dot013/spacestation
1
0
Fork 0
Code Issues Pull Requests Activity

refactor: remove lesser secrets

Browse Source
This commit is contained in:
Guz
2025-09-13 11:29:15 -03:00
parent ba4d59b117
commit 4d14dcd48c
3 changed files with 24 additions and 183 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
secrets.nix
View File

@@ -4,62 +4,50 @@
lib,
pkgs,
...
}: let
lesser-secrets = with builtins;
fromJSON (readFile ./secrets/spacestation.lesser.decrypted.json);
jsonType = pkgs.formats.json {};
in {
}:
with lib; {
imports = [
inputs.sops-nix.nixosModules.sops
];
options.spacestation-secrets = with lib;
with lib.types; {
lesser = mkOption {
type = submodule ({...}: {
freeformType = jsonType.type;
options = {};
});
default = lesser-secrets;
};
};
config = with lib; {
environment.systemPackages = with pkgs; [
sops
];
sops.defaultSopsFile = ./secrets/spacestation.yaml;
sops.defaultSopsFormat = "yaml";
environment.systemPackages = with pkgs; [
sops
];
sops.secrets."guz/password" = {
owner = config.users.users."guz".name;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.defaultSopsFormat = "yaml";
sops.secrets."keiko/env-file" = {
owner = config.services.keikos.web.user;
};
sops.secrets = {
"cloudflared/tunnel-env" = {};
sops.secrets."forgejo/user1/name" = mkIf config.services.forgejo.enable {
"forgejo/user1/name" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user;
};
sops.secrets."forgejo/user1/password" = mkIf config.services.forgejo.enable {
"forgejo/user1/password" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user;
};
sops.secrets."forgejo/user1/email" = mkIf config.services.forgejo.enable {
"forgejo/user1/email" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user;
};
sops.secrets."forgejo/git-password" = mkIf config.services.forgejo.enable {
"forgejo/git-password" = mkIf config.services.forgejo.enable {
owner = config.services.forgejo.user;
};
sops.secrets."forgejo/anubis/hexFile" = {
"forgejo/anubis/hexFile" = {
owner = config.services.anubis.instances."forgejo".user;
};
sops.secrets."medama/anubis/hexFile" = {
owner = config.services.anubis.instances."medama".user;
"guz/password" = {
owner = config.users.users."guz".name;
};
sops.secrets."cloudflared/tunnel-env" = {};
"keiko/env-file" = {
owner = config.services.keikos.web.user;
};
sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";
"medama/anubis/hexFile" = {
owner = config.services.anubis.instances."medama".user;
};
};
sops.age.keyFile = "/home/guz/.config/sops/age/keys.txt";
}

0
secrets/spacestation.yaml → secrets.yaml
View File

147
secrets/spacestation.lesser.json
View File

@@ -1,147 +0,0 @@
{
"tailnet-name": "ENC[AES256_GCM,data:f9T+/IRApqThgMlE,iv:LufRlHxdon5mahAi1+jwbhTqcOZh2bdnUubfEL6QFg0=,tag:KmJ4E0EggzQh8ZCm2fLeGw==,type:str]",
"device-ip": "ENC[AES256_GCM,data:Ed6hS/9F52UGVLpAyw==,iv:sg9iVEmZxA2lNJoc0xwLRyDzoF1Cy48wp9CQf3zOOzQ=,tag:77RYGvjgw0QdZUsPcqVTvA==,type:str]",
"homelab-domain": "ENC[AES256_GCM,data:XkgOP94q3gBknoGzcA==,iv:pKnrjhi9VnW0xWIEQfnxV+wb/iNxT/TFs07K9/NW8sU=,tag:N2sGj5lTCJHFBpI9baja9Q==,type:str]",
"devices": {
"defaultGateway": "ENC[AES256_GCM,data:QDx9ptJ5zd5hcqc=,iv:6ofaRLYQUO8x3qbwMsSkeFhmAsCYxQRMuxfUGJNpSms=,tag:9l1c8XeA6Qh16+TIAeidYg==,type:str]",
"spacestation": "ENC[AES256_GCM,data:Cx+yn7+/ZP9zoNgLfw==,iv:BeRrS78SHX9QWpqWMidHynor8zlj47GX/2HSrdY41lA=,tag:op20lsjQ38EU98YKP/wLfw==,type:str]"
},
"capytal": {
"cloudflare-funnel": "ENC[AES256_GCM,data:WPbSA95btherLi0zTfspTfCsWX+5nZLOHnSGCjFtrdPdb7i2x1sv7KZdgtLivlSwXyZKUm7EiaPhQzidfRO2WQrCw3v9nIOHgnZweiVJqAGEWn0Oo1RioaGR8PZRsb46NdPmNAit+cmFPq99Kt5Dhd9fjwrg6INyXl0ulu8j1ByCU7UY2aJP+ccA24EdsIUjA29Nd4OPiIJwswEb5qaQJI4eQMg4scSZJIuynHGnJVD0KjuU8E1Mfw==,iv:2nozvsCqO5xnvJDbWV7jaUIPoCbkWPT5YlFFlNMY7QI=,tag:dwwAUWfDy48EvyLnamvUCg==,type:str]",
"caddy": {
"email": "ENC[AES256_GCM,data:OwCqxT+aiwmyoY3i4vO+i8FAyHzN/wU=,iv:8Gw0cqrW1OKyyANlmIIKXKisch1CGYaznIfTjGYyZa8=,tag:xvTKXhag6Gp0V7xmv8NBhg==,type:str]",
"defaultIp": "ENC[AES256_GCM,data:u+sITdDcl9TzabF8Pg==,iv:3GEn3lERvdbyKKf2r7qTxPOjq9/Im6TJraSKnrtOzWA=,tag:7A31e17vqsgI72Aj0kZqjA==,type:str]",
"hosts": [
{
"pattern": "ENC[AES256_GCM,data:M8iIEiyC8dp2qFnxP5+7EEd4iAiXnxw=,iv:CyVp710aXqLVZkTNLorOz1BJIAX+LMCLk3yBc/3X69g=,tag:ee5f4niv3/S5k9MlHUErBQ==,type:str]",
"config": {
"redir": "ENC[AES256_GCM,data:9haYlXbUUkYtfHA+RdMmBgTxcUFtq5QN/2eV3su6ueE=,iv:N2xhz/gMofcxX35w0p+NYNKa2bNsDf173hr/CvOPkV0=,tag:NcHZpdB1zcQOdnhYGuGJuA==,type:str]"
}
},
{
"pattern": "ENC[AES256_GCM,data:CXqDhBeiI+JvOZ5VgGKV8RCBD/1xrTg0,iv:nrp3iAUb3mQlPGw/CF6Ec8n1s6QVLS2WUzRYAeF8B6Q=,tag:9fNae5dqVdQ0PFbBvYW8dQ==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:hLsg+g==,iv:AUBzBTW77WfZ++WuXI3Qt8S+hUVDadGGU0hutF/xj5o=,tag:GdxguYHjbwK2orkTgHDNRw==,type:float]"
}
},
{
"pattern": "ENC[AES256_GCM,data:isvmRsofmk/icmu0XOLytLJWQvRNmA==,iv:/5Qh/HzHoW8heMqPR6ZMfhrW83/v92n3ycZuRjasYoY=,tag:Y/NJWB3VnZ7iOsAErRx3+Q==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:B3mFfw==,iv:DJvviYYCINzcEmXkd657UQR4lgcedGWCbtE1M+CZPVc=,tag:m8Yl11jTRH08H6QjM48ggw==,type:float]"
}
},
{
"pattern": "ENC[AES256_GCM,data:TlyclBJgutYVottPkEEYm2o9hz9TVw==,iv:FVccv+ac/eqVCMSFcp2jjuquPG5armboYvLaAc+PHpI=,tag:YR6TVaTG4msI8ggdzqPTzA==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:9AAArA==,iv:sveBGP4ltKbeBD6IRerSHQxzjFy958DAzw1MSs0R7Hw=,tag:AnJcyGU4rJq0m3IvwwRZ3w==,type:float]"
}
},
{
"pattern": "ENC[AES256_GCM,data:7631wlUSUfvV+uNECvMoYr74lQZMug==,iv:GF9H4rEHVX3MnxGpAnNDDm0uhxCZzqApnPrKr8VsogQ=,tag:A+Q139PKx32hOpU1ammcKA==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:RZtqyQ==,iv:XHS+fbJwNx+i4TJHe/REO0ZGg7HDSEuhc9rZ/eDSCQ0=,tag:nVvx9cuk2CmvKlAnHJ3T4A==,type:float]"
}
},
{
"pattern": "ENC[AES256_GCM,data:2bwI6saJvcuQTKdE0C1qElMEP6TE8A==,iv:ptTIxkMqRYZb3AD1lA3jr3cjlnJij4+f64aTb34BkGo=,tag:BCwTM+dHEaRfsd+3k19V4w==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:oxlscg==,iv:C7PiR6yMzieXnPl/E5aNTRMsH8xgIlv5CRyyom2bDqw=,tag:xuTtIIB8N1eTknRx43Q6Iw==,type:float]"
}
},
{
"pattern": "ENC[AES256_GCM,data:VheGanizkj6hZvI95A4FBkQayNFaJQ==,iv:mDFzX3k6G3Q9OUVU3gTFYZDGv58mnZA7FrAWO5yyLlQ=,tag:Bk/n+pJGHtEClJlwai9CyQ==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:hGsChw==,iv:SF42YLgM20LLEKXLvelZHeWM/q2OztAKQHhhcc5ovN4=,tag:PYCKwv/etrtJvKT7GqvM0Q==,type:float]"
}
},
{
"pattern": "ENC[AES256_GCM,data:XdHkPDrUajh8LIVewnirgDrBkHRAickE2BHH,iv:CuXWgpLo+YZ1YBoqNYW1YyIbN6vQYdHLplNTX46HODo=,tag:E8c3ms9zsaZjOidzIjpyKw==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:ARzYdw==,iv:IXtZkdkfesNcAi78K/+5jx9GZju0T0OjfIgn0Jg0H1w=,tag:uyt/iLEPomARsDeHA/DdMQ==,type:float]"
}
},
{
"pattern": "ENC[AES256_GCM,data:aLoMiLJn3We5EjBzzr3GY0A=,iv:CZ05BwoPdkE+b6yP07YfSiz0GlWNKKKHbZ7ru5+SMrA=,tag:3QmqBjbKZ3xu/yltMjdLcg==,type:str]",
"config": {
"port": "ENC[AES256_GCM,data:JRy9OQ==,iv:WWdjQVc12IAKWqsQnXC5WYALmc6QcJlJGnQGbkPWWBQ=,tag:mJE45PfqIMqOjXSVyPBNBw==,type:float]",
"env": "ENC[AES256_GCM,data:7VCj6pEXmpY=,iv:nVrrzX4SufKFcZVv+X+KnTs+RrEzzcWfwhucOqrcxbs=,tag:PTbnoPKJL1WAiGptiZtzhA==,type:str]",
"auth": [
{
"user": "ENC[AES256_GCM,data:XogBJ61GPQ==,iv:VECpTjq+5f+uJ4LHIXJjjqkjxKTEee8I+tahiqqhu4I=,tag:aM4o19REPU1IMZZPw6kXKA==,type:str]",
"passwd": "ENC[AES256_GCM,data:TBHBmtRbUdnP1fh9FKW5iBduo6cMixL8ubXzYI2WoKSgVu2qLayEY/Z+NX4wVEv6ZOvdTn8T+0LoBnNy,iv:/QZQMlU6DMK14CBTnKxtNTSZ3JCHht38BNFVKOzG8Zs=,tag:4JrgPJRORi4HlxXbbOXQcg==,type:str]"
}
]
}
}
]
},
"services": {
"forgejo": {
"port": "ENC[AES256_GCM,data:LeoJgg==,iv:VNzohA79PsxMwGVjjwpIO7/IhDZjsKUSwN9zduDkdz8=,tag:nCtJLCEJIkgnHqsSnQfWzw==,type:float]",
"actions": {
"token": "ENC[AES256_GCM,data:FvNghTF9R+dY3ucCupjld1+pAAcUSMUs+Bs4zLB6602il5Vc8rB+tw==,iv:eFdV22mOgqYGtV7GPlHV3V1vHI8y7PxcZHKR+IVbe9w=,tag:s0EtlH71nWA0BCMILzj77A==,type:str]",
"labels": [
"ENC[AES256_GCM,data:zk436D5fBpL5Uup+jRLkmRvdzarcVcxx6VkswAJGBd3OHAYOqAP5UF/IuCpj+yX+Zgo43HDlXn++jHpkfg==,iv:vQKe8YyvZypjM+y26AIP+ahIPROjbsqo0QXCFK9t7MY=,tag:h7itIhOLnLSBJ0U7oX/+2w==,type:str]",
"ENC[AES256_GCM,data:JoJ2CCjTwiP4LJk3yn6SwqRcgUO01HNQPtqXv8JRPdLkXrfWEPTkY/DfNhXp3r1WeFjHV9eJKA0nQLe5bA==,iv:bJyj1IalIVfpt9DQPBaB2e3lPBVtppVWFKWl+Iz/SrU=,tag:cPsPkEoiFuqw1j1fdfEJrg==,type:str]",
"ENC[AES256_GCM,data:WY14CU0nb7q+Zcu+RIYn+xpgrtRdJ8s82eW8cN8RngDUM0SFt0BhGM9lRmgMuaeLZqSR5CWS,iv:/X0g5osVSRQm1u+UcbFQgNEr4yo+E2d6+aqZJ0DanP0=,tag:a4/hb3A7egpQBM7EbQn5yQ==,type:str]",
"ENC[AES256_GCM,data:yM9lFk2j/c2ockfgHFrA7ay3ExLyf3uyKHN84nzhgS5KnnRt3iBTt4XW65ZVxGmO,iv:/jvTN39uBwMAV5Ok4XeT0KrcANHkAILUgOgoFCTEcd4=,tag:yTU7aArSGfvNjvMtLtUUVA==,type:str]"
]
}
},
"garage": {
"admin": {
"port": "ENC[AES256_GCM,data:cKzOaA==,iv:2GqreOOa9UMTmqy21guRiCKJlBl4UZRrY3m0IFJxttA=,tag:H+bISRexfnp8jr4g2tA46w==,type:float]",
"token": "ENC[AES256_GCM,data:1jGcB30AUDngld/y50ZEu6PgjQxmn6N93QJ4MeXFUOe25jlGMIaWzMW46pY8LMj+hLfVvtOfm6IQ//9AKyoAuQ==,iv:5BJX00gYBaOSGBIkqhJh+sH44bndldp5HZ1RG/wxZtk=,tag:IU4FtnudF7253bFAzdJNMw==,type:str]",
"metrics_token": "ENC[AES256_GCM,data:HvAR20PscWrPeHddk45D6rJQS0ClomoxBljEZbaPFwNaDocefAlAw2bI27WzRpuQ+4bdlKWq/dVb5kjSxOJN0Q==,iv:rybJlxPwdJ2wHIsXlFYoD3SWJ0cveoIsT2V0kW8QJWU=,tag:BuvJqv0xBPipfVVuVUK0+g==,type:str]"
},
"api": {
"port": "ENC[AES256_GCM,data:AXl7ww==,iv:tCqRl/oA9vSRTnDgdMvlunZHBgvZmGQS/X23ATkusYQ=,tag:IxDylhwpET/J1R2wv/hTqw==,type:float]"
},
"k2v": {
"port": "ENC[AES256_GCM,data:QI1rpA==,iv:yUsb/E5Qcv7tkiOv4TtNBimlhVgu1d+z1JlB0RugQfY=,tag:DYsl7ILyMF1CPfMuM3H1ig==,type:float]"
},
"rpc": {
"port": "ENC[AES256_GCM,data:vRZh0w==,iv:Mb++GGgTEJ+3a1/8bSc3aYfp7yWloGWyD6RoDm2ChRg=,tag:GhTQxLJPrPlm01skGCsJZQ==,type:float]",
"token": "ENC[AES256_GCM,data:fyQlzxMzGsz77/tmaAx6f6NyCDq38vDyK8wY1TUE5FKH+8DC6RCotf5yJ6irG2ZXx9Yxb9dkqVXh8qT6G6TkGA==,iv:73ATBcbQaVeyEDClMsp7u6YPSDbVdnDsaDmrpvFxqO8=,tag:iMsuT1XYM5acRlTUN0zp/w==,type:str]"
},
"web": {
"port": "ENC[AES256_GCM,data:OGqEOA==,iv:Sm7CgAanwVq99aOt8WYxVegJjOnEWVV9m0hwpWQko1M=,tag:pHKY2GZB1rU7fmjaiRdK0g==,type:float]"
}
},
"sqld": {
"http-port": "ENC[AES256_GCM,data:jtEa8A==,iv:NuNwjNdDg0HFxAaExIbrhIYGPHpduM+1wxwu1t6CRtg=,tag:VrEZVCygKmfouZ3W/gUrNQ==,type:float]",
"grpc-port": "ENC[AES256_GCM,data:B2Xigw==,iv:aHszMeiMa52bkrA8fUsz4mO1VwyR2a/GEJVweHKzslo=,tag:sCBxQW36A910ayiPYscyfg==,type:float]"
}
}
},
"guz": {
"services": {
"adguard": {
"port": "ENC[AES256_GCM,data:g4kgZg==,iv:GR9LMXiAjak8iOREQzqmUU4TTjrVDRlupZfZaS7RQ2Y=,tag:pZXMsxw0BKaGpNklKiCH6w==,type:float]"
},
"keikos.work": {
"port": "ENC[AES256_GCM,data:2oxzgg==,iv:yVGXfq9d0DtZfm7CwCIq+2xfi+twuwwhxh//9fD7XIc=,tag:b7cApWwibu+YthjyZufuKQ==,type:float]"
},
"capytal.cc": {
"port": "ENC[AES256_GCM,data:9PxJZw==,iv:epPPxy5tsFomNv5jc5hxbkzalBilkQ6Qugwic/yvyQU=,tag:jGdSuGmcmBgcpHh8mEjafg==,type:float]"
}
}
},
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1sseqwwa7fc0ftry8njyuagdg28fkmtdwmj6m7p3etjsj83suee3shfzjyz",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL3dCY1VLMmoxRFRmS0Ir\nV0ppTnI0RE5ZMjcvRGNPWkNxWFdJYTBDTG00ClRGQkh1UStGTmc0RE5aNy9nL3FI\nbHJIa3hLR0ZkTjd6WkFzOFkzeFdMNUEKLS0tIDBidk93Qy9LenFlSGZ2aEpuTUFt\nWVM2eS9UdXAvbzE4eEdKMjVEM3RLdm8KKeIhk+YOKVL9Y19lLyb6/Pxv8rbewK2e\nLm96jx+LOMOCFcQGxuFKWqQbTB4br/cPvRKSY5jFmFWqVg7pCPTAzQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-03-31T21:47:18Z",
"mac": "ENC[AES256_GCM,data:OXwJvWOGWOO45KuptYWs4TO1yxiOIOej02ZRUD2pNUiWqIJfXOc9Yz3SVcu0kcIR+CqXsGSP5Rpoc4echQ8szWy725Yx4V8V16HplaXqhIWvcjMWzAhXvzbMov5nu+82NlMhS2Xm5QIDEpH7t2rFNXUrTC1Je51o/BHdKK6giXs=,iv:f0WjrPMwtLoINleQ6C057daFsapYhTfK3e8FTwj4GLw=,tag:sHd0M5awyKuHdSNgnYRtyw==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.9.4"
}
}