0Z4
b0VCeUJucXU4dHZheVpFRFhxc1k3TDAKY0LOBXp9PDZN4enT6L8/drxCkMeA/O3A
Ve3RixsRdwOcgsJdjIUHTAdCAUhNuRjcn8Pjs8UxBhou5fHIaV4aZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s7xs405mkw2gagclktekz27lxhh38se7adrkdfc0x2l28j9xsvdqcdrsyr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQjRKRnZLNnhHNElMRjl2
Tzlwb0tjeGpjUjJ6Z21VVU5jbUsxN3UrR1IwCmhFbHFsWlFrSGpIWGFjVnlrY210
U1RETDBpZFJUQlNJczZKcUlrbDBxN0EKLS0tIFRiZnVHYVA1NHZ4cURJd3RLT3Q0
Skovc0dhKzlLTmRocU94VS9EQ0puNEkKzzL6M8UyurM6SDYC8iks4WFySfFzFuxH
qGiqXnWkA74rM0YZHDgfwS8JXkbgK4iDuNco0JTUse75ezVj2gIw3Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dpaezlv6va4a8pdqc9w8exuy54d8y2q20yu9zc98q326lusyfdpsf6ph93
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRDJtYi9DM3l2NFNyUkxu
QnVoZ3pzblRvTGhUaVI1a08rVW9FWHpIcG5vClVIenpwdHdkRldPL0gxM1hkb29N
NGxkTWU5WTZwaUM2ckQzWlVBWXZ4QnMKLS0tIFNBbDdWNWprWElCaVpMdTM5KzJn
TzBEd2t3a3p0MXFJbUhLWm1xc3gwazgKwhQLfnB/hMFrIYtzLoD3o9pMPZ+SfqE+
Ynfd4m0LmhiwHgObzGgzs6AUSlkLW611Rn+Bm82z5zdsILgWFuv0sQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzSCttamJHZkNiUk1rS2la
TDhiTzRuRldrT25ZZG16NDBNTEs3OGFEbzBnClhUNmhLYjd2YjNMZlpnMnNTL3k3
RVd1M3l6MllCRGdQNlE0cjFQbmE4dVkKLS0tIEcwbm43MnBTNFpIY3lEN2xOdXYy
ZWdtZ3VIQWdTK2tUc0hUbzliQWtHazAKdJcZTxBTP1SbTn6pfeiAMjxTzeAlf+rp
LpboQI3qPNA+Imqtbx8lacP5jAbgpFoWRkYMxuSFh0QzHoaraxYgQw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ap6uwhhy4uvq72hwyts7gzl027mnypakvj6svphgw2fm8jk72v7qtccs76
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJNXdhYUx3Rk9nUE9vc3JW
OEV0d2RqZ3Z6WFlBUU1oY1ZmcTJFRC9MR1VZCmJRVUpDQURYUExtM09hUFdWYnRY
bDlWSEFNdVphYWk3M0NVOEd4bGhBdmsKLS0tIHYvRkxOMDRtV1lxbjU3bmcyQmRx
U0cyTWtUUEdPQTh4ZHU5bjIzSjRQZG8KU8NWbkzS3qbsEWoT4WVEwXc3c+0pQvk5
R2tajntDpto8gf009+XJoSH5PBOWZWw66bEPYRcu9utcFsNvWwbyHg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tst50yvdtvlggtjcpa47pvywcdaxfv00v04wfwf552wg4wraaexqsaqlke
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyRVBWdVVHYldjTU9kdGYr
bHRPN2VQaFVpbkptcWxHbFJDNU1GcmUwdENFCnE0Q3RmTFduM0psRTlnYlRYcjVa
dy8zZnVUQTZ0bUhQSk0xYUJNNnRrZE0KLS0tIHlTV1hBRzlaRG9yU1AvTk84akow
TDFGOEUwL0xML29DOFZwRGhha1EvWDAKVUAQx+RFjsxAjnoE1QUTyJQr7ByQZpgr
kMjeVLM5YnTxW5bj9AfNUaBxTs6fHo0RpzD6a1lRUmkxPgVZWXkqiQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjdThDbXBXWFdhRGVCZXJC
WWVXa05oSCtKS0VhYytNMGVTVGMrZXljR2tRCkwvQ3h4bENjMFZvRnBtSUFvdnc1
cTJWVlVkQVZjOUxZclJNa3ZYaktiYWsKLS0tIFg1QzJUMmJLOTRicnYxOWVXS0JB
dE95akkyNUtOUDlnTGN5YVZMaGFQbEUK06k7tnbFA93+pVzLYkpIt4u4aO5WzWi3
qtgAgNJZqTqSy02pvbAMtDCArIBgGPZwGhxPuZLhLfEeNjkyoYG8gw==
-----END AGE ENCRYPTED FILE-----
- recipient: age183wgf8xp46chqk049ekyg7vsan2p50zh4lqfllcllzwuekeywdzqn7pz0q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBamp6TEdKT3E0bWdJZi9s
UitvQm5QNGxmN0Zqd0NpOWZ0cGV4MFNWVlZJClh5Ym9nUmRnNTZOQmcyMWhQajlo
K0pHUDVya1lSMXVyeEFpLzR5RjMrczAKLS0tIHFUY1R6RDA4Q1B4b25tbHh2a203
TnJVVGQyU0E2QUxmMWhQNnc1UE9Ua1kK3cHTqKXDry9M5B9gHFJicNZ3KBonpM8N
N9wFhJIqHTmLtrphHMUQD0Sd+4QgK9CSEt6uTUlFFBINjL45ahtx9w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLMFNNSEZVWUJTYVpsbkxT
QXp4Vit5N05oR282OUhPUmd0SzFaUDZ1RDJvCmg5V3RUdFlFWlRNS2lRUHp3bGs5
WXQ5Uk1BTDhBaTB6TUwrL20vYXhEbDgKLS0tIGVuM1MvdUxOMy9JalZEVjhCeGlS
S2JvMzZya2dCbUtSVzNPOWVITHF1WFUKCxDwdj+hq0mEprx8N5NzYLBE08O8Jfl2
H3SPrww3gmQExa4eI6rZ8UtD+OTXXtDDrr7aBKcgqrTH5jb5l16hDw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-04T14:35:12Z"
mac: ENC[AES256_GCM,data:nEY/5npKF+fo6m/nRxqOd6GA490JGkeYn6gKzPSY4sSA6977CUutz8Y5lZsUpoyVXRmb7j/6YmfO9sYntOdm3efR3CQKBPNh8LRWK42oemQjPNUX3lYxyCMLEQijcNsKTUbZ7keCk3Z4gOt7JBVaLtOcF/B54FKq+q8c7yd0ers=,iv:Uu1W6J9QR+atOH/ifMPL0Nl653MVRA5G/mCsgslggbg=,tag:gm2dvFNmzt/XERpCjYfDIQ==,type:str]
Expand Down
7 changes: 4 additions & 3 deletions secrets/mount.sync.yaml → secrets/sync.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
storagebox: ENC[AES256_GCM,data:MJCHyYDvyySm7axUDkgLh9F8Imw3+NQz/CGef4Lo7On2dH447rL2d1Ws,iv:6Ar2/wG4VoFeyevYLX8XoGRuBhHaZve7ee8Akxtzwi8=,tag:46GAdKZ3yfnrubEbOMG8Rg==,type:str]
mount:
storagebox: ENC[AES256_GCM,data:IuEoYNNHiSqPKbU2wMd7BnW+4hRYr+3xPepPbljLmsp6RsfkYOvqiWyW,iv:nJLvr0Okt3sbE4ngOvKBh3yX4upyHW207gs0+nF2Hbk=,tag:IFQl3ibW+EgQ9RNzflqrFA==,type:str]
sops:
kms: []
gcp_kms: []
Expand All @@ -23,8 +24,8 @@ sops:
TWw4YnVRcEV3b0J5VmJGaTkvMWx1U0kKadJQi9phyEisv0JTrVPF6/syUgp6i4VO
3rGwYDWrmtV/Zq+DBVKPKenS5OlMQMM/HhiFiKI8CSjt0an0nbtd9g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-07T11:42:25Z"
mac: ENC[AES256_GCM,data:5bHMoxqEOCqHZt12ajhWaMC3gm0LPiARnNscVvXBmi42bnyob1BPZ2rRYv4nyiCb41yuDAQCNc7BDBhMVif1ATUnaEV67wQAe+7LHrIaoozcA0bA1040FD7HJi/DpKw6elFiSxefj706DW+nmShawZ7+153umOlFrcvKq1eG96A=,iv:BLCFmq4XwHeOmGu91slvWnYxaIuxzLFitllsr7xuD4c=,tag:VWMuzt9B4ab+Pg36Gv4tYg==,type:str]
lastmodified: "2024-05-19T14:57:22Z"
mac: ENC[AES256_GCM,data:v2y6FJJa+mLXg73PxZGFFWdb4sZOudH+s8a62up3rsBUaR9/s4SUx7LguAKrHeKGHgCc+3CxaPZhhDBDxdi9pBZ2JMepG6+EUko65hDo7h4tVbZiuh7E41PBYJbJgiWo14WGFjZoMSFs3LjvIvmMV+NXkxtcGXA3bQJDLYYsCnk=,iv:o+yHquSMPDHMjddv+fj7m2sdgSbZg6laBa3hK2nEHvQ=,tag:LiwACb/i7x8MMBxXpNPg0g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

0 comments on commit 4cb9086

Please sign in to comment.