From c1ca5cc56cf172cfa84351136c62462f0b93b62b Mon Sep 17 00:00:00 2001 From: noe Date: Fri, 22 Dec 2023 19:57:46 -0500 Subject: [PATCH] blueberry: seems sops broke --- nixos/stacks/ps2.live/saerro.nix | 3 +- secrets/blueberry/saerro.env | 17 ----------- secrets/blueberry/saerro.yaml | 48 ++++++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 19 deletions(-) delete mode 100644 secrets/blueberry/saerro.env create mode 100644 secrets/blueberry/saerro.yaml diff --git a/nixos/stacks/ps2.live/saerro.nix b/nixos/stacks/ps2.live/saerro.nix index cc50154..c1ce118 100644 --- a/nixos/stacks/ps2.live/saerro.nix +++ b/nixos/stacks/ps2.live/saerro.nix @@ -13,8 +13,7 @@ in { sops.secrets.saerro = { - sopsFile = ../../../secrets/blueberry/saerro.env; - format = "binary"; + sopsFile = ../../../secrets/blueberry/saerro.yaml; }; virtualisation.oci-containers.containers = { diff --git a/secrets/blueberry/saerro.env b/secrets/blueberry/saerro.env deleted file mode 100644 index 20eb4e0..0000000 --- a/secrets/blueberry/saerro.env +++ /dev/null @@ -1,17 +0,0 @@ -DATABASE_ADDR=ENC[AES256_GCM,data:uKVGdgFJQ+Dgvb7vA3CVvqBaE9MAnPLK3o3T1l5nAZHl/wdZX/Z8IsUDm7EIfI2D6JgtvMQdQtK4apIFZBFmYqXqENk=,iv:iZme5/OLUc40OEW7nejtDdiLKiZIo9KIrlpv4ufHGhU=,tag:XHQnSDCW9kuTwfTBfwFYEg==,type:str] -POSTGRES_PASSWORD=ENC[AES256_GCM,data:MpFGU6oH2PW+l6foh4lDsIWMLeL3qXua,iv:u8uBtWTAlMd2I5ABHENq4ubg4zvZQMEGv/6YMFOV2MI=,tag:+rwFK4IYNRFSj++5sz6ROg==,type:str] -POSTGRES_USER=ENC[AES256_GCM,data:NTiSJUQL9cUssw==,iv:4hUtvz3ZnLPbOdtCGzWM2yCLnF9ZbT4ecWa2d7ECiu4=,tag:F80a9RG8kCxpktEclsslrA==,type:str] -POSTGRES_DB=ENC[AES256_GCM,data:c0dm5LtD,iv:NNnFMZbgWCzGeMyx/QUQqZ3y6jh2KsBr6M8hc8L0JNQ=,tag:XBdXACz+TK2PnAcmzrUxNg==,type:str] -WS_ADDR=ENC[AES256_GCM,data:Eb+ROzhEVxP3KV5QeSbk/qENvpGXCwrEXNqGi9Ht50cAz1ZaaqAaN3DeE6JpnYbSksaZp3OkC4d6bZRa2eW3vT2gl4EoElv5TSU=,iv:/Scergtv3hLDLvVKiqcbVTg9sMBh36lOVVIiQ7keXJ0=,tag:FiAatiiWZeQpziLMnjFSiA==,type:str] -sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmaXJUUGE5OXhzbGduTHM3\nNEhhQnpKVDhUTjQreHY5NGNSeTVrRDZoZzNzCnViRXRYUDN6SHhjSUI0K0hvZ2xP\nQ2hiaHNKaER3ZWRuNUlwS0tOYUsxQVkKLS0tIDlnOERXUkI2MCtqYXovN2tJN2Yr\nVGJlbWRJcEVwS2IrVUNpS0YyWEx1cEEKF2DgTy9jjVHRriaO1unc2DEh9JvotLQB\nhjluI5gc1sNoBGQdjptaKO4vKdwPgnlVobFH4vmiATiCNKmFmlYz8Q==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_0__map_recipient=age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd -sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlRXZmdDRJV0hJMk5xQ1Ra\nZWs4bUNib1ZMeFA4UGM0aGZTQmRoR2d4Z1NJClRPa1ltb3cxbDNrckhwc2hEZ2Qv\ncnFhcUYzdlhPaGZZQ1hUMlErY0VldFEKLS0tIDdaeVhaR01SSzQvVk1LeUdyaHRU\nNXhyUHc0NTNDYVNoem1LTTJpZ2thd1kKkF7s7XNev+FYhGvcMspQ9BuMC8Iy6GBD\nRMTQvh66aIEMUDx2BRJ98u8GIqCuMEsUDtAugVbYCV1TESBYkeVEdg==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_1__map_recipient=age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp -sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDUWorem9mZTBNSGk1OTAz\neFkzVUNveXJNNGlkS1IrcXRESmtnSGdLam1ZCk1tMzFzSG1LZFpRNG5NTVZHOWVC\nUlYrM0xNeU9zOVprd1NpVFNoOFczYWMKLS0tIFJSS0N2NHg4K1plWGNOQUVkQUJB\nbW05R0ZWRXhwNUZ4M2RxRldUOUd2UkkKQAOcQzpihyBEjnZ8n60Z6VVUiEhW7k72\nNUdIfcvx00Kl7u5JejzP4Q6k6r9hVTpapXFZXIA6w65JWexz9HfjfA==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_2__map_recipient=age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9 -sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZXlERkwyRDJwUGNBVUhO\nTkVHOGQzaWVwdjVLLzJac1B0UEVSK1lLamo0CnJENy9VbjFmVllMVE9zRjRpb3Nj\nc21mY3RMZkREZHYxMVNBNDU0UGVqVkEKLS0tIDJ5K2FHb2VNQmRRdzAvREpyem9s\naWIraUJkN0o0UURzMWJLdXl4eFZZYW8KwLEbXRoUg6DkLT8/vSAVj8RV0WkfMEC9\ni2k+1gAaucKNy+wC0I5uTwcjFmlZoUSIiMOyxEv9veigk02aLY+5YA==\n-----END AGE ENCRYPTED FILE-----\n -sops_age__list_3__map_recipient=age12p9lw3zgufcg7qx375t9lwtckzwgj0tkn2pt9uj3tnx9sn3ucqgsf5ctdd -sops_lastmodified=2023-12-23T00:41:49Z -sops_mac=ENC[AES256_GCM,data:9AuqlicT0W3KO8SD0jN2gbtQ8CItY0nKTUIlFwe8g+t4ykiOwGgOFlXeiZNGnv55833bxUTso0/s5jLNFmyAFBFfzmJSXs4/aTw723TE0Yt7dF5y85lPUW0TAAw6SAe0SJcWsB8H5oqGr2ucXO8sRCcHfec9EESm4q91286r2Tc=,iv:Fps/BQZIN2Td32hEmxicA5VrPVoY0Jh1KJuh7xgvD+w=,tag:1WqdjHp8xttrnci0vyNXgg==,type:str] -sops_unencrypted_suffix=_unencrypted -sops_version=3.8.1 diff --git a/secrets/blueberry/saerro.yaml b/secrets/blueberry/saerro.yaml new file mode 100644 index 0000000..888cb5c --- /dev/null +++ b/secrets/blueberry/saerro.yaml @@ -0,0 +1,48 @@ +saerro: ENC[AES256_GCM,data:bRUqepV3pJeW93eFL6zhq8BfVL/xuzltRfnDUAY6rjww/mQJnsv6fd8NNfBSZ88krQWRaPy8mVy3qID0Bmh6AoxWbIR0wkYXjgJ1vRbn4soAdBGDJYksSI+oReb9d82MDiXtQc7G+0XPAylmugj16ENzRXdMma5qisPPx1fMguToTgmIl96Lhr2ZE1FhLGWc5ekQpEIg8lcBWpeFLuSzzyevVXQWgm065qmbE1nFvVx8coriDWjH4ARtdY9yAzyONxz/VL1aK7YROdbjcB15zY36HzW9ZFM1lPGZmAiXy6yJdOAOj7cCDeODctRzes4vW2OIXb3XLi+o9uj5,iv:DpOc0Ywiw9e5n0GHemmaCAlJrfQdTclM8WyOELDPFmQ=,tag:FXWVVlvUO9QYSh/pk7qRFg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1lq5q5g5qjsdcc3key0n6qytkc9z3qx3d3e96ap9zre2aqgvc9ujq82l9hd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXbnVaYzRrTDdvNGhIYkhH + dzRYZU9PR2xiYmxvRnJ5MDRYWUFIUm1scmdzCkRIaG5QOUEwTXF6ZTFNTzMzRCty + WUx6Szh5UTVPZTlGRHo2Vyt6U1JJY1EKLS0tIFV5SENwR1F0SnlTUitkWGovRjJE + YS9hU3hIRnQzbnQrM09Tamdpb0VVbXMKyiXXJ9U7GRxzzEwUIUEn+1imPvQDQ2Ff + UNSy8kvb65bV54hRLCrh5MqHbWZYGbhYdWST99FUPMCXktnuie3Oog== + -----END AGE ENCRYPTED FILE----- + - recipient: age1p0f62dwatt558sf5s4equdqwtg5m7lsnaytrf3xjnvmx3e0lqu4svtugyp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjNFp4YUVaTWR4RnJ6cG41 + SHNMQlpuMTNSN0N6b0RNRVQxTFdHWlZWdjEwCmdlT1d6bzRBV3BKNmlaeXQyOVVS + OUtsM1RtQXRzaFZwZTA0ZTZDZkxTM3cKLS0tIGRHMFkydGZUU0t4U2JMUFR3cEd3 + Zy9yT0xSYUthNXlKbStjNkd3TWZBT3cKu5CnyZDaEbcRi3zF5K6SnI818MZQABWd + 1itM/plrwHP+e2Db33baK41kgevxls+KpTlTGIt9ArDWMPIRL+MENw== + -----END AGE ENCRYPTED FILE----- + - recipient: age13c5wv623jxjja5mjz7fajg9qqwvypzgsfqrs4tmk7rpgyzu7aufs4ul9f9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEU295cHRxKys3OSttckxa + SU5pU2MvSUZ2RDBZaVB3ZnB0YXJ6cXRoekJRClpBTENOKzc2TTh1Y293REZlWi9O + YjhGbThJaXFwNnRMdlgyOEIxMEd5clUKLS0tIG1lbDB1eENFRUhKaFl3KzhDUkFX + akNWb0dIQ2F5NlFCSkMyc21rWW9ETmcKkA4kB7AOJW1LuL22xaI8YyIw0pV7rJPR + Ni43jM6UPU3F7Ans5gd9nKSWTH4FgZ6WkzMLY2hYkmsLVnxSmPPFlw== + -----END AGE ENCRYPTED FILE----- + - recipient: age12p9lw3zgufcg7qx375t9lwtckzwgj0tkn2pt9uj3tnx9sn3ucqgsf5ctdd + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBic29RL0FYTkh3ZkxGSVcv + M09MQ0plVlNKNHRRb3JkaUYxcElnN0N4N2xjCk9ROGhMZE1JNzZSNWFEVnhRR0xq + dk43RWZZWVhjZ3phc3I0RWx2Q25xVFUKLS0tIEtWSFpmazMxalB3TVE0a0ZFd3k4 + NitjYVpjUW1uVkdnMGlNblIxM1ZwUXcKfAj+YqrTkhEnRLJSgnppAyEKLn1/QRsd + NpaTVYEKgcdPW404glwEn+2/tOv0+FrJchCcj++6iN8+uvqFr9mIEQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-12-23T00:56:43Z" + mac: ENC[AES256_GCM,data:pzUx6ZsHw/D94mDwRVnlwLXHVDYJXY/a/kqDGVie65yHXCmt4ih07DZu6D29qqgxIErwcWNFpbmtY/9LM5H1V8pkx6t16JxZ11zq25m1L+czr04yxtAEceVxdKs968CLYYV7ialm+db3T3uPxaoAtoQm1LTBjyY0C4ra04hqvFM=,iv:mTpczT+mgisc5ZTP3dVHe6ErCgx7s2QnzDqyvzt84+Y=,tag:U/sKS+EsfwE+dHgiaeaZaQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1