noe/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sync

Browse source
This commit is contained in:
41666 2024-07-16 02:45:18 -04:00
parent 701f2c531f
commit 1fa4bc50c7
18 changed files with 259 additions and 310 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.sops.yaml
View file

@ -21,6 +21,7 @@ keys: &all
- &m_jitsi age1cc80558u3f8pdwrmhev8264c0h9dkkm59sy40j7zms97qzxg0ffqza9en0 - &m_jitsi age1cc80558u3f8pdwrmhev8264c0h9dkkm59sy40j7zms97qzxg0ffqza9en0
- &m_nextcloud age198c9udn09u87zje4ctz4j8d2k5ey5kvgl34nfn573e9csx9mcs3q7a6q2u - &m_nextcloud age198c9udn09u87zje4ctz4j8d2k5ey5kvgl34nfn573e9csx9mcs3q7a6q2u
- &m_dis-sociat-ing age1nsuxsnf64mcfgnggy5ehuqk3egp0rea3ldzst0f66full7ap7ews5eg46s - &m_dis-sociat-ing age1nsuxsnf64mcfgnggy5ehuqk3egp0rea3ldzst0f66full7ap7ews5eg46s
- &m_exit-node age13xddcc3njv29sxzfdx2rjctaejhsxr5rephruga7vjrvjclcapuqnwx52t
creation_rules: creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
@ -159,3 +160,10 @@ creation_rules:
- *op_noe_2 - *op_noe_2
- *op_noe_3 - *op_noe_3
- *m_dis-sociat-ing - *m_dis-sociat-ing
- path_regex: secrets/exit-node/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *op_noe
- *op_noe_2
- *op_noe_3
- *m_exit-node

2
Justfile
View file

@ -77,7 +77,7 @@ deploy target_host extra_flags="":
deploy2 target_host extra_flags="": deploy2 target_host extra_flags="":
@test -f nixos/hosts/{{target_host}}/.target || { echo "Host cannot be deployed, add a .target file with SSH destination"; exit 1; } @test -f nixos/hosts/{{target_host}}/.target || { echo "Host cannot be deployed, add a .target file with SSH destination"; exit 1; }
nixos-rebuild switch {{extra_flags}} --target-host root@`cat nixos/hosts/{{target_host}}/.target` --accept-flake-config --flake .#{{target_host}} nixos-rebuild switch {{extra_flags}} --target-host root@`cat nixos/hosts/{{target_host}}/.target` `cat nixos/hosts/{{target_host}}/.flags 2>/dev/null || echo ''` --accept-flake-config --flake .#{{target_host}}
# #
ssh target_host *args='': ssh target_host *args='':

111
flake.lock generated
View file

@ -27,11 +27,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719845423, "lastModified": 1720845312,
"narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=", "narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "ec12b88104d6c117871fad55e931addac4626756", "rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -150,22 +150,6 @@
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
} }
}, },
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
@ -192,11 +176,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719877454, "lastModified": 1719994518,
"narHash": "sha256-g5N1yyOSsPNiOlFfkuI/wcUjmtah+nxdImJqrSATjOU=", "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "4e3583423212f9303aa1a6337f8dffb415920e4f", "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -312,7 +296,10 @@
}, },
"git-hooks": { "git-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": [
"nixvim",
"flake-compat"
],
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"nixvim", "nixvim",
@ -324,11 +311,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719259945, "lastModified": 1720524665,
"narHash": "sha256-F1h+XIsGKT9TkGO3omxDLEb/9jOOsI6NnzsXFsZhry4=", "narHash": "sha256-ni/87oHPZm6Gv0ECYxr1f6uxB0UKBWJ6HvS7lwLU6oY=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "0ff4381bbb8f7a52ca4a851660fc7a437a4c6e07", "rev": "8d6a17d0cdf411c55f12602624df6368ad86fac1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -366,11 +353,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720167120, "lastModified": 1720734513,
"narHash": "sha256-K9JYdlPiyaXp33JRg7CT8rMwH56e4ncXSsXW/YKnNXc=", "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "bbe6e94737289c8cb92d4d8f9199fbfe4f11c0ba", "rev": "90ae324e2c56af10f20549ab72014804a3064c7f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -387,11 +374,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719827439, "lastModified": 1720734513,
"narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=", "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "59ce796b2563e19821361abbe2067c3bb4143a7d", "rev": "90ae324e2c56af10f20549ab72014804a3064c7f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -527,11 +514,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719845423, "lastModified": 1720845312,
"narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=", "narHash": "sha256-yPhAsJTpyoIPQZJGC8Fw8W2lAXyhLoTn+HP20bmfkfk=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "ec12b88104d6c117871fad55e931addac4626756", "rev": "5ce8503cf402cf76b203eba4b7e402bea8e44abc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -561,11 +548,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1720055043, "lastModified": 1720859326,
"narHash": "sha256-SKizewU4UeYrkZWPUjur8EoxscGoNb0pGcrNL4YzAIg=", "narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "168b220231a70e47cc1f0919048fa5914415fb18", "rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -640,11 +627,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1719957072, "lastModified": 1720535198,
"narHash": "sha256-gvFhEf5nszouwLAkT9nWsDzocUTqLWHuL++dvNjMp9I=", "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7144d6241f02d171d25fba3edeaf15e0f2592105", "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -656,11 +643,11 @@
}, },
"nixpkgs-stable_2": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1719720450, "lastModified": 1720915306,
"narHash": "sha256-57+R2Uj3wPeDeq8p8un19tzFFlgWiXJ8PbzgKtBgBX8=", "narHash": "sha256-6vuViC56+KSr+945bCV8akHK+7J5k6n/epYg/W3I5eQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "78f8641796edff3bfabbf1ef5029deadfe4a21d0", "rev": "74348da2f3a312ee25cea09b98cdba4cb9fa5d5d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -672,11 +659,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1720031269, "lastModified": 1720768451,
"narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -720,11 +707,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1720031269, "lastModified": 1720768451,
"narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -736,11 +723,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1719468428, "lastModified": 1720781449,
"narHash": "sha256-vN5xJAZ4UGREEglh3lfbbkIj+MPEYMuqewMn4atZFaQ=", "narHash": "sha256-po3TZO9kcZwzvkyMJKb0WCzzDtiHWD34XeRaX1lWXp0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1e3deb3d8a86a870d925760db1a5adecc64d329d", "rev": "8b5a3d5a1d951344d683b442c0739010b80039db",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -764,11 +751,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1720191961, "lastModified": 1720910388,
"narHash": "sha256-p67UionzurpCRjSIhhgRgRAapZLfXHG9nvQQ37qerdA=", "narHash": "sha256-gCudumUXHH+o0KFemXecDYySVCzjz7jYDGjdJbrN7gA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "b59fa976d0f42eba35bf89c8fbc4107de7ef1db2", "rev": "ac9a1cbf9c7145687e66a1c033d68fc72eca3fd8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -892,11 +879,11 @@
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1720187017, "lastModified": 1720926522,
"narHash": "sha256-Zq+T1Bvd0ShZB9XM+bP0VJK3HjsSVQBLolkaCLBQnfQ=", "narHash": "sha256-eTpnrT6yu1vp8C0B5fxHXhgKxHoYMoYTEikQx///jxY=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "1b11e208cee97c47677439625dc22e5289dcdead", "rev": "0703ba03fd9c1665f8ab68cc3487302475164617",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -978,11 +965,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719887753, "lastModified": 1720818892,
"narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=", "narHash": "sha256-f52x9srIcqQm1Df3T+xYR5P6VfdnDFa2vkkcLhlTp6U=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c", "rev": "5b002f8a53ed04c1a4177e7b00809d57bd2c696f",
"type": "github" "type": "github"
}, },
"original": { "original": {

26
flake.nix
View file

@ -171,23 +171,23 @@
nixosConfigurations = { nixosConfigurations = {
aerial = mkNixos [ ./nixos/hosts/aerial ]; # desktop aerial = mkNixos [ ./nixos/hosts/aerial ]; # desktop
cider = mkNixos [ ./nixos/hosts/cider ]; # asahi m2 mba cider = mkNixos [ ./nixos/hosts/cider ]; # asahi m2 mba
drone = mkNixos [ ./nixos/hosts/drone ]; # spectre x360
ingress-proxy = mkNixos [ ./nixos/hosts/ingress-proxy ]; # nginx edge proxy
keylime = mkNixos [ ./nixos/hosts/keylime ]; # lab jump
monitoring = mkNixos [ ./nixos/hosts/monitoring ]; # Grafana, Prometheus, Jaeger, etc
ps2live = mkNixos [ ./nixos/hosts/ps2live ]; # PS2.LIVE stack + planetside stuff
thonkpad = mkNixos [ ./nixos/hosts/thonkpad ]; # t480
sapphic-engineer = mkNixos [ ./nixos/hosts/sapphic-engineer ]; # Akkoma, sapphic.engineer
porcelain-doll-repair = mkNixos [ ./nixos/hosts/porcelain-doll-repair ]; # Iceshrimp+Withdrawl, porcelain.doll.repair
dis-sociat-ing = mkNixos [ ./nixos/hosts/dis-sociat-ing ]; # Iceshrimp+Withdrawl, dis.sociat.ing dis-sociat-ing = mkNixos [ ./nixos/hosts/dis-sociat-ing ]; # Iceshrimp+Withdrawl, dis.sociat.ing
drone = mkNixos [ ./nixos/hosts/drone ]; # spectre x360
exit-node = mkNixos [ ./nixos/hosts/exit-node ]; # lab jump
git = mkNixos [ ./nixos/hosts/git ]; # Forgejo Host git = mkNixos [ ./nixos/hosts/git ]; # Forgejo Host
nas0 = mkNixos [ ./nixos/hosts/nas0 ]; # SMB/NFS NAS ingress-proxy = mkNixos [ ./nixos/hosts/ingress-proxy ]; # nginx edge proxy
ts3 = mkNixos [ ./nixos/hosts/ts3 ]; # Teamspeak-san
pihole = mkNixos [ ./nixos/hosts/pihole ]; # PiHole!
static-sites = mkNixos [ ./nixos/hosts/static-sites ]; # nginx specifically for static sites
mumble = mkNixos [ ./nixos/hosts/mumble ]; # mumble
jitsi = mkNixos [ ./nixos/hosts/jitsi ]; # jitsi meet jitsi = mkNixos [ ./nixos/hosts/jitsi ]; # jitsi meet
monitoring = mkNixos [ ./nixos/hosts/monitoring ]; # Grafana, Prometheus, Jaeger, etc
mumble = mkNixos [ ./nixos/hosts/mumble ]; # mumble
nas0 = mkNixos [ ./nixos/hosts/nas0 ]; # SMB/NFS NAS
nextcloud = mkNixos [ ./nixos/hosts/nextcloud ]; # nextcloud nextcloud = mkNixos [ ./nixos/hosts/nextcloud ]; # nextcloud
pihole = mkNixos [ ./nixos/hosts/pihole ]; # PiHole!
porcelain-doll-repair = mkNixos [ ./nixos/hosts/porcelain-doll-repair ]; # Iceshrimp+Withdrawl, porcelain.doll.repair
ps2live = mkNixos [ ./nixos/hosts/ps2live ]; # PS2.LIVE stack + planetside stuff
sapphic-engineer = mkNixos [ ./nixos/hosts/sapphic-engineer ]; # Akkoma, sapphic.engineer
static-sites = mkNixos [ ./nixos/hosts/static-sites ]; # nginx specifically for static sites
thonkpad = mkNixos [ ./nixos/hosts/thonkpad ]; # t480
ts3 = mkNixos [ ./nixos/hosts/ts3 ]; # Teamspeak-san
}; };
darwinConfigurations = { darwinConfigurations = {

10
home-manager/features/vesktop/default.nix
View file

@ -3,13 +3,13 @@
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "Vencord"; owner = "Vencord";
repo = "Vesktop"; repo = "Vesktop";
rev = "2733727a40a4cf542277dedcf89e87e7740f962d"; rev = "3fe2094814480c78ae74f4466804c51059c563aa";
hash = "sha256-EF36HbbhTuAdwBEKqYgBBu7JoP1LJneU78bROHoKqDw="; hash = "sha256-FWbA8gcFRnp78/ROrAu9yA0j6SDbzemak3gMxiq3Jog=";
}; };
pnpmDeps = prev.pnpmDeps.overrideAttrs(final2: prev2: { # pnpmDeps = prev.pnpmDeps.overrideAttrs(final2: prev2: {
outputHash = "sha256-6ezEBeYmK5va3gCh00YnJzZ77V/Ql7A3l/+csohkz68="; # outputHash = "sha256-6ezEBeYmK5va3gCh00YnJzZ77V/Ql7A3l/+csohkz68=";
}); # });
}); });
in { in {
home.packages = [ home.packages = [

70
home-manager/features/vim.nix
View file

@ -1,70 +0,0 @@
{ inputs, pkgs, ... }: {
imports = [
inputs.nixvim.homeManagerModules.nixvim
];
programs.nixvim = {
enable = true;
opts = {
number = true;
};
colorschemes.tokyonight.enable = true;
autoCmd = [
{ event = "VimEnter"; command = "Neotree"; }
];
keymaps = [
# Simple save Ctrl + S
{ action = "<cmd>w<CR>"; key = "<C-s>"; options.silent = true; }
# Vsplit
{ action = "<cmd>vsplit<CR>"; key = "<D-l>"; options.silent = true; }
# [H]split
{ action = "<cmd>split<CR>"; key = "<D-k>"; options.silent = true; }
# Toggleterm Ctrl + `
{ action = "<cmd>ToggleTerm<CR>"; key = "<C-`>"; options.silent = true; }
];
plugins = {
neo-tree = {
enable = true;
closeIfLastWindow = true;
buffers.followCurrentFile.leaveDirsOpen = true;
};
lightline.enable = true;
toggleterm.enable = true;
rainbow-delimiters.enable = true;
treesitter.enable = true;
barbar.enable = true;
gitgutter.enable = true;
persistence.enable = true;
cmp.enable = true;
cmp-nvim-lsp.enable = true;
cmp_luasnip.enable = true;
luasnip.enable = true;
lsp = {
enable = true;
servers = {
nil_ls.enable = true;
rust-analyzer.enable = true;
rust-analyzer.installRustc = false; # use rustc in nix shells, maybe?
rust-analyzer.installCargo = false;
tsserver.enable = true;
htmx.enable = true;
html.enable = true;
};
};
};
extraPlugins = with pkgs.vimPlugins; [
vim-sleuth
];
};
}

2
home-manager/noe/common/default.nix
View file

@ -4,7 +4,6 @@
inputs.sops-nix.homeManagerModules.sops inputs.sops-nix.homeManagerModules.sops
../../features/direnv.nix ../../features/direnv.nix
../../features/git.nix ../../features/git.nix
../../features/vim.nix
../../features/fish.nix ../../features/fish.nix
] ++ (builtins.attrValues outputs.homeManagerModules); ] ++ (builtins.attrValues outputs.homeManagerModules);
@ -38,6 +37,7 @@
traceroute traceroute
whois whois
nmap nmap
neovim
]; ];
}; };

2
home-manager/noe/hosts/aerial.nix
View file

@ -22,6 +22,8 @@
teamspeak_client teamspeak_client
signal-desktop-beta signal-desktop-beta
nicotine-plus-master nicotine-plus-master
discord
vlc
]; ];
programs.vscode = { programs.vscode = {

2
nixos/client.nix
View file

@ -14,7 +14,7 @@
curl curl
btop btop
htop htop
neofetch fastfetch
xclip xclip
]; ];

5
nixos/features/nvidia.nix
View file

@ -33,8 +33,9 @@
nvidiaSettings = true; nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.beta; package = config.boot.kernelPackages.nvidiaPackages.latest;
}; };
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_zen;
#boot.kernelParams = [ "nvidia-drm.fbdev=1" ];
} }

1
nixos/hosts/exit-node/.target Normal file
View file

@ -0,0 +1 @@
10.100.1.57

6
nixos/hosts/keylime/default.nix → nixos/hosts/exit-node/default.nix
View file

@ -2,13 +2,9 @@
imports = [ imports = [
../../templates/proxmox-lxc.nix ../../templates/proxmox-lxc.nix
../../server.nix ../../server.nix
../../features/podman.nix
../../features/dns-cache.nix
]; ];
home-manager.users.noe = import ../../../home-manager/noe/hosts/keylime.nix; networking.hostName = "exit-node";
networking.hostName = "keylime";
system.stateVersion = "24.05"; system.stateVersion = "24.05";
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";

1
nixos/hosts/keylime/.target
View file

@ -1 +0,0 @@
10.100.0.8

8
nixos/hosts/monitoring/default.nix
View file

@ -111,6 +111,14 @@
metrics_path = "/metrics"; metrics_path = "/metrics";
scheme = "https"; scheme = "https";
} }
{
job_name = "plapkit";
static_configs = [
{ targets = [ "i-pk.noe.sh" ]; }
];
metrics_path = "/metrics";
scheme = "https";
}
]; ];
}; };

2
nixos/hosts/pihole/.target
View file

@ -1 +1 @@
10.100.1.44 10.100.69.69

2
nixos/stacks/ps2.live/extras.nix
View file

@ -25,6 +25,8 @@
ports = [ "8555:8555" ]; ports = [ "8555:8555" ];
environment = { environment = {
DSI_FIELD_NAME = "system[front]"; DSI_FIELD_NAME = "system[front]";
PK_SYSTEM_ID = "e6bd7a02-42c5-43f1-8cd5-250c90638cf3";
FEDI_ALTS = ''{ "aki": "@aki@porcelain.doll.repair", "hide": "@hid@porcelain.doll.repair", "ethyl": "@ethyl@porcelain.doll.repair", "sayaka": "@saya@porcelain.doll.repair" }'';
}; };
environmentFiles = [ environmentFiles = [
config.sops.secrets.plapkit.path config.sops.secrets.plapkit.path

229
secrets/default.yaml
View file

@ -10,200 +10,209 @@ sops:
- recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd - recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5T0RzWlRwbmtPZjBFTUYx YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZN3BzNy9WYXBZOG1NVTRQ
Qm5iRXNQWERhbmIyeWJRQTlzVlJLUWEzT2x3CmJDWGFIRCtSL3JNaUhNSHVHNVhH Z1VhdzJqV3l1YXFsNnJOMm9SME1SWFdoU2pvCmlkb1JQTUJ1MTFsTkFnTzlLUHRs
Q2NPMGxQMWFFRC9lWVZ0USt3eGxJNlkKLS0tIHF4YkkvOC9aeC9SMlBLRFNxV0J4 WTF4dGoyRTV6bzRqdzY4enUwNVh6c3cKLS0tIGFoRHhsbVc3eW5LTG1SUGcxUUw2
akYySFdRMXk4anBFVStlUHh2SDJ4VEkKmw745s9CVYitWSSV6ytjKHFkDdr2N+nl aGU2cjA3TGRnQko4ODNDK0R6UnN4elkKF5xlebCEelDeaPLhGJLHaTcpZL+zbghh
Tbq7Qc/i/+UM2v5iE1zorr8ACYfdWFUy7oMi34XKCpFBW+p7UXywmg== cbJMi8r7It1xc4Wv3XudUh9gltPFV99w25Vbhxce1Svuuzyq4YDkbw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp - recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTQjN6LzQwbXVPQXhBaUMw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWU0tlcWJNZ1hHeFU4NU14
UDZxclJnV0FFL0hzY3V3N2F6TFNOZ0lWZkJzCmQwdVlpSGZBQTk2NWgrejJWSnR1 bDYrNWxBZmw4WkRnbmVjMDAzeGVOb2N1aW00Cm5GcXZuV3ZnS0pPaHhNT2VtNjF4
SFJENldLTFhVY1phUGRTNXdJWmtGaGsKLS0tIGVDMmJwNWVnNHZxaUtWY0FTZTds RmRKTlY2a3lKYk9oR2xMajdQc2lMemsKLS0tIDhhdVo4b3dQbEtXYkJTbGd6ZFYr
NldBclpXVEhCWDlVcGo5YUNkZVBDVG8KGhU++P60aeFN9Qh8d+xv2jvxUYdu7u5z bHBKYVhucm1zRURKenBSQllQRS9PcVEKgvQ7JuH49s8A9PIhZjFyHx+pf1PvS1pF
EU9lteUv55TcnWerpNFHTjuJ7j26RRqqIo6EnX8AV440PeLEi1clQQ== /5oMwSSHxl07Fb4r0ekfZMfjOZzzIutxXOvFKzgC+8m/DGAjm3s70w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9 - recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQzA5Skt6YXJranc0ZXIw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRkRiMTdUVmlrc2hpcWdn
eGIrSktrT3Juc1EranZuZVhvWmZScGQ5Y2xrCmFrb2hNOXJNYkFkNk81TXJmY1Fs YVVKMTBUZGhEcUwwVDh4N0dQN2pWZDRrUzA4CnBiSG9PVnpGeTltUkhGNmRpZHdH
MEJZT240eGFsOTFnUTBwMzY4M3ZmQ00KLS0tIFJJazdCTEtoNG5tZkRENEFPekhu OEc5djFiTTIyRVJ3RDBUQzFiYmNZZzQKLS0tIEhlb3NKUzNJUDMzTVU2cVU0eUR1
OEt4cUg0b2daWU1VdTV1UUxFWE4wVG8KbG9iXAnsLL6oXh2gz9mnaIZfDkdg8bpQ cG9KbFN5Q3QzeW9ERmNCQjZkbHMzSUEKIrTeHztp5S+ow8LsmZmPmHMOh60wVMbS
27fGrIaZoGT7Rof9LlfKe3Pmq55ABNNqyuTyjPI/kCOKXKSDjrvYkg== ELHQXEbSs35eNYDhQYRLKVrCgUog4NTisGUebYXJ5e0pnFqdjuxcMA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8 - recipient: age14vsmekuppm4xhp4rthhv9jjgzfv45v39a0q8dsgg6yusw0pjkvaqnr9kq8
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2N09xQUtrWW50OWZxZU9L YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSZm54S2JZdkFmYmYxRERp
RitXdDZJeXNxdTBjZGdYNDZNVGZBeEZyU1dnCnZvYzlvNm5taDRxbkJnUXB2N2dX SEwxa09CWWQ4KzROTUM2QlVhZnExWmdyK3pzCkNrZ1Z3cXJybEdDK2xhcVdqL1Fp
S1JpeEtBT2twZmU2M1liaGlGR2RhV2MKLS0tIFowb0pYM2o4MmdnenBaQ1VmWjAy RjFjeVI4dW5JSkJoTDE5Y3VETHRNbE0KLS0tIGlvcE1IRFJaSmtEVTNvSzBVWlJh
RE9xam13REc3VE1RQTI5R05leFJxN2sK+v3946MZ5R8eT7c71sx1fD3zHStWJp4t MHBGN2l1a29za1dQTHl4L0dlcmJ3UkUKz/WhitfswcjRT/yEs/KQXW28tCE+URUM
PFELnl0SVqBuWvoizejdfb4hSDsFTfjl42XjlXWkwruHxQ/uoIewuw== JTleqicmQMGy/77Cv98lit9hC+xKJzWhYaZW/rjh0hW5J0pQA2xZtA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r - recipient: age1kjsga2kf95lu7p5stqr5d9p87jquyypnx97cycj6jvhsm9zkn93quexx4r
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBeHZTREFaOXFMT1lHdjZk YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWV2p0a1FFb3FaVnBmY2R2
Q3JLMlNXMU1vRW9jSFdqSW15cmNwWFBHR2lFCmQ0ZTdqYWsybkFPcHdCU3pMVktk ZENoeXlkcW1iYzVjRWxDT2pmVTB4STErSWgwClUwS2R2R2IzTEFQUmFKYkNpNUVr
UlViMTZQT3RiMHQyOTRTSHVzR0dqK28KLS0tIDZDYWVpM0hkR2VWZ2tWTzVIMUZv S2FEQWc0MURkMEtseU42Rzc3ZUdWdEUKLS0tIDNjc3VaMDIxVC9pNWlnU2grN0hw
MTFTQW1lMmhUb29tUW1ORjdERFEybnMKSFtadgiSf1zFlhQdhVKZML4TFq9bvMlp QStHTzU1RGN5VHJBUCtJdjdpdFd5elkKs4ycQQP4mI2W9Io35UhlJpFWqsz6mT68
h6TAngh7xzNPE9T7beG1zLShBaop73EPNIi4uljH/RBIEkIFhnXC+g== ZfnSUiD5BlgXIZnQFGzAkbDmhGnrpbFmkemxMhMW69frcy5kVUE/5w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02 - recipient: age1jc6ghxfgxe3gx53xa55azxan447cfxaqfqeh5y5yzqapj7mw7ajql8kv02
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLcW85c3pPVGdrNTBkUXJr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrZmtBV3R6SVV4akgxTFRu
ckNGb29EYVJ1YVFYeW9XUHk5ZWVkMVBWMTNRCmpoeW9vMmlLblN6dG1ROWtRWTdU NHBRN21JN2Q0R3ZPdmRxbmd2THVPSFBqMEVrClM0b1Btcy9wWFNONzljTDR4UWJy
cWtiWjJvMmlZVUVTK0liM2d0WjRwWTAKLS0tIFF1aEpzNTZCcnl3UzJtZTFxV2tC UDVwdis3WWR4dHFOYmFQWk15YVo5eE0KLS0tIEtBUWFZY0pkSnR1SmxBU3lGL0th
ZFhHKzhCU3M3amNCaE5vMEpTc3ZqcVkKoUlajedYfWj22ocqnXYEOQD0Ma3Wj6W0 ZFhHNk81ZVM3TWx5YlJtdFovNGR3ZEkKrnJ3qtxQNPRrOjjtK3RNIH1fxYpGMdff
2A9geVcMbG0eFsDwXGn63u93ckcKZOYsmCxPykJ8LaV6b54itNBMEw== hYIpENJRXJEjaqVyvLfwaX0u3t4+F9y4X5yMxlYKNUS2Vk1+cetWvA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq - recipient: age1faccfe85637hme39xyzgmvjn6ku9c4aapfmpfc35hswj5emhnedssrg2cq
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYmVrQjI2OExjWUVTMXh1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUeERXT0FSWS95YWhtcmQx
YkpudHFzcXhKUWI3VU16WGhRZ3NhRVh4UDFzCnhJVXZKZGk3MGhqMnd1Z1crcUFr UVpuZlpnaTRqTGYyTDduN0RrS0RuRTNiRndrCmdhMllXTW1yaGdoVFFMVmVUMmgz
YUxnUmVURUhpZFhMOTVCY1k0TldHQk0KLS0tIFBJOGVqZlBOcnh3OVBYM0tEL0wz NjRsem94K3ZrclVxd0p1dEl1VWRGTG8KLS0tIGdBM0dNM0l6cWpGU2RDUUQ0VFMx
a2h4NUJ3bk42RnJ1ZGJUdk1IUE9sZlUKcqtTue4b4/fT7bIi1ZXag2hqrxIaWcf2 N1dleW1EcVBFK25NOEc4VTJranBScFkKCYSMPRXGivEbjMPMJ5OtS+bEvg5h7WbB
pg8bnJoOLqyODpvAQ4KvyMLrWJluRLbvs2C6YB0XgTOm93hp+uiESQ== eYg4KkDVXMdaEfSvzUPYVYDhSXSwWSUYM+ofCPXeJVHZgD6EsB65Lw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1wc3czlazkfxphsq6exxxkdpma4lrv7n3v3fvel9l5u96dlljn4fslh666p - recipient: age1wc3czlazkfxphsq6exxxkdpma4lrv7n3v3fvel9l5u96dlljn4fslh666p
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcXloSGpUZUEwWWNIUzRW YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aXYxYThHb0RIa2VtOFpu
TVM3cDJWUG5QL1pqQW9zSGZ6ZGx4SjlyemtVCmh1aDJtUmVsL2VobDlTVmY3V1NI aUhpWFFtUXdHRjFYRFZiNGNkanREZytLYkJnCk14TUlHblBzWFQrZHd0WjlLWmNq
LysxVmMwZkliaEp6eC9YdVZEM2NLcGsKLS0tIEljL00vZzhCTjhPZi83SkRJbnNB U2JZQXJVYjNJSnljRmNvYUErRk8yUXcKLS0tIHpFTG1oQVpBTlBCcGMzNDlLVnl2
bkplZnRCWnNIaHcrbHlBK1JUdFdBQjgKYPoHOc2CRbzyJ/HlPBOeFMbTRnuflYDO N1NNYVVsRHR0MVUrUW92TTg3dzczUjAKQi9ZvtuD4tKlAiLy3T885wsijOF+8GsL
9sV+3yucL8Baw1e26PUydztgs2l5NeIz7wsG2NHrANB/SYJx69uj3g== gr9IL0khwarhNy+K+/pF5qcduK3faITx8pmDqLABjSJdUGJlOjRhnA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age18net4rsvyx84d9jjh64rgqsru3njwc438qt3993kn865dx9weaqq0rzkrh - recipient: age18net4rsvyx84d9jjh64rgqsru3njwc438qt3993kn865dx9weaqq0rzkrh
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBONlFDckVMOW5PdWlabnh4 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBET0lTSjJDWGZKeXJCaHZP
L1N3NUZOMGpOMkhhNlpXaS9HT2lsejNYdjBzCjdUenIvZS9TZ2ZURVc3eFdwcjRi V0F6cjhtL0MrSUVqNXhLd1RJWnJacXkxNzNFCmd4d3UrRm1HYmx0RlpOcFkwa0sy
VzF4VzRxRnh2aXVTbVhXMHhSWGpmZzAKLS0tIFRFWDRPaWR2bDBOSFV2SUZzL0pY aDFNM25qMk9uQ1V6M1creEZYbDRHaU0KLS0tIE04RW4xemltbDl2a2Z2R2F3QkJD
WlY4R2g4R3NHcnBOVVpoVisrUkk4b3MK3+czTt18kUizb8hUy1/p19IZgdQWJBq6 ZVR6ZStsVjgvSXBySEVsZ3ByMzV3NDQKrWI5T7Nlj15Iv+3Ru0P3NGypRIRrPVAU
XrzXNqA9/iAHffu8fHK4rWUUITomiY46BHgnVMHaYYKyYhjP4/uvjw== r4oCwCR8QlMV/SXRVzJL27FMc6gnoVZ4lKylPC9QBl9aHng0D39O0Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1mc6eyvnqt4ztmqdzt08zaher2ts37ypgzuh049v3cgv9j0rje96q5rm56k - recipient: age1mc6eyvnqt4ztmqdzt08zaher2ts37ypgzuh049v3cgv9j0rje96q5rm56k
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjbWhHMlZHU01KRGVCNWlG YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBMzRXZlBqdGI3bUI1QjZW
bkg4cWZrMnZlRlovSm5jWlpHTDA3ME9VRGdVCnRvamd0YzhVTVhPN2dEMDU0U1l2 WFRSOU9lNkxrV0dEVmo4WkxpVnBhYjFPWlMwCmloY2xEaitoakhuUWxWbDFjS3F4
Y3NGeDFnNEo0NHRvTE5QTEpTdkhnOW8KLS0tIHJGWmRIUldpOEIrMXpLWTR0aFhJ c291MDFIKzJmMlRxTW0yVXRDN1JIaTgKLS0tICt1REV2V0lublJneWdaT3NSM3Fn
T0pTWmdQUmYxZ2Z3TmZjdGU0MDZ4SjgKab2UgYienigrXUqJKVhauwFMAT9wlKN8 NUhtcGZZbmU1RjA4T0ZxR1dPcDhZM3cKZQVwJi5r4cBnihAwSqTZSESF6foX1Xmw
z3MIc3J8SZn+UPyRvo15mYHbW1TYntLRKt0LYpZ9kJt+JIpEQGPv/Q== qKr8kv7sSo1zBUFA/0BYOp9lsdRrPOiBvF3oeWFWbLS9flQaebVojg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1h7yp3psl5zyze8sl6lld6ksv6fcmul9z8mjwc4k78mwnys58c3ls9mgfdx - recipient: age1h7yp3psl5zyze8sl6lld6ksv6fcmul9z8mjwc4k78mwnys58c3ls9mgfdx
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Zlh4RUpPeDdqb1RyZXVQ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsNndQQW5mODZVYmYyeXQ3
NWVLd2RIc0JnM2tjM21HeUZmWmFYcHZqK2hJCjhmSElERU5NclpxbzMrYjViU1RB c0x1VW5DcVI5aWdSTjYyMG5NVFZlZDZ2S1R3Cjk1VVdjQ0FUcWRCd1pBRmllbENq
TVNNbWg0YjJyODlZYjdIdDM1WDhnNVUKLS0tIEJTOXJxQlhYek1MYVJQQ0tRWSt5 VDRaUklVbHRNc0JNeWFFOFByWE04Qk0KLS0tIG5MNWJpT0ZRL05DQ2lKUXBZaTFD
aVZETlp5eGlGaVg2MUR0UVpxbHJMa2sKvULBHfABahJsrXfVh9iBXnS6wWCmpfc+ V0s0c3VVcVR5YnNTOWhvUkJXY085QkkK8uuwnV17Q0C75c4xT2Te3mUxvjrgIVJn
6JTpzykxGO/+ZYgDfIZBO+YhSmykH7GFRidKwa/26Vm6ymsUjZLT5Q== CZ6XI18CIXBLA1zC2Um1C/WL/HNcFUr9xEwmZVclCz0r47zE4uwyfg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1qy9tvzlgek7fq4nl52e05ad6pyvglrtaxwjet9gr0fzq85z7cv9s6uxzkt - recipient: age1qy9tvzlgek7fq4nl52e05ad6pyvglrtaxwjet9gr0fzq85z7cv9s6uxzkt
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXa2tMRWVDRUV3TElSclRr YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5dW9VTGp0Ukh0WWo3cHhY
OFh4WDhmcWczV2pWcFRiUldHT29VaGJxanpzCm5MdUFDeTlvWkIySmVhVmhTZDRz VU8vL3BacFIxdEJUNzFRUDh0RFNXRStreUZnCnlzRFdMUU9xekdCM0JzeVBqM2hz
NHVqK0Nvd2xBdTdNam5TeVhsdGFWZVUKLS0tIGxqUENsWlpVVnNnN0ZBYzRxK3kz TjBxeU5sYU9oSDJITEQ3MWRIN2xWT1UKLS0tIG1QN24zeUZQNWhGS0syenFXNktD
eExQR08vdmZLNENjeFZHbS8vdC9uc28KaoxjBdtUjF1KZEYfl0x/sVy3coN+bTQg QXBhbUk1VUIzS25USVlycUk2MXhnVGMKRWvUkKgUSZwGybD8ltYZTKT/cIcyOtBu
H4RqGcQOhzEI4GmR+pcyAkzwcNM7Etk5F/W84wLxyqav/kRJr7XjCg== ghIGE1cDP2CYp4GeMBW4AyM8U4PHkLjI72teJtKZYE37oVJAcN3dlQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1kh4c0dmn809xzcf7ntpjm26h2xh4ljaq09r9n5s0tsjjpr55ff3qqmkuca - recipient: age1kh4c0dmn809xzcf7ntpjm26h2xh4ljaq09r9n5s0tsjjpr55ff3qqmkuca
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJNGkzMUpKWDNubWVrcnpT YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNFJTM2FUcFlkQjE0OFZZ
ajU4NWJ0UVU5RTZ5VWJzOXdkdVBTTjAyUmhrCkVNa3JvVHZDQ3dBNkdPcXdrWGtr M3k4ZU5HcjZjbG9Db2pzUEtxcjZzbGtKZVVBCkxJalZTYlZNT1prKzFrTTkvdk1G
cWxHOUxzUXVFNWF1VVZoZkVWZFNPbGcKLS0tIFBqZnZSNFBsR2xJUXM4UXk3bjQ2 SW9zRzNWcmFHVlMrMFlmQU9ISlZiR0kKLS0tIEo5V1dPbXFrdFpBMWpKNW5PVVVD
OUpsbHJ3SkZZZmVNSDlDd0xGNXd5NVEKQVq3tYCRRkNwBTPnVx+RjoM5TOWLaWwd ZHpaQUd5czgwTHBRS3drbW1FcDZ3aFkKuIIHdY/LFFKny+5SSeIbtbH/L8J3xGhA
/I5/A46xqwUpQyRXJOtfHwEWCMxvscm5Jxf9kKeGw/jrTSZze8k8eA== z+8qfMvbyyIKznBAliL2Mt4bvUQe4zXNnhhcWbXDkuH/f1JsiiXXvQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1h9ty40uxgznh7s2d7l3cx74lkylpgvs8lknkvkjvqyy5kn5kfc8qz0zc4c - recipient: age1h9ty40uxgznh7s2d7l3cx74lkylpgvs8lknkvkjvqyy5kn5kfc8qz0zc4c
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeU5tOWQreTFwREszRi83 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UTJ4anMxcHZrcFFkQjY4
YTRLY0VyYUhIUXZGaXladzA5RWtmQ29jdW1VCmNwR1cxWFBtVUJ0VzkzTHFuOU51 bnh2L0svdmlXNUJlQ1JYb1Bpc1JORGk3dFg0CkhvNy9EU3FrTDhuSmNnenF1Qmor
YmV5R29tRmdkL2lEVkNua1dFMXFIR28KLS0tIFYyazRtZnBKTUl0VUpDTnZaSXcw VGsrVmhvM0NSRGIyZmZrZ2ovNzFRSDAKLS0tIHlteWNVTFludlVOUTRqN29UNVNz
a21NVkRCOHFDakpEOS91Ym5OcXJHMFEKnDou7N4R90FnpEeNEkfsYGRIOx6u4gPI dkxEdGJLOWlLQ2pzUmc2M09WVUw4c3MKB3IHt2nBvPBOf/m4dgh09RNMzkY9/RdB
Fvmd0F5Q6DWLQZ7BmWcNqItl379c1NKwnTS5wtKHNfD9Ikk2EJ3Fjg== 2w0ZGrDYLpBaNXV47USF1jNiPPIu804lGPbZoDIbPcmNSYGZZxxp4w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age18xjdme8vc657l8n7fzpn7twshprmtpc8p6usn257ajw0vftd8p8qxwwywn - recipient: age18xjdme8vc657l8n7fzpn7twshprmtpc8p6usn257ajw0vftd8p8qxwwywn
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUDI4UDFoQ201Uk43OHoz YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTN1dFZElQc0RUTU5qdnFJ
bFkwRjVZNkFsVkpEZUdleXMwbmxFeVNOWVE4CmIwQUFwdTMyaEJ5dHF0ZUpYQ2Vn OE15d1hubndnN0VIak9LK0Z5RXppLzBQaEZ3ClpLZUZZWmlXUmJBRjFPNnhJZEhq
TlhoODltVFRCRXY0K0ZFUFZsVzdSQkEKLS0tIEVBN2hFMFJDbnI4dEJkNmJKeEty Sk1qdjg0VXBlaDl5Z0FJTEhTdmlFaEUKLS0tIFlqVmRDRzBXK3JzSEd0SEpJMlFQ
UEE1TVNwVU01cm9MaU45dWtydHB0THMKat1mOE4C7pGuRI7XQibPTECbWq8yqG8R cGt5L2c5RVNyc0JBVHhob3FGSHN1NFkKpFlLIG44/mYnWRk13eHIGYTekbNSpgvA
dBcBjnZ9Sh90feB8f5V4FENoP2dKYMPMZGs7vbQioo9T0o960SvFPg== /7+kj0f9D479pEmKIrSqntyOhehJ6H3AXRwVBInrpdBvQdkDV2TYAw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age12f24j7fcq46cjuqjftv5pyffpunyhqj98ypqf729z89xzunzryts5d8kl0 - recipient: age12f24j7fcq46cjuqjftv5pyffpunyhqj98ypqf729z89xzunzryts5d8kl0
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkWTVyRWJobW1ONS9WNmJL YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMRUNvcjUvcHYrZU4yNnU4
eWp0ZzBHNVdRU2psZTljTGxnYnlzVXF1TjBZCkRFMDlRT0RmYkNEVWJVMGhGbjJh S3BOVVFjZGJORU9ZUmpGWDNjM0lIaDczUndjCno1WGxld1YySzhsU3E4cWNBd2l3
YzdrSUJlbGEyRWVndytnVGV0SnNGbEUKLS0tIGJPb3R4Zmw2ZHpybFM3eWxaNHVn ZDZBRGVOZ1U0c3ViMUZGbXNSTUI2a0kKLS0tIERQZTlDVjZ3NE9NanFnVDRDY2Y5
VXpmUmZlbElWZGVVMFNzK2NSU1MrM1EKMea0MU1esbwRFrIq6omrzI8h46gxScpL eTRzQkxEMzFnSTl0R05vNHBvYmQxYTAKKR3+j4ais+KoN2c4jKS+YG/zdV8opbKc
nVf9wCF3Gs94Zfwmx2DQyxnwifKxzaBF8+H5qC8nPS50kB7jmYJNnw== erRea8O3eyQ9gFUI60d6IsNcVpzs8CuBB2uivB/lCbuDoL4xzNAA5w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1jc4a52cukf6d94tt2meq8tnt084rhtdd93hwzjhzecc70rmvvapqtdng8v - recipient: age1jc4a52cukf6d94tt2meq8tnt084rhtdd93hwzjhzecc70rmvvapqtdng8v
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzNTNYSnJmYVVBMlR4YytC YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxamt0cDd6NGZmVWJ3ZU9m
cmlYRUpTZHJZOVBhUlpDZ1Fqc3BaTzNUWkg4CnRoNmI0TkV1SWF0UzhCc3l5ZFZw eDMxekxVZkhXaVFKWTdUd00zR3c4RGdZNlZvCjI4RzNjcEpuVWJ2MXE4VnVRcTJG
WmRKVXAwOUVwcjRXSGhQL1R4TFo1RE0KLS0tIE9xYzhEdGxvT095MEliZzVqTk5M aHB1UlZMeHBmdTBhUVBNNkdPTjU0QkEKLS0tIFJaNnVnSURSSHlPRkVycS90Y1ZN
cExiTkxKVmlTVm1FN0kxS0MvYmJtRHMKSurtuRkIO7hEULqXWK57JOQfuZDgccv3 am5ZMjlHL2xoMldhaTlHdURDMU5UaXMKfjeaus9zRPjJW/pbtJwioBLvkM34vpfC
I56galwJc0ql+eLVGWPmRXBEa2NRsEveLKUjDU77xodDkZyaiYFp4w== 8UCgGQHoo0nu1pQ8//Gu5AoB7a2vtpUqlWNZWGbFLlvF2GelmeQ06w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1s4hzwj982zk04kr7c5u0vlemkzalv72wtkttkgzt64xv8a4r25zqxra6u0 - recipient: age1s4hzwj982zk04kr7c5u0vlemkzalv72wtkttkgzt64xv8a4r25zqxra6u0
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWVER0dE9RYWJXa0N2aGVw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6V0hFMjJmR2ZtZHU2YlFW
TzUxMjkwb0ZRaitKdnhFRllqMFRVb0tVMlNNCmo0ZFAvM0tlQzdaQWhVWWNISUVL TzJxUG1SQjlNNTZKRXphbFFuWDJXS1BaVkdZCjgrQWNCUHYzZU03OGNURThxTDQ4
THk4Q0F6TkxBcUJLdm13UHVmL29rb28KLS0tIFA3dHB6aHVqckEzVHVrM3ByaUU3 RDVSVHRLb3VKUG1pelZtYVJCR28zeW8KLS0tIGZ3c2R5Yk1WbGxMbktaWXV2aGhO
dzJpeFh3VGpjWnpoajFMcnBPcHE3aUEK07TzzaHN+ovWuPO2PU9gJ6H/63g+iXb2 TXkrbkNGZ2h5VjdNMUs4ZURyUVBsTEEKw0ZHrPkymTC7gUTftM7kHA1YZQggKjM1
oCb4gFoTrkZohZj2fKATNFrrWSmtYTBYD/aUKisiq9u/OjVpsJGTKQ== oRJbxJbGdmOhKmRADKa3YIziGmtvFgNZhZ9lsQb4/F1beGOUA5Gn2w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age14cnx8ttzqndcsdz4xvmx07cvms6val5aanrf9qsg4j888hudufxqz9nm5p - recipient: age14cnx8ttzqndcsdz4xvmx07cvms6val5aanrf9qsg4j888hudufxqz9nm5p
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWDFjQzNTR2V4MXI3K2hh YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlR2hhTWVodG04eWhWWkdQ
QWxkRzZ5dUswNldQN0I2NkpYQzM0YkdLd0hjCjZiZ2tnakNwYmJsa0dQWWErSTN5 S3NXM2xkYUtTMGdiNnJvcitoZ1dRUVNXK0RFCnFWdmFFSDhzdGg1cnZ4aXBkNTgx
Zk5xcEVnRFdpbi9tdG1KTFgwOEVuMmMKLS0tIHBvZmo1cmRHZ2lieGtVTll5ZDZt V2VjQzRZNTIxeXZ1YnppeTdJZTNwUDgKLS0tICtmOHdhS2RYV1UySzFWeEU5RHhm
RXZaMWRETVBsZnZKY1dNdnNlTnF2ZEkKui0laj4q6pm7lKklxDAcVGIWJBptv4xF SklEVEZDbENYeHdXZDZ4VGZ0Ty9PaDgKNZt+CsKWbpoJvfpyY4Ll1zzUeV++8v7W
JuCqfOXuYf6z6KMDohmeBbJNnLoRtWz4UKUBTRuahrIG3fUTyVs7Eg== x3Dd5ZX+tr0N/e9L6HaoKVFgPaxGYijrZnzmK+tkOX5ImwKOxOrbkg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1cc80558u3f8pdwrmhev8264c0h9dkkm59sy40j7zms97qzxg0ffqza9en0 - recipient: age1cc80558u3f8pdwrmhev8264c0h9dkkm59sy40j7zms97qzxg0ffqza9en0
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3cGpIOTlsdHMxR1lRWU5u YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwRmhGK1dZcVIyb1JZd0JW
dGRNNnIyQkgrbEJNNnZpeHY3SFk4b3NpWGpvCnh0QnJJY1BVeFdFZ2ZkZzlGTXVV aVJHMjYrN3JOTWRmWkxkOWJuZzU0RGRFbmtRCnllVUwvc0hJbys4MS9EQ0puTmtj
RmFYKy95MFZyVk5MalhNNGhjS1dRMEUKLS0tIGdKVGZYSUY4VXAzN0VHUU1INHJP eVBFL2hObXY5aCtwMjJCQWswTmtCZ2sKLS0tIGZIUm9ZN1ZCNGVTd005dVByZGJy
dXcyc3VhTmdtU2hSYWdoejRnSjBtZEUK+CGIibI1pb+E/avsd54tzxz7XgYT96SR VjIyeVhrWGZERlJUZThEek1yMHVGT0UKYq5IJ/0L1icfv7x/rmtdPSeZOCFoK3WS
NDMDTPVlV/WQ9A+kT3BZ6x26zq7RLwjaRoQUK63CtSsTqeZsxDfsow== aieE+Di+GljYWaukmT+oL0Sz2ro8f3PdiPIUlz1LTRpMZa4G4RLzvw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age198c9udn09u87zje4ctz4j8d2k5ey5kvgl34nfn573e9csx9mcs3q7a6q2u - recipient: age198c9udn09u87zje4ctz4j8d2k5ey5kvgl34nfn573e9csx9mcs3q7a6q2u
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4TlRKU29obGZYcWd6Y0Vm YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqZGtIeFRFSFgxOHJpTCsz
OXBhNFBqRWxCVnB1R0VSczg1Mm9vRjd2ajBJCnk5bXNMZ0RTVUxQVER1YTZsYWp5 Rk55aDZqVDI5c3F5RHRPd0RHK2lrYXpaY1R3CmowV1gyUlU3T3QrL0NSK3hGZStH
aEU3ZitLYVByL2xyUFBUZlUzWU1odlUKLS0tIDRlZkhCaHlLODV5ZUZ1RmtQNjNu dnJ4Y1dCVG9KRTdkelpBS0tRN3BrT2MKLS0tIGNHRjNEcUpobDhQcDEvcVNDMVFR
REtwTEFReXJEa3R0bmJrRWxqRTV0U0UKMp7vXi3q2DdqMterWiJzeGXgBkKL+hPQ NjY1dHd5dGd6MzJpS1ZBOEtlMzQyRXMKcnQnLEv9sGFnRlde4Y2cEPXKtNwZYJSL
u3otfcmxTcVGZXa/ykNqhUtrzrxn5aRcANKpX8Pb7VnKDELowaR9Dg== lj9ScEQarqXOc0gwkGPjH9lXpiJM3tGtsZ7cmymdkTbXXWUv/kEKvw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1nsuxsnf64mcfgnggy5ehuqk3egp0rea3ldzst0f66full7ap7ews5eg46s - recipient: age1nsuxsnf64mcfgnggy5ehuqk3egp0rea3ldzst0f66full7ap7ews5eg46s
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOM3lXWmVjME1rc3ZXSi9G YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtcFNtcDc5dStxUFltYlBl
NnY0QWdVTitXK1VxSDA4N2grMnZWdkM0dkdRCmFvdk4xcldwaGFwcVpCS2pML0dN a1pxdHBFaGc2dnEzazhzYUxyMDhyVVhmajNNCndDdnpiMVNEWUdpa2dTaE5jdDlU
WjVnOG9PSUZmczhkSCtIVzdwenVTVjQKLS0tIGhoTTlxREFTWG82VTMvak0zdDhi aGFrZkc0Zlh5aEFiVDdBS1AxNEsrckUKLS0tIDhwVFhUTzNmWWpMM2pWQVlJZEVG
eW9RdVlKTEJuSDF4Tkh2UVpjSEYyMmsKPpXIB72BdEM9ZRF/mGlaatvtfP1ud2VR bU03Y01vWGxVNVFaKzl5L01jeG9ZNGMKijKMj/TwNN09F/bHl6lGIRYEnXN/EMYn
rA+Kpog69J7l5mcoAWs+Y1H7h8817FyI5FZhZQ4v1T8cgXgYyX58AQ== AbI4UnnChp3X/63MpBey44YYMp0OX2c4nJU7ZTXN4x3xE0/F7XS6yw==
-----END AGE ENCRYPTED FILE-----
- recipient: age13xddcc3njv29sxzfdx2rjctaejhsxr5rephruga7vjrvjclcapuqnwx52t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bC9pR0p0M2dJNFNNazRm
SkIxbXNjeVUxSUJwc3pkZml5ZzNPZVFwUlJVClgxRDlyYm55ZjFCcTZsYWlhZGRo
eFZBQnlaMitWZk13WVh1eGJ1RFl6dVkKLS0tIDJFa3g4dlZ2R1YrQy9Md0I3VXdZ
dFNleEJCL0dva2s5NjNIK3FBN0FiZ0kKg0BYxxDULQRIYbgP8ihBS+caRo3eHux5
5lrVX45YSYYFDPJZJV2ahV+qJglR1x1Ixvm7GaBolC91/MsVd9r6Og==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-31T06:49:34Z" lastmodified: "2024-03-31T06:49:34Z"
mac: ENC[AES256_GCM,data:1bMWUaJdcUfHknidzCUTcAdweOZhGlBKq20mF/kjWJ1uR7AvGax9Vr/1cMVDDCfAkS5hOGo47oHqGDooTk2eATGVM0ilO/yO3jxCsV+qUsmunbpb5LKOaYLR4tw4Fb863tsCmy87LefTRHPudtQfNhZ4EwGgh0jKfUvcG/5L3tE=,iv:wR2QVuNGcj0ltqzizx6AB5NIbfawWeHs4p0k0jJFpUI=,tag:Ho3mGPWthbJgdSAtNNw+sA==,type:str] mac: ENC[AES256_GCM,data:1bMWUaJdcUfHknidzCUTcAdweOZhGlBKq20mF/kjWJ1uR7AvGax9Vr/1cMVDDCfAkS5hOGo47oHqGDooTk2eATGVM0ilO/yO3jxCsV+qUsmunbpb5LKOaYLR4tw4Fb863tsCmy87LefTRHPudtQfNhZ4EwGgh0jKfUvcG/5L3tE=,iv:wR2QVuNGcj0ltqzizx6AB5NIbfawWeHs4p0k0jJFpUI=,tag:Ho3mGPWthbJgdSAtNNw+sA==,type:str]

82
tools/onboard-machine.js
View file

@ -1,71 +1,77 @@
import { dirname, resolve, relative } from "path" import { dirname, resolve, relative } from "path";
import { parseDocument, stringify, } from "yaml" import { parseDocument, stringify } from "yaml";
const [, script, name, host] = process.argv const [, script, name, host] = process.argv;
const sopsFilePath = resolve(dirname(script), "../.sops.yaml") const sopsFilePath = resolve(dirname(script), "../.sops.yaml");
const sopsFile = await Bun.file(sopsFilePath).text() const sopsFile = await Bun.file(sopsFilePath).text();
const sopsConfig = parseDocument(sopsFile) const sopsConfig = parseDocument(sopsFile);
// //
// STEP 1: Get the remote key, convert to age key // STEP 1: Get the remote key, convert to age key
// //
const remoteKeyProc = Bun.spawn(`ssh-keyscan -t ed25519 ${host}`.split(" "), { const remoteKeyProc = Bun.spawn(`ssh-keyscan -qt ed25519 ${host}`.split(" "), {
stderr: null, stderr: null,
}) });
const sshToAgeProc = Bun.spawn(["ssh-to-age"], { const sshToAgeProc = Bun.spawn(["ssh-to-age"], {
stdin: await new Response(remoteKeyProc.stdout).arrayBuffer() stdin: await new Response(remoteKeyProc.stdout).arrayBuffer(),
}) });
const ageKey = (await new Response(sshToAgeProc.stdout).text()).trim() const ageKey = (await new Response(sshToAgeProc.stdout).text()).trim();
// //
// STEP 2: Add to keys // STEP 2: Add to keys
// //
const keysNode = sopsConfig.get("keys") const keysNode = sopsConfig.get("keys");
let keys = keysNode.items let keys = keysNode.items;
// remove keynode if it exists // remove keynode if it exists
keys = keys.filter(i => i.anchor !== `m_${name}`) keys = keys.filter((i) => i.anchor !== `m_${name}`);
// create the new key node // create the new key node
const newNode = sopsConfig.createNode(ageKey) const newNode = sopsConfig.createNode(ageKey);
newNode.anchor = `m_${name}` newNode.anchor = `m_${name}`;
keys = [...keys, newNode] keys = [...keys, newNode];
keysNode.items = keys keysNode.items = keys;
sopsConfig.set("keys", keysNode) sopsConfig.set("keys", keysNode);
// //
// STEP 3: Add machine to creation_rules // STEP 3: Add machine to creation_rules
// //
const pathRegex = `secrets/${name}/[^/]+\\.(yaml|json|env|ini)$` const pathRegex = `secrets/${name}/[^/]+\\.(yaml|json|env|ini)$`;
const opsAnchors = keys.filter(i => i.anchor.startsWith("op_")).map(i => sopsConfig.createAlias(i)) const opsAnchors = keys
.filter((i) => i.anchor.startsWith("op_"))
.map((i) => sopsConfig.createAlias(i));
//console.log({opsAnchors}) //console.log({opsAnchors})
const creationRuleTemplate = ({ const creationRuleTemplate = {
path_regex: pathRegex, path_regex: pathRegex,
key_groups: [ key_groups: [
{ {
age: [ age: [...opsAnchors, sopsConfig.createAlias(newNode)],
...opsAnchors, },
sopsConfig.createAlias(newNode) ],
] };
}
]
})
// Remove old creation_rules entry // Remove old creation_rules entry
const creationRules = sopsConfig.get("creation_rules").items.filter(i => i.get("path_regex") !== pathRegex) const creationRules = sopsConfig
.get("creation_rules")
.items.filter((i) => i.get("path_regex") !== pathRegex);
const creationRulesNode = sopsConfig.createNode(creationRules) const creationRulesNode = sopsConfig.createNode(creationRules);
creationRulesNode.add(creationRuleTemplate) creationRulesNode.add(creationRuleTemplate);
sopsConfig.set("creation_rules", creationRulesNode) sopsConfig.set("creation_rules", creationRulesNode);
await Bun.write(sopsFilePath, sopsConfig.toString()) await Bun.write(sopsFilePath, sopsConfig.toString());
console.log(`Finished. Added ${name} with key ${ageKey} to ${relative(dirname(script), sopsFilePath)}.`) console.log(
`Finished. Added ${name} with key ${ageKey} to ${relative(
dirname(script),
sopsFilePath
)}.`
);