From 01353b87acad9f86f667baaf93f636afc19565a8 Mon Sep 17 00:00:00 2001 From: foehammer127 Date: Mon, 9 Jun 2025 21:23:36 -0500 Subject: [PATCH] Fix Secrets Setup. --- machines/lebesgue/config/secrets.nix | 8 ++++-- machines/lebesgue/secrets/authelia/users.yaml | 28 +++++++++++++++++++ .../lebesgue/secrets/authelia/users.yaml.bin | 22 --------------- 3 files changed, 33 insertions(+), 25 deletions(-) create mode 100644 machines/lebesgue/secrets/authelia/users.yaml delete mode 100644 machines/lebesgue/secrets/authelia/users.yaml.bin diff --git a/machines/lebesgue/config/secrets.nix b/machines/lebesgue/config/secrets.nix index 15ef294..f8538b9 100644 --- a/machines/lebesgue/config/secrets.nix +++ b/machines/lebesgue/config/secrets.nix @@ -9,21 +9,23 @@ }; in { admin-password.neededForUsers = true; + tskey = {}; + vaultwarden-env = {}; + restic-env = {owner = "restic";}; restic-password = {owner = "restic";}; restic-repository = {owner = "restic";}; + authelia-jwtsecret = autheliaSecret; authelia-oidc-privkey = autheliaSecret; authelia-oidc-hmac = autheliaSecret; authelia-session-secret = autheliaSecret; authelia-storage-encryption = autheliaSecret; - authelia-users = { owner = "authelia-main"; - sopsFile = ../secrets/authelia/users.yaml.bin; - format = "binary"; + sopsFile = ../secrets/authelia/users.yaml; }; }; }; diff --git a/machines/lebesgue/secrets/authelia/users.yaml b/machines/lebesgue/secrets/authelia/users.yaml new file mode 100644 index 0000000..5e2cfcd --- /dev/null +++ b/machines/lebesgue/secrets/authelia/users.yaml @@ -0,0 +1,28 @@ +authelia-users: ENC[AES256_GCM,data:1EkFsvUed3CIjoDU1iskEsGPYdyWhsD6+uCUdhRvj2YDF4gVJkYEQx3o3arJr62NgHBMM1E8djCUFSP3zWpeA0zdgUEL6V2572exa7VrfAgdW0F1iP1o8n+iAD2kORYuX+z+cLbuG28U5WiZEDFThGsLNIed4+T49iKQ+rXfMlhZchwNb/U8CPTwYjGNzXs6/TFSWu8/JNw7bpScZZWbZGmx2fOSu9Y6evG5mIffekZEJMHNqRlgoiCOXsbYf00h86eD8TyIi35mv4bwqjEz8wLbrY5+T9HfwBUu,iv:evquSSnMSzCBDmCXulR4HkWIxpL0S+6Hx2caO7ZOOBw=,tag:5wAIrUVgTpjXF+w2eIOj+Q==,type:str] +sops: + age: + - recipient: age1kjy9wym6cmz6wqmewws4ledsne47c0e4sr0ksmm66rff3u2f6u3qxvnyg9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvdnprVVFKQU1sQWdyR3d2 + elhzL0l6RkQrbGl4NEMwMU5lM1R1OFZQZFJBCmpFSHZYZUlHZTBDZmdhVkFJTzNR + SzlpK2ZHR3AxRElrVUFaYzlNZ2RJQlEKLS0tIGdxVml4NVhMazIrRURaV2QzZU83 + LzdhU1U3MFp0Y3FqTHBjd2JRMFZiM1EKJDuKlkmxI/ibZBjjTS01RPHv51PSE+1C + PoaazhTi02Eh8Imnh9jiiQVcTO9o7Xo3V3y3TCNgvoh1gWdVWXzCfg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-10T02:20:04Z" + mac: ENC[AES256_GCM,data:O1PcsOOYIVmYZCv5ds+9oqjwTDqmL4FYmJ5zHUKjt/YAHMKO81x/E35sZ44iBVYUyOFBFz5GD2CPJfyWu3CIMNU6xAXYzrQs8XvDUXvVmZigMuxBm1IjATH0GgZEfWxutsLYGXjuCaHe8oWPKG0ynhEort9Bwp11DESMVuvJkpI=,iv:j3CtGchVJzwJ3injinEdbjClKx03ZDXAWQ6jsWFT7Q4=,tag:MKJzIyrj1nxT0gh4tV7Yew==,type:str] + pgp: + - created_at: "2025-06-10T02:19:29Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DAAAAAAAAAAASAQdA0p2w1T6ALDUvOGNaZRSvOvN3QnKy8hkRHt9s+uYzqRUw + kipYH5FR1+BcRehiga5SXzNHzbHRhp3kQLcw5BupyPjI5s9XQYgoyD8d/0DpNQUc + 0l4B62CI/Naqv5aAMcsvtcq3xFwznCAMOX477dWMAtdPuC/mRJV6NagpmAmF5SEl + w1udTJuFysQ8Y5XQHhMu8Sz221rd6QQ/qASb0yWqjYeyw8Jx9sRwn4o9rLJTcOPc + =OTMQ + -----END PGP MESSAGE----- + fp: A972C2063F4F2554 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/machines/lebesgue/secrets/authelia/users.yaml.bin b/machines/lebesgue/secrets/authelia/users.yaml.bin deleted file mode 100644 index b420e8c..0000000 --- a/machines/lebesgue/secrets/authelia/users.yaml.bin +++ /dev/null @@ -1,22 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:YMncaBj6fPMX8HgKUZ3NVwyIzSnKG4E0RN47QR+2kf0Cr4MbnAcqHnjbWV8M7vXMzFtW7LyMSS+61xZdHWg27w3t5yFK3szbWhvFYhK+KoOnRw0virVXjcKTuiPdPIQ6qG9FI8UZixljRh1fKNZxUhe2Yzhq3CG8+F+SJ5yQjdXKw0wY9DqehMd1MnhFqF0hAfLDTHwTrYwP2D8YeWpg0euaCw8WhzKDqZu1PdG4MP0GJ7VZfJ3gnAaUJAgyNQ9gVQmEnNUaHN8GTie9m0PBruOzVbZwmwWUk62UTPU=,iv:z0u60Fu89q+iT4f7BNEJ/b57W+XBYqUj0yf9oMO2Ddc=,tag:Cn2iCxI1wvUhIKQPefMA6A==,type:str]", - "sops": { - "age": [ - { - "recipient": "age1kjy9wym6cmz6wqmewws4ledsne47c0e4sr0ksmm66rff3u2f6u3qxvnyg9", - "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZVdLbzVjcSsyU3Mvdkdp\nYU43bXREbTVwNnZqVXhTZnZnY2UyeGkrMWhzCnN4WkF2T3l5Zk5OTzFTUzMvdkhU\nS0lmMjFHbEE4VlJjU0xPR2V3ZDdnN0UKLS0tIGRMWkROWVdiS1piRTZFZ1ZXVUFo\nMFkvNzdsL24yVlRRRnNuK0MvMjFDUWMKio15sHTVTCzoW6xDZ8xW1R1f3FZWJ70c\nAxVlwdhZHFsfXK++vsU+PT42ejqodEMpZiHvIjQzg6EulopdKUYU/g==\n-----END AGE ENCRYPTED FILE-----\n" - } - ], - "lastmodified": "2025-06-06T04:17:10Z", - "mac": "ENC[AES256_GCM,data:HdHskDeNiLLfykGqtv6azJUFa0jMiOoOJMhs0GYmNDRWHIN08IXc2Lvsyp35vi2MRglQvf38NEgFS1SwUXebwDfqNCMou+ge+yYErsg+qXdj0maqm7MKRWtdtk3ahpX+bcFLHDzikPxPtno5K9noxCnMebVIBCrCoMP8sKGLi6o=,iv:Dm14azLoWTGBqWneg588ihGaCeOTCRYgIQ8/nbqrPTU=,tag:ksinhud6U7ueJAwcwYuKiw==,type:str]", - "pgp": [ - { - "created_at": "2025-06-04T20:14:12Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdARkN3yYHRUH/nfobwd2YF4ePWpbruXUNCZkNQubo/EV4w\n/1ybFvY9O+p6X/U//a6WuiQoli12nNUYegEHDJc8CzH6Q+9BwqKqYfMoa+Ahy2hi\n0l4BOQfnONeflgF9bctA7BJB1lvF4pbhbxTf2bImf6HDAajFyaYfvML0ad4MMRBU\nqmBCXG9WAf6VQb99uUj8wwbxunny4pLF1Q4YhMdC/hbkG9unN4slsQUr7jM8N9Dz\n=C1Sa\n-----END PGP MESSAGE-----", - "fp": "A972C2063F4F2554" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.10.2" - } -}