[general] add sops support

2022-10-11 18:20:17 +02:00
parent dfbc541d03
commit cba5f6f62f
4 changed files with 93 additions and 0 deletions
--- a/machines/.sops.yaml
+++ b/machines/.sops.yaml
@@ -0,0 +1,15 @@
+# This example uses YAML anchors which allows reuse of multiple keys 
+# without having to repeat yourself.
+# Also see https://github.com/Mic92/dotfiles/blob/master/nixos/.sops.yaml
+# for a more complex example.
+keys:
+  - &admin_kalipso c4639370c41133a738f643a591ddbc4c3387f1fb
+  - &admin_kalipso_dsktp aef8d6c7e4761fc297cda833df13aebb1011b5d4
+  - &machine_moderatio 3b7027ab1933c4c5e0eb935f8f9b3c058aa6d4c2
+creation_rules:
+  - path_regex: moderatio/secrets/secrets.yaml$
+    key_groups:
+    - pgp:
+      - *admin_kalipso
+      - *admin_kalipso_dsktp
+      - *machine_moderatio
--- a/machines/secrets/keys/hosts/moderatio.asc
+++ b/machines/secrets/keys/hosts/moderatio.asc
@@ -0,0 +1,28 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsFNBAAAAAABEACm+W5sGSC25OtlwQdOBCSfX2DnPuk5abjxY5HMIv3MnySouXpW
+L3VoE6Irur9lZwfKrXaUweJPJHVo/Sfknh9GSBCW6yFFcGZ5nNx/QNdbfjOSaUw2
+0BkW1CYRVcLIKSHpepbTDHBxgKaCYsmupptFQ0Nzx19PPMV/WBqrkSlEpDJyq9y6
+cTaGulRKWBVDytMFmibhGlqpfEI8bzrxaeGTqiRTZJqL3zDDi2afDt1kJeCXKd32
+XOywDZgB5CinY3qsR45ftC6mZ5fV+ex3M/Uc4YJiVgwg6GlSdiYW9Mqf4koqpLCq
+Xq3ztEo9FjFen7KmAcLstFmzY3fAXGIJzb0CfvVrM32wsdC6NRDINdMBmrOeKXT7
+g45n0LOdCFr4AOKyABqMudbKrgF9txHt549oaQ0wHCy1nStji1OpbhdpCKDFKPnl
+ojG1Nur9DPRFmQ01I3KIjvCrf8J+CgI5YVwOr+m5Zw3i/b0qd+9R/8oAmzhhuyt7
+kckSVTCjNzsDgjjOa8FVQJremTdkQuWOlx0HxC3aQdSoPxOfpeUhybfttNpvUuta
+5EbsiS/PJfzMOtZDG++naKO/xGJDiaYDhW1ZeGI2fOFUm4RYHqCFES32XF4ygpGq
+wz2bZNKKSf4lxoD1+SBqOyd1eN3u8GmX8OgUB3TpgEuQb/XL31zDKCZ7pwARAQAB
+zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
+AQgAFgUCAAAAAAkQj5s8BYqm1MICGw8CGQEAACMDEAAFko8JYC1zGt5rFKokXGbs
+K331UHReN02QpdL8fhMt0Rqoh1FKt8Sr8lzCLPNOnlgxSG5lXmA3dFfWAnFrNw5T
+1u1oU0sB+CiekyWXJxTASur1g3DtLv6qA19Uw4i9bu57LK5E0ycoI3RnR+YbDri0
+psPNP01x7NBO42O71rnBypGbCPXnLOAaKq+ISCN+XCZBkmjKhcWJlg5DJfUGCEdr
+DCKi/1j5mgs8H3sUrc5Y4gLz3BWuypAGWhQr/KDAcmCm/u0ZfzVyrxw50eMuzeF7
+GfePPI70nXjUlywuFUFg7EWlCT6sRtZf+o4jkXcwGpZLx2/rdZ9J2I4VmYakBVpA
+2OQwi47YAFe1wz+nsF3fImuGQdHu0x0sFLbuJaSJCOVYhMcZhskRygqqI+wEvDF1
+i7SYzi5Xt7rJrSaqGhAzlg1Cc8wzMhoCE/IU5Hd55OtbvRwZ2JKH+UAl/L9Qizqy
+AM7nSrUjA5p4H09PMuKGmCEcZDKpH2huAeqmtGQ626edE2WNduE2jCdAIcN263PX
+1+TIe4IRLhtmTKqfJgbzrt0cSIAsuvI8s78ehsP2eNANdkQjzBAaEiOo75G/g+sd
+tWl8gxOhrPKkb07KqcPEfXq4QYk7kV+pWuA2yMiTX5A+oy8gVFBxUp+zbjYeRuW8
+cpHyvbDvdnQ5LGNC/v0rdA==
+=Rmch
+-----END PGP PUBLIC KEY BLOCK-----
--- a/machines/secrets/keys/users/kalipso.asc
+++ b/machines/secrets/keys/users/kalipso.asc
@@ -0,0 +1,22 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsDNBAAAAAABDAC7STfznb6pH6hGLQ32DPRKI2zSa5ah7xb77VCnq7ewpNSpMY3c
+bAk+M3t/VrQue9b/TOndotVYiqCV1UGAxSHmv/rWD3ltxyACw6YHdijCsvTAzbvV
+AAW+KKqDPu3iuQoEyq2cHyt3VdW1XDuSogYGCQ0UzaJ55W8r8dq2lE/7mX0gnHsU
+SmiubklvyjUZhvWTQDOMs9rgsYpBjtcSpSf2nXg4cIakrxtA/nwrINBIPWB32ptm
+V5F/5U2Czt4PFYW3kYbY0DswhqbDcwtoZinYG2q71pVUCBBuEjj/dGieazriLrre
+oGeAn8jaNL+HfI4oS5SuwhT6Zk9Oa+X0ZvXuuvUGQTkITlxURCYSbVlD9K2SdVys
+t6Nvkv/xXiJWpQdkfi3CtwLvVXZ3eqj05vVC/tEvD3ke2fXpfcyD2BBItYzzAckK
+8o7WiOK1I8akYbJ0cHP0fd5NQkHbX7m27n0Cxnn4AvyedDMwWkV1VKAcB3ShlgPc
+83PD15cUlJBGnM8AEQEAAc0pcm9vdCAoSW1wb3J0ZWQgZnJvbSBTU0gpIDxyb290
+QGxvY2FsaG9zdD7CwOIEEwEIABYFAgAAAAAJEJHdvEwzh/H7AhsPAhkBAAAtGAwA
+K+hOl1owBf+oKitXPM6fvh4lPOSDeckz0nrsho6iLFSDAms1/OhKm8HG+lRTYQxn
+dF/ZdsnaOrYt6V6vCIKvVJe3fZaVhTOj+STltqk/ZPfkLxmN9jnmDCdpH1FGO76F
+VoXBsJJnjqLa1l9YxYGpgxiCD5Bws0+8gcFUJiyo4J8qPMyGPb3osDQz7bnfko7d
+Yfhdi19i8YyghsuWqgDTHfAoz99LSwyz0dryEn5Hej7U2jnBScjPrFsRtSYx/VgO
+ppUwztGGgJ9rGNutNhDCEbHMPkY2RiUfaNIq8qOFR7cWaY5TkGfaZj/6BKWIeUMo
+NLcb40qEcB83dRZuquYjxpdUumf+wyW6Lurp4DMH04i1FzzIP+hNOTRLu4ptSdBy
+pZOUllSAQr1BlFYIyXPjS2saMmp+LeuGYCDhxa2v5pIqOEJhiM/uBJQ4eG0jDPYq
+82B7vVX85lXKF3OCm20xVdJLY+mITjZs7ep+BsFkIa59raz4GVZsEBkWZWuDnK+/
+=Xhkd
+-----END PGP PUBLIC KEY BLOCK-----
--- a/machines/secrets/keys/users/kalipso_dsktp.asc
+++ b/machines/secrets/keys/users/kalipso_dsktp.asc
@@ -0,0 +1,28 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xsFNBAAAAAABEACxgcjNOYbza3+RfANFDXy7HXNRFlkpDOAcGyB7MKshiVlbPByW
+RSjfZa0BeRNjpeCd8QkIodKUzqYOCOrc8ad3kiNbdLRcDz57A5xSLD3ynakoWJo0
+AmJjT3Ta1JJj8inNwwykR0ig5//SrtsZb9HkWJDAF017MokM2r8AWPE1QzcQdh93
+kojXcgTHrJHzEqgKbEGDEk37f1RvZG4umEFeqdK2FvS5isPa7P9X7hyyoDC8bvEy
+7xfaDrToJAoXon6r79taxH8UWIvy//xsU0NBLYK2eE4RQe2AjF6Ri+CybI6y1SsH
+Ovyh4nNKWlfUOEL6UnIulRn/LXFOKCJi7xuoTeJXS0+w1DNEuiGosVNXPSKbUm/e
+DBVnb8Iyep9wmygSZayN82xL5lRlG3Mn45ttecqfm2SJkmduBA5qXcTdDPe/lXTZ
+aVO9tbiIcJfUgd3ttEu2+6YjLn74D965PlovzvR6EhbVUZ8IkOAt4VmuTkXIdm8S
+CS7jzhsiKeUXoZ4rfa375zi79SIPuIkoMasj6d16wcYOeFIUIMFFccfQ9jQjr9NT
+SXC2dd7sfbI9I9mF7eRQSsUdSwpP8WH1b+M1MxTbdhEUdPwpOLviTTIuk8E8K8DQ
+DZIcOOh38mCDpyoh02nwfRxlyoYVsKAHIQH02dHTvYEa3/pMsRwGc9W1OwARAQAB
+zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT
+AQgAFgUCAAAAAAkQ3xOuuxARtdQCGw8CGQEAAGa3EABnK+PSxItzbUsGU5VygVvx
+UdWC6no9mZrswJrTTYgAiLIrAt/nj1GMUSSlSf1gWDfYxLGdz7PbZNhOvakVZSH3
+aYK2rvH4BXo3gKelWAqq4OKxX7eVBlQWKficny17LNVPRzVxQ7uOkb5KETx09dQc
+xwQOzmxWjBOrdF4o1NtbKlr16W/dbV1BovQ8P7/LTxZr//Fete9AwAbSaltPrxxo
+s6V/7sl9ERYxbsrTgGBsmDgAM/TGzkiVkHkvx1wpPlJbc3j4JM7sPjZbJ3fHhqQM
+bgWwNs7wJddlIy/Mm1cPK4G3+tR+ZQswJgw+oL1gAz26XLEBXoxBYF+EhsXn6gcs
+xkM8rMZ5jIXPBJv29aX/XFSGHCtz2jmRzDDK9ePVqJBBPW4NtrqJ9f7iKYT4isy4
+4tM20tIrOqo6OknaUeh2baCFr2xCZlKEvUTBceWbVTHG3ig2tKdt6cQgeA3jKUzZ
+YG4RYPly9tmVK0LN9mDq9SDlELlAcZU7wrplYzE1aRDbzoyzwgVE/Q4E+NlH500i
+3thqmLCweLRsJxKmX9dHTpMLKx1XZEwNCsp4UhZmsaZt8PPaBdAKKBwX/ajIWJFJ
+i7KpGJdWlgJW0y8HPimuQB1XYMBQJGw/nwMoHJtKidpG+1hg5i5bmQE63bG7fM26
+PjMoMYuWUR9CYr3YRZMIRg==
+=MpV9
+-----END PGP PUBLIC KEY BLOCK-----