From 1fa4bc50c70b630c317b8aefed473c270a9e8744 Mon Sep 17 00:00:00 2001 From: noe Date: Tue, 16 Jul 2024 02:45:18 -0400 Subject: [PATCH] sync --- .sops.yaml | 8 + Justfile | 2 +- flake.lock | 111 ++++----- flake.nix | 26 +- home-manager/features/vesktop/default.nix | 10 +- home-manager/features/vim.nix | 70 ------ home-manager/noe/common/default.nix | 2 +- home-manager/noe/hosts/aerial.nix | 2 + nixos/client.nix | 2 +- nixos/features/nvidia.nix | 5 +- nixos/hosts/exit-node/.target | 1 + .../hosts/{keylime => exit-node}/default.nix | 6 +- nixos/hosts/keylime/.target | 1 - nixos/hosts/monitoring/default.nix | 8 + nixos/hosts/pihole/.target | 2 +- nixos/stacks/ps2.live/extras.nix | 2 + secrets/default.yaml | 229 +++++++++--------- tools/onboard-machine.js | 82 ++++--- 18 files changed, 259 insertions(+), 310 deletions(-) delete mode 100644 home-manager/features/vim.nix create mode 100644 nixos/hosts/exit-node/.target rename nixos/hosts/{keylime => exit-node}/default.nix (64%) delete mode 100644 nixos/hosts/keylime/.target diff --git a/.sops.yaml b/.sops.yaml index f256ba7..11a8be7 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -21,6 +21,7 @@ keys: &all - &m_jitsi age1cc80558u3f8pdwrmhev8264c0h9dkkm59sy40j7zms97qzxg0ffqza9en0 - &m_nextcloud age198c9udn09u87zje4ctz4j8d2k5ey5kvgl34nfn573e9csx9mcs3q7a6q2u - &m_dis-sociat-ing age1nsuxsnf64mcfgnggy5ehuqk3egp0rea3ldzst0f66full7ap7ews5eg46s + - &m_exit-node age13xddcc3njv29sxzfdx2rjctaejhsxr5rephruga7vjrvjclcapuqnwx52t creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ @@ -159,3 +160,10 @@ creation_rules: - *op_noe_2 - *op_noe_3 - *m_dis-sociat-ing + - path_regex: secrets/exit-node/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - age: + - *op_noe + - *op_noe_2 + - *op_noe_3 + - *m_exit-node diff --git a/Justfile b/Justfile index 473afaf..4b8923a 100644 --- a/Justfile +++ b/Justfile @@ -77,7 +77,7 @@ deploy target_host extra_flags="": deploy2 target_host extra_flags="": @test -f nixos/hosts/{{target_host}}/.target || { echo "Host cannot be deployed, add a .target file with SSH destination"; exit 1; } - nixos-rebuild switch {{extra_flags}} --target-host root@`cat nixos/hosts/{{target_host}}/.target` --accept-flake-config --flake .#{{target_host}} + nixos-rebuild switch {{extra_flags}} --target-host root@`cat nixos/hosts/{{target_host}}/.target` `cat nixos/hosts/{{target_host}}/.flags 2>/dev/null || echo ''` --accept-flake-config --flake .#{{target_host}} # ssh target_host *args='': diff --git a/flake.lock b/flake.lock index 6cf8ed1..f6855b4 100644 --- a/flake.lock +++ b/flake.lock @@ -27,11 +27,11 @@ ] }, "locked": { - "lastModified": 1719845423, - "narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=", + "lastModified": 1720845312, + "narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "ec12b88104d6c117871fad55e931addac4626756", + "rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc", "type": "github" }, "original": { @@ -150,22 +150,6 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -192,11 +176,11 @@ ] }, "locked": { - "lastModified": 1719877454, - "narHash": "sha256-g5N1yyOSsPNiOlFfkuI/wcUjmtah+nxdImJqrSATjOU=", + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "4e3583423212f9303aa1a6337f8dffb415920e4f", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, "original": { @@ -312,7 +296,10 @@ }, "git-hooks": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": [ + "nixvim", + "flake-compat" + ], "gitignore": "gitignore", "nixpkgs": [ "nixvim", @@ -324,11 +311,11 @@ ] }, "locked": { - "lastModified": 1719259945, - "narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", + "lastModified": 1720524665, + "narHash": "sha256-ni/87oHPZm6Gv0ECYxr1f6uxB0UKBWJ6HvS7lwLU6oY=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", + "rev": "8d6a17d0cdf411c55f12602624df6368ad86fac1", "type": "github" }, "original": { @@ -366,11 +353,11 @@ ] }, "locked": { - "lastModified": 1720167120, - "narHash": "sha256-K9JYdlPiyaXp33JRg7CT8rMwH56e4ncXSsXW/YKnNXc=", + "lastModified": 1720734513, + "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=", "owner": "nix-community", "repo": "home-manager", - "rev": "bbe6e94737289c8cb92d4d8f9199fbfe4f11c0ba", + "rev": "90ae324e2c56af10f20549ab72014804a3064c7f", "type": "github" }, "original": { @@ -387,11 +374,11 @@ ] }, "locked": { - "lastModified": 1719827439, - "narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=", + "lastModified": 1720734513, + "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=", "owner": "nix-community", "repo": "home-manager", - "rev": "59ce796b2563e19821361abbe2067c3bb4143a7d", + "rev": "90ae324e2c56af10f20549ab72014804a3064c7f", "type": "github" }, "original": { @@ -527,11 +514,11 @@ ] }, "locked": { - "lastModified": 1719845423, - "narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=", + "lastModified": 1720845312, + "narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "ec12b88104d6c117871fad55e931addac4626756", + "rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc", "type": "github" }, "original": { @@ -561,11 +548,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1720055043, - "narHash": "sha256-SKizewU4UeYrkZWPUjur8EoxscGoNb0pGcrNL4YzAIg=", + "lastModified": 1720859326, + "narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "168b220231a70e47cc1f0919048fa5914415fb18", + "rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7", "type": "github" }, "original": { @@ -640,11 +627,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1719957072, - "narHash": "sha256-gvFhEf5nszouwLAkT9nWsDzocUTqLWHuL++dvNjMp9I=", + "lastModified": 1720535198, + "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7144d6241f02d171d25fba3edeaf15e0f2592105", + "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", "type": "github" }, "original": { @@ -656,11 +643,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1719720450, - "narHash": "sha256-57+R2Uj3wPeDeq8p8un19tzFFlgWiXJ8PbzgKtBgBX8=", + "lastModified": 1720915306, + "narHash": "sha256-6vuViC56+KSr+945bCV8akHK+7J5k6n/epYg/W3I5eQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "78f8641796edff3bfabbf1ef5029deadfe4a21d0", + "rev": "74348da2f3a312ee25cea09b98cdba4cb9fa5d5d", "type": "github" }, "original": { @@ -672,11 +659,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1720031269, - "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", + "lastModified": 1720768451, + "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", + "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", "type": "github" }, "original": { @@ -720,11 +707,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1720031269, - "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", + "lastModified": 1720768451, + "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", + "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", "type": "github" }, "original": { @@ -736,11 +723,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1719468428, - "narHash": "sha256-vN5xJAZ4UGREEglh3lfbbkIj+MPEYMuqewMn4atZFaQ=", + "lastModified": 1720781449, + "narHash": "sha256-po3TZO9kcZwzvkyMJKb0WCzzDtiHWD34XeRaX1lWXp0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "1e3deb3d8a86a870d925760db1a5adecc64d329d", + "rev": "8b5a3d5a1d951344d683b442c0739010b80039db", "type": "github" }, "original": { @@ -764,11 +751,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1720191961, - "narHash": "sha256-p67UionzurpCRjSIhhgRgRAapZLfXHG9nvQQ37qerdA=", + "lastModified": 1720910388, + "narHash": "sha256-gCudumUXHH+o0KFemXecDYySVCzjz7jYDGjdJbrN7gA=", "owner": "nix-community", "repo": "nixvim", - "rev": "b59fa976d0f42eba35bf89c8fbc4107de7ef1db2", + "rev": "ac9a1cbf9c7145687e66a1c033d68fc72eca3fd8", "type": "github" }, "original": { @@ -892,11 +879,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1720187017, - "narHash": "sha256-Zq+T1Bvd0ShZB9XM+bP0VJK3HjsSVQBLolkaCLBQnfQ=", + "lastModified": 1720926522, + "narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "1b11e208cee97c47677439625dc22e5289dcdead", + "rev": "0703ba03fd9c1665f8ab68cc3487302475164617", "type": "github" }, "original": { @@ -978,11 +965,11 @@ ] }, "locked": { - "lastModified": 1719887753, - "narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=", + "lastModified": 1720818892, + "narHash": "sha256-f52x9srIcqQm1Df3T+xYR5P6VfdnDFa2vkkcLhlTp6U=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c", + "rev": "5b002f8a53ed04c1a4177e7b00809d57bd2c696f", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 003ff00..81ad0ed 100644 --- a/flake.nix +++ b/flake.nix @@ -171,23 +171,23 @@ nixosConfigurations = { aerial = mkNixos [ ./nixos/hosts/aerial ]; # desktop cider = mkNixos [ ./nixos/hosts/cider ]; # asahi m2 mba - drone = mkNixos [ ./nixos/hosts/drone ]; # spectre x360 - ingress-proxy = mkNixos [ ./nixos/hosts/ingress-proxy ]; # nginx edge proxy - keylime = mkNixos [ ./nixos/hosts/keylime ]; # lab jump - monitoring = mkNixos [ ./nixos/hosts/monitoring ]; # Grafana, Prometheus, Jaeger, etc - ps2live = mkNixos [ ./nixos/hosts/ps2live ]; # PS2.LIVE stack + planetside stuff - thonkpad = mkNixos [ ./nixos/hosts/thonkpad ]; # t480 - sapphic-engineer = mkNixos [ ./nixos/hosts/sapphic-engineer ]; # Akkoma, sapphic.engineer - porcelain-doll-repair = mkNixos [ ./nixos/hosts/porcelain-doll-repair ]; # Iceshrimp+Withdrawl, porcelain.doll.repair dis-sociat-ing = mkNixos [ ./nixos/hosts/dis-sociat-ing ]; # Iceshrimp+Withdrawl, dis.sociat.ing + drone = mkNixos [ ./nixos/hosts/drone ]; # spectre x360 + exit-node = mkNixos [ ./nixos/hosts/exit-node ]; # lab jump git = mkNixos [ ./nixos/hosts/git ]; # Forgejo Host - nas0 = mkNixos [ ./nixos/hosts/nas0 ]; # SMB/NFS NAS - ts3 = mkNixos [ ./nixos/hosts/ts3 ]; # Teamspeak-san - pihole = mkNixos [ ./nixos/hosts/pihole ]; # PiHole! - static-sites = mkNixos [ ./nixos/hosts/static-sites ]; # nginx specifically for static sites - mumble = mkNixos [ ./nixos/hosts/mumble ]; # mumble + ingress-proxy = mkNixos [ ./nixos/hosts/ingress-proxy ]; # nginx edge proxy jitsi = mkNixos [ ./nixos/hosts/jitsi ]; # jitsi meet + monitoring = mkNixos [ ./nixos/hosts/monitoring ]; # Grafana, Prometheus, Jaeger, etc + mumble = mkNixos [ ./nixos/hosts/mumble ]; # mumble + nas0 = mkNixos [ ./nixos/hosts/nas0 ]; # SMB/NFS NAS nextcloud = mkNixos [ ./nixos/hosts/nextcloud ]; # nextcloud + pihole = mkNixos [ ./nixos/hosts/pihole ]; # PiHole! + porcelain-doll-repair = mkNixos [ ./nixos/hosts/porcelain-doll-repair ]; # Iceshrimp+Withdrawl, porcelain.doll.repair + ps2live = mkNixos [ ./nixos/hosts/ps2live ]; # PS2.LIVE stack + planetside stuff + sapphic-engineer = mkNixos [ ./nixos/hosts/sapphic-engineer ]; # Akkoma, sapphic.engineer + static-sites = mkNixos [ ./nixos/hosts/static-sites ]; # nginx specifically for static sites + thonkpad = mkNixos [ ./nixos/hosts/thonkpad ]; # t480 + ts3 = mkNixos [ ./nixos/hosts/ts3 ]; # Teamspeak-san }; darwinConfigurations = { diff --git a/home-manager/features/vesktop/default.nix b/home-manager/features/vesktop/default.nix index f70e611..2b92122 100644 --- a/home-manager/features/vesktop/default.nix +++ b/home-manager/features/vesktop/default.nix @@ -3,13 +3,13 @@ src = pkgs.fetchFromGitHub { owner = "Vencord"; repo = "Vesktop"; - rev = "2733727a40a4cf542277dedcf89e87e7740f962d"; - hash = "sha256-EF36HbbhTuAdwBEKqYgBBu7JoP1LJneU78bROHoKqDw="; + rev = "3fe2094814480c78ae74f4466804c51059c563aa"; + hash = "sha256-FWbA8gcFRnp78/ROrAu9yA0j6SDbzemak3gMxiq3Jog="; }; - pnpmDeps = prev.pnpmDeps.overrideAttrs(final2: prev2: { - outputHash = "sha256-6ezEBeYmK5va3gCh00YnJzZ77V/Ql7A3l/+csohkz68="; - }); + # pnpmDeps = prev.pnpmDeps.overrideAttrs(final2: prev2: { + # outputHash = "sha256-6ezEBeYmK5va3gCh00YnJzZ77V/Ql7A3l/+csohkz68="; + # }); }); in { home.packages = [ diff --git a/home-manager/features/vim.nix b/home-manager/features/vim.nix deleted file mode 100644 index d601736..0000000 --- a/home-manager/features/vim.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ inputs, pkgs, ... }: { - imports = [ - inputs.nixvim.homeManagerModules.nixvim - ]; - - programs.nixvim = { - enable = true; - - opts = { - number = true; - }; - - colorschemes.tokyonight.enable = true; - - autoCmd = [ - { event = "VimEnter"; command = "Neotree"; } - ]; - - keymaps = [ - # Simple save Ctrl + S - { action = "w"; key = ""; options.silent = true; } - - # Vsplit - { action = "vsplit"; key = ""; options.silent = true; } - - # [H]split - { action = "split"; key = ""; options.silent = true; } - - # Toggleterm Ctrl + ` - { action = "ToggleTerm"; key = ""; options.silent = true; } - ]; - - plugins = { - neo-tree = { - enable = true; - closeIfLastWindow = true; - buffers.followCurrentFile.leaveDirsOpen = true; - }; - lightline.enable = true; - toggleterm.enable = true; - rainbow-delimiters.enable = true; - treesitter.enable = true; - barbar.enable = true; - gitgutter.enable = true; - persistence.enable = true; - cmp.enable = true; - cmp-nvim-lsp.enable = true; - cmp_luasnip.enable = true; - luasnip.enable = true; - - - lsp = { - enable = true; - servers = { - nil_ls.enable = true; - rust-analyzer.enable = true; - rust-analyzer.installRustc = false; # use rustc in nix shells, maybe? - rust-analyzer.installCargo = false; - tsserver.enable = true; - htmx.enable = true; - html.enable = true; - }; - }; - }; - - extraPlugins = with pkgs.vimPlugins; [ - vim-sleuth - ]; - }; -} diff --git a/home-manager/noe/common/default.nix b/home-manager/noe/common/default.nix index b47bf94..fc84e36 100644 --- a/home-manager/noe/common/default.nix +++ b/home-manager/noe/common/default.nix @@ -4,7 +4,6 @@ inputs.sops-nix.homeManagerModules.sops ../../features/direnv.nix ../../features/git.nix - ../../features/vim.nix ../../features/fish.nix ] ++ (builtins.attrValues outputs.homeManagerModules); @@ -38,6 +37,7 @@ traceroute whois nmap + neovim ]; }; diff --git a/home-manager/noe/hosts/aerial.nix b/home-manager/noe/hosts/aerial.nix index 298256c..6964611 100644 --- a/home-manager/noe/hosts/aerial.nix +++ b/home-manager/noe/hosts/aerial.nix @@ -22,6 +22,8 @@ teamspeak_client signal-desktop-beta nicotine-plus-master + discord + vlc ]; programs.vscode = { diff --git a/nixos/client.nix b/nixos/client.nix index 859d58c..bf386a9 100644 --- a/nixos/client.nix +++ b/nixos/client.nix @@ -14,7 +14,7 @@ curl btop htop - neofetch + fastfetch xclip ]; diff --git a/nixos/features/nvidia.nix b/nixos/features/nvidia.nix index ef28ffb..22411e9 100644 --- a/nixos/features/nvidia.nix +++ b/nixos/features/nvidia.nix @@ -33,8 +33,9 @@ nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.beta; + package = config.boot.kernelPackages.nvidiaPackages.latest; }; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages_zen; + #boot.kernelParams = [ "nvidia-drm.fbdev=1" ]; } diff --git a/nixos/hosts/exit-node/.target b/nixos/hosts/exit-node/.target new file mode 100644 index 0000000..5bcbdd1 --- /dev/null +++ b/nixos/hosts/exit-node/.target @@ -0,0 +1 @@ +10.100.1.57 diff --git a/nixos/hosts/keylime/default.nix b/nixos/hosts/exit-node/default.nix similarity index 64% rename from nixos/hosts/keylime/default.nix rename to nixos/hosts/exit-node/default.nix index 5508063..981d510 100644 --- a/nixos/hosts/keylime/default.nix +++ b/nixos/hosts/exit-node/default.nix @@ -2,13 +2,9 @@ imports = [ ../../templates/proxmox-lxc.nix ../../server.nix - ../../features/podman.nix - ../../features/dns-cache.nix ]; - home-manager.users.noe = import ../../../home-manager/noe/hosts/keylime.nix; - - networking.hostName = "keylime"; + networking.hostName = "exit-node"; system.stateVersion = "24.05"; nixpkgs.hostPlatform = "x86_64-linux"; diff --git a/nixos/hosts/keylime/.target b/nixos/hosts/keylime/.target deleted file mode 100644 index a866f8c..0000000 --- a/nixos/hosts/keylime/.target +++ /dev/null @@ -1 +0,0 @@ -10.100.0.8 diff --git a/nixos/hosts/monitoring/default.nix b/nixos/hosts/monitoring/default.nix index 287f553..246b196 100644 --- a/nixos/hosts/monitoring/default.nix +++ b/nixos/hosts/monitoring/default.nix @@ -111,6 +111,14 @@ metrics_path = "/metrics"; scheme = "https"; } + { + job_name = "plapkit"; + static_configs = [ + { targets = [ "i-pk.noe.sh" ]; } + ]; + metrics_path = "/metrics"; + scheme = "https"; + } ]; }; diff --git a/nixos/hosts/pihole/.target b/nixos/hosts/pihole/.target index 3573837..3c877d9 100644 --- a/nixos/hosts/pihole/.target +++ b/nixos/hosts/pihole/.target @@ -1 +1 @@ -10.100.1.44 +10.100.69.69 diff --git a/nixos/stacks/ps2.live/extras.nix b/nixos/stacks/ps2.live/extras.nix index 54b6880..fdbc7a0 100644 --- a/nixos/stacks/ps2.live/extras.nix +++ b/nixos/stacks/ps2.live/extras.nix @@ -25,6 +25,8 @@ ports = [ "8555:8555" ]; environment = { DSI_FIELD_NAME = "system[front]"; + PK_SYSTEM_ID = "e6bd7a02-42c5-43f1-8cd5-250c90638cf3"; + FEDI_ALTS = ''{ "aki": "@aki@porcelain.doll.repair", "hide": "@hid@porcelain.doll.repair", "ethyl": "@ethyl@porcelain.doll.repair", "sayaka": "@saya@porcelain.doll.repair" }''; }; environmentFiles = [ config.sops.secrets.plapkit.path diff --git a/secrets/default.yaml b/secrets/default.yaml index 25df863..86d7543 100644 --- a/secrets/default.yaml +++ b/secrets/default.yaml @@ -10,200 +10,209 @@ sops: - recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5T0RzWlRwbmtPZjBFTUYx - Qm5iRXNQWERhbmIyeWJRQTlzVlJLUWEzT2x3CmJDWGFIRCtSL3JNaUhNSHVHNVhH - Q2NPMGxQMWFFRC9lWVZ0USt3eGxJNlkKLS0tIHF4YkkvOC9aeC9SMlBLRFNxV0J4 - akYySFdRMXk4anBFVStlUHh2SDJ4VEkKmw745s9CVYitWSSV6ytjKHFkDdr2N+nl - Tbq7Qc/i/+UM2v5iE1zorr8ACYfdWFUy7oMi34XKCpFBW+p7UXywmg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZN3BzNy9WYXBZOG1NVTRQ + Z1VhdzJqV3l1YXFsNnJOMm9SME1SWFdoU2pvCmlkb1JQTUJ1MTFsTkFnTzlLUHRs + WTF4dGoyRTV6bzRqdzY4enUwNVh6c3cKLS0tIGFoRHhsbVc3eW5LTG1SUGcxUUw2 + aGU2cjA3TGRnQko4ODNDK0R6UnN4elkKF5xlebCEelDeaPLhGJLHaTcpZL+zbghh + cbJMi8r7It1xc4Wv3XudUh9gltPFV99w25Vbhxce1Svuuzyq4YDkbw== -----END AGE ENCRYPTED FILE----- - recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTQjN6LzQwbXVPQXhBaUMw - UDZxclJnV0FFL0hzY3V3N2F6TFNOZ0lWZkJzCmQwdVlpSGZBQTk2NWgrejJWSnR1 - SFJENldLTFhVY1phUGRTNXdJWmtGaGsKLS0tIGVDMmJwNWVnNHZxaUtWY0FTZTds - NldBclpXVEhCWDlVcGo5YUNkZVBDVG8KGhU++P60aeFN9Qh8d+xv2jvxUYdu7u5z - EU9lteUv55TcnWerpNFHTjuJ7j26RRqqIo6EnX8AV440PeLEi1clQQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWU0tlcWJNZ1hHeFU4NU14 + bDYrNWxBZmw4WkRnbmVjMDAzeGVOb2N1aW00Cm5GcXZuV3ZnS0pPaHhNT2VtNjF4 + RmRKTlY2a3lKYk9oR2xMajdQc2lMemsKLS0tIDhhdVo4b3dQbEtXYkJTbGd6ZFYr + bHBKYVhucm1zRURKenBSQllQRS9PcVEKgvQ7JuH49s8A9PIhZjFyHx+pf1PvS1pF + /5oMwSSHxl07Fb4r0ekfZMfjOZzzIutxXOvFKzgC+8m/DGAjm3s70w== -----END AGE ENCRYPTED FILE----- - recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQzA5Skt6YXJranc0ZXIw - eGIrSktrT3Juc1EranZuZVhvWmZScGQ5Y2xrCmFrb2hNOXJNYkFkNk81TXJmY1Fs - MEJZT240eGFsOTFnUTBwMzY4M3ZmQ00KLS0tIFJJazdCTEtoNG5tZkRENEFPekhu - OEt4cUg0b2daWU1VdTV1UUxFWE4wVG8KbG9iXAnsLL6oXh2gz9mnaIZfDkdg8bpQ - 27fGrIaZoGT7Rof9LlfKe3Pmq55ABNNqyuTyjPI/kCOKXKSDjrvYkg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRkRiMTdUVmlrc2hpcWdn + YVVKMTBUZGhEcUwwVDh4N0dQN2pWZDRrUzA4CnBiSG9PVnpGeTltUkhGNmRpZHdH + OEc5djFiTTIyRVJ3RDBUQzFiYmNZZzQKLS0tIEhlb3NKUzNJUDMzTVU2cVU0eUR1 + cG9KbFN5Q3QzeW9ERmNCQjZkbHMzSUEKIrTeHztp5S+ow8LsmZmPmHMOh60wVMbS + ELHQXEbSs35eNYDhQYRLKVrCgUog4NTisGUebYXJ5e0pnFqdjuxcMA== -----END AGE ENCRYPTED FILE----- - recipient: age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2N09xQUtrWW50OWZxZU9L - RitXdDZJeXNxdTBjZGdYNDZNVGZBeEZyU1dnCnZvYzlvNm5taDRxbkJnUXB2N2dX - S1JpeEtBT2twZmU2M1liaGlGR2RhV2MKLS0tIFowb0pYM2o4MmdnenBaQ1VmWjAy - RE9xam13REc3VE1RQTI5R05leFJxN2sK+v3946MZ5R8eT7c71sx1fD3zHStWJp4t - PFELnl0SVqBuWvoizejdfb4hSDsFTfjl42XjlXWkwruHxQ/uoIewuw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZm54S2JZdkFmYmYxRERp + SEwxa09CWWQ4KzROTUM2QlVhZnExWmdyK3pzCkNrZ1Z3cXJybEdDK2xhcVdqL1Fp + RjFjeVI4dW5JSkJoTDE5Y3VETHRNbE0KLS0tIGlvcE1IRFJaSmtEVTNvSzBVWlJh + MHBGN2l1a29za1dQTHl4L0dlcmJ3UkUKz/WhitfswcjRT/yEs/KQXW28tCE+URUM + JTleqicmQMGy/77Cv98lit9hC+xKJzWhYaZW/rjh0hW5J0pQA2xZtA== -----END AGE ENCRYPTED FILE----- - recipient: age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBeHZTREFaOXFMT1lHdjZk - Q3JLMlNXMU1vRW9jSFdqSW15cmNwWFBHR2lFCmQ0ZTdqYWsybkFPcHdCU3pMVktk - UlViMTZQT3RiMHQyOTRTSHVzR0dqK28KLS0tIDZDYWVpM0hkR2VWZ2tWTzVIMUZv - MTFTQW1lMmhUb29tUW1ORjdERFEybnMKSFtadgiSf1zFlhQdhVKZML4TFq9bvMlp - h6TAngh7xzNPE9T7beG1zLShBaop73EPNIi4uljH/RBIEkIFhnXC+g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV2p0a1FFb3FaVnBmY2R2 + ZENoeXlkcW1iYzVjRWxDT2pmVTB4STErSWgwClUwS2R2R2IzTEFQUmFKYkNpNUVr + S2FEQWc0MURkMEtseU42Rzc3ZUdWdEUKLS0tIDNjc3VaMDIxVC9pNWlnU2grN0hw + QStHTzU1RGN5VHJBUCtJdjdpdFd5elkKs4ycQQP4mI2W9Io35UhlJpFWqsz6mT68 + ZfnSUiD5BlgXIZnQFGzAkbDmhGnrpbFmkemxMhMW69frcy5kVUE/5w== -----END AGE ENCRYPTED FILE----- - recipient: age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcW85c3pPVGdrNTBkUXJr - ckNGb29EYVJ1YVFYeW9XUHk5ZWVkMVBWMTNRCmpoeW9vMmlLblN6dG1ROWtRWTdU - cWtiWjJvMmlZVUVTK0liM2d0WjRwWTAKLS0tIFF1aEpzNTZCcnl3UzJtZTFxV2tC - ZFhHKzhCU3M3amNCaE5vMEpTc3ZqcVkKoUlajedYfWj22ocqnXYEOQD0Ma3Wj6W0 - 2A9geVcMbG0eFsDwXGn63u93ckcKZOYsmCxPykJ8LaV6b54itNBMEw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZmtBV3R6SVV4akgxTFRu + NHBRN21JN2Q0R3ZPdmRxbmd2THVPSFBqMEVrClM0b1Btcy9wWFNONzljTDR4UWJy + UDVwdis3WWR4dHFOYmFQWk15YVo5eE0KLS0tIEtBUWFZY0pkSnR1SmxBU3lGL0th + ZFhHNk81ZVM3TWx5YlJtdFovNGR3ZEkKrnJ3qtxQNPRrOjjtK3RNIH1fxYpGMdff + hYIpENJRXJEjaqVyvLfwaX0u3t4+F9y4X5yMxlYKNUS2Vk1+cetWvA== -----END AGE ENCRYPTED FILE----- - recipient: age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYmVrQjI2OExjWUVTMXh1 - YkpudHFzcXhKUWI3VU16WGhRZ3NhRVh4UDFzCnhJVXZKZGk3MGhqMnd1Z1crcUFr - YUxnUmVURUhpZFhMOTVCY1k0TldHQk0KLS0tIFBJOGVqZlBOcnh3OVBYM0tEL0wz - a2h4NUJ3bk42RnJ1ZGJUdk1IUE9sZlUKcqtTue4b4/fT7bIi1ZXag2hqrxIaWcf2 - pg8bnJoOLqyODpvAQ4KvyMLrWJluRLbvs2C6YB0XgTOm93hp+uiESQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUeERXT0FSWS95YWhtcmQx + UVpuZlpnaTRqTGYyTDduN0RrS0RuRTNiRndrCmdhMllXTW1yaGdoVFFMVmVUMmgz + NjRsem94K3ZrclVxd0p1dEl1VWRGTG8KLS0tIGdBM0dNM0l6cWpGU2RDUUQ0VFMx + N1dleW1EcVBFK25NOEc4VTJranBScFkKCYSMPRXGivEbjMPMJ5OtS+bEvg5h7WbB + eYg4KkDVXMdaEfSvzUPYVYDhSXSwWSUYM+ofCPXeJVHZgD6EsB65Lw== -----END AGE ENCRYPTED FILE----- - recipient: age1wc3czlazkfxphsq6exxxkdpma4lrv7n3v3fvel9l5u96dlljn4fslh666p enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcXloSGpUZUEwWWNIUzRW - TVM3cDJWUG5QL1pqQW9zSGZ6ZGx4SjlyemtVCmh1aDJtUmVsL2VobDlTVmY3V1NI - LysxVmMwZkliaEp6eC9YdVZEM2NLcGsKLS0tIEljL00vZzhCTjhPZi83SkRJbnNB - bkplZnRCWnNIaHcrbHlBK1JUdFdBQjgKYPoHOc2CRbzyJ/HlPBOeFMbTRnuflYDO - 9sV+3yucL8Baw1e26PUydztgs2l5NeIz7wsG2NHrANB/SYJx69uj3g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aXYxYThHb0RIa2VtOFpu + aUhpWFFtUXdHRjFYRFZiNGNkanREZytLYkJnCk14TUlHblBzWFQrZHd0WjlLWmNq + U2JZQXJVYjNJSnljRmNvYUErRk8yUXcKLS0tIHpFTG1oQVpBTlBCcGMzNDlLVnl2 + N1NNYVVsRHR0MVUrUW92TTg3dzczUjAKQi9ZvtuD4tKlAiLy3T885wsijOF+8GsL + gr9IL0khwarhNy+K+/pF5qcduK3faITx8pmDqLABjSJdUGJlOjRhnA== -----END AGE ENCRYPTED FILE----- - recipient: age18net4rsvyx84d9jjh64rgqsru3njwc438qt3993kn865dx9weaqq0rzkrh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONlFDckVMOW5PdWlabnh4 - L1N3NUZOMGpOMkhhNlpXaS9HT2lsejNYdjBzCjdUenIvZS9TZ2ZURVc3eFdwcjRi - VzF4VzRxRnh2aXVTbVhXMHhSWGpmZzAKLS0tIFRFWDRPaWR2bDBOSFV2SUZzL0pY - WlY4R2g4R3NHcnBOVVpoVisrUkk4b3MK3+czTt18kUizb8hUy1/p19IZgdQWJBq6 - XrzXNqA9/iAHffu8fHK4rWUUITomiY46BHgnVMHaYYKyYhjP4/uvjw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBET0lTSjJDWGZKeXJCaHZP + V0F6cjhtL0MrSUVqNXhLd1RJWnJacXkxNzNFCmd4d3UrRm1HYmx0RlpOcFkwa0sy + aDFNM25qMk9uQ1V6M1creEZYbDRHaU0KLS0tIE04RW4xemltbDl2a2Z2R2F3QkJD + ZVR6ZStsVjgvSXBySEVsZ3ByMzV3NDQKrWI5T7Nlj15Iv+3Ru0P3NGypRIRrPVAU + r4oCwCR8QlMV/SXRVzJL27FMc6gnoVZ4lKylPC9QBl9aHng0D39O0Q== -----END AGE ENCRYPTED FILE----- - recipient: age1mc6eyvnqt4ztmqdzt08zaher2ts37ypgzuh049v3cgv9j0rje96q5rm56k enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbWhHMlZHU01KRGVCNWlG - bkg4cWZrMnZlRlovSm5jWlpHTDA3ME9VRGdVCnRvamd0YzhVTVhPN2dEMDU0U1l2 - Y3NGeDFnNEo0NHRvTE5QTEpTdkhnOW8KLS0tIHJGWmRIUldpOEIrMXpLWTR0aFhJ - T0pTWmdQUmYxZ2Z3TmZjdGU0MDZ4SjgKab2UgYienigrXUqJKVhauwFMAT9wlKN8 - z3MIc3J8SZn+UPyRvo15mYHbW1TYntLRKt0LYpZ9kJt+JIpEQGPv/Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMzRXZlBqdGI3bUI1QjZW + WFRSOU9lNkxrV0dEVmo4WkxpVnBhYjFPWlMwCmloY2xEaitoakhuUWxWbDFjS3F4 + c291MDFIKzJmMlRxTW0yVXRDN1JIaTgKLS0tICt1REV2V0lublJneWdaT3NSM3Fn + NUhtcGZZbmU1RjA4T0ZxR1dPcDhZM3cKZQVwJi5r4cBnihAwSqTZSESF6foX1Xmw + qKr8kv7sSo1zBUFA/0BYOp9lsdRrPOiBvF3oeWFWbLS9flQaebVojg== -----END AGE ENCRYPTED FILE----- - recipient: age1h7yp3psl5zyze8sl6lld6ksv6fcmul9z8mjwc4k78mwnys58c3ls9mgfdx enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Zlh4RUpPeDdqb1RyZXVQ - NWVLd2RIc0JnM2tjM21HeUZmWmFYcHZqK2hJCjhmSElERU5NclpxbzMrYjViU1RB - TVNNbWg0YjJyODlZYjdIdDM1WDhnNVUKLS0tIEJTOXJxQlhYek1MYVJQQ0tRWSt5 - aVZETlp5eGlGaVg2MUR0UVpxbHJMa2sKvULBHfABahJsrXfVh9iBXnS6wWCmpfc+ - 6JTpzykxGO/+ZYgDfIZBO+YhSmykH7GFRidKwa/26Vm6ymsUjZLT5Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNndQQW5mODZVYmYyeXQ3 + c0x1VW5DcVI5aWdSTjYyMG5NVFZlZDZ2S1R3Cjk1VVdjQ0FUcWRCd1pBRmllbENq + VDRaUklVbHRNc0JNeWFFOFByWE04Qk0KLS0tIG5MNWJpT0ZRL05DQ2lKUXBZaTFD + V0s0c3VVcVR5YnNTOWhvUkJXY085QkkK8uuwnV17Q0C75c4xT2Te3mUxvjrgIVJn + CZ6XI18CIXBLA1zC2Um1C/WL/HNcFUr9xEwmZVclCz0r47zE4uwyfg== -----END AGE ENCRYPTED FILE----- - recipient: age1qy9tvzlgek7fq4nl52e05ad6pyvglrtaxwjet9gr0fzq85z7cv9s6uxzkt enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXa2tMRWVDRUV3TElSclRr - OFh4WDhmcWczV2pWcFRiUldHT29VaGJxanpzCm5MdUFDeTlvWkIySmVhVmhTZDRz - NHVqK0Nvd2xBdTdNam5TeVhsdGFWZVUKLS0tIGxqUENsWlpVVnNnN0ZBYzRxK3kz - eExQR08vdmZLNENjeFZHbS8vdC9uc28KaoxjBdtUjF1KZEYfl0x/sVy3coN+bTQg - H4RqGcQOhzEI4GmR+pcyAkzwcNM7Etk5F/W84wLxyqav/kRJr7XjCg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dW9VTGp0Ukh0WWo3cHhY + VU8vL3BacFIxdEJUNzFRUDh0RFNXRStreUZnCnlzRFdMUU9xekdCM0JzeVBqM2hz + TjBxeU5sYU9oSDJITEQ3MWRIN2xWT1UKLS0tIG1QN24zeUZQNWhGS0syenFXNktD + QXBhbUk1VUIzS25USVlycUk2MXhnVGMKRWvUkKgUSZwGybD8ltYZTKT/cIcyOtBu + ghIGE1cDP2CYp4GeMBW4AyM8U4PHkLjI72teJtKZYE37oVJAcN3dlQ== -----END AGE ENCRYPTED FILE----- - recipient: age1kh4c0dmn809xzcf7ntpjm26h2xh4ljaq09r9n5s0tsjjpr55ff3qqmkuca enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJNGkzMUpKWDNubWVrcnpT - ajU4NWJ0UVU5RTZ5VWJzOXdkdVBTTjAyUmhrCkVNa3JvVHZDQ3dBNkdPcXdrWGtr - cWxHOUxzUXVFNWF1VVZoZkVWZFNPbGcKLS0tIFBqZnZSNFBsR2xJUXM4UXk3bjQ2 - OUpsbHJ3SkZZZmVNSDlDd0xGNXd5NVEKQVq3tYCRRkNwBTPnVx+RjoM5TOWLaWwd - /I5/A46xqwUpQyRXJOtfHwEWCMxvscm5Jxf9kKeGw/jrTSZze8k8eA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNFJTM2FUcFlkQjE0OFZZ + M3k4ZU5HcjZjbG9Db2pzUEtxcjZzbGtKZVVBCkxJalZTYlZNT1prKzFrTTkvdk1G + SW9zRzNWcmFHVlMrMFlmQU9ISlZiR0kKLS0tIEo5V1dPbXFrdFpBMWpKNW5PVVVD + ZHpaQUd5czgwTHBRS3drbW1FcDZ3aFkKuIIHdY/LFFKny+5SSeIbtbH/L8J3xGhA + z+8qfMvbyyIKznBAliL2Mt4bvUQe4zXNnhhcWbXDkuH/f1JsiiXXvQ== -----END AGE ENCRYPTED FILE----- - recipient: age1h9ty40uxgznh7s2d7l3cx74lkylpgvs8lknkvkjvqyy5kn5kfc8qz0zc4c enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeU5tOWQreTFwREszRi83 - YTRLY0VyYUhIUXZGaXladzA5RWtmQ29jdW1VCmNwR1cxWFBtVUJ0VzkzTHFuOU51 - YmV5R29tRmdkL2lEVkNua1dFMXFIR28KLS0tIFYyazRtZnBKTUl0VUpDTnZaSXcw - a21NVkRCOHFDakpEOS91Ym5OcXJHMFEKnDou7N4R90FnpEeNEkfsYGRIOx6u4gPI - Fvmd0F5Q6DWLQZ7BmWcNqItl379c1NKwnTS5wtKHNfD9Ikk2EJ3Fjg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UTJ4anMxcHZrcFFkQjY4 + bnh2L0svdmlXNUJlQ1JYb1Bpc1JORGk3dFg0CkhvNy9EU3FrTDhuSmNnenF1Qmor + VGsrVmhvM0NSRGIyZmZrZ2ovNzFRSDAKLS0tIHlteWNVTFludlVOUTRqN29UNVNz + dkxEdGJLOWlLQ2pzUmc2M09WVUw4c3MKB3IHt2nBvPBOf/m4dgh09RNMzkY9/RdB + 2w0ZGrDYLpBaNXV47USF1jNiPPIu804lGPbZoDIbPcmNSYGZZxxp4w== -----END AGE ENCRYPTED FILE----- - recipient: age18xjdme8vc657l8n7fzpn7twshprmtpc8p6usn257ajw0vftd8p8qxwwywn enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUDI4UDFoQ201Uk43OHoz - bFkwRjVZNkFsVkpEZUdleXMwbmxFeVNOWVE4CmIwQUFwdTMyaEJ5dHF0ZUpYQ2Vn - TlhoODltVFRCRXY0K0ZFUFZsVzdSQkEKLS0tIEVBN2hFMFJDbnI4dEJkNmJKeEty - UEE1TVNwVU01cm9MaU45dWtydHB0THMKat1mOE4C7pGuRI7XQibPTECbWq8yqG8R - dBcBjnZ9Sh90feB8f5V4FENoP2dKYMPMZGs7vbQioo9T0o960SvFPg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTN1dFZElQc0RUTU5qdnFJ + OE15d1hubndnN0VIak9LK0Z5RXppLzBQaEZ3ClpLZUZZWmlXUmJBRjFPNnhJZEhq + Sk1qdjg0VXBlaDl5Z0FJTEhTdmlFaEUKLS0tIFlqVmRDRzBXK3JzSEd0SEpJMlFQ + cGt5L2c5RVNyc0JBVHhob3FGSHN1NFkKpFlLIG44/mYnWRk13eHIGYTekbNSpgvA + /7+kj0f9D479pEmKIrSqntyOhehJ6H3AXRwVBInrpdBvQdkDV2TYAw== -----END AGE ENCRYPTED FILE----- - recipient: age12f24j7fcq46cjuqjftv5pyffpunyhqj98ypqf729z89xzunzryts5d8kl0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkWTVyRWJobW1ONS9WNmJL - eWp0ZzBHNVdRU2psZTljTGxnYnlzVXF1TjBZCkRFMDlRT0RmYkNEVWJVMGhGbjJh - YzdrSUJlbGEyRWVndytnVGV0SnNGbEUKLS0tIGJPb3R4Zmw2ZHpybFM3eWxaNHVn - VXpmUmZlbElWZGVVMFNzK2NSU1MrM1EKMea0MU1esbwRFrIq6omrzI8h46gxScpL - nVf9wCF3Gs94Zfwmx2DQyxnwifKxzaBF8+H5qC8nPS50kB7jmYJNnw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRUNvcjUvcHYrZU4yNnU4 + S3BOVVFjZGJORU9ZUmpGWDNjM0lIaDczUndjCno1WGxld1YySzhsU3E4cWNBd2l3 + ZDZBRGVOZ1U0c3ViMUZGbXNSTUI2a0kKLS0tIERQZTlDVjZ3NE9NanFnVDRDY2Y5 + eTRzQkxEMzFnSTl0R05vNHBvYmQxYTAKKR3+j4ais+KoN2c4jKS+YG/zdV8opbKc + erRea8O3eyQ9gFUI60d6IsNcVpzs8CuBB2uivB/lCbuDoL4xzNAA5w== -----END AGE ENCRYPTED FILE----- - recipient: age1jc4a52cukf6d94tt2meq8tnt084rhtdd93hwzjhzecc70rmvvapqtdng8v enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNTNYSnJmYVVBMlR4YytC - cmlYRUpTZHJZOVBhUlpDZ1Fqc3BaTzNUWkg4CnRoNmI0TkV1SWF0UzhCc3l5ZFZw - WmRKVXAwOUVwcjRXSGhQL1R4TFo1RE0KLS0tIE9xYzhEdGxvT095MEliZzVqTk5M - cExiTkxKVmlTVm1FN0kxS0MvYmJtRHMKSurtuRkIO7hEULqXWK57JOQfuZDgccv3 - I56galwJc0ql+eLVGWPmRXBEa2NRsEveLKUjDU77xodDkZyaiYFp4w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxamt0cDd6NGZmVWJ3ZU9m + eDMxekxVZkhXaVFKWTdUd00zR3c4RGdZNlZvCjI4RzNjcEpuVWJ2MXE4VnVRcTJG + aHB1UlZMeHBmdTBhUVBNNkdPTjU0QkEKLS0tIFJaNnVnSURSSHlPRkVycS90Y1ZN + am5ZMjlHL2xoMldhaTlHdURDMU5UaXMKfjeaus9zRPjJW/pbtJwioBLvkM34vpfC + 8UCgGQHoo0nu1pQ8//Gu5AoB7a2vtpUqlWNZWGbFLlvF2GelmeQ06w== -----END AGE ENCRYPTED FILE----- - recipient: age1s4hzwj982zk04kr7c5u0vlemkzalv72wtkttkgzt64xv8a4r25zqxra6u0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVER0dE9RYWJXa0N2aGVw - TzUxMjkwb0ZRaitKdnhFRllqMFRVb0tVMlNNCmo0ZFAvM0tlQzdaQWhVWWNISUVL - THk4Q0F6TkxBcUJLdm13UHVmL29rb28KLS0tIFA3dHB6aHVqckEzVHVrM3ByaUU3 - dzJpeFh3VGpjWnpoajFMcnBPcHE3aUEK07TzzaHN+ovWuPO2PU9gJ6H/63g+iXb2 - oCb4gFoTrkZohZj2fKATNFrrWSmtYTBYD/aUKisiq9u/OjVpsJGTKQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6V0hFMjJmR2ZtZHU2YlFW + TzJxUG1SQjlNNTZKRXphbFFuWDJXS1BaVkdZCjgrQWNCUHYzZU03OGNURThxTDQ4 + RDVSVHRLb3VKUG1pelZtYVJCR28zeW8KLS0tIGZ3c2R5Yk1WbGxMbktaWXV2aGhO + TXkrbkNGZ2h5VjdNMUs4ZURyUVBsTEEKw0ZHrPkymTC7gUTftM7kHA1YZQggKjM1 + oRJbxJbGdmOhKmRADKa3YIziGmtvFgNZhZ9lsQb4/F1beGOUA5Gn2w== -----END AGE ENCRYPTED FILE----- - recipient: age14cnx8ttzqndcsdz4xvmx07cvms6val5aanrf9qsg4j888hudufxqz9nm5p enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWDFjQzNTR2V4MXI3K2hh - QWxkRzZ5dUswNldQN0I2NkpYQzM0YkdLd0hjCjZiZ2tnakNwYmJsa0dQWWErSTN5 - Zk5xcEVnRFdpbi9tdG1KTFgwOEVuMmMKLS0tIHBvZmo1cmRHZ2lieGtVTll5ZDZt - RXZaMWRETVBsZnZKY1dNdnNlTnF2ZEkKui0laj4q6pm7lKklxDAcVGIWJBptv4xF - JuCqfOXuYf6z6KMDohmeBbJNnLoRtWz4UKUBTRuahrIG3fUTyVs7Eg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlR2hhTWVodG04eWhWWkdQ + S3NXM2xkYUtTMGdiNnJvcitoZ1dRUVNXK0RFCnFWdmFFSDhzdGg1cnZ4aXBkNTgx + V2VjQzRZNTIxeXZ1YnppeTdJZTNwUDgKLS0tICtmOHdhS2RYV1UySzFWeEU5RHhm + SklEVEZDbENYeHdXZDZ4VGZ0Ty9PaDgKNZt+CsKWbpoJvfpyY4Ll1zzUeV++8v7W + x3Dd5ZX+tr0N/e9L6HaoKVFgPaxGYijrZnzmK+tkOX5ImwKOxOrbkg== -----END AGE ENCRYPTED FILE----- - recipient: age1cc80558u3f8pdwrmhev8264c0h9dkkm59sy40j7zms97qzxg0ffqza9en0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cGpIOTlsdHMxR1lRWU5u - dGRNNnIyQkgrbEJNNnZpeHY3SFk4b3NpWGpvCnh0QnJJY1BVeFdFZ2ZkZzlGTXVV - RmFYKy95MFZyVk5MalhNNGhjS1dRMEUKLS0tIGdKVGZYSUY4VXAzN0VHUU1INHJP - dXcyc3VhTmdtU2hSYWdoejRnSjBtZEUK+CGIibI1pb+E/avsd54tzxz7XgYT96SR - NDMDTPVlV/WQ9A+kT3BZ6x26zq7RLwjaRoQUK63CtSsTqeZsxDfsow== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRmhGK1dZcVIyb1JZd0JW + aVJHMjYrN3JOTWRmWkxkOWJuZzU0RGRFbmtRCnllVUwvc0hJbys4MS9EQ0puTmtj + eVBFL2hObXY5aCtwMjJCQWswTmtCZ2sKLS0tIGZIUm9ZN1ZCNGVTd005dVByZGJy + VjIyeVhrWGZERlJUZThEek1yMHVGT0UKYq5IJ/0L1icfv7x/rmtdPSeZOCFoK3WS + aieE+Di+GljYWaukmT+oL0Sz2ro8f3PdiPIUlz1LTRpMZa4G4RLzvw== -----END AGE ENCRYPTED FILE----- - recipient: age198c9udn09u87zje4ctz4j8d2k5ey5kvgl34nfn573e9csx9mcs3q7a6q2u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TlRKU29obGZYcWd6Y0Vm - OXBhNFBqRWxCVnB1R0VSczg1Mm9vRjd2ajBJCnk5bXNMZ0RTVUxQVER1YTZsYWp5 - aEU3ZitLYVByL2xyUFBUZlUzWU1odlUKLS0tIDRlZkhCaHlLODV5ZUZ1RmtQNjNu - REtwTEFReXJEa3R0bmJrRWxqRTV0U0UKMp7vXi3q2DdqMterWiJzeGXgBkKL+hPQ - u3otfcmxTcVGZXa/ykNqhUtrzrxn5aRcANKpX8Pb7VnKDELowaR9Dg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZGtIeFRFSFgxOHJpTCsz + Rk55aDZqVDI5c3F5RHRPd0RHK2lrYXpaY1R3CmowV1gyUlU3T3QrL0NSK3hGZStH + dnJ4Y1dCVG9KRTdkelpBS0tRN3BrT2MKLS0tIGNHRjNEcUpobDhQcDEvcVNDMVFR + NjY1dHd5dGd6MzJpS1ZBOEtlMzQyRXMKcnQnLEv9sGFnRlde4Y2cEPXKtNwZYJSL + lj9ScEQarqXOc0gwkGPjH9lXpiJM3tGtsZ7cmymdkTbXXWUv/kEKvw== -----END AGE ENCRYPTED FILE----- - recipient: age1nsuxsnf64mcfgnggy5ehuqk3egp0rea3ldzst0f66full7ap7ews5eg46s enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOM3lXWmVjME1rc3ZXSi9G - NnY0QWdVTitXK1VxSDA4N2grMnZWdkM0dkdRCmFvdk4xcldwaGFwcVpCS2pML0dN - WjVnOG9PSUZmczhkSCtIVzdwenVTVjQKLS0tIGhoTTlxREFTWG82VTMvak0zdDhi - eW9RdVlKTEJuSDF4Tkh2UVpjSEYyMmsKPpXIB72BdEM9ZRF/mGlaatvtfP1ud2VR - rA+Kpog69J7l5mcoAWs+Y1H7h8817FyI5FZhZQ4v1T8cgXgYyX58AQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcFNtcDc5dStxUFltYlBl + a1pxdHBFaGc2dnEzazhzYUxyMDhyVVhmajNNCndDdnpiMVNEWUdpa2dTaE5jdDlU + aGFrZkc0Zlh5aEFiVDdBS1AxNEsrckUKLS0tIDhwVFhUTzNmWWpMM2pWQVlJZEVG + bU03Y01vWGxVNVFaKzl5L01jeG9ZNGMKijKMj/TwNN09F/bHl6lGIRYEnXN/EMYn + AbI4UnnChp3X/63MpBey44YYMp0OX2c4nJU7ZTXN4x3xE0/F7XS6yw== + -----END AGE ENCRYPTED FILE----- + - recipient: age13xddcc3njv29sxzfdx2rjctaejhsxr5rephruga7vjrvjclcapuqnwx52t + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bC9pR0p0M2dJNFNNazRm + SkIxbXNjeVUxSUJwc3pkZml5ZzNPZVFwUlJVClgxRDlyYm55ZjFCcTZsYWlhZGRo + eFZBQnlaMitWZk13WVh1eGJ1RFl6dVkKLS0tIDJFa3g4dlZ2R1YrQy9Md0I3VXdZ + dFNleEJCL0dva2s5NjNIK3FBN0FiZ0kKg0BYxxDULQRIYbgP8ihBS+caRo3eHux5 + 5lrVX45YSYYFDPJZJV2ahV+qJglR1x1Ixvm7GaBolC91/MsVd9r6Og== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-03-31T06:49:34Z" mac: ENC[AES256_GCM,data:1bMWUaJdcUfHknidzCUTcAdweOZhGlBKq20mF/kjWJ1uR7AvGax9Vr/1cMVDDCfAkS5hOGo47oHqGDooTk2eATGVM0ilO/yO3jxCsV+qUsmunbpb5LKOaYLR4tw4Fb863tsCmy87LefTRHPudtQfNhZ4EwGgh0jKfUvcG/5L3tE=,iv:wR2QVuNGcj0ltqzizx6AB5NIbfawWeHs4p0k0jJFpUI=,tag:Ho3mGPWthbJgdSAtNNw+sA==,type:str] diff --git a/tools/onboard-machine.js b/tools/onboard-machine.js index bb59369..248c4eb 100644 --- a/tools/onboard-machine.js +++ b/tools/onboard-machine.js @@ -1,71 +1,77 @@ -import { dirname, resolve, relative } from "path" -import { parseDocument, stringify, } from "yaml" +import { dirname, resolve, relative } from "path"; +import { parseDocument, stringify } from "yaml"; -const [, script, name, host] = process.argv +const [, script, name, host] = process.argv; -const sopsFilePath = resolve(dirname(script), "../.sops.yaml") -const sopsFile = await Bun.file(sopsFilePath).text() -const sopsConfig = parseDocument(sopsFile) +const sopsFilePath = resolve(dirname(script), "../.sops.yaml"); +const sopsFile = await Bun.file(sopsFilePath).text(); +const sopsConfig = parseDocument(sopsFile); // // STEP 1: Get the remote key, convert to age key // -const remoteKeyProc = Bun.spawn(`ssh-keyscan -t ed25519 ${host}`.split(" "), { +const remoteKeyProc = Bun.spawn(`ssh-keyscan -qt ed25519 ${host}`.split(" "), { stderr: null, -}) +}); const sshToAgeProc = Bun.spawn(["ssh-to-age"], { - stdin: await new Response(remoteKeyProc.stdout).arrayBuffer() -}) + stdin: await new Response(remoteKeyProc.stdout).arrayBuffer(), +}); -const ageKey = (await new Response(sshToAgeProc.stdout).text()).trim() +const ageKey = (await new Response(sshToAgeProc.stdout).text()).trim(); // // STEP 2: Add to keys // -const keysNode = sopsConfig.get("keys") -let keys = keysNode.items +const keysNode = sopsConfig.get("keys"); +let keys = keysNode.items; // remove keynode if it exists -keys = keys.filter(i => i.anchor !== `m_${name}`) +keys = keys.filter((i) => i.anchor !== `m_${name}`); // create the new key node -const newNode = sopsConfig.createNode(ageKey) -newNode.anchor = `m_${name}` +const newNode = sopsConfig.createNode(ageKey); +newNode.anchor = `m_${name}`; -keys = [...keys, newNode] +keys = [...keys, newNode]; -keysNode.items = keys -sopsConfig.set("keys", keysNode) +keysNode.items = keys; +sopsConfig.set("keys", keysNode); // // STEP 3: Add machine to creation_rules // -const pathRegex = `secrets/${name}/[^/]+\\.(yaml|json|env|ini)$` -const opsAnchors = keys.filter(i => i.anchor.startsWith("op_")).map(i => sopsConfig.createAlias(i)) +const pathRegex = `secrets/${name}/[^/]+\\.(yaml|json|env|ini)$`; +const opsAnchors = keys + .filter((i) => i.anchor.startsWith("op_")) + .map((i) => sopsConfig.createAlias(i)); //console.log({opsAnchors}) -const creationRuleTemplate = ({ - path_regex: pathRegex, - key_groups: [ - { - age: [ - ...opsAnchors, - sopsConfig.createAlias(newNode) - ] - } - ] -}) +const creationRuleTemplate = { + path_regex: pathRegex, + key_groups: [ + { + age: [...opsAnchors, sopsConfig.createAlias(newNode)], + }, + ], +}; // Remove old creation_rules entry -const creationRules = sopsConfig.get("creation_rules").items.filter(i => i.get("path_regex") !== pathRegex) +const creationRules = sopsConfig + .get("creation_rules") + .items.filter((i) => i.get("path_regex") !== pathRegex); -const creationRulesNode = sopsConfig.createNode(creationRules) -creationRulesNode.add(creationRuleTemplate) -sopsConfig.set("creation_rules", creationRulesNode) +const creationRulesNode = sopsConfig.createNode(creationRules); +creationRulesNode.add(creationRuleTemplate); +sopsConfig.set("creation_rules", creationRulesNode); -await Bun.write(sopsFilePath, sopsConfig.toString()) +await Bun.write(sopsFilePath, sopsConfig.toString()); -console.log(`Finished. Added ${name} with key ${ageKey} to ${relative(dirname(script), sopsFilePath)}.`) +console.log( + `Finished. Added ${name} with key ${ageKey} to ${relative( + dirname(script), + sopsFilePath + )}.` +);