From 489e173b1b1d6816d9e1ed8523710b07292b0dcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Mon, 15 Apr 2024 23:11:19 +0200 Subject: [PATCH] Fix scrape secrets --- flake.lock | 28 +++--- hosts/scrape/default.nix | 4 +- hosts/scrape/secrets.yaml | 185 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 201 insertions(+), 16 deletions(-) create mode 100644 hosts/scrape/secrets.yaml diff --git a/flake.lock b/flake.lock index 0cfd8595..651ff1ff 100644 --- a/flake.lock +++ b/flake.lock @@ -225,11 +225,11 @@ ] }, "locked": { - "lastModified": 1713152224, - "narHash": "sha256-k1aV06cotPwWO3FW+ho+dEoGjxNM303+UmhiG2o6XPs=", + "lastModified": 1713204594, + "narHash": "sha256-5yyHYBWFZUKXkJvOccPBeX83hH2iED54NLnWs2eWgS0=", "owner": "nix-community", "repo": "disko", - "rev": "bb5ba68ebb73b5ca7996b64e1457fe885891e78e", + "rev": "d51114dc1bf3cfaba2b6644aabd16ff0c9909af5", "type": "github" }, "original": { @@ -599,11 +599,11 @@ "scrapers": { "flake": false, "locked": { - "lastModified": 1693949006, - "narHash": "sha256-ofwDlj+hBXlIH2rrMYjqaJD/OBqpxFAb7hay2BOIHGI=", + "lastModified": 1713211784, + "narHash": "sha256-WeTVBaVN9UZvw7dy8jkH0Vz8zWhcEqFlwqK9R+VYa0k=", "ref": "refs/heads/master", - "rev": "d93045ab74f1a9fbd2a360fd24ca624c7cc2c62f", - "revCount": 70, + "rev": "4bdef3adf8ca8beefc2ebf6a838bb351bf8ca113", + "revCount": 71, "type": "git", "url": "https://gitea.c3d2.de/astro/scrapers.git" }, @@ -622,11 +622,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1713083209, - "narHash": "sha256-edorCQeLfuUVGrtqp0HGJcTNzSJjOXvMFEdhrDZ9M/c=", + "lastModified": 1713201759, + "narHash": "sha256-HzgySE+n7Ri8faGo+uxYdjlCicgVGV0eJT86cWYIvo4=", "owner": "SuperSandro2000", "repo": "nixos-mailserver", - "rev": "ed4320aaebe7550b89a5d17ae8f0979f0111f57d", + "rev": "4bc5bc9bdd0dd5816f24f286415f29e77a10b6e5", "type": "gitlab" }, "original": { @@ -899,11 +899,11 @@ ] }, "locked": { - "lastModified": 1713123078, - "narHash": "sha256-SM74YoSMCbVKEA/LSD/D/VYEa1eTV9EVxfjFt3KJk0o=", + "lastModified": 1713208502, + "narHash": "sha256-x0BpGOWAxIWF7oOa6voXAJv1Q2tJKPhiH8GjKMDas2M=", "ref": "refs/heads/master", - "rev": "753cd1d5f37c5a420fb188f53bdaf8c2b8f43191", - "revCount": 1982, + "rev": "7a83be4be9636e3b027110821a8ca7f21754c257", + "revCount": 1983, "type": "git", "url": "https://gitea.c3d2.de/zentralwerk/network.git" }, diff --git a/hosts/scrape/default.nix b/hosts/scrape/default.nix index cff1f937..d47ed67b 100644 --- a/hosts/scrape/default.nix +++ b/hosts/scrape/default.nix @@ -83,7 +83,7 @@ in { script = "xerox"; host = "xeri.hq.c3d2.de"; userFile = config.sops.secrets."scrape/xeri/user".path; - passwordFile = config.sops.secrets."scrape/xeri/user".path; + passwordFile = config.sops.secrets."scrape/xeri/password".path; }; scrape-roxi = makeService { script = "xerox"; @@ -93,7 +93,7 @@ in { script = "matemat"; host = "matemat.hq.c3d2.de"; userFile = config.sops.secrets."scrape/matemat/user".path; - passwordFile = config.sops.secrets."scrape/matemat/user".path; + passwordFile = config.sops.secrets."scrape/matemat/password".path; }; scrape-impfee = makeService { script = "impfee"; diff --git a/hosts/scrape/secrets.yaml b/hosts/scrape/secrets.yaml new file mode 100644 index 00000000..d20cafb2 --- /dev/null +++ b/hosts/scrape/secrets.yaml @@ -0,0 +1,185 @@ +scrape: + matemat: + user: ENC[AES256_GCM,data:ApTjMg==,iv:GW5r7RKp7bFCKCSz0svezWOovOvSVil2QcDVRZum3n8=,tag:ZELz/h1lpSWJnkxk3hrzrA==,type:str] + password: ENC[AES256_GCM,data:mWp0GQ==,iv:74Kt126u85Mup/hgRXP0txXWpwdL8bsljm437CAQVEI=,tag:BB5qx9XRKLXBO4rBiDsAFg==,type:str] + xeri: + user: ENC[AES256_GCM,data:S8wqkzQ=,iv:X7q4MZd6YvtGOmSSyIk46zJNqUNWMnqlZN5U28+6sAg=,tag:VyQxKFuGvF855/e0dQiPgg==,type:str] + password: ENC[AES256_GCM,data:0CByy8YUzg==,iv:egZ7zNVkgU7S3qlp2TSzWWJgNIYxMavRmYrChsiLfW8=,tag:tMzGmy4QtDkZLXlyuwjlzA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1p60rg45qrzpv2hcfzxl8d8k9afkk7dtrhr98cngeyuhlega83ynssmtx5k + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiSU1uaDhuV0dXV1h5R0pC + SDNtd2hLNDdPT29yTUV0cXJLWmMwKzV6VERzCnpIYmtXOGZjK0dUWnkwNTRrNmZX + SmVJekx3QTNZeHBYRVZRRmFIRlFRRTAKLS0tIGNjM0RVWHB3NGVEd2FIWk83cmwr + R21DUzZqdmx0NVFyUUxncHhFbHFGS0UKfXEJ8xRIgxl6tIYCHdX7lLZrkeMajM9e + ZBRZ3O+MEDoggFFuX+BG9Vgzqnx/VZLqKfV1lPdRTw4MO6FJa3b7Cw== + -----END AGE ENCRYPTED FILE----- + - recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnTGZhVEpDU1NVd3VaVWk4 + WW9XZHA4WktSZ2c5VEZCL0t0amp3MVRBb25rCkpEc25iekVtUkpCNUluQ051aE1k + b0FYbHAxZE9CS0FHNmxTNGFNcnlJMEEKLS0tIEQxWDFvNCtvRlJtUm8wZkkzU0VJ + TENFenF2aXkzdGNIN3RMS2wrVElZTEkKsGGldAOhRoVpCHqwRb3I2HwimFYRKWT0 + YeBqNT5Dy27i5BDuPZwXtMrtcHri6Tm6VPhqDO+nZJN9NPZZYm1Kjw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-04-15T21:12:51Z" + mac: ENC[AES256_GCM,data:YMuDMci1dROUd6Jt7fS6kQVUQL1bsE86Fl9SlCxGWGLhkYMBfWBMSdPU32P6bnalGv/R7MRmMagfKBLbOYNsOSssIqBQVkvdHL+SgO480ffrwlLFJBtxxe55xbtG9wtVGisUT57/YO2/EOB7/SMie3GFgaCw2LZ9vvG+rHm2a2U=,iv:gk0d/6c08Fc4BdWZ3uMsGjt60CpZTFwf7YiL7+KNS2s=,tag:wXNax0sDjFI8MdI+o+QmQA==,type:str] + pgp: + - created_at: "2024-04-15T19:33:46Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA7zUOKwzpAE7ARAAg52rUu9zqY5bp0jU7QMjNfmrrioIC76HdYrFfcHrvFWa + at8F6RS0HjHrqboe25anQHIqs5rR2hmHFbok91238FLE34JDziDxsTzg8y9ZFaAJ + 3fDLJUxtpmqA+pPTp+agiMArSwjBj9zaGwkaZB/RUFxh2AsGuAae1aoH4jrhrczb + PhXaUtA8iTWtPxVG+vnWAHYaW1ETmdi40jMInmxJFYW33tokQQY8QZmMd4yqVLXy + tXv74cw4EFp+G4YV+LZ/PA3naq9UdjO5e1la4Xo5PQt5B7tOhphpCrhLxBQ5Oklq + QT8XprZZBUrHj9eu4XrG/0OldwhruSXtYc+uLJjSytw2omqq6iqkQ4h6BmToCMdu + p+LSNc0s2RCLZtK/j1Q2RRXcsdplzT4vA3n7mb02xYqxyDKtNqDPNjDY3INwgNVj + DRldSCv7NSuKyDanRLOoVQwO7YnhpyMB7jSnNtHqzlGokQXiQiNFy6Jhm+yT2c7R + BZHXG2QxM1Yo0uvsksIgFmlz+3vbPhjU2HiOMu1yF37AT8iEqSRfdhjJ3Rp8PejN + ZWquOqm4WVbSbkzLvcYzfNXyHROwniqi1ej2t66E6kSwMn0WGxDiCuJpMwxvjXNY + BqjTA5psnMGKOsOEBUNfuDbFRZeUK0LMEq0NNmr5d57bXdUB7tyGjz7XiD/48wvS + XgEk4ykHUoQQbVCXibQaK4YBxFWFbwPVmUccAuqm04PiQxM+zNw+j7gIasC4p7a4 + XkMrEMQlR+GbfA8FX9TpHfRDSRNKfGPd9JS4F4J7rRGc5TfLrXnza3qJ+VWIrp0= + =Ah7a + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + - created_at: "2024-04-15T19:33:46Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA6j84+xkv3y7AQ//aSAxvtWOX3F3DpefehuwM1fzdjbWC2KBuTFof5iLBuCQ + AFMZ7eyRw1pc1Pztgf3e5C8T8hioiTZqSycwBCWg5onaYTh60pBU/HpyJ9t/9f+q + A7xXlG3YWG1Dg8iLmmIMIzSXmELl5fnibpr+FJ4h7xLaDU5NoER3FOFGB4UdLpbM + olgekLPvrrRdvntdrDAMtTIOqLiHiTLg5WF37jasLaSfIBaGDJFeNQS4XGjAsujU + XjNzFFdsswzY09AeK5Bea4jt5vubuF02mIwaUG/oNDADCrJg0Ipb5JMY7GPfsrK9 + kSoS5JuPQX8yxCCloyxDY+KwDj/HpaR9NHMPGis4ZUbvekCdwIRf6AU+Ozy9sH11 + TtSN9HIu3vWVJnRZaxsIP1kq0gqWNVLFpzF2Q9CwkxkL5+QTc6Ginq8wdOAoKciJ + lV6WpYYNomhzNb3Fg0tQ+ToxnKYk7mq8Rj9Hk8Y8klyk4CkdakdZOuBY+HsJg6Cs + AW6kxln/6IKufJ+vqJabK7VEA9DDILe6etzrgBXOpIrgv2IkFWqMRiy343O0eIFJ + z1g32Qk4XjgLQjPWFZcAup6BDGa8LrcuQRzR8LLE2Cn6m3l2cPzRfAIXw1JF3I0Q + EJzrYtfxeYJ7uvmfCrP5xxeeu6CS8W9BonVmBwg8uUf7xpWqB9im3rbWwiOno5LS + XgFPFk3GTTJ3epZttrBQb1UCj/qRz6syzCJBhWphZ7IDMHCMwz0ciz85s7+1Zx/s + eN6fGW1/eDmLEFbPcJQaOlIoP2m2quyLm2CV1jDWzICaU5vNwNBqx4bAEO1dUWI= + =pzrL + -----END PGP MESSAGE----- + fp: A5EE826D645DBE35F9B0993358512AE87A69900F + - created_at: "2024-04-15T19:33:46Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DqDJbhoEBo+ISAQdAaNoODKpQSzZlxoH64hqL6PHGvUqW+VW82LHnncGPlWIw + SNhLu1YlZoP5Im/ypPAbBmCLwingTW6nCs86TyFT0yuTckgg9/lG2gR1dp1xGLmt + 1GgBCQIQw4aYzB5FZF+TXerFEznHAZbfLEPslnCdGvbHNY8iVLONIXXL4d0/w/Hd + Pg/61K3sqELrKHJ0WKoLJs1mbVJsMJQZlccrB/nsQgOT6vb/VsvVBjz0Hz2H2jhH + YTa+odDFFyf4/w== + =gnax + -----END PGP MESSAGE----- + fp: 8F79E6CD6434700615867480D11A514F5095BFA8 + - created_at: "2024-04-15T19:33:46Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwMCBBrc/JA6AQ/+MfHuowztzKaPYiztsu5SjjCYRuo7F0Hy8BPTm+pwOVl5 + omTzwKZN3y4ntG/tHKMQWf0eNC5KTYFGzEfrSUkoYYq8S3Sc9NHja/Z9dxaXOdeD + G35K7j5SrarbJ0DqbM5ocY0z6LlXn6pjzb/0sytmS+2lqG8+RV8k5oQoDpoenu9M + 3JgQGONstgUJa7a8+2o81h7hQNyL74UvHts2dzaHCJADePlbbnC1mu/7+SuGcaoc + WXOj9TopgqlkOhfnNFQuDevdwpnyNP3rSnVx5bIdU8exqbLEXRIuPH1x/Je1/d94 + ZP80x3CKu+u6PUexg+9hmva9eqhxBvaCcov8kYSw7fx+3ln6/nocIrjTGtZJhyca + VASrknMDPAwfl/YtpIwSnJzLL48+QAOv0o65eEiKZpVlP+hgHeQa5R8FoYbvb8Az + oGQbsKrDcljHW38OsHZfeblGQgK8h4aq1LtnxDgEpFrOPy8awSzSyUMrLDh7iqI7 + Z8ANEjDOyfoNpzC/076mhKnvdqx4d+ZkqXpc69/abuwem2PK4U9FJg5vrn5X8PDT + XMNiJDDe7vUs/8qXp5KfGrgLMVEJH0yI5rbMmPamsUtluuSOIiSkNcqVgaxTb9gL + vJplfBUrpq0L9y4AZYNQ5tUDiZ2a9g0yg/ZZJi2eE23qBWGhaBrta1OtJ3/C+lPS + kAGDffOrSR8xoIAKzCmMhkFoGfOFMpR07tXSqSnaF0sKQ6cCL8BMXErcpDVKJhWc + QtZL/oL9J3WE6mr+264owKzfDnTZJsLoroTFTYzNZ2+5IYrPhtOgRwfu+YSmOd99 + vAuc1OmWXaKoJYaMoPCkpHTxrWSGdOcm8UKNRG3qGEopN0giOuXj277jlPvFl9rh + Dw== + =Iy0+ + -----END PGP MESSAGE----- + fp: 4F9F44A64CC2E438979329E1F122F05437696FCE + - created_at: "2024-04-15T19:33:46Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA/YLzOYaRIJJAQ/7BZqV4SwzIdBlwXm+9ZA5NTIvLcrmBvensjzIduCtqWHT + l8+SK5Mhh0wTjZI5oppuOqxVjo7pdrq2v92gIowHkIQp7WrR5l2UnMzebjvaAS8M + yOdzuFGUpyJADEvdsJoLzXXOhrbK10wflbLsduSm1nEJGMu79kj8xM3esaN88fjH + PgkmuyBcfQQvArUjxhJ7hKVusJZDhrlyj6XiaQDAF45Is+XctpwLbc8E2t1gbgPI + 8Q43BXHBvfYLoUQkztqP5kFsRe2v5QtKESGIiKurE4JhF0CgSny8n/HLCK1Dg26F + JzfQ1yfmUbd4wEvovqn260sUd00H5WAUg2B6sZIqeo72EizeaA2ElIcWETRT1tqG + FabAkJuqh4doJ+rUCv0LmJmOL4b9Uja7xjcZPtyW4JOnuY6xDTh5YO88XUA6ktsB + 4s3heYYwdUTEB99VrSBI89ooineCPL+d7oRuZwJT/OJKd0Jxtt2cMhJe0xNeNcwX + ILm7kQnzqq2pK0Zx3VsFDlAsqWdMsmrv1GwfCN98MSd3JIcB5JgAbrACjvQNc77N + fqnZ4FQlBSp9rCdgcnb8mahctgf6IvGLUHg8ySj+k7zq410JxfAIYeCaUllyd90q + /QfqfhehMlXWZZN5R0+BoGI8zj16osU7yi51g8n2u4DgvBV6A19nIb7TanTFCyfS + XgH6t33tJcjqCCnwLacoixny6WJy4GBxEtHmogWKNrpiduS642JmBd6LXx9sYWCO + qu+Vhf69wDc5GFfaOZ9tT1Tj8Go5njBiy/fZlDZ8Sa4DHZwnxjPZ6Xf216lKww8= + =V0vD + -----END PGP MESSAGE----- + fp: 91EBE87016391323642A6803B966009D57E69CC6 + - created_at: "2024-04-15T19:33:46Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA9qJIVK2WMV7AQ//UbLwI42i3PdIUgYhIVQlGcLzBIefxdr2JnFudwqa1GOW + ASX46ZqIz+AUUxrmHARpeUZkeju66JbOvYane3LSSggBtgo7UVLIw4L98ag8Rj7P + yNgaE4ugpjH0OJt7WTo9rjIHFiYcFMSRSLn6Jwr+ri5DSKwwUn7x4bPv2XKduo7W + EKXuZ2GSMTvNqiXRhPXNuFapi7XGi06bfp8t0TkFBvBGQj4m8VRWBBqUXaehO9lB + bX9wmJ9HCcTWbRHRKU72Q/rEa44Q2Kakkf+Nwcr2I7e9qrMyYIDIgs5NDY28eMUD + e1Ieu1DIxy8uAKMTK9jDGB3/0+Tl3PLNorjjE0YFOGSgtzClJjbHH16Z+QaRIFL6 + 4Yat+UxptHqla+eJVznBQ/V1Q5YHkFT5PstdnKWK4Qs9NnGw3rul+f9Q+VzOHhgf + zUGg2yPxhrX+sIfTjqQFIMQgAChV/tonu2hjS8ul2v7y3B7udKuo8knCdohkUE1C + I7PRg5HuO+bfLuIB8p7/u6S9D1ZLCgu4JfCU5hQSJNofJD0NuRUXtysw7sR+oyXB + ti3QltJveCCduz7/Qmor2QrU8EvHguI/MTT6M7bhNjh9W/5M4gxyoSvQafHM825C + gwM2BdTbZ4sRz4LRRtW9fUAlV+ILJZ56yhQVVdQ1CWwUQXxbu0caeBxnchdXDoDS + XgHREHC7hYgOjrAJtC59DKUiugV+Mx7FY51/4pD6xvjUoYX2iRwrk1k0irVyqq4J + d8xNX5/zYAyzKIzPrjOC1DKDVVveLbxDeRiVTMhZm+Buk5pP1f0s3H6EV4ydKQk= + =ZMLo + -----END PGP MESSAGE----- + fp: 53B26AEDC08246715E15504B236B6291555E8401 + - created_at: "2024-04-15T19:33:46Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA9XEenRNYVGHARAA1pYvIYefAJF95cIcB3tqOwMCWfCnpVa1Xp8HxxoJ1HMk + i/IhIzK+Fg/nhF/Z90Zmr/YQNtojC4BQ3gSdU0mN0i9nuYRSK6rR86me9T4F+u+8 + pOJ9qfhBwaRkRPFEodfOaaaJmm6DJOOMwdb0lqB3vlaK5iW/nAi18YpaSEhPz3fL + GXQ62ralUrGKGxrpm6nYGO5bGmOzuRIqraLsouFuOJkHVjMGWVDdbUs7g/0s46y6 + nJbJ4ihfDhNc+NNk9A0Iv+vZb2goKKjFah1Y/hOLOTZITDajP4jRSuvGvP1pMNmV + BbBel2PvoPfGpFommG0QRtEmc9VfXy3TnuSOOrC0BZooDyLSb8HMt1cmeX9t4bOL + lJLlD1/SzP6IGw+X2HmCakRCVW42NDWbOPuHj+YRSMsP95OEGSTVTSus2UJB33f3 + A6pbnc2NVDJpsNDZFrhajhrt2TH4dFBiWCKREGeDWxm6XJOXeLX9Zm1vVtM6HtYy + 9j47vB2T+GvTdnWXKbU1fL/x6jFWEwZJV0sXRp6HCez4pOt+Ki5wAN3/ZdEFaD8O + LGgRm9Zui7qqx0lXQv3HIFOpGawhwroUl1BO4yec+wm+IpFW25f+TdhmxDIG7Js0 + TU3Vfj0hPnsRjwmmbm/mImtY0Bz5ch2VosV+9sqn2ehzFu7AifKi/yzu3kYcqs3S + XgGLN8npMBxBg/cevoiAq9Qkn1RXhko2FhH9hxazTvjzdJ65UiUZ9suFfAXPOsMw + i6l64MaF31TAVIpJaCPIjsx39NIsG7dn2oBhbpv+xc0W0xBsuzMj8spe5ToakEg= + =/76w + -----END PGP MESSAGE----- + fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA + - created_at: "2024-04-15T19:33:46Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA45bZkLXmBFpAQgAmkXZJVHiyEkgLimBwLLQf1zhxd90N9CfJDOt6WMO+3rc + S78RCYhaQZyt5AEbX1VJZiqyJCrSItcoY6GNasSarYT1EWsbLGQ8XD3P46eGeMVP + 3clQqvt0hc7T3y+TZvjqTYDb7/ype77ELl7VyQRPqNI2e3VHcdvmziLJfTUniqoZ + bc/fs2EKRz312WhzN568fqQMck4wdkGrip2sfusCvkxzSMmE6faC1OVacKXlIFLh + RWK2nuzK3oEqS3Tak9CYBsF3mO7jBpMg6WOychiaSkqVeaMiBq0ztlBVDNewlwye + WTM5AFgPFR0jX0R9nefoksxlw0wrrBQ4t67ymLnCydJeAcleGr35GpT9WT3ecFZu + +A7aqU1b+t6rLUJVABtpsrEpYvKcRWimn+dZ3elw2b/n46XFN1isGFk+RalpDpDE + b84B1kYvwYQatDuLeOYr72PttJZtqKp6FWny+jIGqA== + =12or + -----END PGP MESSAGE----- + fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9 + unencrypted_suffix: _unencrypted + version: 3.8.1