diff --git a/.sops.yaml b/.sops.yaml index 50c5638c..15f49165 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,6 +9,7 @@ keys: - &tei_osh age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr - &mediabox_osh age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 - &litterbox_osh age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj +- &keycloak_osh age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 - &kuwubernetes_osh age1q2yjpxlqkfhsfxumtmax6zsyt669vlr9ffjks3dpkjf3cqdakcwqt2nt66 - &kuwubernetes_cluster age1nmdv4q8hcyj3s6qevrmc9w2vhd4a8tsj5j5e0cry5utex7vqeprslyjvxz creation_rules: @@ -25,6 +26,7 @@ creation_rules: - *tei_osh - *mediabox_osh - *litterbox_osh + - *keycloak_osh - path_regex: 'systems/hakurei/secrets\.yaml$' shamir_threshold: 1 key_groups: @@ -74,6 +76,12 @@ creation_rules: - pgp: *pgp_common age: - *kuwubernetes_osh +- path_regex: 'systems/keycloak/secrets\.yaml$' + shamir_threshold: 1 + key_groups: + - pgp: *pgp_common + age: + - *keycloak_osh - path_regex: 'systems/[^/]+/secrets\.yaml$' shamir_threshold: 1 key_groups: diff --git a/nixos/keycloak.nix b/nixos/keycloak.nix index 1fa17b32..08211dfc 100644 --- a/nixos/keycloak.nix +++ b/nixos/keycloak.nix @@ -1,4 +1,6 @@ -{config, ...}: { +{config, lib, ...}: let + inherit (lib.modules) mkForce; +in { sops.secrets = let commonSecret = { sopsFile = ./secrets/keycloak.yaml; @@ -7,6 +9,13 @@ in { keycloak_db_password = commonSecret; }; +users.users.keycloak = { + isSystemUser = true; + group = "keycloak"; +}; + +users.groups.keycloak = {}; +systemd.services.keycloak.serviceConfig.DynamicUser = mkForce false; services.keycloak = { enable = true; @@ -15,6 +24,7 @@ host = "postgresql.local.${config.networking.domain}"; passwordFile = config.sops.secrets.keycloak_db_password.path; createLocally = false; + useSSL = false; }; settings = { diff --git a/nixos/secrets/access-proxmox.yaml b/nixos/secrets/access-proxmox.yaml index 4828f39b..bbd98003 100644 --- a/nixos/secrets/access-proxmox.yaml +++ b/nixos/secrets/access-proxmox.yaml @@ -9,66 +9,102 @@ sops: - recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSnB6REJQS3hFTWdrcjhv - aU9ZM0k4VHNiSDI4RkhHQkJ6ajVhdkxEc2l3CnRiOHNoYVBobVZRWVhIdEo0b01r - QkhYTnpXSm9XSzgybUFZR0I4cmlKdlEKLS0tIDVURnZ6TFZ2UlJ5Y1ozOVBTZ2dr - QlBlRnlDZlA5bG1KaDB5STFLdCtkWWcKgKZulfpmL021V16LLd3paqHpHcofNfps - LhZsPZuiVgQ3iMlFYQsp8Ya5s/TBkMvSyEO24H2BSFdM9vNDgZuxTQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4SXlNSW10a3JsNitJVEVM + MnZSNlFkcW9XUHh2Y1cwT0V5TUtZaGJ1VVU4CjA0bzFMakFoenJubWV4VWRTQVNx + V1V6Q0hxNFFUblYwU3FsWWU3OU9lbGcKLS0tIFcwR3dSYlpOMGpSdGgwS1BsM2Fx + SEdFQlRYRCtYWUtBV3VyQUdOb3BnZVUKvS9BSafQRhoX5AOjYZOXMuMOzmjldOE3 + 5epTsDuLg08bK/hLQdWPrv0TwZQQrW+UKyBP2MUJsT50sdRqP8Xc1w== + -----END AGE ENCRYPTED FILE----- + - recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZaEdEUTNWVEtOOC9CaS84 + ZXVXcHh1ODA1eUdtUFMwRWVDWDJNWWd4RlFrCnlGNGZXWmZhT3owVGNTcTltVmx5 + ZUpCeVZaOHdSeFRHQVEvWmpLSW9LcXMKLS0tIHpBaDdiQUJTTytqS0JYTmJ5T1l3 + SkZhNHBGMURRYVhOOUF4eHdjNE00L2sKp9dCDzgzX037nsMShNwwM9OXXDbBiE9r + ZdRgd/sRnrD9Vxp1VsXauCdIv53X5z2ztv+qUb1BfYVlXMKzEa8XDQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdDM3T2NyS1oyL2lqQmd5 + SUFXWXZmaUNacndEQkVYak9oTEc1NGlwQjNNCjZQZ0o0aHZ3NENuV0IvNDJaL2V2 + Wml2ZWlCZFBlZnVNajRqT2RMbDdUL1EKLS0tIFBvTmt0cThxU3lIYmFNMGpaZHVr + cG1PcFJ5dDRwTmZCWGVWR2ZIVnQ1M0EKDciUuBp5VA5HLqNT9DAJoAPlz/bZnJ2K + Dbo9Gxc2qOzQVOb0KPZPRBj70SANbwA+0ZBYOH34FP7WBt/Hrm5psQ== -----END AGE ENCRYPTED FILE----- - recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2UHRjeWd3VExtVG8ybzR3 - ODdIRkZ6VlVBalN5WWdLV1RhVEJRcm56VlZ3Cm5ObW9YRW1BL2ZCeFNyVklzbDdD - YnF3QVV1NFNHUHQwOFFTamVpT1c4R0kKLS0tIFNzaEx6VEtvRW5WdFRqMXJOd1VW - RWlMajR4ZXpNbktXeDRRSEJVS3MwdW8KbFr11HAGJc++u3hsja7Uz9FUhmnUW2Jw - Qs/n0kf8BCMigbJMZP1YKxJoDNKGjFzLr+NtDErnKl0OaGAUfYSLjw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZGNxOTl3TWQ2ZjNoelh5 + bldWd0RzQ3prZExEOWdaRDZGWE9kTTBtQVVNCld5eFVna0M3amNjTWtYdW4zeFE2 + dDF1L3Q5b1I3T3ZxQ2YybWJ4U1NiVkEKLS0tIDhqWDAzTkRrTnMvck5wYml5VXo5 + cVFqV3ZSREVVZ3VnNWpOeFlXUjJnSE0Kvv9mBumBhInrtJzmGeq3sOPc2SVqhaeG + fadG8ytvvtZlnAxeHQbBymb+FEJHE6YKJ4/StbjXSDIjlu6S+xGs7Q== -----END AGE ENCRYPTED FILE----- - recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZGZrR0M3SGplZWFVMVQ2 - UFhtR3MvS0o2L1RyQUdvL2E0QkV2c29QRUNFCmU5dnhPQTdadmk0bHQvZXFpam0w - a3NxNGtVWkFidzZTeW1yWUpieVNDQjgKLS0tIHZUR2pLc05hdXdEUG5FbU43Wkps - aVJTU2MwNlV4VGZCZmljZ2J5V3p4dkEKtX6n603K8v2kyt+TNGSKX3TPRXvl497D - Mp2YvTLttv4tW/kJq1A0esXre+H/SMlrHGR/fBWbd2BhjbrmpggQSA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpcVhES05sYXBzNy9jQ1FW + SFhrdjk1NVdsZ3A5cS9xMnJRUWQrMzlkSVhrCmVDL05OdTlFSGh2UE0vYTZNdkht + WHN5RnVaQ3VsVjl1NW5SUFBQOW9KYncKLS0tIHF5N3F0NytmRm04amNLb2R1UG9s + eHptK2N1THRxdmF2RjVFQlhjeWZNTDgKWsaDSnCp8wQogrVIpxPB34cx9sUBFzVI + GaDy4uGaqMzHLzUe4UhvLtXM24NmGyElwrmSAWXnB+FVH5lunCXsCw== + -----END AGE ENCRYPTED FILE----- + - recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cmhKYUVadnlRcm9tNHc4 + QWpmcklWQmlXM29QRHY4Z09SMW9oOWxLWTE0CitqeXpDUE5xR3FSTWh3bWQ0WjQ0 + UytvSVFnRmxUMmhRZ05GUGF6TzJQOXcKLS0tIHdGbUJTZlc1RUJHdEdpdzg5NmRV + NzBSc3dEWmEvdWlXNzQ1N1FCSFh2SDgKKhG/R4Jw2eaO7HiK0MFIgKkOhUJSJyhX + gsg0mOvovz2skQiUZ3OrGHI+txqDhLJTzX/6kcgi0dEto3khv3UXaQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWZkVobWNGYXRURUdGNDFF + SlkweThUVTdtRExlelI0MWxRcDVGblh0d3dnCmZYMTJBRWdrbFkvRG9IVjJNNDhh + Vkx1VERzZERuZklzdUxxa1RtcXp3VDAKLS0tIFl0cXFxOWRqbkVFUjF4dlUzVEJz + NFBOd2pGMnR6L1MwOTZlYjQ3UW1vWVUKLqiKKu6B0WDeBFXx86SE7KkE6xcOCuI4 + pOzC5UgHgEdppM/UQI1KulMQU81ROPdUPFVaMz/5f9oe1Zn1Sm1A2A== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-01-20T20:11:12Z" mac: ENC[AES256_GCM,data:1zZn01VFBs9lgPI4B8qtaoQvO4+fBLMs4pkmiNFwk/gzNsD4Dw5y+RfuAP+7OoPlkvDliw+Zct9jAgscVGmSqa2OMHSbgBnn50j06JmKbfDedxhZrQdb7O+yykuq6/RxN2E/LZ40saQaiS6GguvRhDqVNUqn+HGpa7Tbrb8LmhQ=,iv:P67WoQLtGhKuVhCgdkDUxx41bfSNitXdxroSOQqLGQc=,tag:m57oJnz4diogQ0EXktKt0w==,type:str] pgp: - - created_at: "2024-01-20T20:09:09Z" + - created_at: "2024-03-14T04:18:54Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA82M54yws73UAQ/9GD37XRt05xS/k1j6KreWEaNMfj3JCsOBBz+UKnxVtajn - Ar/TkOdAoYTKjCxD0NAf2OOHvdunDra+xEgzNrLGjfvAZyl3k9O63SwVw2GZzrAm - 5yogXz4qm1rEpcEphzC1kWzGS1g4Wp5Fgo12b3xqjhmezySrMfpNwzzP37TZ7/4X - Mld1fQ+Ie1S+C69ZtZmrIfYK3NJGH3YM8frzwEYm7pIsgCmb7qNO/x6OgiTkeeGU - Ik4CaXK8oks7ANDAs8Z+fRxiuUtawKsL8J2oNCS4KofAO5h3e0batdJ2fEKqJNqN - TfSmLjmXXA7kYDSvPPY+PdSNw6u4veNhjjra3B+nd5CZ+5gPZqJmwcn6rcBOQJQb - 21wU3iZzckMMEuccPH5JyoX/4nL1g3jucFy5ELKVgKzfEeIRkIT3JJW48unbnNQD - eNZrTFocUyz08d4CJz9GwTaRSAp1MHp7NDcJTUoQYxPjiaf1fhcyxak3qYnk09Xm - PkosYDM7auc41flUyCxZBwBWSxoLrSN/x/bbB1A8rXhrMcp3jafF+wkq3a6VsHPy - 7Dqw/DwerHEqKOnh6MjxRxygO3CEszDlZB6J88njRgLJPCrcV+wqAZZLLnL/H2AA - GlJ8JedJd8ra58sUw++IPnWSTFV7arXoxPb+DvmylOuvTvxkHm70rzcKEcbQfwTS - XgHIejtCvGqcDmSQpn3gm3qEg+hgrx/CZTOLk6slGmSp3ZRCI70kMlhAin7htuST - bvHu65sovs2k3p8l/mTl2TmQ79r+vngbkSctlZScypFMotgEqaX7ptZGGpuHrDE= - =4ayC + hQIMA82M54yws73UARAAvEVkz3mK5CZMSaf9BS8NDd4SaZ475moJaHoL1pK9J+DZ + nZc0gaOB8zdv+qs2eDovNx263n3MgsznCsQFNWKZ9kTJ6ciCMeCXU8XwRsnvo0xy + Aj8QwdPTAgb+NIVutOQUFmd/QDzAmbj0crklGv67xcox8p5bdBHu+tWCdE+G/ym+ + MefCb9kDnQqhOQcY3DHOheB8XMEFW1nmN50Y1sF/k5fSWCjV6NNPVI/LsGWri188 + ufFf+/4giIEQHGEb9GscPAygro/hhZlwp8gZ5Xuq8hLNanRojzv+kDjrCLzcsNkg + 6Y8WMcEgNdKksWs2zGbztDjIS5R2cBU0NpRNAS2s40ZTPhqbV4doA4ooXIxSA6+S + pPwpbF163jmCJoSaTIoLyf1Tfe9HUgQLgsyuwHlytLnaCvdhPVl+UPNnv7MGoBkZ + VBdu2MNas04fGv9fSEvaLDswpSEOqMj3SxHYyjUUr/dOyl6p6FqF6vFFyxqIoAlL + kMpDp3F1Z3cq7f64LqNGrM55jDn+4D2R4vD9buQk+1j7Im/CzbMFSDQhbE3slp3R + FCioLkfI9Y7m9C+O8sEF9MYk8LuUDkCnJDc45o4Qu7LC8VJBIUbYwCYWDPqZy6Ua + P0abD3hdlw/60N7+PHig1PEb1UPsk3671/hNJVegWFIB4BoKGnNzKT9CEHkz4pHS + XgHpr/N+xvbIAF/2TBZiq1vebMLf83RKApmrxgcKZaEwFJnnhviivbqoQUeRIFqs + /zji52rMu8Jiw2PbP/A5sAWTRJZ2cU32Ne7oDzoneH/Hr3xlUaIyvSsy6z0Sjx0= + =VNWb -----END PGP MESSAGE----- fp: CD8CE78CB0B3BDD4 - - created_at: "2024-01-20T20:09:09Z" + - created_at: "2024-03-14T04:18:54Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA2W9MER3HLb7AQf/ecN4WKkf7C+CO5siLc0FmrpcRo79WHf9kxOv5xo1hWFb - gtBLHMPaCtxOliKTszEGQzl43Z6O0j/04a49eqRe5aCF7GgFnji/H/75+Hv2HTMz - 8MyIuSchQOq1xLjzo27sxKlcUPgp2bCuVFlxzWrWZYGPYfNOTDDFQvirl+r1G3Dg - 8zcuigkFeH8pH9f5Kk/94Uwd/wmFHGt4DW2s8BHgp/l5iR5mpXh17qtyPdKRN9aL - SSC2uGP7TAhgS8uIbDslaxm9xK35CP7+FPQWutnds+5ZM6Bc0nEjwqRfOT9vpIhJ - ua118bogSFlDHM02nnMng0BmJZ8x5jq1VrcvM5xvLNJeAXCEg6N6v9iw3GrYE+XK - hq3D6aPJDiSPVtM/zw6gfUQayEZspBzKC9DgDXQiARwPGkZ67I3NF2MnMqaSqHOH - aswNxCHFkaTt5IQ+uaOODfFAgOjRdrNttBMCxjjfWw== - =fVK/ + hQEMA2W9MER3HLb7AQf7BcEBIWqzy7LqFXE8x1+3pWKkGqpNjchAOt3yEHhFcRom + tLYR8m2QK0F5zZU2HWmYkgVbGOTHAjXGbcStRIawL4a+ZzP2M6Gk0VXjxOpbKStd + OWKoRQ59cUdzR1cv4Ik89WzsbdEPZJ3ykhYSHLBq+aXNtdI0Do/OmuppJePiVbxI + ItVZkH0QoQdOj2Ifr//gUHzb6I0T/zfMvUjQW69/O6B1BzvoBd4cH3tVu09EXjYD + EZAeWzOQ+1wFV3E67cGs9S/rFiMprxT6QhnYq/gQEsnlQFNxe+geYWvigBr/JlrZ + Aq8HG91ycw5H0vSTwFkN+lPay5fkAObbVKpbh0I6tdJeAX01Ab0twWNG1TEjxSj3 + qGECAz9r888r1wG1tbgAQjI04r3cPqysN0mo4K0RqY4/xa4EDWhql3VFR40CwyoP + BdMUqGdCUuWlRS0gKSSskEAnFy2ydSBR7+TLDyvEWQ== + =NeQV -----END PGP MESSAGE----- fp: 65BD3044771CB6FB unencrypted_suffix: _unencrypted diff --git a/nixos/secrets/keycloak.yaml b/nixos/secrets/keycloak.yaml index a92cfc5c..9625a002 100644 --- a/nixos/secrets/keycloak.yaml +++ b/nixos/secrets/keycloak.yaml @@ -1,4 +1,4 @@ -keycloak_db_password: ENC[AES256_GCM,data:NXYdwfMVzTTJukul3/g4LmddTQwAEBkSNHtMBElNIzE=,iv:MOTA4B7DH/WVVRVTTSGmLnYvqXXtZ7NkvgewJdsIzNs=,tag:XwVWTUU/IXuymSMr7r9ZuA==,type:str] +keycloak_db_password: ENC[AES256_GCM,data:fvXvsUkGutgXQM6BSLtLBPzkmzNQaerN72mnXP5BqvI=,iv:OJgE2RwqEiRBzWlzdUvfTbmDEoRdwcNR5BUpHLEg+F8=,tag:LDppVoxEU7Q12CZ0/lw5/A==,type:str] sops: shamir_threshold: 1 kms: [] @@ -9,93 +9,102 @@ sops: - recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3YjhmK0s5dGwzNklSL240 - aDBJejRSbStMSmR2WUhRY3VWR1czNGZhTGdnCnNMQnFnY1BQSXVBeUxRUHpYZ040 - Q0xRd1lWNURhbXkyeC93aGhtdFpNQkEKLS0tIFpKQ0VDZUVpQVZ2SGh5aG1HQmY2 - NkJKMWx5UW9XcEdCS1VWMHVjOUN3UHMKPGiOa99tAp9cL+lxPwxz3M8fQXEw+pBi - 5t6eSA8l+m23M0A6Vo5YVANuCr1+eqiTIlTOUN4eAlnPml0DQAafoQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDaDFVQ1Y3K3JFVit6S0dl + U2NObTRBbmhEM0kwTFBFNGxnUFU1eHN6YWhZCkc3KzFrRDFqczcwNWM1NzduSkp3 + cmRqQ3dnTi9RZHFZVnN3UnFqRkZqZEkKLS0tIFd3NGFUdXorc2xaYlRoeVVZK3I3 + Y3Vpc1Nva09tRVpmZGpPcndxUHRRS00K3gJYISNDOzGYOx/5XFrr8uKJHB6bam9y + n4grKc3N8/G6bDJeQWfBpmj26uSEk7LW3qLWSQweF54Jh6Ic8W/abw== -----END AGE ENCRYPTED FILE----- - recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTdE9IZXRacEo1UDFTVU9I - Vk9Lekd2dzNQSVJEdGJ1N3ByZ1R5Y1dOS2prCkNsbUJaUXNhaXhnM0h2RjdrV21Z - aHdkdUNyY2dpREZ5cFd2eC81RlA4VWMKLS0tIHdHT3NlU0R0VVpCVUZESE42b0lG - bVExOHVnUVpYV3NEdjB3b2wvc3BiR00KyuIiR1dt/sQQBzBJgDj0+4KX9iRL2T/g - 8sO62nqhJF15/Db9zfY+vxMfhUNIDpZZI0n5cwUaXmW33bfuNk8QmQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvK01kLzZnallmeG5xUlk0 + M1hJMHJHdHBhNVRxaS9XclVkMUcwVGFJd2pvCk4rcTNRUXhBRWh0dE5KYk11bHRY + VGNaSktKdHlYVW1HY2R1SjVxMnZaYmsKLS0tIDBXTWtqb1Jscnh5U1hwN2k3dmI0 + TzNYSzY4bG5VK1JvUXA2TW9EQXJMQVkKJmJP8uYEvujIZ4KYe5R6I2Nu9SlswDVG + K+uJrIhRxOMohPI9hYmJqteHxuVfPwQzxYUeXDWKLGF/O640kTNB6g== -----END AGE ENCRYPTED FILE----- - recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKd1VDYW1QWHZ4MVI0aUpN - NVh0MTk4TzRGZzNsa096NFRXYXdFQzBURHdBCng4d1dsaFBWbml6djFsbEtTVkRI - enlLa01aTFE1MUNuMlVwMFllakVqc2sKLS0tIDFDSldKQ05TR2lUbVJtQTd1Q055 - Vnltak1STTh3dXhkdTdTTE9zWGlhakUK3tJvWGVu5oJNMkFK/jx9lVNu46Kcl/RO - 3MYsDowGsSP3v5A1HSnezyXCK1aH35H/8LpIdgBCBkygiW9yekRiIA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlbGN2LzBNdGRPSGNTVHZE + aGVFVzZGdThIWmdSTSsxSnUvNU5CcTlmZ3o4CmlRSkFsU0pmVDBBMk5ZUXZ3NnRT + bmZnM3h5dFl0VHV0ckpaL0J0U3hqTWMKLS0tIHAyM3I4a1AyMUswMFYwdUQ4UUlJ + YTBuTzJtQnROeVVWNmZ1bmZQYjZsUncKQ7mRyH1sapoAj8L/iuLYZdUqnSO82zqq + YJ12TsKLVJx/BljG07gH+HC6YbjQH1JtKfcbdO+hjQTKNxlRNJ/JXw== -----END AGE ENCRYPTED FILE----- - recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvYmhKQnpFTHdqNTBRcVkz - OEVVOU9VbFNzK011NXhza2pQNjg4WWVFTlc4Cnc0b3E5TmJmSkVpY0hWR255SGs4 - SjVWZFBTUEY2WlR4N2VNRXRncEcrNzgKLS0tIGhuVlBha1pRZUc0UkZmUlVybjd6 - OFFqVU1UNytZRDFjQlZINkdmSW5UOWsKL+FNUPVTkYoacYlphA69dcI7GY2wjau6 - 1RwM/TaKbRr1SGHShAVLumOfYUfafq9POXaFWe9TXKRdODb94E5szA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMEZtQzZxcVpiVS85UnRK + SWRST0VIeFNibTlsWlpucSt0S3o4aEN4SzNrCjE5VE5GKzMwNmswb2dQUUNScmRx + Rit5TTRLOU0zVGd4U1NXNlFRNzJQTFUKLS0tIFZDaHRrWjFYc1dOZjZzMzJKMzE3 + TDBTV2kxTkdybHBZK2E5cll2Q1lhVXcK/u3PEgI8qQXbA8qbfX131PVxwZojfEjV + 5WQjFCr54JpgIGzFzQ0nG3GACVFlzL6ucwJTe6JW9x6Ko+lkXyVF+Q== -----END AGE ENCRYPTED FILE----- - recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVZWxzWkwrMkpXTDVBVXd0 - bWN4NWVhdHFoaWp1SDF0eXRZWnNBMlEvQnhVCjQwbE4yblovSW1jR1NJMUI5cDRk - Y3N3WWV3RnJFUk5lREF3enhvNDNLaG8KLS0tICtzMWFyeW91b0duMStMcUptOUEy - OS9vazcwc1AxcFRKcVVxb2ZyQmtNZ3cKD25yeHHtUS5bkgdyakr/EwC7jynoQO98 - sggQFnKDoP3RtyH7D5NRKvlEr3keqGwabrJSakNjgR5+goZxOP/NDQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEeEdzMXhPMjhnYURyM0NU + N2N2YnFObXBORnJGVGpabk5URzIzYXI0ejJVCnoxT3p3RUROZFNLM0hoS0dtVG4w + S1hzcGErWlRZTG14RmZMUFNWeUdKS2MKLS0tIGY0OVlPRW9qcC83L3hjemFOQnZz + M2h4TVkxYllyTXZQSitmV1JSMW5PZ1kKX38fx/uY+0Uy+em4PODARY/yaHZSzC01 + xvs/2kXD3dytOwy8e5JkkQYJ3YLl5pE0a8SJS+vM8KzADLGNNsiOlg== -----END AGE ENCRYPTED FILE----- - recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjc3F4NDJUSk03bXo1RkZG - TWs5WVJBL1JoNjhtOWoxNzAwLzl0Sk9RaEJ3CkE5WWZJNE42aHJQaEgvWnQ1Qm9x - bXpDM1hMbG9XbFJuNGxRVjBwNWtEVnMKLS0tIGJuVmxnR2x5YUFQWEpoY2YyNjA1 - Mjk4WDJtKzNZSERXY1BQa29EN3ZXZzQKY9oVaH3r3bKN5XPa2+7nRwXawqKJ764r - 445sPSy+qJ8259hEbPsB2JmsLnGMX5FznTV2jLDgLmnAoINO5Z4Jeg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZElmR0w2Vy81UU1TWGVC + Z1h0OGt5MlJ1WTNFbzluZkFZNlVLNDk3UzA0CmIyampRK3JyM2lkMDVLbUhVVEZa + Q256RTYza0ErMkl1RjFDTnFXUjQzQUUKLS0tIEEwbEtwUDJuNWExWE13akdrQTJp + KzJTdnVtaytPamtmejA4SWZqZGlUVmcKQa+GDjZruqAEhPHZaCVt8b0BPU/ZOC2L + /+qJIY76qQk0ZMQT0D7posWLC8mwd66VnuK07XPUs61Gn6lqg3vYvg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-13T22:02:55Z" - mac: ENC[AES256_GCM,data:q1h4LUioWwInrLw5bc3GyYxdAbiUgtm/mBE+rcdSSw+XOEPq5lrhJjlXFzS3CxsTxphhbNpYJZEsgiEI6uJ25mvW1s0jqCACvIyW6KcitME63m7WEctUWzJCFghY5xRIpnUg0Z6l6H+g1lZNfNCgbiHSXYbp1UvlFkA8gd+kWvI=,iv:clSMHC+h/BebuEtbaciqOUrSVKjkY8tIuhwRr9kvXwU=,tag:Mre6I4gH1NBkFvIUfArLYg==,type:str] + - recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDSTVjK3VlL3paVHhneUFS + SjlUV2tBYTV1cFJGbGJkbitxSlA4dmhhNW53CkVtS3Bpejg4Mk45Z3E3VStiTUZL + NHM4Y1E4S0RUbE1ZaVdsMURRRU1QVW8KLS0tIE9oRFJJcG13RFhncW9WOUFsdDJC + aFlBVGkrbS8zK0pkY3NvWTFmeTl4OEUKbUdWhGKVn33lPBHn9HfWGeH2DVkkDDsB + IC+59OwD0C2lBnsvL1sAlIAoxPBPz/gBWH0lvy4RN09MdrkMU6Rf6A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-14T03:48:01Z" + mac: ENC[AES256_GCM,data:PTaZ4zIcsfH8gX4uLWg8Go4xO5nd7q/pwdAlSbidHNBlkAqYC+SEdhhkCwnIVnkIzAP/zW4MfO/fjaxiXqwUU2TvTZPfPzwIhS8/i6KdJIQ9k/sJJ/WvTTYY6abfxUT/zElgRxYk/yxPGX1gt088djstB0PT7gguCNSZK2v3mqo=,iv:K+zqS9mBtnXpsrGgnfJVLCIZGmTgDtj+KSyEBtNfLBQ=,tag:8HyfK3OvU5VZnF+tXhwopA==,type:str] pgp: - - created_at: "2024-03-13T21:57:29Z" + - created_at: "2024-03-14T03:47:55Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA82M54yws73UAQ/+LmF+Uwy+i4i6EYoPAOqsoEnRre2aww4GafP6hDqU1o+f - XI45/GGsP8RZqpo8GuGDQnJaUHxxZQnpkoQzVSzg648GptuvTpCqcneR9ucVKgtt - rIWi6YaR9ju/kSRN1woxQkerE5C/OfRUMdgC1pAkULzQBd5j9/3zaY3BJX+UpfZ/ - EFTCmlG33xBGo60WuB1L0wRCaQvJ908pp7AsKnZ/czI+mmn/FeqT0W3e/cJ8RDIc - nfVfXIsmjbfxedpSMzkZu0YqFj2TDEyS+b8Bw7MIojb6xLHT6cvX8rk3WSSswXwM - /fdiHI2DWicIiuDdFotqAR2saBKHULq+lf81G97V64fzR4SfcWLQEtUMQAr3A1qX - TM18MvRgBAdp4LbJ6llve53hosqKTu7DSmoIneTROrygE92JQeIV8o3Qhykb5Z09 - 4nm3m0x78wTWyhwHFBBt+Gy6oXfjC3IzMQdT+3yconqBkP5UFFqEljt2KQ8zIQwZ - 7GkujP8NfOikThmPnnG5oDQ6O9uoKiS6zzL8SYgOb39aR9akmTKzGBeTtydD53dq - 3vgb59xiLzeUfBy/bY2F+CJ4J1nICPeKa91J7UmtlCTASwK2FUes3HvdozXUCcQm - QBCh/u99lW4uD8AO8TUtag5OSh3mTE+qmkMAOkiHxQQkntwcBYFzsDoYMOKNZqXS - XAFgRThoOhK8z5BxH8Xvn34PcgUvRv17a3HGwI/5+TOgV048AV7P1I42pzeuFjBd - fd7/ybp6M3+/FXCin27s3XGV5mBFEwxYSeCjLSYvWpNCKsjAWihFFnUAytU4 - =LsWx + hQIMA82M54yws73UAQ//VyDrxzBNs3Ynpmnv/MO0SdN0PUYwEBNq+3HbHjZYaDQE + JuztWxnm71rsHC0ryK0AJLEkZf0M65uHOPOPKybt5eocsHRZdCmbKgyAy7P5sfmn + 0vJ/NmhkVpSoxT35hX1jpGA1Q7oyFJc6MQExBzCIxQ2+hVOMPoI+gN+QspqWj63+ + TMwjMTHbAVpHBysBDZzCyrUQX9qSW6tgx0dgorDPsyE9RRjOhgPnm6Xt6+iPeMsu + +KO5FEAOj/4+fuXRwZ+RD/pPGMGGQ8KUmaLu7PiFKXv0DWdYke4MtBSny0S+JCzz + reX0X/+0KbmRlcDoayNo9byf/pMjcqvFXEtNybEJkImyvCesmdGXHCQ3lTmC4ILz + qcXtFcd4ZsG1JcUZjEHWd/3KA9NdTE+wDQ65e1qtlsAgcC1/vRdwun9lc+AKZh4g + LhwQGIGZTyWS3S1huppkKq304+mO4SeEbrimS6CpJgGyBl+7Y+KDdipaJKEz9g2L + nIsivqOKm6Aynp/vTvSQgXD2syuPEJ29ab/vyfuFmPL6ns+6gcnlRyYp2ZF89KMN + lGsVUHPMlEl2QQ3Asc4jjQuRdVKhToUpyVtXSOy8Xw2ZJA9QUAtudHuTzdK4/VEn + 4dqKPGXxzSjjnKZRPQ+l9qeWaFmLADzQB/L9Kjjk6k/VJY0SIxY8TVxMD1yvgKTS + XgFNTLq9jG7chh1IITZZGoSD8HtAk7GMEdTftymrwzY4DoT4su0kekkj86BSIs5Y + 3lCBsgoLZ4s+jwLs+PWgEML3A3BjV3/BYsezH2DZOITTrLL3vk/zf/nJhu4f4SY= + =4bj0 -----END PGP MESSAGE----- fp: CD8CE78CB0B3BDD4 - - created_at: "2024-03-13T21:57:29Z" + - created_at: "2024-03-14T03:47:55Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA2W9MER3HLb7AQgA3GJSAxJZvZf7ymoszCEW13Pmx+Y0tfiaV2IyCN2b3GFl - dRplZHAx8eudQva558YJeDpepDIVAsfLzrUXjQznKiJo11svg5+SI0ZVVGl8qj/r - vGgvqYpnoFSQw+GI7H22dclbfWlLY18JZ8vYU1y9Kf0fxNqTQa9ubbeX05k1+t0N - Bfle8SQdaZzHg0qUSU8E6UxRatJ1MuDvhFgjeOFGuZvogQXDZ5tN6itl+zBIc4CO - dQSZ7PRu7sniNn5kngGWOad9FB51vOn/O0DXOX6n3smg4FdMETj7RHPuI88hpe/a - Uws5ekbgskMhMyKXvWMsnZkQEmdKPpFxNtpsmCzxTtJcAYI5yxjfbrobgs+BZNbH - G41v+UDfi/9p8rdg1UZFN49wLZ3t7zTg3J1uxgUu+eVn31NWcKHkTQJZAHfHGKLX - JNDtiPGdz9SV0VmN+dnV03gKjC3KovnT4rG6vpo= - =kp1X + hQEMA2W9MER3HLb7AQgAv5kws5ugxSE3TWdrpoNo6Qy3tcb+bBoWG7tFy5eMWTAc + sf0F4yShIkuPdse8cFhvwHD5okNHLJ95gKuqdtiw45ofPJwNGIpHLt2XNSU/lUTv + t1Ag6Ak3qCVK7zgOwgRBHejeWTGkVgOubL2WyOO6P/YXjoOTxh1zvg0qf3SJ6slf + b1EHZfMQzI1ml65y9KKyTh64UDx//qAGQBJLEqEDvtZgSVdom1JIYmbEdB/8NS1g + dSFckC17IyBNtBmsH9/boGOL5z/61IQqYcy/P69ykPo0hbLKX9CxLNBPYrOj1YB0 + epIz6eNxni4NDlIxy6UhHOGt8wdP4J6lxElVT7Ph5dJeAeVT8qyeD7aLhEMhapM/ + j1OJiRKxbWuAjJFZSUeDhCbdkodcZx1a9sz5z+2bhQxaJzKlVyveHwRCpisVNE0q + /3zMIxT5MwrDkRLrtRm2CJXoaJRr533HLDaxEQg2jA== + =ELkK -----END PGP MESSAGE----- fp: 65BD3044771CB6FB unencrypted_suffix: _unencrypted diff --git a/nixos/secrets/nix.yaml b/nixos/secrets/nix.yaml index 86cb7c47..395616e3 100644 --- a/nixos/secrets/nix.yaml +++ b/nixos/secrets/nix.yaml @@ -9,93 +9,102 @@ sops: - recipient: age12ze362pu5mza6ef9akrptr7hfe4auaqul4rkta7kyy2tnrstqensgmujeq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCMmlUVHF4cS8ycWhsK3pV - MWhBbXJjYzYrb2tWcWUyZnlZeTE2OGNjS1FnCkxVbTZVMURDclRQMERWZkxRRHRD - cXRXdW5va3h3SjFsckk5MlZmWVFzVG8KLS0tIFpGU3VoWFp5dGtjczdLK0c3ejRB - YlUwS251L1pwUGpPOGJxSnhPSTI2SFUK59ZaWOL/HI37B2BwrLK4BoDD10iWXi+m - /eOhNF1XzowvSU0G8lHGes3uMCPabs9SZ8dW0+T+eKZXH+5uDr2e2w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBTU42azF0ZGdCbHRmTHRt + U1JKeXBmclhZOGFsTGhWcG5TNk1wQUNtMVNjCkwzZ3NyYzE1MFp5S1Q2YjQ0NjRI + K1pncjZ5R1FBY0JYbytZb281ZEFkSEEKLS0tIFdkQ1FDcHNlZ2VkdGk2T0tMUFpM + ZGpxRzRPdDM4V0h5clJjVVd1NDdNak0KtmHrhUM7K1Ao0HAS6tvWBP4dFzROT5R3 + V8lJR+1ip2827TdMyQ1YXwrjIKLve0F7cMbALluRk600bbc/WZO6rA== -----END AGE ENCRYPTED FILE----- - recipient: age176uyyyk7veqnzmm8xzwfhf0u23m6hm02cldlfkldunqe6std0gcq6lg057 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDcTRHbDB4TXQ0bVlSejhu - dkpOVXBISnl3S3pjVmppZzl1c3VTMDQvbEM0CndvN0x2WGhoT0lLeTQ5ekc2OVpz - Uzh1Z1RrbGdaNVZOREtraGcvWHpLQWMKLS0tIDExd2ZWTjh4TWpaQ1M1M0t5VWZD - ZG45YkhlTng2bHhMbGp1ZS9ISzR2bHcK1suDXGZO9IP7NWLqImee7PZoXsY99j+6 - +CoH2IAUvqnykTGhV6PdLrjfNuya3AypN6fw5HZBDMmWRVaHwFzsQg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiNHRnbVNLaDYrQWdZWm4w + dUVLUHl4UzNxT29GSGtoRlFHL3VNYXhFUmdvCldGRkpKZnphQVF3OVJTZk5iZjU4 + b0crVDgrVGRDN2lPd1ZKcTBEU3d0ZmMKLS0tIGVCTXFpYlBJbXhzb1JkeGFuOTZ4 + OCtkT0hvZUtMVXRUclYvQ1hOekY1YjAKsXVBtK+a0jui+DcAG8WTcLaPq6okhmqE + CCKsH6S90qOwz1OQp6dmEC4CkXNQdqRD5GDYWQ7cQooD/5HRc8L27w== -----END AGE ENCRYPTED FILE----- - recipient: age10t6kc5069cyky929vvxk8aznqyxpkx3k5h5rmlyz83xtjmr22ahqe8mzes enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4ZnF6cG5BQXV5RGQ4aEJO - QzNmU09qSGlYY0wxQk13OXhxOU05cmZnM2lzClFVWklBVFUrMlVPa0MrYW1JekVn - dm8zQmlhWENQYkdhRmtpMCtiNG1ncVkKLS0tIDBrZlRyZlhLVTQycTRzaGp5UDJp - U1Q2cEJpSTlSYklZNDhFRDh3ekh6MUUK/+SANslFoRfZlCPNvJeabvWt5ZBrGqY7 - F8uWbzGDSv4yByRIxJzrrQr2INgRHro/qOVccxErx876XK8keamdVw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MkkxUm5zMlkwZlJHdnRm + K2JMb0NtRUVHdC9USHRkOG1qS1J2S0ExbEdFCkpFK0xPcVZ0bDJ1S05PYWlXaFJz + U3R5Tk15MGErdzM2Z1VIOE1Xc1hGaWMKLS0tIENvM0UvVEFUZzBqUm9ka3VjRit0 + Y1VUSjVIR0lSak9vVXVTWEZDK1FpWU0KEGwee3Yoe9F7srK1KD9YarqXDgdS7WNS + CvDa0BpDAuRUMmptjHLygvioIR4WV5a8wnkFzcKsjHWCpv3J9YIaiQ== -----END AGE ENCRYPTED FILE----- - recipient: age1a2quf2ekkj94ygu7wgvhrvh44fwn32c0l2cwvgvjh23wst90s54szdsvgr enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRDArODY4Zit5Q2F3L0Jy - THZvNWtTMnNVVFpCOWVWSE9GQUFCT3QybFYwCndFVVFydDZvQ2drQkFEQ2x0R3Bn - UGlnamFsdllablRHNHpMemdLbllKWjAKLS0tIDFUNDdYaUxzWTJTUFgxT2FzaU5U - M042VWI3N0NleFFXbUxFSDFXaVJ4U0kKRO2eZ01r5JMVTvEgaAP0Vp3g4r+Ff7sx - 0zD2dpvUwo6Ft10lFCfuIcmvmkTK7ClA1BslAJT3fwJGpxAFVczvJA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArcnRyUFlwVmtlNWgxY0p6 + Z0hWUko3cHlEU1dMZnZZSE5pRDJsaUZoMmlZCllSUFQzcGVhWFQ5amYwY2pEeUpH + UUlKOUV4d1B2QmxURTZuYldUOEE5VXMKLS0tIG1RL0I5Mmlld3QxZHlXTnVWS0sx + QTFxcTIrTzZDQ1FBelgzRnBQQURqcGsKjt2F5Q7hdfTq1Px1jH0hiZQgqqMxV8nz + 9FY3wEKvf2w72t3kwjHFEfoFZx/95G/UTGNgW/floKOWdINB2lTTfQ== -----END AGE ENCRYPTED FILE----- - recipient: age16klpkaut5759dut8mdm3jn0rnp8w6kxyvs9n6ntqrdsayjtd7upqlvw489 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ZFlXVzV1N0ZTRlVLMXhz - MGFUV3drQVBTVTlvbWp1V2JaRytzdE44bVVrClJUVXBZN3VBLzJLZHZ5ZFY2U0Qz - WEtlWVd5OWJOODN2S29XSHRISkpMdTQKLS0tIFRqemVFWldXYTFtUVYwbkNQNGVZ - QlFic3RWYjJEUkZ6U0xrdkpmTndOTU0Kk/Om4gH4KvcJD2ktwVWlHi2a0Rx0arUm - W2PWZgsgjknWiPU9LGV47BfFo1aevbMsOYkdyiDyNwrUX3RKD5uehw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEVEpBc20zd2k4NG9sRW5K + K3Y4WHlOZk5MUHFLNnhKc0E3cWhVRDhWdkJJCmFreVV0R3dkeE1TRFlXWUZVbDZQ + NVdNYll3THhpY0R3Z1phRXViNHY5QUEKLS0tIE9ORkdzcUM5ZWVjTjkrZjltRHFY + b3hSN0REekNWTFVwZVU5TnB2Y250UncKmxrH/KPEc0yKsXbf9Qi56RqzXM6RI32g + dYUEErzZ8GmSfGJ4LyjIjG3YBU+bX8KROhaQ7LQ6PEp6Fjj1tG8NBA== -----END AGE ENCRYPTED FILE----- - recipient: age13qgddr326g5je0fpq2r3k940vsr3fh9nlvl9xtcxk3xg2x0k3vsq7pvzaj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNXdocVYzTU9yNk41R1RB - UkdNNkI3T0szZ3BNY09EUVN0cUNBWDJ0VlRrCi9wNGpjcXR2ci9NQWYrdkxUd2lI - OG1RbHBoUlNHOHhlaGw3RWtwTTBQZzQKLS0tIEhWWjVxTkdOWFRDd1pnMjZ3bWVR - NitvR2lhMUZrQThRWFJLOVViSkM4eEEKi/aEGz+xaCnLdpA6byTHOU3ZTKg7MQBg - 3tX22oDoRRnRGBj/t+/m5jVb/ejjDtli3T3VZQ1sCDPdjb2bpKwhPg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTExyenRsTWRVRmRJZjJa + TTFqK0hRRW0zYzREbnRwNytSUk4wSEl0Z1RFCmpIS0V4TTJvbWFvQXZ6ZW9wNmRR + K2dkSWFEcEFYb3ZiaC9GK29BbVlQMjAKLS0tIFl3bmJJOHJvZFlEdkNFYkR2RCtH + Qkg0Rng0eDZ2VFFUQUxyMU5xN1ppWmsKpTKcua6Za0OTF4aBDbOetSrgHtCei3B3 + H11BX78Wu1i6FzRXSkE3gXIejrZErN4zeXgzfJENIBeazh/RRn9KpA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-07T17:38:57Z" - mac: ENC[AES256_GCM,data:bfEjoQIXO8/fUZBvb+vV6sEdh/Bd4yulVV63gJhDdZPIRTrSeuhRmKubqf39affw2KYkWDd9GD7+CKQGc3ivaWtyaBHOxjI2RUb330N3H4xIUbYltwLSeHwVZIMB2wiDb2DfN2EScTaMgktAQaVMjcj9w6UQ0XeAicfQdANKbus=,iv:8xJf8kOA2AuvcPaqbQ7wwoC+DMCLYAhBzusTJu0OjW0=,tag:wahF3zrdi/A1RUwNEQRhYw==,type:str] + - recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3SzM1NlJRNStlckVQek4y + Q0tVbzZYSEVkOHM3OWdMRWU1bGExcXFsaWtJCkZTd1owWllFbU9SMnFjQlBjQkRl + eERFNlVtMVRBR1NTdmkvdk9yWVpaMG8KLS0tIERXS2g0VUkvd0hhT2hKVnlFd29i + dWlaK1FGRWNka3FxZ3VzQWNpdFVFMmcKDsIj7ShC+0ATr04M/XADSUqIPY/79Xjz + PtnjkbyRSCHZzA8JV9v6xJ6XoDlBNimIg4vJ6C4EQM4gqePytEUj0w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-14T03:48:48Z" + mac: ENC[AES256_GCM,data:u7G4YsCFxUkgOsKLRurxlEl358aLdBdFOrOtO9TUu0JUHRx8QjPcYgfHgHFXqNTfJs+0kVvcbAzNJxNAIMWRQrVDy3+i3YFlyTcDAh6CufkIXRM6fxnX1YHzZGEtC7bpBASTpSgGJzVt7XqGrqE7v8H+q63MugjHYsKtmIG7lO0=,iv:0Zrw4+Cmfv6bjn3lYoinkYdj/TinALpyOFP7Nd8w9MA=,tag:8gi04GcF6JCBwfmVEulSmA==,type:str] pgp: - - created_at: "2024-03-07T17:28:24Z" + - created_at: "2024-03-14T04:19:04Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA82M54yws73UAQ/8CW2ELfj/W5vLXTrxfmMAMt1SICVXk5/DCU/6fprp5hXk - qsZZzZ0R8TP/QmbwGGLxUAUryROCcXMNk1+x4/840ALuSEkO6JwI1iilDLzYW8xr - ZITNaY6s4btlvFH92lAJkCqtNL9d+cCwZooE0Rq6OQRe0OM4hXOA2M7T0wPEW6At - IqVzJ1GCJ2qcVv0jR9FVPHNHcyHa8Q2aKwLvfgKAkRFdy+f5GicKcdK6wFbuMRRk - I8jdcV7uabCnWcD+n9UUFlnJApWoOiOVsVZNOgp2CsbwlEJevEqaul1Aa12Z6OmP - Q0/oH06emZK/4hIUHBLGWCktaU98i3KKodYv+yOtgY7uG+k289r+JYCD8/HtV8OI - +YRpGzi5wMbJ/lE/zqaBVibv2e0MbqVVdzWkJ1YQ9zKGsQMEfbm3zHE3aooBNX8w - robzqbnW33Xe9/WYGJd6CIWAdnvC6p3GX9TXJbNtdB4weKWQat9FlxWdKt0z2A3F - h52Rv65jKAtsVaQsgJCQiUzURNH9mBUBoNZ7iQWHSNoaOTySZ0ZKvFyfa0vKg+F1 - SKBMc+gDcxeC/dsGcs4Pcc3/xzRNvTHoCWzUqTt96LDWyKBZyb41wnJj+5SJ6U1E - gT4QoLeHejSOfncRHuM0lRyXvoQWL9cv4uZD4lZiI2YZMxKhmn5jQFYB0m4pc9TS - XgFp3pvlQzKLQ+mmNu4Hv4x92TQAKkT2QdvGeacxBxi2PL5zbe1XnKBDiQ7aq1YB - Td0ZSF/DqAUPd7Crr3s9DXx7LW1J7k0hDsI7r3/0qz7Z2yDs8f88tr3JgOfwVb4= - =f5zj + hQIMA82M54yws73UARAAr6EQyWBlFp59eiqHdBvER7LGbL9BJm0NiWNlVoFKVLgW + kFmnH+uSpe2NcFKJ4azPGGIAJFrQjtcrYYew1xizXInhHEigDC3J1YQmG4SWWRnc + 6ILEDRbvHFHTElWUTD4H/qHuRv1Wq2XJboG3armIdUeQEZPtDkn3sGBPQmL+AaNc + a1eH8sNuU0q6Xi4SsIzLDRE0w+9RhTk5/aJWM4lAzehFJ8puA3Sban8If3avDaEb + BG6oHvl1N97WQE/fC8Aui/8tAmzFKp0I7Vl4HIuZycv1fIlRa5HHqyVwK2sN+VlS + mBQBd3GZyMS3hZsjvCsctPTl6DYpKNtacZUhqkUp39exhhSNW4T1pKXurIaZumRa + w8V5zh1nusJNQhOmdTLDegCfGGSgRMx/HFxRZ6BxfXJVrZglff/icc7LhHaXpHz7 + rWtCb/nRnrxPh/h0K5Zzr5CGv5HsFM52CI2DI7U3cst6mCIZx8lkVT7PpJ1T7IKO + WTdVIsSlPBdmuvMS25mM9rP7ArpNv0rdv5COxOq+L7Xg6NahnIG6guxiBreyfQ+i + se05E+i4vC6J1WGv0932aE/oJ4VNLHrTPKh9sRsX7HtCxsbpyHgkc0rVsZWg1s/o + 1uII1Let92uB2uu4GdIgvKDr9CUf2Z4/lCXKfbc/u3D9hJEJDDQoRYL8bJiimPTS + XgH2S/xsgoOxRXpR5KJtOAgfJF+uFtCW8f4AfP8/Sg2/vgoEx1pKTvQxydYbjzH1 + bzykN6/QG1bROINImt8cPPFJCHcWf3CFhih+G8TLcQfPLhkIZpfUYJs5qi0pOsg= + =13CN -----END PGP MESSAGE----- fp: CD8CE78CB0B3BDD4 - - created_at: "2024-03-07T17:28:24Z" + - created_at: "2024-03-14T04:19:04Z" enc: |- -----BEGIN PGP MESSAGE----- - hQEMA2W9MER3HLb7AQgAr8nG6rV8LxyTFYLJYuLv4K2jtJ7QMZiUMXcaLo50XHUp - 1e17lmmHt9qByT0dXV7CR69BIw235i61xFyciaSbEb3bzHBh14EdPYZyV54GxQoM - qxZ4x48dBw/ECBOm8G8D3DFtrLJ7Ws8/EYW2eg7/la6/d1v57oU14iEMqxmX2iZH - kc7yDHT0IFe4kX4Tdb7DHLY8eG3ePn5u53Af8wF6Ic9mshlrpK8bi1V2yIgoWo1e - liGZoD380P/Fmdz7fgOnBmCL58lmR4vWHw9USjyVH+/v4D25XrhIWqjCACFhOF9m - iROwqHH9ViLPHJiHD9ZINKi4R8tB8q4qV4rcXI1ZKdJeAUSlqJkHYMvVcdMQdk5K - +VDySZohhnC0tLgQ23tcn3ZzlWBJ+IQ9fWarrjcdpVTVZdtaEwSsM7oR8q9dc+qP - 3m4gyHzf1XR5UGE6+ttiT3o/nWxPtR2bDVTxAe8FWQ== - =D+dA + hQEMA2W9MER3HLb7AQf/alwWkMoN3dhAATZJkMbSyUOtHA5oIDkZjgex1yqS11NA + /1l++ilh4qPArnnnoxUy3xVwffpKp1ifpVkqk7589gu2BRx0MWA0Vf3Jn2Bk4sVn + 7/EE8Ri21dsEaWsIAjS8gywXKyOo6d+cIWp9jXwGB4aMFbf85ti0Ki7ngWzvRu8d + L1VMoi5jhNHuF48qvkkvJajnXZ6qrtEHTY/nxoK8Pv3r/OMU6rUdGbCeFhv2WuQZ + J9Q6iO3h+vyOnj+pVhXxsTJZ+KQOZVJlS7sTKIJ117dmc07ujHt6RAM/5coU6okw + IzrWSfSTA8vwlOCbZy5sGO77z22zyBjrIvl+gKMBJtJeAe3M4YO7zWO2PkwluZoc + AwPnhV7opdwVsyPIX740TmG+3Er6/PgA4dqcjhdw7QbngghNtJNRfyLPp0Gr7ZNu + /ak67nZJTrqTgHXeJXLccxGu6yqnyrBzZASRFnu8TQ== + =a8aH -----END PGP MESSAGE----- fp: 65BD3044771CB6FB unencrypted_suffix: _unencrypted diff --git a/systems/keycloak/nixos.nix b/systems/keycloak/nixos.nix index 03a1853a..ec541de6 100644 --- a/systems/keycloak/nixos.nix +++ b/systems/keycloak/nixos.nix @@ -2,13 +2,13 @@ imports = let inherit (meta) nixos; in [ - #nixos.sops + nixos.sops nixos.base nixos.reisen-ct nixos.keycloak ]; - #sops.defaultSopsFile = ./secrets.yaml; + sops.defaultSopsFile = ./secrets.yaml; systemd.network.networks.eth0 = { name = "eth0"; diff --git a/systems/keycloak/secrets.yaml b/systems/keycloak/secrets.yaml new file mode 100644 index 00000000..c23cda72 --- /dev/null +++ b/systems/keycloak/secrets.yaml @@ -0,0 +1,57 @@ +hello: ENC[AES256_GCM,data:RUCrfjPq790szP+p/etEBYjsJbVq+wGaquYc5EBEEeGH6lrxo7mQwmgtDtxEOQ==,iv:aNOzr8HjPVTADpWZS1J7LlSGM5cWW2dgYUPvsrQuOvM=,tag:aQoPsIqUmVaa6pEBAdxxxw==,type:str] +sops: + shamir_threshold: 1 + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1ktmx2szedfnpe5xumnzs8vkk0ffqgga6ved3drtksg9pye6ndsnsnqq488 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzbUx6NUpqMm5qdkRES3Y0 + OVRmZ3NLY3VZUjRSd2Zhc3d2OFIvQ21acTFrCmZUaUlvRm1na2pPaVZ1S1BYSnp2 + VFlhbE5rZEYwM3VSY1hDbmlWUVNNZGsKLS0tIGNGRU4vUE15aERPN2lrY2JWemlH + WkhIeEh1amh5K0hIb2FKZ0ppSGpBZlEKjF9ysJCX40H5vH4UuZSXryAThk3ipdlP + RML2if3bz+uMXgw+zdEx8Ac6IcOM25K0gco6g/6r20WYbKz9og5JuA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-13T22:39:15Z" + mac: ENC[AES256_GCM,data:14X+ClZ3Rsvi9aETzjSvjIiKKq6cPOe7t3LrB+ln3FTB4Wf7Fsbhd8aOdYff3yKqTfcnZU2VzEAEFJGNNlkCLQe9PgbKwzfKMH2i5dc9WpgJ6wY2btAUMRp3ocLwGwiRj0Nx8XsvTBL/8qzccHZL0A7I/MmwMiqsIyVWycj679c=,iv:zL8/3+XdVbvWrC5ODKurwtVoY921kQqwocc/hPgDLWI=,tag:HSDA4nCyoKaYBdNNg0+9bA==,type:str] + pgp: + - created_at: "2024-03-13T22:39:09Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA82M54yws73UAQ/+L7K4psuFd/GzksgZ2j1+wO2JI6SETWBUbpJPr3ZYYQFQ + MVxEUzI1atSke1IfIJFdeZ0OBl18bCqoMCGxtOygymJ+3lUd1y5OcivVOOKdKdP3 + rOKYGaRZab91V4X/ArliUsPPaHz2F0M6I+sy6XzVgAmIW4wFmc/EtymWZxMqogmJ + yS4kr0pMdaQviOZC5NMA61IG+GngBq5pDEkT0giAc+C5KgB68VSxcK/R2j/IlFWr + lZB5bb4iIXhb6vSQYJpuzpktTSBouja+7lHs5h7EUdGvrtmuBqx6izqhMXLO+FDR + mGa/WBiY7lwh8T0dIipOz2IPaInbq09cyujrJmQuyaphDo7/kZJjqGVDc3YQ7bWl + MtuTx8hfXqjFw42cwQ1Y7xXgIQEpO3R/rdjnjzYCzgcuw9zt/+KXiWGz2UD74oZ2 + XbJV3UFbQLsYtSJlY+0kZA92Ejj1eHEDeVk68LB3qbyUvjl212eeTb5TkoTPirUv + hB/l4CxNVa15Tr5FamIb6fqkW20NoIn+sIwD8b30/4q9+a7mBlJL17MMaTQgV0rW + CLEloYBJfTC6sKIPiL67ibz+uJvX/kdSWjOP75WQFE9GF2P+CFOroO3zEs82lPEC + JMfBww1/O8eZ7dejlrYWKvFM10qb4/ECjuQqnC27rHW2sWdsdxLoPKOMQ7TrbpPS + XAH5cXIMu2WagbylWOFT3gIyifMInm6ZgAUhVnFVqjBv5wspTlOERuoP8fY0dzRH + zRo8L+c7CfV03ZQzkjpVu6jLiysbAlqrORWI8eIuQqk0qJg5dqzc4kN33H4P + =KJLg + -----END PGP MESSAGE----- + fp: CD8CE78CB0B3BDD4 + - created_at: "2024-03-13T22:39:09Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMA2W9MER3HLb7AQgAh38yk9vLiiPyNZZJ1QA2d4YDdwgDVWEpuUhYTnMgkQyY + IviPCRDLbQiYl6V3EaVHs9tBh5LVKK3tArgwsJ6dKVVOGExI9twB1i+XCyeoLrNQ + n2RMul57Yq2OF4+fTA5UdPUrbF8yHy7xMI9yeyK2WZiVA5wPLJo+2zMeL6pgwzaf + 7IPyzAeNuIaxg0FUASnXTRaspePeGDQIRpO2lDsHhO7xVbj8hrr34zYsxjCcmWRa + KRe3LTgqiM9avagKa5zfW7j1WSsvznFxhkxx6XaKbbY06a/BWQQiB52kxWzN60Ln + PiySKxNqBPSesfrFh9FFCHLbtUm5x0Q1IRxFsr5dmtJcAa5fI+DBcYLXXImU0ecO + fUp9ynw/Ak/ZWEqPWn55MDelazJMzNfQ5otqANkKMK6phOy9lTH3k5xn5uxyxioL + 3dMbzU/ejsME6UUsVHb8j4BkAQoRd61iRJTnK5k= + =pWjW + -----END PGP MESSAGE----- + fp: 65BD3044771CB6FB + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/tf/cloudflare_records.tf b/tf/cloudflare_records.tf index 6c1ba60e..40138d0f 100644 --- a/tf/cloudflare_records.tf +++ b/tf/cloudflare_records.tf @@ -52,6 +52,15 @@ module "reimu_system_records" { ] } +module "aya_system_records" { + source = "./system/records" + name = "keycloak" + zone_id = cloudflare_zone.gensokyo-zone_zone.id + zone_zone = cloudflare_zone.gensokyo-zone_zone.zone + local_v4 = "10.1.1.48" + local_v6 = "fd0a::be24:11ff:fec4:66a9" +} + module "aya_system_records" { source = "./system/records" name = "aya"