From 10c63686ff9c82e6f98c7b39ea116bc0a69542c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 27 Dec 2022 02:24:17 +0100 Subject: [PATCH] Convert to sops --- hosts/jabber/default.nix | 12 +-- hosts/jabber/secrets.yaml | 203 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 209 insertions(+), 6 deletions(-) create mode 100644 hosts/jabber/secrets.yaml diff --git a/hosts/jabber/default.nix b/hosts/jabber/default.nix index e829ca77..09db9a74 100644 --- a/hosts/jabber/default.nix +++ b/hosts/jabber/default.nix @@ -53,12 +53,7 @@ in ]; # DynDNS method dnsProvider = "rfc2136"; - credentialsFile = builtins.toFile "creds" (with c3d2DynDns; '' - RFC2136_NAMESERVER=ns.c3d2.de - RFC2136_TSIG_KEY=${tsigKey} - RFC2136_TSIG_ALGORITHM=${tsigAlg}. - RFC2136_TSIG_SECRET=${tsigSecret} - ''); + credentialsFile = config.sops.secrets."acme/credentials-file".path; # Make keys accessible by putting them in prosody's group inherit (config.services.prosody) group; }; @@ -210,5 +205,10 @@ in ''; }; + sops = { + defaultSopsFile = ./secrets.yaml; + secrets."acme/credentials-file".owner = "root"; + }; + system.stateVersion = "21.05"; } diff --git a/hosts/jabber/secrets.yaml b/hosts/jabber/secrets.yaml new file mode 100644 index 00000000..0f1d8112 --- /dev/null +++ b/hosts/jabber/secrets.yaml @@ -0,0 +1,203 @@ +acme: + credentials-file: ENC[AES256_GCM,data:qr3X373dhIsYZxqbCROXRAF52tCPme3d0h6t5WI5YE0DBHj2RX/215OQdb2wgola+x4h/TnMGrVEGHBXsvpU0zwReFIWpMfJQkwup3eHkDVyDvptpB98DrhoA6nhRzfooOWwubYwdac32QybDa2WgnXtY+54h05DbDxpciqZRh22iz3JtPjnAAhK5hPy+bqHIdqoGs72mmScEgfqYVZ1LYYJ,iv:PELRmoyexdUSpcQ259CbFxNhhdqqe9gD1HpBY4ETm6w=,tag:/puZrWoYb/ligToMhB8uGA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1tnq862ekxepjkes6efr282uj9gtcsqru04s5k0l2enq5djxyt5as0k0c2a + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPK05KT3pGb3NPL3E3cWhy + SGJLNW9aN2tOMTI5azhwdUhVaEZGa0VMaUdBCjFGMlJsZUVqeU1pTmhpbk9yN1Vq + eWNDS3lXZXMxcnVYbFU4Uk04MkRRa3cKLS0tIEllVWJhWG9EYzVRNjFMWHZxbHQ3 + ZzRiRXpkV0hoNjJ5UXhJcFp4djhaU3cKwTFFdJvi70xh3c9D6swUEUY3MebCxcXH + zbs0Flo3QQg/tnti1/fcVw6Zg8k5nNQ0cVc8PFXKDbrb3UiFTLshrw== + -----END AGE ENCRYPTED FILE----- + - recipient: age12aukzah0pt2rck52hwn08kezyxueqz2f49ld7hpyuzmu847vavdqkunn5c + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJV0ZIZXgyQ3ROUjFwb0Z1 + Vmo0a3RSeWxZREV2YUdkQytQaE5oZ2FPYmhRCllVekV5aXVQbUJCeHhJMG1Sa0JR + U2JteS85ZW9COE1YLzh6Y09MK1NnTzgKLS0tIGFOS2dRQXdvVXh5cy83b1hnNDJ3 + Z1N3bmlnSUQ4WU5oTkdoWTVoR0orV1kK63vCzyR3zc7vzeGG1YJDjtOAazznELp9 + Wio0FQTlPyu44OOYzTcowjV/+cd+Jy0dC5jG+7KDoscXy8acHIbTgQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2022-12-27T00:48:33Z" + mac: ENC[AES256_GCM,data:foZWnamhQe0nGL+tliQjoaH5BJZzJl3uyH37mHxKRgGdQoY1T47jLnOcZrSYF6YBEy0YN4K0WJwDKBlCHNKv8x+SPuewOqBZjyONVn1rZZciJPjD/Eb/lP7J4bMroRG44fr8kWAScJR6NxhtuFsMBkRw6IWUJCRqm59WGMOA0nw=,iv:GETpz3YyuAYOue40a8D7jUTDAPv5jV3oVIetsLWy9KM=,tag:Wryo38fdXdfJ4WZ1OLu0fA==,type:str] + pgp: + - created_at: "2022-12-27T00:46:38Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA6j84+xkv3y7ARAA2FvnTgz8GlcLhXDeXZ/WO/PcxnnoPUN9IukXcAPEHlj5 + bTz95wvnajo6AHjsHI6BsCb4UZAhmExcxuBCjlrCcKxqlcrVUgHHcWmVdtobefKA + thtBr1xlkPDzgUdhiCJVg5d5pU13Yr31wDBuRHivlKoDvrI1E2zwxjDGBpUX5Klr + KzMjXLuwnHVdE5ZQOZ2I4jzOoxWEI7g9jcjSrKOh+O16p/K6lda2+QLo6ZYNel+G + H1SUb8aQWcavAAX5hH4NlzsQ7RwYJZC/oZBgG7cUlHkj1lnKfPAfdx5jJaXCRLup + dzkZJruN6S8o1KvR4aY2WG5OKloxSdZeiFEdgnIg/zDWFstYTF9uYCCleDTZNCTW + 3EgPo2BpS6oDpRJKcuJf3DxYa7hiyiH4dIKqU+8Rr6UqPhfyMZJv+8XjtW9oOzQ6 + LAmM+YwFM5TQRElvFWLX0+Z469CP32J4YbgTOY7r6HACwsH2r6gx4AvG1VmqXh0i + XHQhIPTtqvijFlnaQ/LhcwGnTWVzfhyXNGntzSC/yJmcafH3H0n8mT8S/78uA307 + bzN22Sfntk9Z114LBO9hMPITejSjqGUlDYUY8K5ryePwd4f3KZ7N6qyfG102WZD5 + gCeDEuwiW2pR7wwswmTyTKqtM/nSJYjCgzC+S56XajQWAWETVA+FGEgMJYSbZ4TS + XgHn3caeebdEj8QdjoihlIRHWr+WVn+1oUIxf4IycMll+U461YYsS1J+y8RZfXKt + RNzHZkpL1C28/KCDjkjsv+xd8t+gHFtSg2/1mv7uWGcZp8o/f2Aez0q1IRdgnjY= + =SCF5 + -----END PGP MESSAGE----- + fp: A5EE826D645DBE35F9B0993358512AE87A69900F + - created_at: "2022-12-27T00:46:38Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA8zMZ+ak7y/zARAAsbBywQLWu8FrqkftrL68RvmbgTWxPgjaO7tfxLW38+1M + ZTsy0uglPMMcNx3VF+RsQhFn3+rMlgCR6U4vteHvv5OUIjQ4i9Y+cpJgk/NmvBX4 + KPg2xWP7NI2i2zfzv54G0PlpcyGv3ojxotL4rVpSIqQ0fv9XxCTC3OKWPukYGME6 + UB9Zsjcq6JhQ3s1crJ7P7iM+rKe6cdlbWUe+HisJ7yPNYUSKZligxOk70U2f0+40 + xZIo/o7hcBdu1xx1SNsGwCIppeXDmpdKMaQkfewJHvilEVGzb755W0d9qhtgPafV + 9hFEs2ZQ/t/HoHgfVAUPZ0GOeZOD6X1IojtmsI3PcBWInaxxwGhm9msxchtQcDaO + Ova2IwiEyR53Q4LHg13XX1JLqqtuBqbcni7CYwUcR3/aaHotuzaa+M43nsKKSzXr + uyFE/DSj29zsHSLVG0F9vVl6NdCkhMtWtD7f5nIlcgHB5nnVIketda9XxyqkpYIK + Xza79tDRw/N+FFJynWU0nyROyCLd9FoNuunTT09P8qU7BruTz9046ZEW7ifyp7sC + kVXsR81CVJ9YM9nNv233B4CvD78T9UrXqlass3mHo/6ggsxO4ZwB+0cpTXRw5fzr + S0dnkTn6/3aeGE81+4f1fC7xMDmL4U4kV8uufWC+/qCdYlp/gifNIky5oTOD4TrS + XgET6VNBqbItBVG+9OZBObpyaSPWe6ZxckBIDwQXyeTgwp5LkedpeergvbLt7m3B + x7yoGfivWA/Oe9PungbGizd1PvksAyyJqJhgzGk/gl3Anpea6AlsCyXf/YZNrgI= + =LYty + -----END PGP MESSAGE----- + fp: D4E89C6A0A58EE803EF708EFA9B23715F7AA3F1A + - created_at: "2022-12-27T00:46:38Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQEMA45bZkLXmBFpAQgAsElqFNHgEvhNTWOrY2iUiTY/c1MS2ivlbGkqA/RE3VjY + jFGI5V7BbcSHMWqQijp+mzN7QON21XKJJi/VU7NRtLPI2UQ5ZbK7pk/MsDfJA7qH + Vg8f72wz/OdhgSbk+HGiSrSMMrjNiRyEi6d+5iFENBrOrOEa2IDM0KlN3hHjtJat + faaCL6GFVKjED0a7up62oxJeDGWqOCF1w6k5xZ4apKQhqzgDqk2MocNpoLWfZviS + tyPyB1eg0mKSvecv5AZUJ4lyN2dewKwfDb2QcLPwMUtvEsG4wngR0Q/bH6xVGmFx + P3Uyhi2/leqYYsKeh9kOv+FdI+PB15MGCIiFjYDMiNJeAayG55y9UxOLn/8hm0xA + 9Q4i38FQ2o8oGCVieXzIhyLjwT07WJwE6MNuRCAgoSJfeXdGcLU78PIoNuZ6huWy + aARhS3hAxcNlgFez7I/rm6V6LcI2Bzo/iaafGkIARg== + =pXf7 + -----END PGP MESSAGE----- + fp: A4B0F5A80C2E2448A97BEC25BB829C4DECA6CCB9 + - created_at: "2022-12-27T00:46:38Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMAwMCBBrc/JA6ARAAoeHRmg/Q4LIvKNwzl6qsJaiOTWGmK9xd/qXtwB2/hD7M + cRp2AqBjTOEdwWMoZjAhL/tGDILKq0EMfdeYsJQA5dipTzczZtlCY+nACcbXmiLJ + E68pCXmo78EwlmB/TxuX4Z1zOL9qTAH9A/Kqj0fuUHO2AcfLQuHFIAV7SakK5FUh + aBV+25isyc1xglU3/BoW1IesH4adcWbg6XaUbwepILW4V4bbojQ5vsMlHzRsKUJ+ + WIR26MwKZ+DpvMi+oLYV03uuMkJvcpwM4jorFHYKWOIHLDNMo/sOew+amAQsRXzg + nrackfb5+/nfJT2QjaEM/UCy53+u4faFX0chb1+MpjD5gBYjLQ2L5puHKV3DfnBB + 1cQgT8g8RrQkqMqlcissW8D3Q8nv3wJBwjoRKNAO/lC/3oFsqgbmZqi1Ehbx9riY + OIS8Ye046e2RWJrbTzFfRIhBKq/15yykGr1HcWii8+kAkBRYecjgpeo3UZQmf83K + C36khyS6z5OlU+CZqYL/a+ylQ8sIK9Nardo3MjZ/QfI2MOBjBY+Jc7Ak0LztE2UU + zbeBThUAksRG11GN8TVtFrB1lqzrx2yingw4e9R1PiFHgm0PKtwfpEvMm6Rj56Mq + Pdbc6u0RQfu/kOf7eEWhKOcSiNPXJtrxEJXqfy7yummmmRk8HzlMCLo+pVI0XF3S + lQHE5IgXD5AKP+usJj2hzFpV84nblPhyw5wRIw0xyV5OXGo2AE1I2JaBuySM/IPR + 8m0y6N+XbkxgsjXSHIgHZSKRS30eUt0++tVW8NCpA3KziNQW8/oIvgmNUoOrIKP1 + V+8jTLXSvYivnMbVoauLkxDcRrt1MXn80UxjVFc5pq2PAxvLRhjfYOxxj8fSpxCU + obUrj480 + =Ed9s + -----END PGP MESSAGE----- + fp: 4F9F44A64CC2E438979329E1F122F05437696FCE + - created_at: "2022-12-27T00:46:38Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA9XEenRNYVGHARAAjB7jM4iIXVn+UWcu8h9NVVetbNucQoEWwogH3t0Ep+mW + flcNt7w7majYkbHGxhqTKKVCBqW5fnf9BRshp5zpWgxHk/QWdGp6/Yw1sP1pTxaF + d95E5GVyJPDdBxvcyJk41f2qRcBT82DFgsWY3Lz32lyKWx4ydH4NEqOpuPYce+w4 + hWIc9WQBTdk/tkihtpDqTLg+QQAuiY/uaukBVMau/wWRhNY60sLomvQscBtd8H4W + xPo4LDQ59YAn9M9xommdNF2pEZvaaP2IhKLk8Zd7Af+vD65oyCSsMm+ut+RqHq0v + L20iWDu3zOvitQ6gYd8gdJfdFlISgzbzoqVMH642LBkMNGq7pDpDoieskAWxJdWe + ZZZkjOjE84B1p62OKUQqrqZyj6/caIURIF8UvUWVBkV4KAYvTHbwJRl2LCmNpPRQ + UeR/R8UL8TEE+eXs6jLxe5PP1KRy5piiXNLMxodnlLxGRl26/uWZ1wTUCVDctReO + FATsiWY/MPqK/Ekx9e9g1FZhoEe27X/4GoQTA0jiWZ/RBDltWmLImBGmgFGoZll3 + WKzQ5Krt0fQ+8j5jLuZIlYS7jR0NzL/jhQG0zypEaDt6ZodWFbg8sa52OYApBlxz + snhwgVOtSkbj34EPwb3XezmrYsw9lVRsEzFw35LgCN1g59Jr6bf3rdVavIgpLHPS + XgG8mVhecqZtr1i86qQEmG5il5StqbmBpi0ZoqbIFm1Hb1czehykkuRKFXRTvhQX + njcIeWWO7O5i8mqPwtbeYsRqeKZ5wEibNUr2G4eBY807pdv2JuQAf1aVYzW/ULA= + =CabC + -----END PGP MESSAGE----- + fp: 4B12EFA69166CA8C23FC47E49CD3A46248B660CA + - created_at: "2022-12-27T00:46:38Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcBMA/Z87ylQaotQAQf7BESpSsqMx/qNuFAdj8+mF+GDlcuhMvoo8niJTC2KcJOB + f4eeFr7colD9zTj90JlblDnrMvTJlhhULWRNmkW3VMhKzGnblEbnBfPJeG5cFjf8 + warTcR1kMW13GH3P5OO6AvlOR6EqxyMxPByh8X1XE/XcU8Se3ViUptOxGvoT6NG0 + taBBtb1BqwXSm0Nex82QK1rmt+diJY8iOmqPFI0Syu3FxOfF6bNjGdFyy1K0zOBK + I9OobcaeWVhBvK2K9Sc9LfYQK7SMnP1VBiclBmrSg4YgjGwYmJwXAzTOGPHFUKSK + s7WjbLizSXTh5/JA870iz/cnSZBpUAdoUJZ6fi9IY9JRAYlDSBVVwyhUM1ezaOyc + SMLpHrOXSR9boaMa2AnA/mDEALfIDcG0sGzM5UmlOjdDhY08fD+M9Vdjj3C1vjWn + GRDl0HEtvyDDCCgrSF03gPGA + =9HPf + -----END PGP MESSAGE----- + fp: 9EA68B7F21204979645182E4287B083353C3241C + - created_at: "2022-12-27T00:46:38Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA9qJIVK2WMV7ARAAmGbT4e4/nuHE182/WcenZY/vqSfyE03sqw9sYKqZTfAw + ybBsJK2TdBA/Bdyg098Aaxae5wreZK5po1Q1lmpHNK7fREcvhhMETFdmi6vKWx6H + QRrXBRWXoegotQvBR1Rr3vg/WTIrezLvI8vlkzYRzLHCHfmnMBloSTMWoZYwml6X + dVVtPR5ijMLfjFjAJzF59gS3r7HPnnwU5bX+FaMvLtLe/OtYPiJCebFXY82tX5SD + Xn9hr9dcCwKangU92/cnE7fpM8FEm78sMt3t59Rsefw8GY8SazXD9vzKt/KEd/3z + 8YsSDHFOPrsEddL9KQhG7RNEXpxevnSzDQr7/t95D/tGwO07vpL1GzQKZXBEOOb8 + O7AesSkN8/3+JKlzmht6ZRRKPRcoHNjHZD2NC2HNtkrld8UsBmosstZVzc8Y7jhG + +N6t4/N4PtpL7iuSAQV/SxUHDZ7EMNijFs9CQvfy+nN13IAFXYL3ZcaNkbbPwcGW + w5zI/7vPoHdCUD9YXb93GmZsdWg3GI6luJ2WSiDD0WshWcFEVmKTQdw0vIfs+WN+ + ib6wRiP5qyQl7W9VyyhO+ogcLFLUhIW2cb19193uDwr68StJGtf419v6W5sSfOln + 4RIJ4qU8zlMUMHl15fivvX9ILrS70+kFa8pz/334RUCLQw7Eq/l2Xibpg1y6woPS + UQEVnbHnrl+tsEYwrNQamVkiYaKfBXZSmBWKmNZJ8/tsu3/N6yruuYYaPgAKAMfd + 9T+AG9dSzq0N886Px0QLAqEwwbtlxYtpqwQh9ICy/oMhbQ== + =6UYU + -----END PGP MESSAGE----- + fp: 53B26AEDC08246715E15504B236B6291555E8401 + - created_at: "2022-12-27T00:46:38Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA/YLzOYaRIJJARAA2WrEXm1RH/ttIbc2Hh8qIb9EexOT8lg3y8YgjznkQT+t + Qnc7ihM+EkZtvc50H57JF6Cnwz+63NuvMJ9RjRxOVo+c08APBGkkpKIeTJddxKla + NYK/LZzPBM5Mo/caMZnae+2uSZn8avI7Ak/JRKqWtJcJ5GH/FfiLluPl5eJBG57k + j5LLVOSCgTg+MazVVlaYejbsmYQydFYxam38kn4VDQVgCX7aOUFlpWWefrg4Q7/R + sqQ8nC4FNhYnBOYJ33D+JVpewDFKx+5qvET4iZDkwVvPdFkAR7xGwSMEVOoV0EpM + G6suoOyslTeHMVsAsokljJ/ySO2Aht4wIGe/FCJuY9bKhVeXDWc4Rpesx/WGDlj/ + K3k+msB/vPOseWVt6DUJM7IsTgpuca+oxUwFH/KxvUp7V7S86Fx6X3bEUi3/hFGG + 52Iy5Bj2iR54OSyyJhNJa/fk27j01xbwho59yTwzGQJ2/Ys3qvpUvPJOTgF2qfqA + g4mBJ1qUNgUoaoSL2/7v7O2T9njCFZ8AUTNpAIlJx7lcbEYY6MBzJn43F0BTCxLP + cPx930r5Rr0nCPQ55eb82qmkR/Ds1dkz3ufjjBGujNdv/kpUDQOJlRdI5ly9SItZ + NP+NKd7yxzkVPu2iLbmHiwEKbTjCV4kv79vfe0wp7DU/8PyaSZwkYM1AQGSHH2jS + XgEZ05aabTO+JTE+Rp2QV0HVIvcn2U1JkEKUhk3rd3GeZMeXzr6wcMkQdnPJB5XL + Hmor+hfpOV6DMkz8Z7RNKC7HSekXCRvRWdxLMHooaW9V0B+16xYf4BLZ/R0BmjE= + =IjKQ + -----END PGP MESSAGE----- + fp: 91EBE87016391323642A6803B966009D57E69CC6 + - created_at: "2022-12-27T00:46:38Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7zUOKwzpAE7AQ/+NFJHxjRXHnu4stoPvoxHC5/Q9ehUedkCwMeC5TkxdJlk + CX4DGDiKW6eUCE4oVFu31F8pl5FniH785y8pjpRoQAJnXXTcUJdoVlsOEi2a4PLd + nWdjIJNBuNrKVP0pxF+nxKCaPYH55LEnCmYXkNuzS6Y0trVAuanrePdTgv6GxQtV + /k15tcg8BBfM34riLOsG6uDexYlmTHcZbv4v03ggrkSYn6mLtYOxptdiB+h0Oy8K + L+81M1iQ2uHk+AsJN3p+QlEqn52yzh3EXOV3XqiRKlGL4K3xW0fw3vF7Hm20V+gT + 5HEdpZMWeY1qV3UDbQBIof1YrJdja1WmU4pXWX6ASNctEcGZF8hUct2qxZKazm04 + qfDOp23RwmoUACjiDZvUqCb8h1krEKnMhkglADZ73IPA2mgDy6/ezOxTpaM4R0kp + EISjsU+6zUchEljdOzTIP1byZbc7DWaXORvoQINw5KVI3BRT8q+uHej3kekAdIuE + zTOE+vtqYESmu1JCXYjr8HXDPr+lSNdsfUxBtAnGppJT3pweuwE+Lj+ydtGDnT5B + xPec9gHdHswulhm64iYz/Z7mUBnHfZYUaAOKh/CgMGoIX1bIEPLgZASYyV3p0rCN + sxc3P7WSepvWq63Np53dgL3VUa7zR0B6f6+Cnv0cb+w+35V1crwEfMSfyq0DT/3S + UQFqiiFtYCW45KR11/M/qK+Y+RddPAYwMwmko2F51gxT0TlvmhTM0jNihlOEtr8K + axMUOIo5omLao2Rb+wMNTgUhpO4c2KlilJSeH6iMUCFuZg== + =H4Cb + -----END PGP MESSAGE----- + fp: DD0998E6CDF294537FC604F991FA5E5BF9AA901C + unencrypted_suffix: _unencrypted + version: 3.7.3