From 3c5095f1442c432a9a448dde81828e0d7b5034d3 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Thu, 16 Nov 2023 14:40:40 +0100 Subject: [PATCH] agenix: migrate nuc --- .sops.yaml | 14 ------ flake.nix | 4 +- hosts/nuc/default.nix | 9 +--- hosts/nuc/modules/backup/default.nix | 6 ++- hosts/nuc/modules/matrix/default.nix | 13 +++--- hosts/nuc/modules/nextcloud/default.nix | 5 +- hosts/nuc/modules/vaultwarden/default.nix | 7 ++- hosts/thinkpad/default.nix | 3 -- secrets.nix | 9 ++++ secrets/nuc.yaml | 54 ---------------------- secrets/nuc/borg/key.age | Bin 0 -> 1284 bytes secrets/nuc/borg/passphrase.age | Bin 0 -> 461 bytes secrets/nuc/matrix/shared.age | Bin 0 -> 530 bytes secrets/nuc/matrix/sync.age | 10 ++++ secrets/nuc/nextcloud/adminpass.age | 10 ++++ secrets/nuc/vaultwarden.age | 10 ++++ secrets/thinkpad.yaml | 50 -------------------- 17 files changed, 60 insertions(+), 144 deletions(-) delete mode 100644 secrets/nuc.yaml create mode 100644 secrets/nuc/borg/key.age create mode 100644 secrets/nuc/borg/passphrase.age create mode 100644 secrets/nuc/matrix/shared.age create mode 100644 secrets/nuc/matrix/sync.age create mode 100644 secrets/nuc/nextcloud/adminpass.age create mode 100644 secrets/nuc/vaultwarden.age delete mode 100644 secrets/thinkpad.yaml diff --git a/.sops.yaml b/.sops.yaml index a9eb777..f1081e3 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,28 +1,14 @@ keys: - &yubi 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 - &rouven age1l80slr486r82csm758q2a32j2e2qdxdyxgh46um6thsjv08la9sq7475p6 - - &thinkpad age1ejusm7c5smk5r0lcu7yynudrqc6j63pcyk9m4uh23f8kqd84cfqs88hjl6 - - &nuc age18z4z5pgw8eluu32xe3krg4sxd2rncsnjw6e2axcun7x3vrj62vhq8eyz00 - &falkenstein-1 age1de938w6hzpv4cuzss7v3pt0chv4d0t220ue5n9d93ffuak7u949sumnhz3 creation_rules: - - path_regex: secrets/thinkpad\.yaml$ - key_groups: - - pgp: - - *yubi - age: - - *thinkpad - path_regex: secrets/rouven\.yaml$ key_groups: - pgp: - *yubi age: - *rouven - - path_regex: secrets/nuc\.yaml$ - key_groups: - - pgp: - - *yubi - age: - - *nuc - path_regex: secrets/falkenstein-1\.yaml$ key_groups: - pgp: diff --git a/flake.nix b/flake.nix index a9cd5b5..dbcce7c 100644 --- a/flake.nix +++ b/flake.nix @@ -86,7 +86,6 @@ ./users/rouven nixos-hardware.nixosModules.common-pc-laptop-ssd home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops agenix.nixosModules.default nix-index-database.nixosModules.nix-index impermanence.nixosModules.impermanence @@ -112,8 +111,7 @@ impermanence.nixosModules.impermanence ./hosts/nuc ./shared - ./shared/sops.nix - sops-nix.nixosModules.sops + agenix.nixosModules.default { nixpkgs.overlays = [ self.overlays.default ]; } diff --git a/hosts/nuc/default.nix b/hosts/nuc/default.nix index 1cb0327..2fa201f 100644 --- a/hosts/nuc/default.nix +++ b/hosts/nuc/default.nix @@ -25,11 +25,6 @@ systemd.package = pkgs.systemd.override { withHomed = false; }; services.btrfs.autoScrub.enable = true; - sops.secrets."store/secretkey" = { }; - nix.extraOptions = '' - secret-key-files = ${config.sops.secrets."store/secretkey".path} - ''; - environment.persistence."/nix/persist/system" = { directories = [ "/etc/ssh" @@ -41,9 +36,7 @@ "/etc/machine-id" ]; }; - # impermanence fixes - sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ]; - sops.gnupg.sshKeyPaths = lib.mkForce [ ]; + age.identityPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ]; time.timeZone = "Europe/Berlin"; diff --git a/hosts/nuc/modules/backup/default.nix b/hosts/nuc/modules/backup/default.nix index 3aa4745..c7771b9 100644 --- a/hosts/nuc/modules/backup/default.nix +++ b/hosts/nuc/modules/backup/default.nix @@ -1,6 +1,8 @@ { config, pkgs, ... }: { - sops.secrets."borg/passphrase" = { }; + age.secrets."borg/passphrase" = { + file = ../../../../secrets/nuc/borg/passphrase.age; + }; environment.systemPackages = [ pkgs.borgbackup ]; fileSystems."/mnt/backup" = { @@ -23,7 +25,7 @@ path = "/mnt/backup/nuc"; } ]; - encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.sops.secrets."borg/passphrase".path}"; + encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg/passphrase".path}"; compression = "lz4"; keep_daily = 7; keep_weekly = 4; diff --git a/hosts/nuc/modules/matrix/default.nix b/hosts/nuc/modules/matrix/default.nix index 0aaa6ce..67d6146 100644 --- a/hosts/nuc/modules/matrix/default.nix +++ b/hosts/nuc/modules/matrix/default.nix @@ -4,12 +4,13 @@ let in { - sops.secrets = { - "matrix/shared_secret" = { + age.secrets = { + "matrix/shared" = { + file = ../../../../secrets/nuc/matrix/shared.age; owner = config.systemd.services.matrix-synapse.serviceConfig.User; }; - "matrix/sync/environment" = { - # owner = "matrix-sliding-sync"; + "matrix/sync" = { + file = ../../../../secrets/nuc/matrix/sync.age; }; }; @@ -25,7 +26,7 @@ in matrix-synapse = { enable = true; configureRedisLocally = true; - extraConfigFiles = [ config.sops.secrets."matrix/shared_secret".path ]; + extraConfigFiles = [ config.age.secrets."matrix/shared".path ]; settings = { server_name = config.networking.domain; @@ -47,7 +48,7 @@ in settings = { SYNCV3_SERVER = "https://${domain}"; }; - environmentFile = config.sops.secrets."matrix/sync/environment".path; + environmentFile = config.age.secrets."matrix/sync".path; }; }; diff --git a/hosts/nuc/modules/nextcloud/default.nix b/hosts/nuc/modules/nextcloud/default.nix index ba198ec..60a876a 100644 --- a/hosts/nuc/modules/nextcloud/default.nix +++ b/hosts/nuc/modules/nextcloud/default.nix @@ -3,8 +3,9 @@ let domain = "nextcloud.${config.networking.domain}"; in { - sops.secrets = { + age.secrets = { "nextcloud/adminpass" = { + file = ../../../../secrets/nuc/nextcloud/adminpass.age; owner = "nextcloud"; group = "nextcloud"; }; @@ -21,7 +22,7 @@ in dbuser = "nextcloud"; dbhost = "/run/postgresql"; dbname = "nextcloud"; - adminpassFile = config.sops.secrets."nextcloud/adminpass".path; + adminpassFile = config.age.secrets."nextcloud/adminpass".path; adminuser = "rouven"; }; }; diff --git a/hosts/nuc/modules/vaultwarden/default.nix b/hosts/nuc/modules/vaultwarden/default.nix index 8f2d945..9d6eebd 100644 --- a/hosts/nuc/modules/vaultwarden/default.nix +++ b/hosts/nuc/modules/vaultwarden/default.nix @@ -3,11 +3,14 @@ let domain = "vault.${config.networking.domain}"; in { - sops.secrets."vaultwarden/env".owner = "vaultwarden"; + age.secrets.vaultwarden = { + file = ../../../../secrets/nuc/vaultwarden.age; + owner = "vaultwarden"; + }; services.vaultwarden = { enable = true; dbBackend = "postgresql"; - environmentFile = config.sops.secrets."vaultwarden/env".path; + environmentFile = config.age.secrets.vaultwarden.path; config = { domain = "https://${domain}"; signupsAllowed = false; diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index e721bc4..2542faf 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -48,9 +48,6 @@ "/etc/machine-id" ]; }; - # impermanence fixes - # sops.age.sshKeyPaths = lib.mkForce [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ]; - # sops.gnupg.sshKeyPaths = lib.mkForce [ ]; age.identityPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ]; time.timeZone = "Europe/Berlin"; diff --git a/secrets.nix b/secrets.nix index be768fa..2f313e1 100644 --- a/secrets.nix +++ b/secrets.nix @@ -5,10 +5,19 @@ let rouven = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILkxTuzjS3EswMfj+wSKu9ciRyStvjDlDUXzkqEUGDaP"; in { + # thinkpad "secrets/thinkpad/wireless.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/tud.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/wireguard/dorm/private.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/wireguard/dorm/preshared.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/borg/passphrase.age".publicKeys = [ rouven thinkpad ]; "secrets/thinkpad/borg/key.age".publicKeys = [ rouven thinkpad ]; + + # nuc + "secrets/nuc/nextcloud/adminpass.age".publicKeys = [ rouven nuc ]; + "secrets/nuc/matrix/shared.age".publicKeys = [ rouven nuc ]; + "secrets/nuc/matrix/sync.age".publicKeys = [ rouven nuc ]; + "secrets/nuc/vaultwarden.age".publicKeys = [ rouven nuc ]; + "secrets/nuc/borg/passphrase.age".publicKeys = [ rouven nuc ]; + "secrets/nuc/borg/key.age".publicKeys = [ rouven nuc ]; } diff --git a/secrets/nuc.yaml b/secrets/nuc.yaml deleted file mode 100644 index 2a8e2bb..0000000 --- a/secrets/nuc.yaml +++ /dev/null @@ -1,54 +0,0 @@ -store: - secretkey: ENC[AES256_GCM,data:mfqSl4ZPML3eAQ0txmbjNcIlDSL/z4b6ot4tzzC4E929nTNTNa/K9e56UpSKpG+ybRM4gTdaAJYpXbkVia4OdoWkYaBoHeQqOzEHcWBPxHLFILkotbRQ8NZx7K1y/NyE,iv:bWRx/W7c4kXUj2XKSNkLYPkvd8S+/CYW3UoztTzQ/ZE=,tag:UYgFx6vVNCU2E+V5BzS2kA==,type:str] - publickey_unencrypted: nuc.lan:a9UkVw3AizAKCER1CfNGhx8UOMF4t4UGE3GJ9dmHwJc= -nextcloud: - adminpass: ENC[AES256_GCM,data:lfx7t/ewN23/O0qvSVHrX70W4NygAA0zTA==,iv:Px32DXH8BKQphldeW3CdJjRCXnmMgRx6g0YWZ6ON/pY=,tag:3Effg1hKNNlp+intUEmzxQ==,type:str] -matrix: - shared_secret: ENC[AES256_GCM,data:bX2RC82xNOYnN4cLewLw/t+sN7+1AjwoglmBZitkDyJThBdxM8UA3aa4KiAx4KQmR8d22VXAILank42CtM5Kl5S33mIwCri4wTBq7ZU7mKwjCQi2cMgLuZp3S6g=,iv:s2YKMHa3SZBwwAvFcYBfWnhP5mKlh7QADGabQPjtgTs=,tag:HnYZr8/snufw/RGKM9Bl5Q==,type:str] - sync: - environment: ENC[AES256_GCM,data:9KXJJmu7ruzndHs0QRZUH4SUBdensMad1BMJ4ztmR2IQkNDT8HxJaFSeGdaNJSo8rpj7NxyOD4MrxHJKe+Jjf2OvmZD0h/vyhURX0TZIRg==,iv:CdR+KzvqzdpcqBLNYSWmATFXrbgYw3Z8ZsC3L/E8+Ig=,tag:9iiL8BYPZ7sJeBbcUnkAqQ==,type:str] -vaultwarden: - env: ENC[AES256_GCM,data:LZ/geI1sqA6BgFqSYNpDlNm9tn0GVKyHcbsJJoWDs89MUjEgrk7QBK1VighKQkmW+4xJqqruLfDkrNMmsSQdyWXNISawuw==,iv:ukh3ggqJ1R8DqQQDad86QoKbpHBG5mTBx7oKWbgnrZg=,tag:PlYKW5jtYVCrjAWideG1Dg==,type:str] -borg: - passphrase: ENC[AES256_GCM,data:TGs4J64BmfpHi3PljOlfugoCzC21zg==,iv:Z3TyijL/0Ku7Ttx3+wLloUOS8ihA677nY/QTVC4eZwQ=,tag:yZrFkEKd9XtiT+BEX1Q6Yw==,type:str] - key: ENC[AES256_GCM,data:Lcm8DLgp00HZj8krqXkwaPhq/S0ppQOJADYa6ULESqjYGsu8gPU7rlQ22GSDTLZ7F2HW6eU5V/9lobaBesMSJ2U+1GgcKkDmsmlz89H3sctFzrCB6dPMABiOZX1V/dplFX2jp7AXagwYDqEYT1vZi8IEMcNxaGSTFyb0W5zwj3+8wL6eTQYHyYRIrGj19/XuYOh42v+t6jBBrcdzsnBb6F8BYeBKaqYA5iBQJZGxH0mrSCCelBXz5CcsH5GIh6GAbkYLC4Zg7HQuZl6w0IvjgqKMsXfWROMtLCYih86gLioZdDn5qdwMOPqmGWR4nxH9ABjfunR9fSjdtt/aeg9Iz3/sAGbjUfMoUCYqmUVox0FnuT0H/3OjChI/EFFGtOM5ZLSz1CSJ/VyyRmrvtDcTu2aXCvbRYuhXIWRLtOmVPUsNqNXyZnPx49/no3ilgttKJTQkv5A6NTwgmXSh5UMaz7Y6VFnXZlapfocJwihw5NwHHBm7VaxI6871eUwQefljMeaQK+iW3BMeP+eIA/SRX2U67xywsLzHy6esC4UIySXVHVMuNTkoImsJ8zxJYmkIue1vF5S+21M5ajFfCBXI6+Kof6iQxz8kiqDx4rchzy2cV9462BLKFCH//To3aQVrovtCx9dZNk55TYXmpqn0gV9IG6vpl8bt2zKzqfnyg5CSGoUnzvUZ8LongfVeyk6vu617Ye8jQCUU5vmhrfCWeH3nfCwXCRHwMHp+7Ie8ykjJUPUrUxZw1YuMo79X4WDPU2ctNz18Gq+Dni94FOL4eKXxlKcTpVUI1N5DFhb3eV6LoKyJ6GJB6Lf/Y1WbWwHS3QoVn3GIPBKdcy+zCBTqXrO1I+6E/cIEJ0OeMU50AuehLW7iuqlfjDn/MRRtLYcitE7jdwjLkifz1hteSvp/O3EdvlxyNmpAfVp6knidwCZDxVX3qMmIVTewi1Tq4C8XHbR9GTGv1FmPPwvfuRCL9M63T+lv5GB26WYfjQqrH8qPfH7DkUTgoX8pPfVTg5Fe4iBmTpDf3GrCNgVihyYC3loMAWRUvNEv7Jgyk1+P4fDE3MIFlv8uOUU6Ckiy,iv:ce7LXzs+YowBByyz4mQeBZHElLdRs4ifteheNYuYvRU=,tag:9g6J6gdQ0cmpAF9E/SPPeA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age18z4z5pgw8eluu32xe3krg4sxd2rncsnjw6e2axcun7x3vrj62vhq8eyz00 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSaHE4OTN3YXJvL0ZBb2lL - ZkFiTmN4bEtCaEpxZlJKVGs3Zlgyc2lnSGdzCmNScE9IeGMyVTVXOTZoblhWVGZO - cVE1emliN0N2L0JzMU1hVjVZL2FFS2sKLS0tIG9FNlZ6TTBHT2hMNjhRVWdCTFBw - V3l5WVZhL1dVMUxoV1NYdFhVaElYUU0KtYzj7r6+/j2Sqo7AiVdPPKBqsFBiefpj - 4nOJD81tJYMqh7deydKFB1kEYOX4HJ9HfQURzcdbhgWbUv6xys2eyg== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-17T07:53:01Z" - mac: ENC[AES256_GCM,data:GXCw/3DxrOXrxnORd/5d5eG8Gp9Ds0x9BKzgSpwARWpZosj0zXA2yXAax42MSM3Yom3DwC+sWp1Gi9Gbj6db+8dGUhs6bADtukVD3l09f0/U49CKtCuut/u6uFhz6QWTmY24sVbGWXFx/SF8TFopmDkgcelJHBA191exbCCAglo=,iv:Oztg9GbA0cnUMF5vHrk/+Ha1rRH6qKaB4nQNN0hlpJw=,tag:jlfFY+zMa4Gv/SvICq128A==,type:str] - pgp: - - created_at: "2023-06-12T13:53:20Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAzUXo8ZPJwGLAQ//S+sWiRzpTzfmCpM00k2bokPu9npV6ntJdQOXR3BDDfu3 - fLN5bFdtbMdTuKur7Ft7a1fqIYlBdgbP4+L7u05Y+A6/LC+u4V+q20mGlD7JGcgm - /CwMW157dT4rHKZqa4oy7F1WFtFJHL4YOIr4of0eU4i7pipNmzcXLqm3Tt2Ls/0i - bshHFPYQK75EOWb6BoZG+s0H2+4JyAN05FKX7/q6QdY6Rm+UOMWje8COalfruEB2 - OFy5Mf+zM4rWwialaQW6KVArDfV0gTZ6JVxRl1n0ADwOYMCqpYc6fxDGcmgFLQ5n - H2U93htxSVYwELYViNDwu8b0DTmVyuLSYIO4+6H9WC26/T7EBC7bTpH0JxPi7d65 - DbZ796q0Ryb3Nxth/NXOcEHBwiUZLSkrCqGC0s5cfk+NX4udJW8sVHjpNN0UalqK - mM9dgKsCGNwNs6LV31o3ML7Z8SIRvk3J7ubwbS+HCYJOM8WgnTA+qCNIGLrFjgfM - kAcMmADr0UTuY+6n3v1ugkuJaMUgRGH0RXXISZhabOignxkBsHmruzrUQNl3MNps - PDmqxFlLsoansgSG8pUuRHCK8WNoFScmcPl5hN7uc709PHjrnzLUq4kKRIauocqJ - UCc63XJAUy6Sy3bwgM/7GazGQRn4NCdWPCds38B3w1FREde7RglnsFibsr19Y+3S - UQHJ1Fs0cum+WOy+kzl0jSm9Eumqg6x4eCQYZYhG+s6xW2CvKWGIPZTNeWkE1adF - 0522Mb8J6VimqF6qwH9WGomL3P9IEJ8km483JlW0rm1frw== - =GU3+ - -----END PGP MESSAGE----- - fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 - unencrypted_suffix: _unencrypted - version: 3.8.0 diff --git a/secrets/nuc/borg/key.age b/secrets/nuc/borg/key.age new file mode 100644 index 0000000000000000000000000000000000000000..2c7e52ede5a605495c8889ba4185f28b43ba23fa GIT binary patch literal 1284 zcmV+f1^fD8XJsvAZewzJaCB*JZZ2b7demW_@5eBu#A~F;+QlAbD{hbR!B+cx7o;Y*=+|Rzpy1F-uivGihj9cup@$ zR5vwfK{#?rYf3U&HAhTkSbA?rS!zLLN=|QYNNhq|BWpz<2 zZbWQ!STSrhH!w$3On6B`c}#FudPGBbMNmdsSZG&v3N0-yAVpIzICN1jQgm-qc2_}Z zF*7wvQe{CxO><62Z**m7Rc}^VR(MKCXlP|P3VLF8Bw8B%>x{G;;`%Bk2F|A|jQ zTplvAa$}Gl1}o?#!2x%}u`7k!l{!1ciyRsE{l9DiNr+1;kqCXW{|ByB@W0ZPE0i-y z7p!uuH|9$m=slzPONpoh9fZzXFwHMX1Xz+mC3cu=6s4W9-Cbvr2Ofc3e1up(|1|TF zQOfUGCQ-gb7F%e`d^(k2rJ=CsxW34&K4u3TyU*QliNi_wawLwi_BS+bLl3!2fbuRM zm=XJ#nMN8woPjwZ1?FK;gAUWyvGvJ(Z4BIA+^xu@ju=vdX*KZ;u&ZMg?kb0so*fHm zW*~$!a7L~?@r3D2hg>^RS(`63#AcuYY&AZ%aO2Po*ipfC0ksUSSIdpodG4vwV!Q)y zyUKI^G8#iJ*%%=}2ST;awKg0$=xcspT(yKf{Hk&&rSMhkgJiremN33;R%9n&n71t- zbe-9siRCC*@o8ZoJ>Foa6hNht6s?>9B358LU-M^wMP8fG(-p-g98u~=@kD)JRt_@w z(DPxl!6RE-(8!+uY_Rsq$r_iJj<{0eC^W*V+Ko<+TpsuRL7{S?_jblaq|+xJ3UJl+ zv(xLN#gE0xfe1si^|HUq+$xHL_VeP&q2TDhq zJgo;5twzF2M3P|&Z;?TY`c1?lkfY~-T{iuuNJE5xfeS2^cxlE8BK1R!^2ZKPN4bA? zjL3MP>X91^EFimUK;#}*#5`1kbTIJe#eafnA-BWe&^}9uJ$M5Qt^YxlOq+`u|}5_;Awk3OzGRh+(p_yDN8U!bqe+ZjRS#No?s4F zv~(B8DEHM)ERvuNfP9p_mE*j&j=R!uAQG|Pyo7UZT0Kba380a1m}jfJ?Jixh;7$4AO89c>^7}2G&UzgVP8F#z0daUVC>S;;&R0t#bv^8!wD%sE zswpR9P4Dea--Y#w($*M`Z?<^m#VC(@aiZB$!I1BEV?Y|=g~`!QVKRDNFe!dtc+u%P u;2ct)^ootBA_e=AXx(-PI@o`HU%qmtaua$1IqpM!);QnMDnlCQjm4(h=qnfi literal 0 HcmV?d00001 diff --git a/secrets/nuc/borg/passphrase.age b/secrets/nuc/borg/passphrase.age new file mode 100644 index 0000000000000000000000000000000000000000..8dc6e5a1cdecb96d5c43ec83beb8e2ad5af8eda6 GIT binary patch literal 461 zcmZ9_J&%)M003YIZ^1=>fg~m_hZWs?^9rb~{41Xd=hiZwwWErHO7Jqa4&5laht~pRI30DKg5UZq=#Sw)$t~In=TepP>}3cN(N0Q zVx!C;tB}UHszCp?aSD_jsq0G7OLqv3g$sb=GD$<`aa1X{I-zfLRGM+aKuSu`FfEJW z0OBhZyx$9BsN!=j+2&-nEf96eqp3X4hX8I2%Rx8n2Q@7gx>S=vuJ;+8>m|{i4}c&T z_1c=2;b}@hvQ11^%4w{Dc&yncu%>18(E{YrmZ}$9HtzzL506iNycOgQHYa;8o~$fp zxyX;j^wd7Ky!-O>=F)xh=Y_NE@{#rS*#;4@x39V1&fMUCbs|@fW`EeN{k!{L=AW(k z#?s3C)xFnOo<98ac(3t(S_i(irtHNN{=37Qk3O86t>td-NISddA5g>f-;34b?dMzH I-y9VG0%cUgwg3PC literal 0 HcmV?d00001 diff --git a/secrets/nuc/matrix/sync.age b/secrets/nuc/matrix/sync.age new file mode 100644 index 0000000..b7b6f0c --- /dev/null +++ b/secrets/nuc/matrix/sync.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 uWbAHQ XsGbKNzqR/HTkmMZxCcmxAXDIpuJENpJR1GyFuumMlo +T2uxdQvSKHveDL7nY0tlNAWNuUX/h8wEORV0xmNfqm8 +-> ssh-ed25519 2TRdXg 57Bliz2LRjK5sHjGtRVdIUWfV7Iji0/RACEDF0dNUno +TMBsr9g940Xrbiu8XwbLKQJRNadC2+BuaTBbSo09t5A +-> U1M[E6m-grease US!+ :Hx\j7A K +7AyVWcQChTJPlIoH7ZLebV7C+HJACc4vsBRrma+m47r9FV+KmVpfrhPy7jH1wSkX +sG2Du4OrPh5+xPAgNaPNw3rbex9I6oRjmbhJ +--- gW24zSlBpNtmQhp0Er4MaZV/K8TigsV+d7jMulAR3YQ +\4O M_@ aŀ@6[XCͦ||" zOƔ!:>xMH(KByZ 1*]d|l? tE_: \ No newline at end of file diff --git a/secrets/nuc/nextcloud/adminpass.age b/secrets/nuc/nextcloud/adminpass.age new file mode 100644 index 0000000..dd814c5 --- /dev/null +++ b/secrets/nuc/nextcloud/adminpass.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 uWbAHQ 04CqSy3PpePLQ60Ky55Bxtytnj4t+Wz5X9qZxaSWyDs +QM8jHjiXvx70ZokFiuwSnkfI3De3t3cQwFf2zezYc74 +-> ssh-ed25519 2TRdXg wUXwM0JL1YjeQvIUGzoZhhQ4WBu9HwmMbOfsTj918E0 +XlNUno46LV1LD1ni3DAhDL+MwBUtZYUEjgMWjiCy03Y +-> _yK#P&-grease x|25 "[ Eg]|<, +3fuuF3W/4MbQthuHpYwMSdh0QEgIi9OILjM3oXyNzVjbPdN99NvEJ+nYYuh3FDGP +vp02QsTygDBMaZBDtSBYGdQ +--- CvrR1mOa9m1ovX66PoB/1qi+fqMCyt4/6jrdnsoZKuo +1*J[Lti5fb[B%Π135ijP#qšs&, \ No newline at end of file diff --git a/secrets/nuc/vaultwarden.age b/secrets/nuc/vaultwarden.age new file mode 100644 index 0000000..7d2e595 --- /dev/null +++ b/secrets/nuc/vaultwarden.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 uWbAHQ g7NPxuCparuO0tHg0kedeTgIYePFbrc6THp0sf+cbmY +YXTDC15Ljm+3o8e0s4IgQ9eNo0DNjN7epZ2v/3F+qeM +-> ssh-ed25519 2TRdXg W/rHOrVkQzPCNBCu6J2xsv4/yzsigwT/SM9FxHjaQAc +MI5WNlIzZPTLPetLfCcb76NDtJ+7mSN8UqXQklKv3hc +-> h`3/'SH-grease e|&qg 0Uy{ M5& +yZLdOHycHkENvjuF9S2UjE+dC8TpbZMrjor8qpwK3BhU3Wb+q9eDYeiXZKDMACRu +XeuCVT8NhzfzcFjMlM8A8sa6o5kAcqzkZ6ot2P2y2SXJc/1rYGxAtBc +--- 4bp3vaQZU2PFvto5mtSU68xh1nTR7FIUv3EF2VqrUYQ +ɺkQZoo\Oeu=ʧC 5Z'%˨4CV"~>q̔,-%zi?}vtjAk? \ No newline at end of file diff --git a/secrets/thinkpad.yaml b/secrets/thinkpad.yaml deleted file mode 100644 index de78772..0000000 --- a/secrets/thinkpad.yaml +++ /dev/null @@ -1,50 +0,0 @@ -wireless-env: ENC[AES256_GCM,data:IbvDlDV5Yg4rqqo5JIzX3eyR4c37BGsqzejBHvSWjk81hfxblhL2cBZcw1hlXW7Q5zjaD0eP9akdqG1RzhdH3iaIhaIVKO8LrXsbYI7fyG3OHCxZYZZ+5QA0LnASi9QD5Olxo0b0RIdomUehnWfTegBiVi8QshrfN+G1HOWL1YxuTv67DWMnA1/XCMOgYpznYS8wzRy7VM9PQWYYISqzoFbl1QIxTJEEVKEL529NzM7TBd4YU+NpcV/TQpy5qQ7F7hSVPxXx/m4RN+Km3EbM1q8Nr0Bckjc7GeDK/P0959ofSzwBzvQyZuQ3WrALqroI21wxQHO3HgDWJlPu7+aRTxPXE2SQka7gqDK4UnZU0GBxDRFi9GKWjhAsqQyKuRH6do9b,iv:t42Gu9j+Qe9TCnjbeH6o4pz1cc1IYHZoHbWOrfIpazA=,tag:68UhGtmx3gH0n9hTO1xalQ==,type:str] -uni: - zih: ENC[AES256_GCM,data:toYEAmGZPwwV7seHcC4oCvS3Q3FFxQ==,iv:iGvVTZstsebStrD40J6cULFg/I31ynHogYjl9irW0nI=,tag:zeoo2uFTcsL25mNwG2ZjHA==,type:str] -wireguard: - dorm: - private: ENC[AES256_GCM,data:qZ8HCTv14z3+2AL1dHLd60MVUsUV458QdQteZJYQLVC1KMlzGe7KbgM1U8c=,iv:HMGxB4l7D/PL5Xt8A6jKIejJRL0QZF3x3eb2BtttXWM=,tag:KDyQWfk2EO5AR997JKdW+Q==,type:str] - preshared: ENC[AES256_GCM,data:5nEsJczcv6yl/0vQQYruv/di+qzrPNX4iAqZ/khXBZTh+095QNv5iStG7e0=,iv:pJof85k/bXuD04VvpSyn75uzvibGJ5h4HZOMta24FBk=,tag:YZ5SsLgkqaHLVU8tgvvhTw==,type:str] -borg: - passphrase: ENC[AES256_GCM,data:jhn7XwzEai+MISQpMnUDre6nJg6Gtx7B,iv:B7CDuHICxcnQJCY5fECTyAeSqh2YEmVqiCrzklmCF8w=,tag:DdtVluSE9ot2BiYtq0eUNg==,type:str] - key: ENC[AES256_GCM,data:rce8JHkx8JU83MJKYkMG9ylv1FdIbwSbKzD4JXxU+BEsHMGIHmqy95OASYasKRFJ8VjXiMoJbz2BtS6A5xcBbAKqrHx+ejgQ1qA70x7HFBMebRkBHZYP8n5p4zb2a+wD4pBKCHP2U3qq7A6ywU/2eVwNUPIqrJpTZ4VDxXZGpiz1KhDc60ryqzBZHZHX5QBLLQX+YWkNKd2P25+bZ1ub16VVGVUKA2VNK9prkD4vEtCbVZl/HjjS08bBwUzCvDxGRyqFPB6wtdE+L5tn5hY3/9A2lq0fisjo9tf6+XC8uH2gjgNjE+kzBqBLBk+974OI9BGRrx5mjIhSrx9HVDN/p10vAF7nuQeInIdH5P6vTfu5mEmwF8h6VoJ9UwDeuz82m+XwfvCRVSZh+nV5c7hMYEF255gEOt146BMXkJf2tKE+dBb2J/zr7zI5zHm9PcaDN5/Y57XCdDww2DQzxSCpleXcJhJl4xw3SXRNyZsnhD62INPzlF/ZSroj6QhDFJhDhLWcK7dGlQWgR6YbEiY0iJPNjAB/MeCv6jodyj6xlLBCcwEp8RA+dVIJxDVElFRTSAdmW0b/co3BeyEnjF1k8lExkUpyoVC1qWxanytlVM2lPy9//6iocQcniAFSQBMi9U89BRONMuopFZMGRc3/uEqnvoBq2GHVgj2xtc7R9fLyAOXw8jG+mT06XBNtrVWbjkY3Wl1A6n/rZ2y4No2rISm1PwQidPpNaiUYZJyccB7PZKY4F/E49n3jV3fmg2l/D33PRl347MhRg4Ae6itWc4uzU8/D3xU1LWe9W4AUTHYflpzlQ+xbLNCC4f3NQMbkxNDsks1MePuBW15erUaahsdkcoeqL7D/ry7NtOb1vk5cS181/IVL1F2MFGa/7Jk3b9RpvIByF9qIbR+I2noaSymPfTGDXHkC5urfUSMojzOxzm5dayBGuvHMkoCjfyIv47ZqyYegW1fM/DPn/bo+ck84zYQuj3zJY5ph/A3g7KcwVYNWRs7XQtSYyKm9Ytf2TKBaZBdIlqq2RJIQ0iHiN5W1OCRgKPEk6u9HvxTte7tqTLiV+aJ8vy9235Q=,iv:vRfpAtZoOAfTFLHdLYSUzftX1OaEr5cdm6L4FOKuFUE=,tag:TRpS0iMdU8wIFIBSkLtyJA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age1ejusm7c5smk5r0lcu7yynudrqc6j63pcyk9m4uh23f8kqd84cfqs88hjl6 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ3BTZ1ZiMGozVUhFUDYx - UFhUV1Q5YzVuR1N1V25WckpMV3Fod2hmejJVCmRnQjRUMmhVbll6b0N2TmJOSFVF - cHNiK3NVSkJyUjAzMkNXWTNYejBsbUkKLS0tIFRMWXRac1lzZ3dvb1BxTExucDNh - YW1scVZDOUFaNUJ4UkFNT2U4eFh6VGsKfv6BaEvr0ibn1cSqE9GeUe4BrYwY9RTB - PNnqxnwBX01rCitKFfpNe1rBHazp+DDh9Dw2N+m/hH6gXvu7LjcwGQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-10T22:08:45Z" - mac: ENC[AES256_GCM,data:77bQVALWGfVS9/KXc6B2kQAGiPgcoIepyaJfIckimhMPUe8qiwypn1n0S+RD46alXq7yPTiYACRdTZVvBoEO2eNxdYH8Lha4k2WWBlfucyosfrw/CdzegQ0hGo12JYukDChHRuf7RRjmrvTZ/o4EBFOJoElhtW3Kq0PQLFewPTI=,iv:6HEiVBwwATGmUomKmBkBmk5nRGkhSVJu89foTthw++o=,tag:Zkf6Ljqhn9Tle44BfF2QEA==,type:str] - pgp: - - created_at: "2023-08-02T14:13:52Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAzUXo8ZPJwGLAQ//VVEf2kjskLK9GCYh0d51LrosaUAutDYvG/QKUqO7o1HQ - vXYHjSo6A927Z3uWPCEgJBufMgAEen/VNOLC/3nZ94Qb18ORLpvWYr3xFL6uQuGF - /8l2r0MMCkulClJDkwEd/BR2wp/VEwVnlAk22EYuGqn1xbp7IO48YMpMG1qSNcZ0 - 4BaXgkVfe11fB4mv5FGN3D6EA1PvXNBt5Fx64AUv6AqJRlkpjOmrpm88gPOuKQ4a - vwcqZnP7ryWGTJ+IFeKYDxUFYMhq0Dm+xvkfER5py9qIy3D/5rcG4kl73I+5sN+2 - hN9/pmGEzi5EkHmkyRBSZ1oqLDlW/lXa3FcuAyjMRzU1sGesJLiDW7P8pTdVb63a - o+rVaj78V0dk7TZ3bIteJ/sMzZBM5z3h4hXIvyyhA5aiuw48FcPRqChdlbI6rDRJ - ZRlh0uYJdtGN1nqln24Do+Dp40pvceZCJbzxJjI9MZyQY3G3ilTTKSVt8V4+XRYr - 89jffQEYH1qA0HmPP8QvrW3dRHsPYRsZgLNco8yOqOj6wdL/QqTfQLI7uZKtNBOt - M7rVKpcmCBoMBlc95qALI+v6eh21AbTMYkblWAEf36ufjyOTwWqh1lfl9UI/MwMD - vLJ9Z+UxP1GLRwz2kh5vr3b+6FKIahUuWsNH+MhaTYqCo4rzzXpIFYeB9Gcut/XS - UQHQajWoKDl/Gd/VOZHZWZEuNKz+3TzJzhVIY/RoI7QvhZipAIH+/UflEUcSEHP2 - p20IEABHoFu38njZquAMRQoEljIl8T9bc4DxTrnWjoz4JA== - =1/wz - -----END PGP MESSAGE----- - fp: 116987A8DD3F78FF8601BF4DB95E8FE6B11C4D09 - unencrypted_suffix: _unencrypted - version: 3.8.1