diff --git a/.sops.yaml b/.sops.yaml index 7afe6954..95b05f2d 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -2,6 +2,10 @@ creation_rules: - path_regex: hosts/common/secrets.* key_groups: - age: + # bifrost + - age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9 + # niflheim + - age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9 # carbon - age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7 # altdesk @@ -11,7 +15,23 @@ creation_rules: # alapshin-at-carbon - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09 # alapshin-at-altdesk - - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l + - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l + # alapshin-at-desktop + - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e + + - path_regex: hosts/personal/secrets.* + key_groups: + - age: + # carbon + - age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7 + # altdesk + - age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca + # desktop + - age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge + # alapshin-at-carbon + - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09 + # alapshin-at-altdesk + - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l # alapshin-at-desktop - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e @@ -65,6 +85,6 @@ creation_rules: # alapshin-at-carbon - age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09 # alapshin-at-altdesk - - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l + - age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l # alapshin-at-desktop - age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e diff --git a/hosts/carbon/backup.nix b/hosts/carbon/backup.nix index 09f498d5..0f89625a 100644 --- a/hosts/carbon/backup.nix +++ b/hosts/carbon/backup.nix @@ -2,9 +2,10 @@ { sops.secrets = { "borg/passphrase" = { - sopsFile = lib.mkForce ./secrets/borg/passphrase.yaml; + sopsFile = ./secrets/borg/passphrase.yaml; }; }; + services.borgbackup.jobs = { default = { paths = [ diff --git a/hosts/common/backup.nix b/hosts/common/backup.nix index 491e21c6..127f08b0 100644 --- a/hosts/common/backup.nix +++ b/hosts/common/backup.nix @@ -24,7 +24,7 @@ in }; }; - services.borgbackup.jobs = { + services.borgbackup.jobs = lib.mkDefault { ${jobname} = { repo = "ssh://${user}@${host}:23/./borgbackup/${hostname}"; paths = [ ]; diff --git a/hosts/common/default.nix b/hosts/common/default.nix index ea2af2b6..af6a1f1d 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -12,7 +12,6 @@ ./secrets.nix ./services.nix ./networking.nix - ./xray-client.nix ]; boot = { diff --git a/hosts/common/secrets.yaml b/hosts/common/secrets.yaml index 3a414bf4..e69de29b 100644 --- a/hosts/common/secrets.yaml +++ b/hosts/common/secrets.yaml @@ -1,70 +0,0 @@ -xray: - vless_user_id: ENC[AES256_GCM,data:nmmmjCS5JJwymFEC3TyfSfQhMwPvKrtmUjpjis6LqE48gBMI,iv:WHAFqA/T5Ukn6pIwQjhXQ+mGkOFMvi4Q0svOkROXVV4=,tag:Caq9+VhUF8sHEVEErgaFdw==,type:str] - vless_public_key: ENC[AES256_GCM,data:3tzJjJhPShm8dfYYIMUL2czAflzEiENc8zIrcShX+/DT13tEl+Du6+KgdA==,iv:zlS+PDpiFgvMONEXtDMZc005wyAG0H5zcPoxqAzzneI=,tag:ND0yLEKGbyFIva0jZvU9pg==,type:str] - vless_private_key: ENC[AES256_GCM,data:0ikHI3IFsmUmH+QdbyC8REL3FB/vvdYk2r71dfi7oLkLYSFdFSvPWBzC0A==,iv:gG5m45NEBpUbmfQj3Saeu1KyH97PQOLc8n3fTtzzFho=,tag:LFjyfi/fwFPcbO0I8C43DQ==,type:str] - shadowsocks_password: ENC[AES256_GCM,data:FxtDPmaeGlS7N0w7Az6QodQ554T8a9Xy,iv:ovw08lv66Ah9oyHaXV5VCpKyOmtJIsYAExMMbQ2xmh4=,tag:uZTmosgtRFAb8wXsx5B3GQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkSm9zZDg4cnpTbjRYV2c3 - VmxwbWdlMGxlamk2QzhqMjZscE9SWDlGOGpVCnllSjlwdE96TVZFR0FYVlhmaFRw - SEJkYy9JQjVFZlF6REh4alQ1Sy8yYUUKLS0tIGNFN2hoR1MzdjlBNDNpZlJqdFBp - MnpibXpUOEVBZ0F3ek1rZjRST2ZlQmcKnxPs5j788ATDk3fSPCJA4kRlkLqywmXV - eoe5voOK1ukAToWZmYDK0Af0w7dcqtGoXD6BQlStjQqrPyhL7pnVhg== - -----END AGE ENCRYPTED FILE----- - - recipient: age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBR21hc2FyT0pNaUtPMlZJ - SyttNnB5NkxFdGgvTEx1T3FuSENCYXZXNEUwCnkwczkzR3JNQTdoSnhLK0c3ajBP - VzQ1U1lhUVY1N2xRZ2xMMnc3aU5mSjQKLS0tIG52R0NZVTFwWjlpNmM0NytsMnJO - Vi9MbW1aOWN6b3UrMEtMZEVNR2xCeDAKxq/X+njL7GLXoT0F6mFD1QeakmJPj0lF - QLz8+2Cf7ah3x2JHcRNZTCDFEHFPC/2bify7PMuMsdgmGvkTAMU7dQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmYld2d3VueTlDK0lrNER5 - N3FoUUJSSGV3RFhLM0NsNDNCNW5Ua0Y1NTNzCm95QXJoUHlkUHBuRWFjc1VxY3ZS - Z3E4dkZmZk5RTVhGOHBiemRLZVJxSjAKLS0tIGg0aGtSeGNxWG85TUZseFU5WU5M - Y0RMMjdleEhheEg5bTBFWXNNbnFxZ3cKFdgBkuyALNFciWfLD7m5xhf5g+xdtENL - RipkMD0sQMs5NzItlB1K+dDJj12Io6Foj1S1D6pnLWt9ksGUa4sCdg== - -----END AGE ENCRYPTED FILE----- - - recipient: age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZHZVVE1RY2ZsSFRxeFh5 - V3kvV1VKc0poWlRTamhQM3VoVUIzdEdYWUhrCkZlTEdrTjUxTWVUYS9QL09EWit6 - Mm9aRGpkaXdmVXhzaVZoUGk0dzRjbTgKLS0tIElJNklpWnduL3VaVWtNenMxNXVB - SFNrRnlLdVI0Rnh5UnNiTjVQNTFmSG8Ktj1Minv/5bAAgJNLHJXTS0bVo0oyTqCZ - fSro/ii89r9aVG5ueyXOYZ1FZk+ORJJbjFBzu1MjG9wkuht27SuKIA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBER0Zyd1YvYVFzdkQrUFBo - eFZRQ3VYdTZrR01mZTY2SHNiNVpuRGcyVWd3CmEwVkdIRUd3U2Mxd0EvOExnUGFB - R1oxeUZNcDQ0dk5pelE3MVVrNnphV0kKLS0tIDRTRGF2WkdzWFVMdE9MKzVWQWFh - UG4rL3NuSlkwRk9oK3BVSkRDVGM3R28KdCEiwB40NjKa0MPlaa9Z83wtlQrGqH6y - RaF+Nj2HeNIL9oZCj+hVGUtlnEOtXFp3tITYIf4X0LDQbqijCqJZLA== - -----END AGE ENCRYPTED FILE----- - - recipient: age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBieXFXcGNDKzFWM0lReUIz - QlFTWHl5RVVaeUJvcGFSZkFUWnlJSnFMb1VzCitqVVRleE9qdWM0ejhFSTJ0aHJY - enlxOXRmeTdTN3cvc1Q2UWw0TnN4REUKLS0tIHF6b1FqYVl0NnRMUzRkMWxvTFVZ - UzRPMTZydm04elNXVlNSR3VLVGhSbjAKjF547zdKTCQwgXq4orgVY2p2zmWnH8cm - pgKV9i1QSXcBexe+DdAIZaY/VdPtl1n4eDBAZgAEM+efB5L1RICWvQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-19T19:48:00Z" - mac: ENC[AES256_GCM,data:vCSC+9LpA88DRmn9+pzRYa4Jy6MwlJxQ8VyN+Hb2Zq2MkjuwdkfKOJCiW8rbKJDJAKAQEXNuKf5F+GdPnROm8X/YeLIWz4hHGcYYgRCi2edpVRZ5IopPiVTbfnEilZroItPHLhZ4175F4ISfFIBgHWNZr++mmAJxxrFhDcSvvno=,iv:h5IrehHL4CZk3o2cLFIKRDb6Z2irtx1zoCA0vALNcyg=,tag:Pl71Yizx1S6dToRoPssF7A==,type:str] - pgp: [] - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/hosts/common/secrets/borg/borg_ed25519 b/hosts/common/secrets/borg/borg_ed25519 index d496dcfb..0a0fa424 100644 --- a/hosts/common/secrets/borg/borg_ed25519 +++ b/hosts/common/secrets/borg/borg_ed25519 @@ -6,29 +6,33 @@ "azure_kv": null, "hc_vault": null, "age": [ + { + "recipient": "age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdDRRTHhxdFlkd0xid1Y0\nb1ZiVmFCK0duU3g2NXJzdE5rVytFTWgySWdzCmt5Mk1VbktZWmF1azUrV2ExaDFk\nTnJZNHhWSy93dTZ4dUczRjU4ay9zbUEKLS0tIEdkV1JaQlRORXpPcUNWd0xTeW5O\nNTVWMSs5MXVIL2NxVEh1dHM4eFFjOVEKJamDaXZSlD/UZxEbYDDs/lJfVp/69S4y\n/unWWDMw57eWdmoZzuS2pd6pOwDoCkCsGpMJo6c/WAUUNB8zA8oyxw==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArNEdyZ1Mrd1NyU0dpWTRQ\nS0FxTTlZTDZTQ2xydnptaG5sdFplK0hTbkN3CmwwamVQV1JvU1ErZFVhWU5EMjZS\nYi9PMFlIS3FpY1VQdnB6aGhJeXpkaEUKLS0tIDJMVUowS1EwaDFoY2hNYm04c1RV\nVFVxK1I3WUgxdTIwZ25PemQyQ2ZzTlEKIXyNAMm+CFO4f3C9dcrRFfnXN853SxUv\nSBV4AuyZzUUhxh79y+AMT3QRDEVMmyr04ka6qrpCdqUG0IIFNZAJZw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzc0I5NkhzRURiOG1XT0lz\nR25YNXByS1Q2TmcvZjlQR1FZSU1YYVo3Z3lvCmluK2psdGJ0R0EwMHdWOTJoSU9M\nUStpemsrV2taQjRJaGloWnNoSjhBd2sKLS0tIEN3RHg5VitmaWdOU1hQSnB4UTUy\nVkxIZGYxcVVGckxDcDJaRm9yZTl6UlUKAdTkmqZuNceOEglFNnD9Xn+KR5Q/cvw7\nTK/57SBmtQKMk8CigFTm/H6VirRD3wxe96Mx8mKKeYQtM1GYuCLhZQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKL1J5TGtUb1psL1N3SzMv\nai9vV0QvRjFsak9sSXlxd2tCRE1jZjIraFJFClY1dUg0bFVRZDQyZm84UHBYS3Qy\nV1Rpd05TR2hGbnJTdjkzdk9iSSs0c0UKLS0tIEl3K2c1ZGFKSDgzSlJtaTRuT0lx\nbmtsTTYvd2s5NTB3WlU3S1dZdnhlOUkKUQw43DF+q0kW4218Qa/tMphOrq0Xg/HI\npzR8ti6WG55xv0YHOofD0xDHqY2YRDwWp3fVBJeWKrtqVblh4/37Zw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZC91L0xjYmgwQS91Sk5n\nb2wxMkxQbGwrNGdRWmozb2YzMWd4T0pUQVhFCmJWbGN3YmtlT2ErbW9LYmJ1UitQ\nU2RHTnZiSkw5ZFM2b1puMy9SMzk0TGcKLS0tIGRwLzdOaUZXUGJWbDZHQldxM2lz\nLzUwTHEwUzFwOFpFR2RuV2Q1UklhRncKr5CAeclwQM57Sjc0YdZUeSEs1/DeP9JV\n64Mp04MpQQoAqWhVZIRr/nHo6RfKj5f7trlYSaktOY94FaW9pVRIFg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJL0d4Q25vVVBpS0hoSHIw\nWEJaeEVzWTRqcyt2Mm5PZ2RGY0NLYzVSTmc0CjVIUU5XQ2tka0MyOG1ObUF4dmRO\nNThmNnhNQXpRYzI5MmNEaVo1QmF5YTAKLS0tIFJXYjdOd2ZoSGRnYWIzUElmTUV6\nckhMWm9vNTdHdlkzUVNLcW5CcCs0b28KqglxUebpHD8xyMvvmMtH41XG9iwYd/R+\nE6CeiFbtg20ePVUj58cKk00/+L5GC81XxrPCjXflRRWwvJ9lffrA6w==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjUjB4dVZLMUx4cHg2OFFX\nZ2lxTlZmdWJ0N2hoMmJ5U3dPZm5QNWZRSXk0ClR1Z3RqY3V3VG1FT3Z4T1UxYVRY\nRDV0aUZqVmRlcDlNb3FwWURKaEg5dEkKLS0tICtxekp0Z3ZmUklaRmg1MFIxZTBX\ncnRiUWRWQ2crUDdmWEhFSVd0OFZLSUUKlbkSouCRKU4rrwijJxt+WL+JNBwsVE01\nrw6Asp3ww85XHUh0PPohsb5xJv3mEdBGIDyvaBvG9E6f2VkC/sUHRg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOU2hwTjZ6K3BrQWFsRlhN\nMWRpK3h5K1orM0FnTmNKMmhjWEZ2b0RERzFzCnFHaWU1ZE5WZE9rd3ZDMnN2dUtS\naWpadVBIMmQ0RTlVeGFjaE5XcWlIQmcKLS0tIEkxYnNrRnBOZmFpSXZxaVRmNkFa\nMkVyZ3FEaUlucEpPSzVsbGFIWHJ2ZjgKIa4tV4F2JblJSrMrIVVbEl+tFvXzoIDE\nNrYMec9pMj437wrkDgtiqtF4mvQY2D+ObXfnsUxal4jF8oD8e6QkbA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1bjkwaWFEeGl0YzFlaUw1\nVUNLbngzak1LZHlpcHRSZTdLMUdRTUtnQ0dZCkwwaUVmZFUxVHlhdlJwTDhJbDJp\nM3FZRjhRY24vV2dNMkhwYzcwSkpOSHMKLS0tIHA1V0tqdGxZWHhzODVaWTdhY3pu\nanRzNVA5QU40bEZ1QkVYdy80UWF3VjgKN+lNuBHeWFnVK+trmO2MOYWYmApPJa9X\n4Ua84bpOuU6bN8djuB9HxYlKXNReaeABzQNwfTu1w+VS1Ij4gfRaqw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSdWQyU3YveU82RkEzUTNN\nU2RnY2xVdGRCaGR3eFRRRkU0K3NYUmlreXk4ClhsVlcxUTlJN3lCM3N5eFBsb0xt\nQjJtMWJ2U0RsZFlOK3VKUUhSVUxadVkKLS0tIE5NdVdmYmtNK2M3VFRUYWxSejl3\nQ2hNK1U5eVg1SFRHZHZLRVFaQU1UVXMKbdQ01LgHtlt283cgc9feIsfYX/lWefml\nN5pLe+OP1w8adU//Vb6mNHxAaUMOisAEAWUaEDsnVQyd4+NQPjvydw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArSTJhUUxlN2NRRWdERE9E\nQVdsOHloRjlmbWlMUjFTODErcjVvYnlJalVFCmY4SFpSTXU0TWpaM0Z5RTcxZ2Ez\nV3l0WnNFNC9aaGVSN3NDTno5a0I3OG8KLS0tIGZtWW0rZXlmdkZYS21zVUVFcTBB\nU1h4NVkwOG82TFR6OVFGSk5SSFZvZ1EKz7x1GssOJaHUmQR0jK1nuEyYCB6TdE1x\nhvAkNNmO9B037ttowuZZyLIqfNO0aJnHLjLfCvHzfD6OsR8XilFvNw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwZW5CSnFnWHRrRlNGVGJH\nSTc1R1ZobEtRY0ZsbHl3UE85cW84MHJURUVvCjZ5cUtQSHFOYVF6aE5KV210QnEz\ncjFVZnNiT3RTeG83ZXRDWENvV3R1UVkKLS0tIENzLzZIdFdMVW5ZQVNhZTY0MFlE\nZXNxQTdZOWpZMUxoWWVmM043Q2xtaEUK9UJXYZKmQE4/nLhmcp0ucdzu61+0Mmot\nrJQvHhAj3hJ1tDd4CnJvsgeQ0N3lYEo2tgUXAkS4f/xjGpN4ZQtCrA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxRytXM3RvSXc1SVpMMXlV\nQTQ3YWVLdzFrejltM2M1UGFmdjVOdG5Ub2tjCmVSNlFkMk81STNDTVlIUSttQzZK\nM1VncCt1amtDSWRNMkxiNllYdEFKQjgKLS0tIFMxQkI4RGx2UkN1WXM5eHg1aXd0\nVzB6cWpjMHNORFVEbVBsS1d2QS9zZ0EKLrcCuJbgN/rF9WF14huPl1kSCjoYgVXA\ne+6hDL6Vq9mcXCoNmqjOgkO2KxBaMwuuT7NhXyQsxXXWjNWDL/UONw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2022-08-03T10:59:34Z", diff --git a/hosts/common/secrets/borg/borg_ed25519.pub b/hosts/common/secrets/borg/borg_ed25519.pub index 8ca3dd39..fcf1e300 100644 --- a/hosts/common/secrets/borg/borg_ed25519.pub +++ b/hosts/common/secrets/borg/borg_ed25519.pub @@ -6,29 +6,33 @@ "azure_kv": null, "hc_vault": null, "age": [ + { + "recipient": "age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0YU0vY1BmYnFMTDlzSzB5\namdzdWdmUytwUkNNZXVZLzBFTEMxL3NsdGdvCnRtK0FMWGo1UVJrZlNCMXF1REx5\nQlJjbEMrQmlxY053NHlNNGplaGtKZGcKLS0tIFc0Qyt0dWpCbWFaUDl2ZGVjU2hq\nRVp6ZGZOeGF4ajlIQm9nSGlxT0Nnc0kKSglv3vUrM5KHMGqxtocBsgOLzuZhSAXY\nHdeKtwJxy3cVWQmU9rouqVzR6Vin1lfv9EYUPsWv04wyxZVaZbN7Qw==\n-----END AGE ENCRYPTED FILE-----\n" + }, { "recipient": "age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjMjZWZ0svdWdOVHliQzY4\nbGFKdlpHQ1NmL00vOEtLMFhQa1ZIUlRSVmdrClptM2I2dGx6WmdmcFhvZlhBM3Q4\naUE0MSs5MlNLVHdzeUJ0Tzc0NEUxcVEKLS0tIEdJZ09BMktTcXl0UTl6MmFxdVNC\nd2xkTWJTOTFDcE9JK21Oa1hxZVB1cUEKO/7rP6Mrz+jxpmOv8DY1D8/FfYUjL0Ir\ngpch6q21dAOfg/MRQxd3ZERoiAh0wcS1XR15Kr+A+NraaAvlYTIBXQ==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJbDhCdkpmalNkZ1F1L0tz\nVXBqTm1MREhsWmMyMk55NEc4VlRtRVNTaW1NClk5UmRndlRqVUFtZnFZQUJKbEty\nRFBXRTN5RzNLZEZSMUI2QmZGalhpK3MKLS0tIFJtUVBwSWk3Yjk1NGVXb2FBWXEx\nZFFCOXNlckJ5TDhRbFpOdjM2V3UyKzQK+TsxrEpPzzQkZrbiOafcjKQyk4n2Uas5\ng89zrevoJxDSpU0Rw/AN2TqTl90fGFyAEkpz6Ksbk7g3XmTBo3jtoQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeDY0WjArVDV4YldGak5r\nYWdnTktJTkJCdVJlclJBd1NPSEpxcDdHeW1FCkgzSUNmejd1cGlWY0hqRk5ZZ2pu\nUnoyTlBmaU54UE1yVWJaemYrU2VVTVUKLS0tIHhaLzh5SUFLblVWVkl2MDlXcWZY\nanVTcDRLa0tSTXllRFVUZlM0ZTN2bFEKUDADnp3Pxr4Ah9GNdpffb4WPnfM10Zk8\nqfcgKQRQfEp7MwPlhy/qrVM7STnVN4ln9rFkQ34ZXDG1NVMglhkxqw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Z2crUlUwTGk3WXc2cGEv\na0hmdzBOd0dGZWhlNGVybjc0UXQ0aXpRVmpJCm1ZY2NJNTcwWDRhRDlKQWliSUVS\nS3BLVWtjMUxNWkh3Z1k5S3htUFVGa0UKLS0tIGFFa0RLM0ptOW5VYUE4VGJFVVhI\nRGIrZDhDRUd1SHNLZ3JhcVFoNzI2TDgKkuy3cttu3dntDc71VeoDhrRHa/6STAAX\n4klRVXzaSQXD8qsF5f8dlqKxP+Vo3HUW8JSguCB2Mg3OmlSUSworLw==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGS09DZUZidWsraHRmVzQ0\namV1Rnl3dWtsR0lmR2pNSlZaVkhUdDM0dG1NClFLaTRxTHUvOHo3MkhkdEtnMzMx\nWUZrTk5OUDMwclFVcVcybUd6LzByNkUKLS0tIDFyNHJoeGh1OHVYbUUwYnNEbXRx\nNUVkSUltLzlqcFRUMUlYc0R4YzQ3dmMKol4oU0NU1Y6xy+BdnI8yT3J3iufm5ehN\ndxmLgxkPRMrMxzVfoDeTlKCQWPjAFmSiLXLdS3isI0sdhoQqphMbdw==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJbytVSXEyY3hVaUM2VVdu\nek1SZG5BQlkyV0V0VVFkK1VZMEpqN1QvZ0NRClpsRXhhVjkraG1Mck5jOWhjWGxI\nSnFmRzRzQ1Y2MFlyMXNUeWV2b0JxVncKLS0tIFdBNy9LcFVCbU50MzNjTTZDQ3h1\nUi9leXoyRGRzNHVWVHBWdVhrZ0lya00K6JBzESIoQc83eP/nU9NFlxhBm+Dgf62N\nLAwnfPrASOangHJ7gZYkM+ZE93GB93JUSTHgJbbt0YLgFZvruysMjQ==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvS2JDSzBwVFM5WFY4Q085\nZmNTdmlmaThUd293WVhaOU1iTmtYK2RxVG5rCkNqbWNWZ2NMK1MxVVpqTTdpOWc2\nNFhqV0h1VnhrcnUvbDJyaFBuT0s1U2cKLS0tIHJMQy9YV2ZKelVFWEFGYUdFMjdB\naUt1Y05WZXU5KzhVKzQ0SG5pOFg2RVEKf/SbB/oMbPglJL+jk4uGfOkXYz8GUO4Q\nXgWYd3JVGO+DpBmtPQTJkjERr3Ydfr4vGwPcCCkCDKkSRhVAig+wEA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4azRSZ25wQm01eUZnakY3\nemJqcjdDTENOSlJ5ZVl1S1IzMUtabTVtN0cwCnlLTGVoMnpReU1RK1RZNlhYRThi\nK1pmRjdDWElsU2prWWdXNmp6WllaRmcKLS0tIGRzK1Y0TTRDOFd0d1NqTjJ4eHhB\nRE9mdkh1citWd1FKbW52N1M2dldtTG8KVCz+O9kLcQd7X5fABoRSkJv0Ao0zZu7+\nKA3R4F1eUChlLWROP9hZWHkKZZA+77w8QjWOAuGb6B97bg8EBH4Pcg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbXZSVEg4RHZtaGwzMzIw\nVlRIam5vUktxdDRiZWQ5K2NBZDczc1dDUmhJCm5yZGRSVm92MVYwTjBQdExFcG9T\ncmNvcWxVbnpwNVVaZ2Y3Z1VYb3FkMGcKLS0tIG9tMHE1cDRCdHlDU1ZrdXlndEFH\nVkp6WklLa2dodVFON1JKcnhKQUhPSDgKRZcqbOLvtalZK43kOF7Orksxv7NAKdxr\nYelsb48fO5BlcisZlLjkDpMTZRluqTAMvW6bn99YiTJvwIyfYYudSg==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIOU1vUFdsWldYT1FoZno4\nZW12eTU3SEpkZ0lUS1RYS0FJaE5SYlczUXlFCkl6MUhwQlJsQnFwY3VwQjZwS2ZI\nSkswL3dJV2diTGtGd3FpcnpiZXhsMmsKLS0tIEpHeE91bXJOVExMY1haQldVNXM4\nWUEvbmYvcUMxMGtUczJmQVFzalJiK28K6yEIqRmHPx3MS7zQ+Rfa0RHAUEi7ft7T\nuWwRcaubqpRWN2teFTEunfi6iQQeZXmQaug3HGFZx3c7OkDNvjfLcg==\n-----END AGE ENCRYPTED FILE-----\n" }, { "recipient": "age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUeDkrWFNIMzJhZ1pSNWpm\nT1k5L3BYdHVCcFVxb2pjV083Z0ZrRE55UXhZCk1RN05MdWhVMEt1eHhGMUc5WlBW\nZEpuRGhLWTN3ZnJPQ05wSnIrd3E1TTQKLS0tIEJjOWlqV0pLeEV0QTQ0WWhUUVBE\nVzg5Yk9GcDY4dDBiajNta3V6Zm9HYTAKSAmecFSArHPZHbxYePXkFQJXzTPibJ4j\nZ1EamnKx3iaFb1pU1pVeZZk8x1eU7zekWUSv/TgKBr7vPEO0g8HLlA==\n-----END AGE ENCRYPTED FILE-----\n" + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRVVdQVTJLNit6Z3lCaEFH\naU5RQkNpSmJRdU1LQVh1QVo1RkYrWVFkL2g0Cm8xSnB4U0dxd0gzR01ETkhSWkNX\nMkJyMFk5ZnFBN2NmVjQvQTBwbGpXOVUKLS0tIDJTbHpoUm0vZUhWall6RWlIa0JO\nczllTmhHNTdRWmJlY0VGN3R0L1VEalUKc+ef9/+m1XfNHKGev/szu4eKyItP3twv\nPAKPH7ygd/ts1pfH7PS+PbL7mj9kv5Vn/il5bQSlMzw4HEJYPvfPvw==\n-----END AGE ENCRYPTED FILE-----\n" } ], "lastmodified": "2022-08-03T11:00:23Z", diff --git a/hosts/common/secrets/borg/passphrase.yml b/hosts/common/secrets/borg/passphrase.yml index 031f6940..40719806 100644 --- a/hosts/common/secrets/borg/passphrase.yml +++ b/hosts/common/secrets/borg/passphrase.yml @@ -6,59 +6,68 @@ sops: azure_kv: [] hc_vault: [] age: + - recipient: age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5dnp6alNPZTFhdkllK3lI + NU56WjdxeGloWWpITkNHQlVuend0N2xFWTBNCit5NzBqMXlDQ1RXWnBtaWFMUnEv + NEtrYXdIMTdHNnM2UDNhblRKLzZyMDgKLS0tIFl5WUxWbEZ5MXZMWmdSUllXaDh6 + bnVNNGZUOFVMWEtVSnREb0FYbVZ6WFUK05ZvGSXPpdFiowv5chSUfasmmUSkLhEP + /OoMUcG0ZTwJMjCD8Y1V0DHxaCNkPWfMtKlBoAT9167dcV1mk/UFSQ== + -----END AGE ENCRYPTED FILE----- - recipient: age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVdi91Y013Zmd2YjkxaHFU - eGJpa3E0NGdRL21VS1pyNDUvVysyS1dRK3d3CnFjbGhQVTRNZmVybjhXVFZHM2tO - YzZNSWlGM1YrenlEUHFJWkoyRXo1SkkKLS0tIFdoUWFZemtTWXdjYVg2ZWtYREE4 - OHJNZjNaVjQwOFpycTZTWEpNUHhXMFkKV9q+8e3Zf+zDPE2OHUu88ubow5fgl1+Z - wptbaEWun2rV5zIDKEAtq5VwWiTqcAEh8tUOvQxOT+RYkj3aBwveIA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBncUhyRFBMQWRGQkovdWpC + YW9VeDJKVHczOVNRam5VeDlmcnU4N0VMb0JZCnFBTU1IVzNONEEvZ2ZXcXV6S3hu + TGcxWUdHdkIxNW5JQUxpQVlLaVI3cU0KLS0tIENUNks5YU43Y3Zzc2FwSWJ3MXI2 + Skt6Y2laYTI5Mjk5aEtudTEwUElJczAKPRkkI+6skhvF5CKCBsgwJMzCo42oGgiX + Bl2+F/ynSYpYc3yUCBvZv73mN9bbwh8tywgpzIFhFv7SIdmQSS7yVA== -----END AGE ENCRYPTED FILE----- - recipient: age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1dXBnMWZ6Z2M4bkZOajl4 - c0QvbldlaVpLQzNDTDNsY0tPSUQ4NHAyL2pNCjBkN0g4MzdDR2N4SHpwN0pvOGlj - bmNteG9jSGk5N0RUT09BWjAyellRT0EKLS0tIFprU01Qc2dVYTFOOXBmMUw2cEdu - bm5DK1gxSUQ1TmlIaGYvM0s1UHNldEEKzFDxAvLzpYuO2PHPQFislX3n12A9lTcJ - I8RjvpKe5SmLCw6a4u7n6BRolidyAhAzetcwSg/cBZMMY0ubZzb3ow== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArdXg1S0locWthSzlJbzVP + eWJUYkZUekUrZmwyb053bS9iMEVFRTl4K0R3CjBtQ3JFL0dVNlZ4dmF2Q1RWOW8y + U0NVbzdpZEFmbGV2Y1VHK2djckhrUnMKLS0tIHhxQy9vNGcyWUwxeWtGbDhDenVE + bTdaT1AzZkFFdUxxYytQUzJ3QWVOMTgKHJGxKnCGo8inVrx0YGF27Wc2p5j2axZ7 + WWMDArZBdAsTYnxJJLX0p+TfWxTmVkBjx19uH0MfAp85unZ9LdFZuQ== -----END AGE ENCRYPTED FILE----- - recipient: age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTNlJLTkhBNkdLY2ozYTc2 - enZpZXdhTGNYRllXaWhUZGJQcTdOb3BMMEM0CjZxbjJqT2lkMFB2OVpQU3lPQU1N - eStWQitTcHcrUXhBU3pjSlZWUHcxRlEKLS0tIERLQ01lcFpsQ3RZc3hHY3Badk81 - UXFCZnRhcEFNbkNsZUpRRGNuRkFwVlUKV1chIC8CaMWw2DHzyKfekn6IMyv5cO1/ - CdGN7eujeayHpxDzJCdnNEFMn8X/xnZ7yf1i7rJyX2kly/2q0b45Ug== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoeTV3ell0aTNoVzZLSXl1 + UkVITVkrOTRhSzNQZjRKQmxYakpIQzlVQ0UwCkVzazZuNjJUUFVMbnpFS0lVazFs + S1YvMmNVQUtTK29pYk5ZbE9CRjUxcUUKLS0tIE50U1NCaFVCaURqeTBNaERscGdJ + eXV4dHZMTjlNdm9ON0pZak0xMU5yMjgKN4xnQkWMv8MgC5GZX6tdvFyeFi3TmpHi + AERY3n3QyO549xuuTMC4u3NH7CLIGSuujC+st3j4NN5CmEG4mC9UAg== -----END AGE ENCRYPTED FILE----- - recipient: age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSk12MjFXWkFnZTEzTVpH - Z1J4TmhjQzVnZ1VoM0tLZmFQVnpycWxyRlhnClpiQXdYeXdleEpwQU5uNFE2SElW - UVY2K2xVZWF3TStwaW84VTVSbGZxSFEKLS0tIGtsTndPeld3WjFwY0xjcGMyaTM4 - Qm93TktOSUx4UWE3UXRPNlRVeWdXeHMK3X59CIj41Nt1kGsi3GfRQRVtDV9aNrXL - vfa2LBfiW7+sNexYAaU0t71zUaw13g7cRcUQoT3K8lxZLylwydARtw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3Z0hDV2hMczFieVZQMm1O + WC9qL04vcDVKclBMVEt4dFZMT1lMMnk5WFdrClRVTEN6ZE51TTgrNnlsN3N4S3hu + NUR6YnZNR0ZDZWhmQTdxOHQ0WmdjbWMKLS0tIGpobGFsRkxwcU5yVVBOaU1wbUp3 + WXB2a2JWN250SXhHTUJKRzNOdEVma0UK8oM+o9Re4hX1R9sej6J5kcWeV3Sw9DH7 + OBxZzocFlJzYKcnlOOgVpa38DSZ8HuCqC2zpdkxLMaQ40Cr2oxBOiw== -----END AGE ENCRYPTED FILE----- - recipient: age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WFF5SzY0N0gzRE9VRElJ - ZitvVythMkRXTDQ5dEFOamhkKzZZc25zVUdJCjk4RFpUQkVTODJXcDl1VVExbmcv - T2xoQ3ZUTllBUVJWRDdoSEVDUnNWak0KLS0tIHlKTEV0czQvVTBKR2ZFNjlaLzAx - RWZBTDZZeFVibm02bVB0ZE1zTmFKckkKXt1HWO0iROlH6DF86BwOEs71A6S8e90+ - mB3xogyfHWhPIrmzyaN4PnQ06FVTL9XtP+cPztGbHzwepZ/Mor5c9w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZW42TGVEY1JTTTZyK3JD + akNIVmRPakkxTXYxVmpZSVN0eUpUSzkrTlhZCjJ6WUx0ajB2R040WFdhN1dHb04z + NTVWRmxhc1NNbHRGcXRHVjVFTVZRRFUKLS0tIHVEZVdocjA5OWMrYUM1Z3Z4djRn + SVhRUW5PZHUwRFdWUTN5NUpwU1ZEa28KkdmiJ7ep/p/zVxvXwtM3NF8AumvovieD + mQ2/h/wunuL+vTHesecv+qBEAyxSiILJkHJnWy5wmiO4o775lPCX/w== -----END AGE ENCRYPTED FILE----- - recipient: age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUTEJnNEVQQjRRRjY3Q2xR - VzRnSWI3dm9tdU9UNHllbDlFdEdIZXluSG1zCjJ0bWJ2YWJPeTVoUlQwNFlaTDZ6 - bmpNUHhRYkF4c1JIV2pHRlp2ZjByZm8KLS0tIDFlbHhvdlFtZjRacjIzODhVLy9D - bkEzeUovYXBzSEQ1M0FNbms5OU9iRUEKOnHqnp2OfOXz2PQQVE9e3EGAguX5BJWR - Tj2FyNS4t0eEDY770FybBDIT5I0GO1JHPctQDPf+nKWtWci7fdjtAA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZkhyNUVHWXMvUGk2UEoz + ODQ5ekI5MllKU2l4NVNrWFZqV0FVaFBZbWlJCjd5ZnpTVHZwd1pTdU5TUEc4Y0Jq + S2c1MkZuNmlyNEE5MVhseWx2MnZHeVkKLS0tIHFOZkV0dXUvcjRrNGtJWVgzTHFp + QTlzM3pPZ1k2SjIvb2FzZW5PSHFJcTAKExjKfGxBOFTNpzH976xlB0JPNfiSXTYz + PYAx8VDaPE6I5Y3158h5yIIfd2ZYZkje98M7h89ezDlGIleOAqC4lQ== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-08-05T18:50:52Z" mac: ENC[AES256_GCM,data:rUdjh2JfGkuDn8s0DwOfVgKyEgjEEXcC+4cn0wt8mZl7rYmAJEOJ0zi0zgfKtnYlp7Vj2HdttKKq3hJPH1x4vzGM/+iEI8jYv9fJbEwQsfYnUI6E1C3rWSDH9PQ04uSuNARSv7Uk06JOHAPtq64USGmB9g0yCMdbubrr1i19zc0=,iv:GkOrn3WJvkCloYBR6uN9v1FlNHaayLpsQ3Ea/ZtYHiE=,tag:4MACbVwBBBi/dYyWw070Ig==,type:str] diff --git a/hosts/desktop/backup.nix b/hosts/desktop/backup.nix index 21fe81e0..dbdbda5b 100644 --- a/hosts/desktop/backup.nix +++ b/hosts/desktop/backup.nix @@ -1,4 +1,5 @@ { lib, config, ... }: + { sops.secrets = { "borg/passphrase" = { diff --git a/hosts/niflheim/backup.nix b/hosts/niflheim/backup.nix new file mode 100644 index 00000000..08e1d39c --- /dev/null +++ b/hosts/niflheim/backup.nix @@ -0,0 +1,9 @@ +{ lib, config, ... }: + +{ + sops.secrets = { + "borg/passphrase" = { + sopsFile = ./secrets/borg/passphrase.yaml; + }; + }; +} diff --git a/hosts/niflheim/default.nix b/hosts/niflheim/default.nix index ac44207b..bb64ba9c 100644 --- a/hosts/niflheim/default.nix +++ b/hosts/niflheim/default.nix @@ -35,7 +35,6 @@ ./servarr.nix ./syncthing.nix ./wireguard.nix - ./xray-server.nix ./pg-upgrade.nix diff --git a/hosts/niflheim/secrets/borg/passphrase.yaml b/hosts/niflheim/secrets/borg/passphrase.yaml new file mode 100644 index 00000000..5b003440 --- /dev/null +++ b/hosts/niflheim/secrets/borg/passphrase.yaml @@ -0,0 +1,40 @@ +borg: + passphrase: ENC[AES256_GCM,data:iP0klXlPx9UgnrQ9LhtRow==,iv:s1jFDPtk7Ei2j5Mwaga7GM/DmW4rQ8RU4pZMWb2/TbA=,tag:F/6tlC9hr2oyInIN8LAwbg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1rs5rev3ks20s67052nshr5asqctvylrlytksjrfsns8e93t78dssr7wzg9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmd25CekY4cWtPb0QxTXpL + NDZmbGc0Q1hzaUw0T1dIaExveVFDc3JIeVJ3CkdTQ0Y0ejZyU2tsS1EySnFKdnJ2 + Nmd0djVTclM2bTJwZlZRUmhLbmdHR3cKLS0tIGJwZkpjUEpEZTB6U1FoTkl2cTVi + MTJSZXVYeDdRNFlnMnJDcDNYMm9MTmcKcqFCmxVz5sYA6A9Mc9a5hzG0j4blqO9g + +ATbgYVPoBnbrykxSJwFyC7TGb8rwWBvuwkxOPbjYwWcc5Mjd8Htgw== + -----END AGE ENCRYPTED FILE----- + - recipient: age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUdVVLdFF2NFM3Rjg4VHlv + a2tFVzZrRjJFUFFnNkxIdmhTRnJVZVJ0b2g0CkJhUSthQ0FIdzBVOUd3ZjRyQ2c1 + NTlFTXBKOEFGb1l0Y0ZxdWxoQlZtbnMKLS0tIGQ0RGoyNTBKaDc1NlowN1hRc3d1 + L05zSS9wR3p5cmQ5QmpJTFVpS00zWDAKqSAB2gkVRpJ/9XfwpmFWMXVTqZ1cDTpn + 6ID8xqxWy2wTqOrSvluFeaZinJzdwZ7tINEb6P540aiUsGocrbBPtA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0dUZQRHlBdFVva1NvN3V2 + VW91bGZOeXVVcWk5M3hFL1czTC91QVpHMFM4CmN5a0xMR1lhOVZXK2FhbUdYbHpB + allST1hldFlrdzZ3eXZPWEdqOXpnU1UKLS0tIHBmNFZLdytoQ29Ed3dpMGphdlJP + NGVNZHdRdWJNaS9xV1hUcXRwM1pGMXcKsq/QBTO7/gH+jzdeCJ4JKas3F/csq6Ma + oXGSrcsruy9nhC2icuH/9EIFSWhp8KedLVt/s821w1CEYmOWR67mTg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-23T16:04:35Z" + mac: ENC[AES256_GCM,data:q7mnm2COfhyc7pK3rSrQvvSsb+jWSYsH6BDLavMuLZMPC5toY64rCX82g1wxSK/zY4reLG7NMCSDfWO9t275aVp9I8gabwp2NUu2BCrEPfzjAh44SOU4xsrb8nLt/+ClDrRidq+QDOYJnUhzkEJUWg3HtiXRcaDcP4vyZbkeMUk=,iv:+DA49GiMJuwePkZil2DjSwMHBGp5aSR94N83CIqJvhg=,tag:L2R2eb1awldMh3fawVWSwA==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/hosts/niflheim/xray-config.json b/hosts/niflheim/xray-config.json deleted file mode 100644 index 8d160f52..00000000 --- a/hosts/niflheim/xray-config.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "log": { - "loglevel": "debug" - }, - "routing": { - "rules": [], - "domainStrategy": "AsIs" - }, - "inbounds": [ - { - "tag": "proxy", - "listen": "127.0.0.1", - "port": 1080, - "protocol": "socks", - "settings": { - "udp": true, - "auth": "noauth" - } - } - ], - "outbounds": [ - { - "tag": "direct", - "protocol": "freedom" - }, - { - "tag": "block", - "protocol": "blackhole" - }, - { - "tag": "tunnel", - "protocol": "wireguard", - "settings": { - "address": [ - "10.2.0.2" - ], - "peers": [ - { - "endpoint": "185.90.60.210:51820", - "publicKey": "ievGDrxV0dKcjO7EM662c1Ziy0PVct0Ujse3CT4NQQw=" - } - ], - "secretKey": "@wireguard_private_key@" - } - } - ], - "routing": { - "rules": [ - { - "inboundTag": [ - "proxy" - ], - "outboundTag": "tunnel" - } - ] - } -} diff --git a/hosts/niflheim/xray-server.nix b/hosts/niflheim/xray-server.nix deleted file mode 100644 index 2025181f..00000000 --- a/hosts/niflheim/xray-server.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - sops = { - secrets = { - "xray/wireguard_private_key" = { - key = "wireguard/private_key"; - restartUnits = [ "xray.service" ]; - }; - }; - templates."xray-config.json".content = builtins.readFile ( - pkgs.substituteAll { - src = ./xray-config.json; - wireguard_private_key = config.sops.placeholder."xray/wireguard_private_key"; - } - ); - }; - - services.xray = { - enable = true; - settingsFile = config.sops.templates."xray-config.json".path; - }; - - networking = { - firewall = { - allowedUDPPorts = [ 1080 ]; - allowedTCPPorts = [ - 1080 - 8443 - ]; - }; - }; - - systemd.services.xray = { - serviceConfig = { - ExecStart = lib.mkForce "${config.services.xray.package}/bin/xray -config \${CREDENTIALS_DIRECTORY}/config.json"; - LoadCredential = "config.json:${config.sops.templates."xray-config.json".path}"; - }; - }; -} diff --git a/hosts/personal/secrets/xray/secrets.yaml b/hosts/personal/secrets/xray/secrets.yaml new file mode 100644 index 00000000..67543154 --- /dev/null +++ b/hosts/personal/secrets/xray/secrets.yaml @@ -0,0 +1,70 @@ +xray: + vless_user_id: ENC[AES256_GCM,data:M8Lz/+xkSruUR6zes1QREI4jK0+3N7J36pwkxbCeSVGbjnNo,iv:VpM6Z3BGDQ6aPkdHu9wZrnOBmom1l1cbAEONLJ5efKU=,tag:Bo4RBoY4XGCwOouUe2SzVw==,type:str] + vless_public_key: ENC[AES256_GCM,data:N1sjKl2OE8msfXYilpcuSBnFXvePEyPphcj4L0eUAwC8JvRWm1Dkj08arg==,iv:OJAtTI3sPWSefVRuAwHt3VouVYPMxyXQD55BG/ncheI=,tag:xzIhZTRfIK/fig5F4/3woQ==,type:str] + vless_private_key: ENC[AES256_GCM,data:1cZqqOOnMMMjcjqtnIvyayG7O6I7PdFxT3Hp0vcqLOBkY1oseN3fYKcOMw==,iv:yTWxMCSWRtkl21E4aFOwO/RsZeL3i3Pt9vJat7NoAZ0=,tag:+d0CrT4Cpd3txNPVmPLT0Q==,type:str] + shadowsocks_password: ENC[AES256_GCM,data:MO4uqucfeOrr51374W34XG5yy/PRWOYv,iv:v0b5NTy/bH6ENxpbxIJ1jPqUYgKHMUEkzQ7ek9RznbY=,tag:snA++dQ4sPxO8N81S1ijpQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age10ewrmr20gy5pc74tyygws7z80jmh4yn5f4e4sh96mznrvw347ecqjc2ms7 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBobE5wSW1pcE5EZ0ZURHJF + ZDFKSnVLNmQ0TWZ2NVI5dnNBY1huKzk4cWpvCm1NM1lMaVhKQTRsWmJYa3FnWG5j + TlpudWVvR2ZFVFpOTGlLRUphcFdOMzQKLS0tIDJreDk3bW1tSTBJQjBPL1R1MFdT + QmVkMU9tMGlveGNGR2hTZHR4R1UrZmsK7WLA1U60ADGuzmfP9gNYBT723cKkZSxQ + 1eNmlu6cO6MwIlYb9et6mx/2dnaNy4Sm5eyc2WiChdiHfNm+PlYKOw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1gwk0m9n4mrr7h572kkjxtkkl4p0t2mfc9f7ms0560s63x4pawgzq433tca + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzak0xNkJmMFhUYytxNkVm + NnRsQWlRUnhBOTVXYXVlNlNWdlBPaGxtT0JZCnlPYzBOODNxYk9meGlQVFZROUpt + aXBReTZBUHl4UDl2Zno3d0lCYXg3QkEKLS0tIG9yWkNPWGdTQWFJRVlGaXBWSW9q + Nk5ZT2k5UkRDbERINmtVRnhueCthWHcK/fvgYruFCRXJhqnn7KEoxA/g91+pQ3Ey + lB+Xu6+s7j+tFlWl2AUrJuhcAjam/zBixFYxztR4v827xAMFfIXBKw== + -----END AGE ENCRYPTED FILE----- + - recipient: age18y57gdahad7zhrrgj2m4dd7fcgwfn4gpmxe9mhcrue8suq8e8c3stzd0ge + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiTjIxeWNQZUJweW5BYkpk + Y0ZvcDRIV1hRYXF0Uy9XWTROdUJ1cXhqV1VRCmNMTTUzNmVrR1hSWVA1K1R1RXcv + QlFKM3JqSGZNcGt2aVh4SXYvbUgyTDQKLS0tIDJ1WGxLd3hDR2ZqYTJwbGx4YUZu + TXJXLzVDZVE1NjdRNzhpQW1kSFVxRmMKBV6B9Zkc2znE0Ch3amOF0gKkVuG+4OqA + KJunAXLpGgYLn1C80RBnvOQ1CjDCEyakGVT+JUSCT4UMUQHCTohVlg== + -----END AGE ENCRYPTED FILE----- + - recipient: age18cxypcgpy8ln3sch0j20thaps65w7nrtv6jvt3rrm5gysldq2vrqzgjf09 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNUGowR0dMZUZzQU0xUFVB + b2UxOW53YVZWM2xzMjJWQ21aY3VZTFVzU0dJCkRLUDlWeDArdGdwNzZCSG5NVTF1 + clFJRitKeU5kUSs1emUvajJ3R3FncHcKLS0tIHB6M0wrc01rang4K0pOQTlUSWtz + YVl4RmZNaUkyUXQ2M251ZFRqRlR0NUUK6e7Nvw2ZUAfkG0q/JRfPGUUoBJ5S20Tw + L/z8vGTbMMro5UH4FQ/HmPKnQ/MilVZftDl9c3u7ntPymPLQah7wjw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1sfed5wmvj00snjxrtds0zt83kt7ffek6mdtgfykum6uzxnphwg4qp5rv2l + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtWjhhVTNIWHpXNWhUYWlz + WXQzaXNSNTVVVGZsbjNEdnhXNUU3YUpOTldFCk5pK3M4MFo4Ulk4NE5RbXpQTUh0 + eGpwcFBlb1BHbm1ZYVFXbmpEZ3BDUjAKLS0tIHlQMkpsT3k0ak5PNWZ0c3BQOGl3 + Q1pBMldrMllxUHNLcDNWNk03cGJyOXMKIT/y5ngCIBklgTMqdMqnYMtGaY+9XzGK + jLK9vtnO3D6ANxs2fRudpTSVBiQ0M4Vpf0ad63yM7xeadmpCa3zJMA== + -----END AGE ENCRYPTED FILE----- + - recipient: age1k2t56rsp2xvdsvjxraytyfufedxcl7z548tc9dzdhzqpq9yyfc9sz2h70e + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWi82REYxbEtva2R4dFg3 + aHdBeGxGT2lsb0VYWXJTUTdtcUNXV0VxZVdnCnl5WGtWZFpYOFVFelFaSlpDRnZl + Y2sxbXFEd0IvMVJScy92VjViQ2J4dncKLS0tIDNnTUNUS09OcCtGcjRWemdEckt0 + U0g0aTFXUGRSVTNsb04yVERsQVFwR1EK7BlXqEdlalGXjmier1D4S0/tzfxPfqqp + oQ/OFrKbXZyGOz7efccGEhXFhzk/T25aKBNc0RmeuOiQ8MAIJLe/DQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-08-23T15:35:00Z" + mac: ENC[AES256_GCM,data:iKhirzfCg3ac9bGCQRWnZuicCDkv1bT3BFMGMaxvUS9KixGWweXx3akFh9iOYh2YjACQY+UT8J6WYIMudfdllwfvRdIH4Vx7DDxQJeNrG4LpeJoupog2pU8rdD4+JxWS+NyYmCDvHQzLIshE1ShMXX5AWMcc4iWC6R/523zPhog=,iv:qDbK9xVeV7ZecBA0SZSvBfFB44/Jrlrlnigng0g+d0g=,tag:T/IKHL2zUb8UJSZ9gm5AlQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.0 diff --git a/hosts/common/xray-client.nix b/hosts/personal/xray-client.nix similarity index 100% rename from hosts/common/xray-client.nix rename to hosts/personal/xray-client.nix