diff --git a/.sops.yaml b/.sops.yaml index 67ab6e3..a947dfb 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -3,6 +3,7 @@ keys: - &devkey age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37 - &hosts: - &workstation age17jlsydpgl35qx5ahc3exu44jt8dfa63chymt6xqp9xx0r6dh347qpg55cz + - &server age15hx530yrqmhm80vsjmffyg9deq9gssj7hl5rsqdnsn3dwegj9qusv4sjf5 - &miniserver age13w4elx3x6afrte2d82lak59mwr2k25wfz3hx79tny6sfdk66lqjq989dzl creation_rules: - path_regex: secrets/secrets.yaml$ @@ -10,4 +11,12 @@ creation_rules: - age: - *devkey - *workstation + - *server + - *miniserver + - path_regex: secrets/keys.yaml$ + key_groups: + - age: + - *devkey + - *workstation + - *server - *miniserver diff --git a/hosts/miniserver/configuration.nix b/hosts/miniserver/configuration.nix index 9bb5e71..f4ca736 100644 --- a/hosts/miniserver/configuration.nix +++ b/hosts/miniserver/configuration.nix @@ -95,9 +95,8 @@ createHome = true; group = "nixremote"; home = "/var/nixremote/"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@workstation" - ]; + openssh.authorizedKeys.keys = + [ (builtins.readFile ../../secrets/ssh/ed25519_nixworkstation.pub) ]; }; }; services = { diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index 658132e..5f02de3 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -46,9 +46,8 @@ createHome = true; group = "nixremote"; home = "/var/nixremote/"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@workstation" - ]; + openssh.authorizedKeys.keys = + [ (builtins.readFile ../../secrets/ssh/ed25519_nixworkstation.pub) ]; }; }; services.btrfs = { diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix index b41030a..c0c053c 100644 --- a/hosts/server/hardware-configuration.nix +++ b/hosts/server/hardware-configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, ... }: { +{ lib, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; hardware = { nvidia = { diff --git a/hosts/workstation/configuration.nix b/hosts/workstation/configuration.nix index 4888571..82765eb 100644 --- a/hosts/workstation/configuration.nix +++ b/hosts/workstation/configuration.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{ pkgs, config, ... }: { imports = [ ./hardware-configuration.nix ../../base.nix @@ -45,6 +45,11 @@ ffmpeg4discord.enable = true; }; }; + sops.secrets = { + "resilio/user" = { }; + "resilio/host" = { }; + "resilio/password" = { }; + }; networking = { hostName = "workstation"; firewall = let @@ -81,8 +86,8 @@ group = "nixremote"; home = "/var/nixremote/"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6HsajaTL+nTJtSIu00M5WJwgt/7fyU59gBr2R7tbnv root@server" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrC7sVvDT0is2oq/H1Do99LPaQKvyGMAsrF6/fuf1aP root@miniserver" + (builtins.readFile ../../secrets/ssh/ed25519_nixserver.pub) + (builtins.readFile ../../secrets/ssh/ed25519_nixminiserver.pub) ]; }; }; @@ -113,22 +118,20 @@ fileSystems = [ "/" ]; }; resilio = { - deviceName = "chichis"; enable = true; useUpnp = true; enableWebUI = true; - httpPass = "528491"; - httpLogin = "chichis"; + httpPass = "cat ${config.sops.secrets."resilio/password".path}"; + httpLogin = "cat ${config.sops.secrets."resilio/user".path}"; + deviceName = "cat ${config.sops.secrets."resilio/host".path}"; httpListenPort = 9876; httpListenAddr = "0.0.0.0"; directoryRoot = "/resilio"; }; }; - virtualisation = { - podman = { - enable = true; - dockerCompat = true; - defaultNetwork.settings.dns_enabled = true; - }; + virtualisation.podman = { + enable = true; + dockerCompat = true; + defaultNetwork.settings.dns_enabled = true; }; } diff --git a/jawz.nix b/jawz.nix index 516e409..d48cd3a 100644 --- a/jawz.nix +++ b/jawz.nix @@ -1,6 +1,7 @@ { config, ... }: { sops.secrets = let keyConfig = file: { + sopsFile = ./secrets/keys.yaml; owner = config.users.users.jawz.name; inherit (config.users.users.jawz) group; path = "/home/jawz/.ssh/${file}"; @@ -30,8 +31,8 @@ ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server" (builtins.readFile ./secrets/ssh/ed25519_workstation.pub) + (builtins.readFile ./secrets/ssh/ed25519_server.pub) (builtins.readFile ./secrets/ssh/ed25519_miniserver.pub) (builtins.readFile ./secrets/ssh/ed25519_galaxy.pub) ]; diff --git a/modules/dev/python.nix b/modules/dev/python.nix index ece94c0..2f67dec 100644 --- a/modules/dev/python.nix +++ b/modules/dev/python.nix @@ -1,9 +1,8 @@ { config, lib, pkgs, ... }: { options.my.dev.python.enable = lib.mkEnableOption "enable"; config = lib.mkIf config.my.dev.python.enable { - home-manager.users.jawz.xdg.configFile = { - "python/pythonrc".source = ../../dotfiles/pythonrc; - }; + home-manager.users.jawz.xdg.configFile."python/pythonrc".source = + ../../dotfiles/pythonrc; environment.variables.PYTHONSTARTUP = "\${XDG_CONFIG_HOME}/python/pythonrc"; users.users.jawz.packages = with pkgs; [ pipenv # python development workflow for humans diff --git a/modules/servers.nix b/modules/servers.nix index 8eff3ba..54dcaf3 100644 --- a/modules/servers.nix +++ b/modules/servers.nix @@ -80,6 +80,11 @@ in { default = "servidos.lat"; description = "The domain name."; }; + miniserver-ip = lib.mkOption { + type = lib.types.str; + default = "192.168.1.100"; + description = "The miniserver ip."; + }; postgresSocket = lib.mkOption { type = lib.types.str; default = "/run/postgresql"; diff --git a/modules/servers/flame.nix b/modules/servers/flame.nix index 0715172..53cbe97 100644 --- a/modules/servers/flame.nix +++ b/modules/servers/flame.nix @@ -8,6 +8,7 @@ in { flameSecret.enable = lib.mkEnableOption "enable"; }; config = lib.mkIf config.my.servers.flame.enable { + sops.secrets.flame = { }; virtualisation.oci-containers = { backend = "docker"; containers = { @@ -23,7 +24,7 @@ in { TZ = "America/Mexico_City"; PUID = "1000"; PGID = "100"; - PASSWORD = "RkawpqMc8lR56QyU7JSfiLhG"; + PASSWORD_FILE = config.sops.secrets.flame-password.path; }; }; flame-nsfw = { @@ -35,7 +36,7 @@ in { TZ = "America/Mexico_City"; PUID = "1000"; PGID = "100"; - PASSWORD = "RkawpqMc8lR56QyU7JSfiLhG"; + PASSWORD_FILE = config.sops.secrets.flame-password.path; }; }; }; diff --git a/modules/servers/kavita.nix b/modules/servers/kavita.nix index daa247c..483bfcc 100644 --- a/modules/servers/kavita.nix +++ b/modules/servers/kavita.nix @@ -1,6 +1,7 @@ -{ lib, config, pkgs, proxyReverse, ... }: { +{ lib, config, proxyReverse, ... }: { options.my.servers.kavita.enable = lib.mkEnableOption "enable"; config = lib.mkIf config.my.servers.kavita.enable { + sops.secrets.kavita-token = { }; users.users.kavita = { isSystemUser = true; group = "kavita"; @@ -9,8 +10,7 @@ services = { kavita = { enable = true; - tokenKeyFile = "${pkgs.writeText "kavitaToken" - "Au002BRkRxBjlQrmWSuXWTGUcpXZjzMo2nJ0Z4g4OZ1S4c2zp6oaesGUXzKp2mhvOwjju002BNoURG3CRIE2qnGybvOgAlDxAZCPBzSNRcx6RJ1lFRgvI8wQR6Nd5ivYX0RMo4S8yOH8XIDhzN6vNo31rCjyv2IycX0JqiJPIovfbvXn9Y="}"; + tokenKeyFile = config.sops.secrets.kavita-token.path; }; nginx = { enable = true; diff --git a/modules/servers/maloja.nix b/modules/servers/maloja.nix index 9352c37..fbe6ff8 100644 --- a/modules/servers/maloja.nix +++ b/modules/servers/maloja.nix @@ -5,6 +5,7 @@ let in { options.my.servers.maloja.enable = lib.mkEnableOption "enable"; config = lib.mkIf config.my.servers.maloja.enable { + sops.secrets."maloja/password" = { }; virtualisation.oci-containers = { backend = "docker"; containers.maloja = { @@ -17,7 +18,8 @@ in { PGID = "100"; MALOJA_DATA_DIRECTORY = "/mljdata"; MALOJA_SKIP_SETUP = "true"; - MALOJA_FORCE_PASSWORD = "chichis"; + MALOJA_FORCE_PASSWORD = + "cat ${config.sops.secrets."maloja/password".path}"; }; volumes = [ "${config.my.containerData}/maloja:/mljdata" ]; labels = { diff --git a/modules/servers/mealie.nix b/modules/servers/mealie.nix index a8fad37..65af8b9 100644 --- a/modules/servers/mealie.nix +++ b/modules/servers/mealie.nix @@ -6,6 +6,10 @@ let in { options.my.servers.mealie.enable = lib.mkEnableOption "enable"; config = lib.mkIf config.my.servers.mealie.enable { + sops.secrets = { + "smtp/email" = { }; + "smtp/password" = { }; + }; virtualisation.oci-containers = { backend = "docker"; containers.mealie = { @@ -23,9 +27,9 @@ in { BASE_URL = url; SMTP_HOST = "smtp.gmail.com"; SMTP_PORT = "587"; - SMTP_FROM_EMAIL = "stunner6399@gmail.com"; - SMTP_USER = "stunner6399@gmail.com"; - SMTP_PASSWORD = "ywofhisexfawslob"; + SMTP_FROM_EMAIL = "cat ${config.sops.secrets."smtp/email".path}"; + SMTP_USER = "cat ${config.sops.secrets."smtp/email".path}"; + SMTP_PASSWORD = "cat ${config.sops.secrets."smtp/password".path}"; }; extraOptions = [ "--memory=1g" # VA-API (omit for NVENC) diff --git a/modules/servers/multi-scrobbler.nix b/modules/servers/multi-scrobbler.nix index 8cb6a99..3d8472e 100644 --- a/modules/servers/multi-scrobbler.nix +++ b/modules/servers/multi-scrobbler.nix @@ -6,6 +6,11 @@ let in { options.my.servers.multi-scrobbler.enable = lib.mkEnableOption "enable"; config = lib.mkIf config.my.servers.multi-scrobbler.enable { + sops.secrets = { + "maloja/apikey" = { }; + "multi-scrobbler/deezer/client-id" = { }; + "multi-scrobbler/deezer/client-secret" = { }; + }; virtualisation.oci-containers = { backend = "docker"; containers.multi-scrobbler = { @@ -18,12 +23,17 @@ in { BASE_URL = url; # JELLYFIN_USER = "jawz"; # JELLYFIN_SERVER = "DaniloFlix"; - DEEZER_CLIENT_ID = "657431"; - DEEZER_CLIENT_SECRET = "cb2ad03682dd5a55dfef857388ef181e"; - DEEZER_REDIRECT_URI = "http://192.168.1.69:9078/deezer/callback"; + DEEZER_CLIENT_ID = "cat ${ + config.sops.secrets."multi-scrobbler/deezer/client-id".path + }"; + DEEZER_CLIENT_SECRET = "cat ${ + config.sops.secrets."multi-scrobbler/deezer/client-secret".path + }"; + DEEZER_REDIRECT_URI = "http://${config.my.miniserver-ip}:${ + toString port + }/deezer/callback"; MALOJA_URL = "https://maloja.${config.my.domain}"; - MALOJA_API_KEY = - "LsnY2Ed484JlzUmF6EwhpGJ0gUCjJ2G5s1oJTwALJN8w1N3K6eXpfjBQp3raNPLA"; + MALOJA_API_KEY = "cat ${config.sops.secrets."maloja/apikey".path}"; WS_ENABLE = "true"; }; volumes = [ "${config.my.containerData}/multi-scrobbler:/config" ]; diff --git a/modules/servers/ryot.nix b/modules/servers/ryot.nix index 318f03b..b49504f 100644 --- a/modules/servers/ryot.nix +++ b/modules/servers/ryot.nix @@ -6,6 +6,10 @@ in { options.my.servers.ryot.enable = lib.mkEnableOption "enable"; config = lib.mkIf (config.my.servers.ryot.enable && config.my.servers.postgres.enable) { + sops.secrets = { + "ryot/twitch/id" = { }; + "ryot/twitch/secret" = { }; + }; virtualisation.oci-containers = { backend = "docker"; containers.ryot = { @@ -15,8 +19,10 @@ in { TZ = "America/Mexico_City"; DATABASE_URL = "postgres:///ryot?host=${config.my.postgresSocket}"; FRONTEND_INSECURE_COOKIES = "true"; - VIDEO_GAMES_TWITCH_CLIENT_ID = "tfu0hw0zbdbu4lco4h72nqkb8krxp9"; - VIDEO_GAMES_TWITCH_CLIENT_SECRET = "582ecfb01ihv6wnt8zbc9pf3hs9p54"; + VIDEO_GAMES_TWITCH_CLIENT_ID = + "cat ${config.sops.secrets."ryot/twitch/id".path}"; + VIDEO_GAMES_TWITCH_CLIENT_SECRET = + "cat ${config.sops.secrets."ryot/twitch/secret".path}"; }; volumes = [ "${config.my.postgresSocket}:${config.my.postgresSocket}" ]; diff --git a/secrets/keys.yaml b/secrets/keys.yaml new file mode 100644 index 0000000..1725e50 --- /dev/null +++ b/secrets/keys.yaml @@ -0,0 +1,67 @@ +public_keys: + age: ENC[AES256_GCM,data:zHxSM0lMbOFgxR0zV/byXg1qfZ2fz+coAEnUg64HCYTir6Fbf4lKKLJPuN7md42IsCgzBkE2aR6EXfDxRNZk59kYqZw4GZtOQV9FWmeB5JsUwGP1TapRebmR/zcjgbwQ,iv:ispmW1I50n8WKn/34V+gdicEb7396SK7OcTLQWKq4+4=,tag:8PivakR8Mo/w2j0rLt/dUA==,type:str] + workstation: ENC[AES256_GCM,data:DF8YbH6JYnvVhFHHZO6IFBobI2EOCaIR34A9y2foqv0eRrzrid9chfZ4h10vlmZVuRuLB5gD9zCucKtpp+N5pYq4nVO9YEHt4ihlM88b5vn3efh440+U65lnN9nCNgPXbQ==,iv:a2WCJ73nOosWL509Byym6mI8zgOx7FTKn2MJVt/njA0=,tag:DCLlVE3l0jQjG5hZWYvL2Q==,type:str] + server: ENC[AES256_GCM,data:ZYYcjXp7BbniEL0uhR1YHWCCNOmf4VFpMHcJsXNdBARB3FCr7HIQmfUIaWtu8IDAwKUwPEcyeW8fdXSk/fTpBQnVV/Mlg6s3H7fXNYqlXa2AG5TpCWI89M6xsho=,iv:1RIWiWIU58W01weQw/aMfFAL9Gu8wvm2Znib4+amgfM=,tag:NN6saDGDDDRxg9HgKI3X0Q==,type:str] + miniserver: ENC[AES256_GCM,data:0aI1r2O3u5gBl1icg+pkf1hsReZgvG3aPZhljaYUJWlNtYeairmN6Vd7nUOMu8u4NoRQdLvZC/369p/4GR9WvNUyuELiWbep1TdkxP0hu/wlrFCFJSYwJsm8x0izXmwA,iv:/qmAMMy5obLbw/VZG8zyV4svCWptYfbKi3+Sc1t8O6Q=,tag:R6ylK8O3jqhMPZaBTsrgtg==,type:str] + galaxy: ENC[AES256_GCM,data:9xjiz/tVn0UlZ9qb/Oi951WWVjmk6HTDjjYzB8kULKYhPJgVdlQioGdJtn3MjKCfqH0UnBZHXoGaK0MsShtfB0xfZkW92dy35KiQ9kQTBJn9LMMNxuk6IEqpWKQ=,iv:6lPWZ1iqerbWfU0UavvpFNtnsxOLkKHGsm3A/X5xUs0=,tag:8hVDlOIcCN590jEFuJ6eSw==,type:str] + deacero: ENC[AES256_GCM,data:S0FKo5q+grXFBoe9c6ADDA2uGZ1/OMzGU2p3i2PPdhO34PT39ePa/O6yP9Z69RvpL2Ho9GfLlBOSxZa1KtrJecEUoJZBdHWZRhKtcc0EM+CsNHnX74T9a/+uz3IIeys36FPBv5nTs9a22QL/5Q==,iv:xfkLrkje8pv0sMSnTrPrM5fmkAiliiYbGplz1KYYmec=,tag:3D4bZpYUQ/Oq25vfSklZBw==,type:str] +private_keys: + age: ENC[AES256_GCM,data:YZtCasGFuxj4mVnhDtNzXgrzvdjwvHVtaBj2gDJf3dzA7dCe+n7MC5mYowHnS+oZpGFt9P0ImKw30yAYRGZgvxJqL32ACbob4oqcnwmJgswx2ZCwboz/I1PKkAb5uo1Bhc3tyhEshiA9wk99CoI7ug+TGOC5eyFw8RM145uJdxaYJjFmYdSorbjYd5JpijYi3u7p5buIVtr8VRt3tuWNUzarW18d+ZjxtCAF68W9jqICtuODdFakt3pZ9/2byKR5KG1sBKdc38DvJFkRq3wlDE0U2PwPyc/RDdlLAnYGYlZD/GsC1YSWEW/ygxO5lpkoJlxF+/02Qs+lyZVEJd7buYCMU3xkR3kGOQB2dZXa7T6F+Jrr6Ek7svTOQRaId68KhQW33piNUXN8d6YnqIRj537exrcmVCNrRwJmlJ1M8pcYN4IGj6OFICw/lwiTcN51OL4UZOOQZZ60jbgdwWj5gM9OFmxLm0PkIRt6KMQVx58jIzmXqh8SF0+mkymbQdVaoDD5JJ+ltTQgIEBaPe7sGVEK4lGH6qbgtm4F,iv:coRTCK6BSI8QFtfjTg8IAdwumSt6fuQryTxF5g+GF9k=,tag:K06p6t3Gso30DTY/Nk5EDA==,type:str] + workstation: ENC[AES256_GCM,data:P8zF1rvCG8L8DQRtYJojd/AvjIlObrznl900x297ueI0rQtDMB36stEUR1+AclrFawGKsQVii3ldUm0JMemklEnOQwdjJgLrc5jDEDbSelEfz3++gYMqwJTlsGcMD34NLvNkaGEo8ZDGLWWhLNLDcoeWECyF2xywTXRuubLk9icuZ8/nuAYZqLCFCblUVtDsE5X7fcikeGi4nGryKcnq68AD3HxwwR/PK/zTHnocPE7DG7rc61mRFSRYdaE59eGaTcbr5liT6RYQ3yNPKW0Rzpl49XBwFN1pnAxbzia4Ueax4khxMszJKhuQjXK41mLRS0i5McEXN/ic4NjrRnFUw3KZ1dRKeqA6tDofFUo4lsmpQ0zlZlbxJzme2swig0x+DkBANz912rndtKdO0E3mAhljKGGYfyL0GTkMpRbWcCt72pPSdZZFV0KabFHKRO7U6I1MXtCokWbnjDflB7QgPBLjSIBR2MlcjCMz+M45n8qubDGUIDuMVIsw+3TlttDDGF0Q/EJTs1ewC8mmSzlUUQyU+pE5N1G6fSxVpCALoJu4570wGrBa1WVx+gV9gkhvZznRgssNX52nv/UwIk/i5HV2HU+qJv7ErbesV7kxLKI=,iv:Eh8W5GrQPbp2nPLjd4vGBgaJ3uwNeUHFIq6XwOHNt3Y=,tag:oox02coeHFDU7N1aO0Yilw==,type:str] + server: ENC[AES256_GCM,data:GRHzxJBEVG995fPWDdpqSV8b80kqVZcKBUg18sObNn2Rxwm/tajQunemQN8/0qXS37YACzMKX2zCyQGbIEq3d1id1CwRsao64vBFW5pZhlBiXXikP2O1NxQGCVc3ZzaPzYjeCP2uYT/I/b1ZPfUGONtcNGNgSlZQlqgBYmsH3Qp8kYRHiRxslfvyknqYDRCbRUVmtNffRqRMTHMHJFQAGLyqggy27pq2L7MSquTA8ravwj4jMp6R31f+IVufuYD/D82sAbSWy8J39QUGCt0qLvchuryDZzMkfqk+EktIQS9Invhuzael0N4RJykiwFRziwDbs1xYPY8dMfXYw37nrLow1R7lbuus4kkOcBmMqiyk5FWH1JkShRacviAQ6kB2hV7+HHhjH8y2OMYreEDIl5xk4lU/b7yO+/Jnc2Apbx383vS11iJ4Do/i2LF/9x0ILAh02pviaXi/aRnXqDqQKnHgNdCYIq/e4IWI96NkGgi1kPGr3vGl7ijoLfW+emqU97MG8j1tTIzMckdcDRpFLIoELJlbqn2L7Z1IdCXBygVMZVOxF9F+12iwyks02rg2LktmVlnknOeigEua,iv:bsv3nRX6xl08B1wGjEU0T26DvRVimfn9Edxl5eyxFK8=,tag:dQg7HQ+2T4UuvzxInQQEvQ==,type:str] + miniserver: ENC[AES256_GCM,data:OdKoGmxZYBp/XTQIviGXcRrz8sY/Ea1KwqtwmYnDmejGZFQuotyr9IHDBy7nyC38Rq18jtRGK0DvQTs+0z/jaBrtAbnk3/aodRpy0q/82XOpUDJ+oRPIbuC1KEyN+vzzTe3jd5Auwg7dy/W7gKgAoR7vhkNeAY4TPbE2ybqsbPDIhDWmCMK43DIxKcWO8LrtYJ9/h+XR1XthGjICRXygOeMA80Ip4BWGMvXnfGcayKTIlotIWNasYGZNn5E/bfb6uH58zPvCAWavleRm113zOeMjlgbtAyl4IyM1StGvZtJq0ud9Txza4AkWmTvYLcAB0xaiph/Vm01GBlaGSWZmOqo8ybGEEQgh6JBlYzHwJ0swqg3uCW59jxeQcGOnaW0YrYPix8twd/2GQafxx2denWFgvoNk5itIdOr07BF+JYKd5FU/Kajo9P5mpV2uFR8sok8/Q68thYvfOEK4wOysWM46lHS/H/P1qeJvCbO6w0hGt+VN/1lbqm+pcVTDMVsfWOkA1Rmm0aWozoYOAPRXH/PjG1NTiqJnecsyw+vZLlnvaDNHKHWhxnWVJw51hSH2fTg7nVz+WqwC24eOmGpOG7UUCdQ4V8L3wb8qDPTmLmo=,iv:FxxpTqtde+v9c/+xDfWimYlgkhJSI5GFIOAwoSrjNsg=,tag:LcLxjKaQ/5JT3hJnBgzmqQ==,type:str] +git_public_keys: + workstation: ENC[AES256_GCM,data:1NMBOwejJmoxLSMkqtvYJ0HtnyHJHCbrknTFUZgh62B2ta8+6gSxGisaRRSpdf9TNuI5luRLvALuMm6kORNFbm2uvp0h9cc3Qw1n+QHOLWeVe3foFHCGVtdodVIUE/nm2w==,iv:fj83Ae8ja7tsBANDY/wdR1tG4F1ZA7DQ/HrUCmfDxP4=,tag:tH0g3z6r8n+x2oRGP7Mjeg==,type:str] + server: ENC[AES256_GCM,data:lFgXxkgFFaA5rkpgfQUQk3xDUnbJnSDXqP8MDsT5SZDmLYCiSNyFlE1/Z0DpBg5zUjkXpiMCLDdNVoBTZ7UfyQSoVnhaHk/661OfmfeJSbxouxWjdczCqj5AD4c=,iv:c3Vh91iyhKiJz9sQsvl4DgftJGnLmiwU5HoONkQ6WMo=,tag:5e99OJOoggPcVJByP/PnNg==,type:str] + miniserver: ENC[AES256_GCM,data:wDIKf1Ft20fI6lJQEF5rqLY+TgX91kBAlK0QmuqB8jdotcZMox/TFaaKkl8YktZo079zf4kxdJnU3sc4vfmqC4rDxEbBKYEpEIAFJS/YzVd+zFS4a8kcqE3ZZ3NY7DMB,iv:6kmxWCis9AV5+l+/Cm204mbh9Wi7P7t8eNLsOlLPh5w=,tag:3SfY3BObVVI6aLSpyBw45w==,type:str] +git_private_keys: + workstation: ENC[AES256_GCM,data:KRlhkzPs6i8kY+GEUdIh1AuFnVSn9Q9ndeEeEa5TdamWxkl2dJmM6satyMuLklMm6nvisiIo2Cp1oWKtdthjCwvukGYx8qZcgBbbwjuTps+bBUGXHHdObyIZw6K1z+ySvDnruPHm+59Ou3KTblPe0itWHT1woIHAAR5t37Kd+QqgrrHFWYxh2i+IgCP15oiYZyQpmaA4vQc2ZJFs9KTliIGihjekEgrcrl01VVqxdwsAYyyOHQ0Z/u99woPnu90m2QWQ76fVY9XymfcaUoixpnpuldIO84KL2Ad75JkW883O4MN6KUq0ww9yoH24efa1lUOmoXfO92a2dEJ3IbYVv95vWv+OPOaT5gOS27bTZ935gA9pBpua3sSsJT35PaWtIZAeYLR/Hx+zBAqAcQ3iGRT/cyQ9f9jKxD6t9nbc4ZruztPyjZYrIHTYyac+qM1BlW7uz/d/VE+l0e+n5X1+9Ds++o4B/wXefF57Z8b3gKorvDzSYVuit343C7thoGqauKcZmy6MmNxvHJGCVSLcVo42hOBlFqwmDK40,iv:LgJGl98FxeVY6WV0YoJQQeLdFAe7KlNN1U/E8JNJ2/A=,tag:8eDP4Q0QkogiQqs81jVsOw==,type:str] + server: ENC[AES256_GCM,data:YhmGVanRgp4cSek8Q6vyn/upqsoX/SrtQvVwySJq4dyi+UVfL0KU3vwL4HXAJHCa3iVwNZd7J3cNUmJfhLhbLIkMlECnZDkcvlpcbyBBBIkYkUi176UmTyZV/Mao6P+EtNYsCkIHdsm6qfRG1s45eMzAg4mr80eMSXTQ7LxlJUzXhNFaI3tzAqAso1/hcpAgLK1ranhu1aekQDNmpbQEwFxcogeoAN+kAMU8qAzv4VEUeXxjIDazuPBnQvLITiLLCRtQwWILFUbXvomxJ/58lLYKpUmWRMjjxX0UWeuw9+yjLBqGyTZTFINTnN7UqnCoTC6SYKQy2widDES/U+6aXVIyoE1TYcvyS5EfnttfaxyShgVS6sfgYmf1bZvOHKB9oF5glP79uitaqoZdWAzpayFIHGXBDs9NlPG1DuXDZlnoJW1LzpowhGbOsIQq2HKlGb0vFgf9P2I2YaEFVkwr5Q6xsOT72fqzrCOWgDVe2tQxh67SWCu6ybXD3f6g6xYT/NWe/ftBC3By96e3SxF3,iv:WYKZcBR+Dq+czOK+LdYpYQIt6etxWOt3qIWbsA0qk8k=,tag:hg8kzUhyXFxzTQstNZ8Pjw==,type:str] + miniserver: ENC[AES256_GCM,data:Sx49ycVj5TE7MxHXbB/fMj/O6J/EIZFCI/snlJvd5faHxVDs38n8aqbtmTtu2Wp4FrpY2SFogyQVl+PpUjrhogvRCghTVSQQFCFK3Fwx/VkG1EhjSLFGl2KVo25cs4k1QZfblH8y3jAmbsEvqIjCtiCuoWe9RtAgZcsBr5a7H4bBgwfhc7EYBsCh/Cx/0cRxuoevt0OqkdyZEW5Cb4RwooQ+LVP73QbQ72O/fegG+gbPnd1o3sIpUJdSc7Z/R4FREMTMPaxKaJso7s+SzoqmO6n6iF34UunZOV4hCjgdTfsMT92N4QHKJJrI7I+JZRHtzPb4uyBal6GSKNPt0nKonZd+v28/JI0hzUuMPKkyharXr33J1i4U6Dp8meNPeChgyTZ3jj4btA2zUvrw3aifsdJcqNgyz2zbqZg25G8meEsWgNoDhT/ugq6yLwzz8k6/Gf68xovVlps9eJNScBOMNFn9KhouBrD5Peyt7x8dp16GeTmqBl8SHpkj6wYn5mFxyTdxScAB0tPLXUJWHh3zaMPhEbiLUe5pTCnR,iv:kV9s3fqWw7AfaRxq4UDt81TiB3p8ROW+hThUvtVaFd0=,tag:3L3dCtkuLkDgOv5u6dT1wA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRcXFhSU03M0U4azM5VnJV + UExReVBmRnpNaUx3WDViU2hLalpnbE4wTVFjCkkzQzhlVjcrVndaUmVRNUhmSWZT + RlByQUxSSWtNeDJiTEJMR2JhWG1MM2sKLS0tIC9mUDVhNUtQei9VN3dJdmVBK0Y2 + NDM5SFhNbWp0WWdMYVc4NC9HdHhSR2cKGj8ur7g1F5OTv+XKg5pmFiSMgAcNL3b8 + PjhyPcZqxCB4J8utMf8yxmZkVqbyd3UjZRBUUXSgzg/i1nx0GTGcDA== + -----END AGE ENCRYPTED FILE----- + - recipient: age17jlsydpgl35qx5ahc3exu44jt8dfa63chymt6xqp9xx0r6dh347qpg55cz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1V0JUSk9FOUkrSzBmZFNY + M1JlZEMxSFVEV0d3NGttZFFrK0U3MWtlb1RBCjJQbmRGSVQ0M0p0NHdGK1ZHSlNo + TkVHS3lnN3VOUUNjTVI2V1B6bzlDb1EKLS0tIFRtdko2cjkzMlZyV1hRcWFnWFlv + TWVXMlpVUWJIZEhLOVVpblhwZjJDOGsKwgqjQZ1XzQNkFPItT+/gjBNnvxiYHbQ/ + JP/cse3TR7VsC5dq0SGCFY8zPBPiZPvuU+f9Bq9wfJWDG79CintBnQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age15hx530yrqmhm80vsjmffyg9deq9gssj7hl5rsqdnsn3dwegj9qusv4sjf5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuaFFlM2M5ZHZIM3FNSEYv + bnlnbG01YWRPcFR1Z2tUNTdvSmdGZ0QrMjNZCkJPemFBYktBWldPWFdyVS9ZOVBv + ZU5zRWpqYXJ4MVVQdFdWcmQ4am5DSkkKLS0tIDNudUpUNnNJUHQyYTM3Y3pwb0FT + VUY1c0ZtWDA0THZ3ekVmUFl4ZjgvaHcKuyh3cIwboc2wxectPk0La0CLRX7VvaBR + XoBMk4PbfQLS1PuaavH+NLNAp3N7LmF9IlZBS3zFW26Dy1viqWbhFw== + -----END AGE ENCRYPTED FILE----- + - recipient: age13w4elx3x6afrte2d82lak59mwr2k25wfz3hx79tny6sfdk66lqjq989dzl + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4T3krdSthSnhkVGk5RHg3 + MUVWdXVqM0o3LzZtSzFsZURiSGlLTEd6SlhNCllyaW5BcHZueDRGNlMwWTNaQTNC + bTBMRWFRSG42WVg0cU9CR1F5ZmpTQ1kKLS0tIFdDaGloemJNWUJWcCtOeUhnMmlQ + dklwODNxYVo4a2FaWDJFM0FnV1l3SlUKMnq/MAJRwR7iEri2KomPrMj0gTkMyhzH + P5E4zheU7chJTAz5jf6iecyOvKAt6q5g9Q1MU0D6dkOcv2gzWSNAAw== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-22T19:53:46Z" + mac: ENC[AES256_GCM,data:P9LQUSY4alFLfJrrUpfqFSmvTjMH2r0R6Fb8CkhTiyQs9ERHFwtwvJfvv3N0D7sIBKa1HJ5Ps8dG9fOLzNMVuUtrQ6aYkRN9qD9Y9y21lGcPSDrU4uMa0DO+LmfRIxlFsBvIUNfp4Sg9zmcWH3nlpSumuoQNpJ20MYz//aUqYi4=,iv:p4fJe2B6c1ELbySIffS4ALKKTzFRXEgvSVTa+/TNnT8=,tag:Cxs/npMx7X2icLUl1CW2Ug==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 4493378..290e33a 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,21 +1,23 @@ -public_keys: - age: ENC[AES256_GCM,data:4QBeofS89uLroJ+7pOxfqSF0g4piPADFnTjdKe+M58Hnjhsf+tJmvaKPRri7nNuULpSnVSmNixCFAMwvtSpk5SCMOZwA+wylRjRof2q4XOKb2c4KBJXLeTI/FwkiBy8j,iv:V3T3MiaGGSgIGXRjMzhZ5mTdk3HNLhD79H//R6UnsTQ=,tag:ds2/t8FHC6e56Ky6dfYMkg==,type:str] - workstation: ENC[AES256_GCM,data:PgP+gYBYYMO0cign5VJXzRyEtiBNXjc9R3kRKrKdDZQ0MvX+e4k1t46Ehw5v54Ab7u4ujMvUMaMtXXZPFQBpe/k9Rj/wusrAjHFqFafUiFHN/yt4kzzC3SinPheucbOMbA==,iv:s6ejL6MA4+PHQLqBdeUZKzHpHSFoz7UNTzPDY2x/e6E=,tag:Fv5INBFAQdEmcItpiNT56g==,type:str] - server: ENC[AES256_GCM,data:YptgfIUSpgaNPsS1Whxatfa1mWvOAGMHewS8A6ggkFpWurd545RnsCGy9CrdQLAxs4BMrjokFV6bvnsbI8ZzMMkyKcnVpi37BEgEsVz7SBMRd+ecrCrDLIuGeB0=,iv:dNKYCAKh4YvRNHNUnS+dxsZkNthPIpdHYHr9wkHkjtI=,tag:79uuNxxQKzVkTvGKSLp3eA==,type:str] - miniserver: ENC[AES256_GCM,data:3mBmzkjVvzbPDG8oqfi09k7B9UKFClwi5DZyioVNSEZ5ZGQX2N0xjuYp3zrupvQm4uetF3nJQXh/k4INC5ic+XDmgSOH3iqKrP4NMv3tzCeAKAogFyvZALvJkeKVvqzB,iv:W+NwmNzyYo0SBYywxP5eLtjQf9i25eevvfNmOoiOvQI=,tag:Qc3UE7ctwkhH/wAGEHsntQ==,type:str] - galaxy: ENC[AES256_GCM,data:Gcc58vkJcyeFEdApgaTKO+ca9LuK1HrT0Q9NjOVcH0OM2mN4nLlJtRor/WDZBOFyQW6jd1GGvaRqO2UJ1kvrc7szPVsDOMMvZyWG7qrrG/FZWo3bTILIaGHBVQE=,iv:qXvMbSZjY1rkF6BIoP1fGw3pl3ZvwdRIkY52M86i1Xo=,tag:U3/jBPHtX5FnpIEWLyOslg==,type:str] - deacero: ENC[AES256_GCM,data:IZv9Gcwr0B6IMMDOwQg6lEpzYu2T+PNTzqW6f01LslJP/6eF0Wj83g4KEel9dJ5wfmB4QGH+kgk/lEV2TxS/pE2GtAqP3kq5SQ8+ben4SN/8PMGmiePi6PKQ97Pl9NJb44GAW/10WdJThoeASQ==,iv:An8yiptzNsuRHPx4olqlSIXioi1ZuxP13NN7s4wpXZ8=,tag:T1VsoZZIygepdJgUo+vTgQ==,type:str] -private_keys: - age: ENC[AES256_GCM,data:0mWdTKWFvAuqt25+POw2eZMFLQNNyFhs4Lh9ZDL1X6KObrK4wDZa31n2Ugug684+jx2cqeWU/luRLz0zBUpbfbf/36cOuXjU/FX2wGpg+WZ8xwUNLSCXUnmufIwZqF4jwLEvU0HYTxMufH20KBqMZVZhWdvsiTL8fLqS5tOtph0+Yxrs7VpyQB7aSlkM4Mgc3IbtQ1CFcYe7BQNBekbR1EnB8qsoPFX/7qeLHoR941d6W11GbPSl0QdLX5UUEMdMbK8E4uMpOvVJUJzi58RcJnJJNc9lSWd7QJdxEgaSSqB28vS6PVC2vVcuL+Oq2/AO12BLIVBZPbcMkyG+EE8H/+TyEs+HoWYuuUB8yNCE87BxgOHoDDqT38wrtfIzeja00qF0/sQSP/w9uJWbnNNrOq6iPatK/+gbSLufzrgo0rw/Rdc02zegk4sLQEYkt7YB9gN5dQp8S21taX7y5tkLU1Mh8O08Pjonhu4tznH/yG06m/WFMB1ucP6YsHFXIze6fG4BG4df+um+qpNdTiykNcpNYwglXyP1kDWS,iv:/trMsiMCfwiV5Oh7xW4MJgCfiWZJkvU8h3KJcxXcABw=,tag:4kMb+DfRJAN5gcodhFCd4Q==,type:str] - workstation: ENC[AES256_GCM,data:AHNvGeoYMzUJePOpXlHiaJ/OEpWmadIRvfND+0kipNpHlfsVWM/+mGEhoABIf98vpNlPanRrfDYgkpatEUrw5L28oj214SreGS0S7YJiO383LRqbl5NsnYPwxwY7UdPGH5dSkKWHAlO8JKbDasLaCDO8VyjdzIkXalyha4DM6LcZMGM8UH86keyNImMgwdTDLwJoWiQ0AamYcaMqlWLBxMLMkoB5ug0ynF1FIAX1loBv+Ajd8JLUhHDYwA5jwKlS+4EgkoTk21I/7GbZ9sBpsnWIyvnzMuf2fyB1jjQ7cOzHBRc5mEDecrKKI+IuIlAY4MnQh91uTv+APi2abelurvnwIhsx/KaJW77Qc0i/0G1ucKFMwXE03OSLvNW3K5PHkK0Z+M4G/uoEDwM/0M81jz3yutgWmrxTQ/TAjNbt2Zk6x0a6CnwCdHGdoXGByiE316LIKDKziY29stEiLNWVnptq1yerj2lU1R46sXmqzWzL6b+VbXkaubT9JPifCIXB9V5LyUhwfc4HhSbuz9d5DV529aJq3tZh3kdzjT/PEs3H+XM8jKAGuLZV0tS/q/CLonBlps5DfC2S9/PodakEZDwA3igbM5enpapGv7we7LA=,iv:J4ktWtFHK0XRkg7K88fJJu7/JaSTqip+nIF9HUtMNDc=,tag:jwvttM2bicGBIgX9TmDeXg==,type:str] - miniserver: ENC[AES256_GCM,data:69JH6rT1c5JB50Q0KWQ5wKhzLZhENEFGrtJRObNMmjBSpHCfJmU7/lHoVme0V3j9IydQ+CEWHD19RMXHioC5MJb5s5XanUL8I1qAVsFXl32lr/cyUZYsLLEuH6jpGke8S4gyOTeHUSSUSW71J1pMSzF4Wbxuch3qJCQtnM9dX5XqNiGx1CG1ibRWDQnncFRWbIAxJlArT4Q8f4Q7GyZOIvBj3DzuzYIxWAXEhmpPpVTUvYJHsoMlJbcZ2Ba2cf6AjDZKK7+3NOPVhZ9XrQqwKQSn8dhlxUFxhNEtd2Hn+F2lbfuLZGVyimD6A9Mgah7MMjPHCRhKDTpvqBM8sZCIUNSnhgRY7BRLDHcGUFsmb2sMTrTZyG3bWUotgCg2PNOXDrc0cSE/DhF2irmle0IWzHNvGdtgdPY7StL1E508T8gkIM3XinimQCbFnTTldQTLsFfaO2Jd3YNJYTfMJeEJg27+V5Fc3psUyywOvotrk1m/v0/FCo1yZ3YITANFB+tvusu0wd8rrYJ+FCUQyRhQQBNK5XV8v/bmiDTi2tiZQa04oz0sMB/03PYzEpAWsDCtbMolF+0FE/ki9sdIJue1LOxGlzSU6Tl++oI2jkb22zk=,iv:776BGqzXkROueTqCZteWJnB9ojZCRU6+avIitKdDSR8=,tag:aDv3+Z+B0k7YJ04CTGWKxw==,type:str] -git_public_keys: - workstation: ENC[AES256_GCM,data:ITR7SHPslNn2CAGauw1UEicf1QhHlqq9brDhqeA67dsXQLDoHvAjVI+7qkeJ31c5OthGb/3TobeuwoY91k7F//4/4vZ/d3rmwugQUwdVrhMe8TxkmB5vXrWFLvVZEsGjPA==,iv:vTMMkRKOO5eTMXg0X9D2RbSOgJxHKSgKEqxNF6ZlqUs=,tag:HRMvjDa4nAWqG9xcJJTheA==,type:str] - miniserver: ENC[AES256_GCM,data:O8ye6YX6DhAXbjLAJHruApHjR9ruUefZ2kv2gGOdgIYJri58mh5D9eZKyKjDv7x8Z4rkIbUxeRikpcHKJZgC5qKBBmkZPdNXzc+t0vWElTQaPBDoHQ1u8sUNasg6/zBA,iv:tmbUDO/upPEJtHqUtjjsfgxnrkqS7lGRv4NhJwHv1Rw=,tag:Vcl7aiQUdABqO+npTQA9qw==,type:str] -git_private_keys: - workstation: ENC[AES256_GCM,data:qK3bP6aTsfx5HtvAVITahVMPIqIj0shfUtOq5b9cxoUAf0tEwN3fEpvZ6rj4qrsJzeu6CbrLa9kUxdkDac2WSba8hpi0Pr3rQRy4RVUgZwJ8t1Bscb4s7KeHuR8z8X0rgB9ZKzJJHjKQetKytJF07Qze5jkKlsogmzVCE8D5SdWvLvJ7z4hONXMlPK9HAGesvrUKD54okshhK4WbfmC5uZ03g9SEqc/QMTmgo4NVEmhfBIXbqSBch4zLWk95RGleHfIB68dO3hsEzAy+X63caZ0Vrx5l8YNEGXxm01ZI7RsjEQXYlQpM2siaOgwixVZvn5fr9Zs4fIK3EyVqCM2m31Mtn/u8QJr2bKqredWBNL5q7CqtEGb3JscXm13q/ttqfdPgYREuo2NTPN1dra+tmsVNcJK0KbJJKCoIy1CX7NV0FgmJnj21f9mzbOvGvHfaChLiLBj8at8IDHB78wWVLoiIMf4fIQa51aiyzCx86/1hu4Lpi4q56KLXabwt9vUynuDiGds4Rq33rmfOjNrEkxVNd1Mz1I2qnx08,iv:v8RzxevJBagr0an8o7sUuCuhtyWEAb8B6fyXxfegekI=,tag:kwx6BdejSJmPAqFPa8lEDg==,type:str] - miniserver: ENC[AES256_GCM,data:yXAHB0l2RzCrBqmIr0BSdiKw5e/lPOAp9u9ibdZqUvEcs5tCWFc7823bZ6hFpw+o0UcYojobVBRejUoPqAq34TGciB8RqHlbekvHfg7qXr7XKxYKMesBMPwmaSUsPTtPib2ahLlGGaw9giO+EV7g+g2k+UD1mIUu7LwwTVb96qSiG6ffzOz69EpOgp+v9b/5yww0Mz+Hg9boonhdAMwUbVBPKjwwIPald4MibjtAiL0/JYzw+NpNYwHIxL4oKcyqnM3f03e43fI3smi4Hta76rCTF45hn0TLklZbnuGWtwmP/U9oQJ/+Id8kpzR+U0GJysIKgGKBNeL4bNqsx6L/cknzTeeb1KB28sjGTTL5w16k2PGizwys+NELCZD9suuQLk0hGBlwouwslihwFxne1RjYrsWC9ODgM0Kiqxkvud30FBe9f/C/kKz+hBTLROkNBmm2pMbwIFTmrbdpNDOeySA4VtY4xrXTUfz02KbxNm7xAOY2A3Ux/TIbQ6oBSv8O+ChvI9H/tTJYhpJLO6/FA+sbzEbYkU0d4nbu,iv:Ar4lKLkrfnkueZKvOcajeJjmb8O8hSS0rw8c6xjgL68=,tag:ZEB44TnG98q8baCoUyICKg==,type:str] jawz-password: ENC[AES256_GCM,data:j5qya2z9bDESQopcBpLBktyBvIuplbq3Ql4TovdAF1BIJHcf4CAjFuCStW0axFEOST6bgJwhcZZvK4rWUyoS47eaFDp2lkiQnQ==,iv:GNEA8v0NR+PGe4yvlm4V6tTJD5NmlswRPH7JnQJUyLk=,tag:dpxDK88cAJSk+XdFF2mDww==,type:str] +resilio: + host: ENC[AES256_GCM,data:iITbrqpJSdM52A==,iv:8sahhsUA9iIXNlJYKAkakllQDbYVOsGuwBulK9FyvTU=,tag:zKKHwrEFUkl3Fcd0RJcIjw==,type:str] + user: ENC[AES256_GCM,data:31s2ihj2cN9C5Lyr2w==,iv:2MzKiRoDosawbeQ04LUKbfbSVFUUD6uUYynB6B0WNWw=,tag:GR0lXvLZAPof6WE3Verimg==,type:str] + password: ENC[AES256_GCM,data:codFGm4O9QkI2+hbrVK3UqwFWETXyfl9y3Q5lY6UfnIRe/IqWG8Ibly1BUlh7OjKIepXm6m35e6QPioVSiUT5Ll1SIE=,iv:QWqKyKrvm2y2UM2Ir1COxjV0jgU8jTeu9ehnyeXTwCE=,tag:Xtr+r7EphaiLjGwK5gmsMQ==,type:str] +ryot: + id: ENC[AES256_GCM,data:6cWtGJ37HxUAXAFFyM1pFkHuBPr37q7tNRKGZclV,iv:5TyJB3HVz1+/mxg0Xptpx/FGJmx4ahlawPvUgTnL+qM=,tag:0Ildbvc5XUoZuDKiOjIGIQ==,type:str] + secret: ENC[AES256_GCM,data:S5FPP9Y3KRY8HPgfPwKj+5qTK55FZUeHHC45yb+z,iv:79GtYLGktv8uOMLyJ9i0pPjdQT/B6w+6hdykEF8SJ+w=,tag:5lXC1NAr8i60PbRZB6H6sQ==,type:str] +flame-password: ENC[AES256_GCM,data:KZlvGjmdwa9gXf8LmfEM1cNt3oMsD9lH,iv:27DurnhAIF7kSprFZ3LFQ0gnAqClrftvmSmVF68MC2M=,tag:8nepp2CnqKHWSKp+SVUo2Q==,type:str] +maloja: + password: ENC[AES256_GCM,data:2Zw13RUHDupp6Op8U3bnxtgh2mr6uvppvkMFMRrFzQCBOoK7Sfg/dD7wgcuzJgglb7BMgPu04nsY7yXvZFi8Wg==,iv:b6rBtnHoRZdcEO1h1TjdTX7kRL2aBTgnVsRLWnOQypM=,tag:ytK9cL9t00PTA18++gHMmQ==,type:str] + apikey: ENC[AES256_GCM,data:jK2Agtx8i2fyym11viB4yQoeMaCW/Uf4AtgjUuQWgrB8WG82k7xyGza5451HZz7DnYWtlT4BRgZoUX4ZqANpYQ==,iv:oIcO8XRToWYNP7/0V69PelMrN3fqPR/OB4IhXmVzvgU=,tag:WT16lUMYsBvXfZEOpbSLlA==,type:str] +kavita-token: ENC[AES256_GCM,data:kt3bTZNf4S7sKfbxzXc4Q+9yTPFTKzvEaR+mysBhhdnht+FuN9o9i9liqy2pKvB7WQmPnjQ/aYEYkcPSPg0NC5NwE7lNY7kUJtyHzYm2wkKqkkDIc/aI+dHhtX1SBF99ZpWEhmgnIA2HtCpYXUjkl4pUTKgNi0cn+bb1NULMY0zHyF2f7faOOKTWatQEuG1ZvBpiNIbPbsMznfdrWe9VEKrdtMg8IkK138Cn+EOSu0mCHdU=,iv:NCjegkB9/O6xq3fdWqhyVJy5YetqIpcDmD0yyBh3XXQ=,tag:IiqZY0mhqyUHJ61DRNHPlw==,type:str] +smtp: + email: ENC[AES256_GCM,data:NDdsAl2bg/R9UiJRJaxVUuQrv1+Q,iv:hnQQLDX5VUE5VkSlwG7U3NiUBxJooJxfGTGVni2DwoA=,tag:RVxv2qoLfr4xSJ1q1yJ1Dw==,type:str] + password: ENC[AES256_GCM,data:vSSQoZr5Wf/okOgoMb11dQ==,iv:3EePkl+sDMUUo5Eaz/TrQa3LLYY2YeXvegH6zqHcTug=,tag:wgwSbFzI+pSEXMDawtEUWw==,type:str] +multi-scrobbler: + deezer: + client-id: ENC[AES256_GCM,data:JvHvPzQT,iv:K6TGrLbqUJSQlx9yrFz+ItGmQxeADs99khfdMQLgkDg=,tag:2VimoFDr1yfjx0aJHc8jnw==,type:str] + client-secret: ENC[AES256_GCM,data:iJtmoRSbt2lN52IYqo1HUov+1OW5WSC3cwpNVmBlFws=,iv:8SkE71+XIwEJabtjd89LMULEKj6ZOBQnn2G06FguMa8=,tag:lR/cVnSLxqFNUGo7sWRRlg==,type:str] sops: kms: [] gcp_kms: [] @@ -25,32 +27,41 @@ sops: - recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4aUo3KzYrY01iaDEzNDdj - azlpUnd2dHNGVFhEclQ0Qzh6Y3l1S0p2MVFNCnMwaWRLZ0VHRTVtUklkanpkQ2lQ - NENEUVdXMjJ6eUk5MVJLM01Za3FXU3cKLS0tIFV1azlwc1p2bDhUVGR5VlN4TXpn - R2RzSHN3cmNUS1lYbnJIQjcxMXpLdUUKmVqmIMyyQeHsA8A75pPxU5NHVGM3/Bys - JnME2kNPZ7DOPtKfEWQ3uo+HyH5RNv4cWs1I6R3bvGsDSYHxLpyjAA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSTFDNHN2cm5UMDkvb3h3 + RUs3aEIrZmlhQ3JvcCtKa09WUkRpZ1o4b3pnCmtiaUJnYUVWcFdpRk9vdmNQRjJT + R1NlMUJnRHQwdGRmQWJrc1NySmhPZW8KLS0tIFhnNmE4bGFUYW5GdVprc09PTTBt + N2VpQU5aeUJuRThyQVFwaEs3QnUwSDgKdgsuwN4/dfAVzXnJ7LPwhUpD8kuh3VxO + vB9iva29YN85E+CKZ7CryGdrnCy1a1fUC0YiAakbzQejon62fK2d5Q== -----END AGE ENCRYPTED FILE----- - recipient: age17jlsydpgl35qx5ahc3exu44jt8dfa63chymt6xqp9xx0r6dh347qpg55cz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBydEJTTnl2N3ZBMnR2QWFL - YkZwQzVoNlNsaGF4V25hc3BualVpb3ZNd0NnCm5GcE1jN0ZGUWVDbHErZzlSYjJN - cVNhNDg4VWhEVDJyc0JGbHRhK29Cck0KLS0tIGcxcjc4YTNSUTJxbk9oa0QwYkNZ - ZmY0QTB4U2ZxVVUxaDNUQ09zT1UwaEEKmKdFb3nZ1jSDq8nQl/tR8dkM6rHFw/9U - ccOUSwZ0MTiX7R+CiY5L38xzUL0PrlR80GZ1UUf+AR0a1PE35F8ysw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRnEvNzlxT0dWMDNZOEhS + TVpRSHpGM1JvZ0JQRW4zMXpXL3Rza3NiRVVNClovaGF0Z1hPdXltY3pTaGRKUTY2 + MGJtYmFqaDQ4THRRTE1rUURhR0N1Y1UKLS0tIGtOOUxVNTdFZGZ3TS8zdUJFWWxO + MG1yLzNRaTdmVEJaSnBlbGR0SjR0TlUK7iNC+uyUN3s5T7b1PD+BZ+LvlsKdOpbM + pA2P4ZaUcBXCOEonmG4LnflEyUDXrxBoTkswkpBpG/SowF+yXe0Fwg== + -----END AGE ENCRYPTED FILE----- + - recipient: age15hx530yrqmhm80vsjmffyg9deq9gssj7hl5rsqdnsn3dwegj9qusv4sjf5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcU05d2R4a3k4Z2VGVlcr + VXJWeUZtWjZuY0lDM2dBNWFxbUxyaUdPVm1RCkxkNjFNbmh6L2ZMeitlY3ZwTEw4 + MUhTVnBLdmRVblFOa09nWTlXVHNIWHcKLS0tIC91aHR5d3JlRDlBWFJtWDNsNFUw + QjhiSVNRMlgwTTAvNmE4SDdQOS8rNVUKIYVulp/SpDmewQkotisfUsSZFh0r1eNB + 59ysWy09dse8Oed9lwMVMLI7B4DBT6CRWuefOU//urI/pB9itV6jvw== -----END AGE ENCRYPTED FILE----- - recipient: age13w4elx3x6afrte2d82lak59mwr2k25wfz3hx79tny6sfdk66lqjq989dzl enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1SnBCaU05VGEwSEJVNVZ3 - bUxwd3M2NTVTWEZzdTNwNE8xQm12dzJON3djCnkwMDRFRk0yUWcxNUVuSmJ4M0FU - eVdmUjg1alh4MWtTNi9oekREbk9TbkUKLS0tIE1kRXN5QndNUUdJR0Exci95R2F2 - ekZxL0IvYWJTbDNtWXVSOGc3QXVjaEkKGNyLUn5dyag4pvN06ekMziyTI3vUpx/j - 4ZhNrvDgAY226p5kfka0NpPmNlsIcR+5gbIuHliGvcQ2W5WqghLDow== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyazBBS0xKakE0Z0hHRnZo + R0VZUk5qSVF3L2NTb2p6Z29QMnp1MkIrVHowClJVZ3VzUTc4aDVha2tBUE93R2Nw + T29nakxRQkpidzlrdFZQTFlxMXFwOEkKLS0tIGJWRkdJaVpLWXBVNnZUQ2l3dm9Q + RmRyZldlMjUwMEdUUEpDS2JSa2tDTTAKp/pT+0cNnCuKVL+Z0fEMiw1PL9PB/nSM + QWVTo0Mt8Y6X0Xt0EAi9G5AYxADZ/mmEWPxB7RFgVAiMKtor5Gy1zw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-18T01:48:26Z" - mac: ENC[AES256_GCM,data:ACewXq1j9xjjxy+t752oWCoDU3yp3A9sKnfPAgdY3iqZBlUjUDdEtL8/vM/jZdsF1p+1BP2miw3TUc6lsnMO51Xg8KEWbnyGL8sDVpCxSQ8jvEB82SoLrEF6FxQTRZLcAyC3wRyf8aeN5sa2PMkiTJQAPIJPd34y0djPhCwNXgk=,iv:S9ujkTx/e4McftTlsHweS3aV68Xy+Dvm8WOoeNjz2MA=,tag:C27mh2qoda9jGFjoSH5VRA==,type:str] + lastmodified: "2024-06-22T22:45:18Z" + mac: ENC[AES256_GCM,data:u63XyOQMO6ZUieL0efH2d1/OfDrtsTxM3nWIOJHkrs5jQp9LU6KXQcgIC4uyI2xKw5umtiOKS0MjY7GPaLaam4UpwQQhte9PRb61XuzAfOiOHEtMbRi42Aj2C/zp3zIiu77DwhBqcSme317dVdWOBUqtJZ71h9uqDA2BjUjUvl0=,iv:8piGB28+iFYxp+RqAJ8doWZqMhyH/Y8lywm6G14N/Qs=,tag:RfH3OjHnjQH7Z+tk063ybw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/secrets/ssh/ed25519_nixminiserver.pub b/secrets/ssh/ed25519_nixminiserver.pub new file mode 100644 index 0000000..3872c36 --- /dev/null +++ b/secrets/ssh/ed25519_nixminiserver.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGrC7sVvDT0is2oq/H1Do99LPaQKvyGMAsrF6/fuf1aP root@miniserver diff --git a/secrets/ssh/ed25519_nixserver.pub b/secrets/ssh/ed25519_nixserver.pub new file mode 100644 index 0000000..3e538d5 --- /dev/null +++ b/secrets/ssh/ed25519_nixserver.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6HsajaTL+nTJtSIu00M5WJwgt/7fyU59gBr2R7tbnv root@server diff --git a/secrets/ssh/ed25519_nixworkstation.pub b/secrets/ssh/ed25519_nixworkstation.pub new file mode 100644 index 0000000..8c4720c --- /dev/null +++ b/secrets/ssh/ed25519_nixworkstation.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICiyTwryzw8CblPldplDpVUkXD9C1fXVgO8LeXdE5cuR root@workstation diff --git a/secrets/ssh/ed25519_server.pub b/secrets/ssh/ed25519_server.pub new file mode 100644 index 0000000..45e163c --- /dev/null +++ b/secrets/ssh/ed25519_server.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server