From 4a6d58e6a2cdcf76656de7447ceb2eacda613ff7 Mon Sep 17 00:00:00 2001 From: chn Date: Thu, 27 Jun 2024 17:40:52 +0800 Subject: [PATCH] devices.vps4: set secrets --- .sops.yaml | 6 +++ devices/vps4/secrets.yaml | 91 ++++++++++----------------------------- 2 files changed, 29 insertions(+), 68 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index e2e4e754..13ad0c52 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,6 +1,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age - &chn age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m - &pc age1ffvr5pqd2lfj24e3fh53s92z6h76fda3du4y4k6r3yjumdwvpfgqzj033a + - &vps4 age1nnd6u8l20julg4jz4l6kw5gmj6h2tsngpm7n8dx59umgw2s66y4shq6jv4 - &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6 - &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902 - &surface age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l @@ -14,6 +15,11 @@ creation_rules: - age: - *chn - *pc + - path_regex: devices/vps4/.*$ + key_groups: + - age: + - *chn + - *vps4 - path_regex: devices/vps6/.*$ key_groups: - age: diff --git a/devices/vps4/secrets.yaml b/devices/vps4/secrets.yaml index 7db617aa..5df48cef 100644 --- a/devices/vps4/secrets.yaml +++ b/devices/vps4/secrets.yaml @@ -1,58 +1,13 @@ -acme: - cloudflare.ini: ENC[AES256_GCM,data:X1v1QuOZemIuxldd1bzIvbUsq+8HMGLh91zUB+fnrxaW40z0OQh9L1rF/0Nj3gmUmgT4KEV7nkHFYYpZBp4/Kyc=,iv:fQmbhx9wV3l+DVPaBrAyJbTCsS3q3s5F9Go1F7pZ2pQ=,tag:P4vuruX460YSOUsx6zGHXQ==,type:str] -frp: - token: ENC[AES256_GCM,data:T8b1ku4HNCNSJ+33QgIt1GILFA4wTu3Qd0rDqHPVgdqsGo0R90k0u8z+dElSO7q9PapTqUbZ,iv:hwnMu6JxfYLgw4TyhujX5dI2IAytgZh+Bexhgta6ATQ=,tag:lqgwvXlS/jGPxasmk5Vh3w==,type:str] -xray-server: - clients: - #ENC[AES256_GCM,data:DXEC,iv:SZ1AhmK6fWQ/HGDk97kDUcRN84zQMp99eiz4SpRhig8=,tag:Fkdf28ZvB8XKCxSYdjuuHw==,type:comment] - user0: ENC[AES256_GCM,data:rJ00sfe/oJSry6Ixn4Bn+p41syqsOrdWv6fRGVCwPvn/unMY,iv:htTvFMvhIRkORA/gIU8J7CgA+tOncYQWh7sUh+F6XDs=,tag:VrSJBD7ti9WtSLHoWjMClw==,type:str] - #ENC[AES256_GCM,data:OVgDU+zqcQ==,iv:8KuEqBuL5Ca6pUOFFA+vySJx/h3BhGAAC0CgnxiW46o=,tag:TY1MajSSy2RjKVI2SSAAFw==,type:comment] - user1: ENC[AES256_GCM,data:S3IHO9FcVHTJOsRxjSohM9MgnrEwLdDpFU+efLkQaXT2jNJG,iv:KOesvPzjDfm1EDLFiegbk0wgjp7di5mUwUuuY2hwvOQ=,tag:ZsYyUyyEhO5S3weCw/gPMw==,type:str] - #ENC[AES256_GCM,data:OQOPobpbbhajgA==,iv:4jG3bHKzWcR+JnvSlJsc0Qlv5kywqVN5UE96J31CP7Q=,tag:P+jJkRxPu99tLXyO5k6dRA==,type:comment] - user2: ENC[AES256_GCM,data:e7ITe2ZouKr8dXT7SYATyzbzHaVeu6AKt1OcQKk3U0nsQgoa,iv:UbOOuojy6OAFEH8lGhKe5Hs+2K6FX5MZ8Br9AB007gs=,tag:5XeB4YngzTcHZvCpXe/ZXA==,type:str] - #ENC[AES256_GCM,data:93BxR0AEdQ==,iv:rf69GWpuxYt7fu1Fyv55pynuQDhi+TA5CwZK3cc3yBo=,tag:/hLy6atNMxLw6G3/qgMM4g==,type:comment] - user3: ENC[AES256_GCM,data:r+6jXaIj4HJoYLnJcnjJB+WEZlGaoSy/ktc1Aw77hFtNrrGp,iv:P+YUKns1yaOZokH5WkDB0jssGyHg3ncc54tF1PyA7Oc=,tag:/pxMEr7l4ye5EDAOsllxJA==,type:str] - #ENC[AES256_GCM,data:4gqZh391hg==,iv:No22DrD6EBs2FA4/qH8msWEjs20fc+ZpEeZep+HIv+c=,tag:aHrYNbI83POI4PRj1nd+Yw==,type:comment] - user4: ENC[AES256_GCM,data:ujiml/r4aFiKOkSJkaD/KE8rKuBtLSnpZREBH3vRJUzDT0QM,iv:a3VFlXpMLNFihvFa7gloANtHmBLg4szTL5LTm8E2kNs=,tag:W9KZ1GAVx9IBKfda7Zedng==,type:str] - #ENC[AES256_GCM,data:PTYBkBHs16U=,iv:qr3u7OveM1CmTBIf9gZK4fTRuLCpcZCwf8jmnd1L3Co=,tag:w3O41NG7yCwCVqPGh/6SXA==,type:comment] - user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str] - #ENC[AES256_GCM,data:D5xiJW0Oyg==,iv:9a/6myiT9Crf/fff6ZkXj/obW2k95cABUNqQdPmcwcc=,tag:chs8BA8YtVkM9m3Ey9ETlA==,type:comment] - user6: ENC[AES256_GCM,data:YzLlf37SxKmU1/QA7gUIJsGid3KZNoAGOew8xR7cmw5l8ZmX,iv:SfKubo2jfjtxKn9odDiokMEZyPFfYZ/wwyYtBrgvgmM=,tag:+hxwIU5uBhzQyrKX4r3oiw==,type:str] - #ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment] - user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str] - #ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment] - user8: ENC[AES256_GCM,data:H1gPtqF8vryD0rVH7HYzpMuZ3lufOBYczKwaTr4PidQtTyQK,iv:wh7NwFc/1ogNrnTTpm5L9dBqDVkvWiIsJZelR2mtR4Q=,tag:oEFdMFZJ9UYhsSVdefJ4rg==,type:str] - #ENC[AES256_GCM,data:aYWIiLxs1UvupQ==,iv:AisokHuAzD5B6fEF6ak8WfAe151CM3a8MsaWC4uJPnw=,tag:cdk5S4n9ulyWrqsD+jcqYg==,type:comment] - user9: ENC[AES256_GCM,data:HVK9KvGfOcwn1joc3VrkjBjE6hrxQPOBD5RTtQUgBPepToh6,iv:VK9aQ64L/GajpledBxC8PNB1BdNYEqwcdL3GKttgxvs=,tag:O/piztCYBARtAFxTMNXGaA==,type:str] - #ENC[AES256_GCM,data:b839t/OihMOmz0gIcTo43r2MIw==,iv:8kaAFG7DhFOoitcvbFaAvE1NUSLFrFhy1KiMrqs4r/c=,tag:G4vSADa52ZfN5y5ytoFJoQ==,type:comment] - user10: ENC[AES256_GCM,data:xjVkr/wy7OxRuNZKfQagfNxdVxTEyQP1ZhnR6jHy2gjBQ0RD,iv:G6iOBCHOqlvfEENY/ega/TUm81wgT2OOdZKZ6bPfg9o=,tag:p8AMa3bGsIl0hWQ09lSzgA==,type:str] - #ENC[AES256_GCM,data:+s3MMeNU5Q==,iv:CUrg+nNxCpJFbHQmMNXmSE+JcZK6Dfu8cGwtznx3CFY=,tag:G5CYMtao+hz3hs0fPVPmcw==,type:comment] - user11: ENC[AES256_GCM,data:BIZ2zRgGv5/9AexiZZvu+m4A62YUWtAkjWWMu89GteqpWMBq,iv:13IJcDf18LjoxJk7uoKnuFZT6Ihxrxsy7DBaAaiFqus=,tag:RN7wj+uPneCkqNlMRyYrXw==,type:str] - #ENC[AES256_GCM,data:spyQkQIHwg==,iv:7+0DUK95MPH7lpr+GMbbLu4/5yA11/4gTuLhQKlStfE=,tag:G/gIXML8UhYoCi9FfoTvSA==,type:comment] - user12: ENC[AES256_GCM,data:FAF9lXOzXW9CrZgnQ1a2+E8snZj2+JHqP5Gny92k09o/Wzga,iv:/qZuAtFmUQE7A9lMzJUoCvGx+3Sv9Ioh2ahch3puaC4=,tag:urwbLwGkSX3e85NCjyPhhg==,type:str] - #ENC[AES256_GCM,data:HueqiREBet2bxQ==,iv:WCjTAGg2gXgBSvY3zc/YyB/1X0XjvphPduVXLsjOwH8=,tag:wC+On6lyyYQ1Dt/BHDvONw==,type:comment] - user13: ENC[AES256_GCM,data:ExbnvWDIBqga5+k2mpoT8AKBOXAvUNMjBTPXUKrmtWzz4l+L,iv:UI7CvSx2FHYGf6BEHS4e3iwHZZWkl2Zt5xg2WdKbLvY=,tag:ad0c7YW2Bxo+Dn+BoSZ0Ng==,type:str] - #ENC[AES256_GCM,data:R8lN5T0=,iv:FXLf8Vtjg+PkwNhxXWDViMKqwn7tFMaPhio9zhnudZw=,tag:34gxRH+P9lmkUxlOPKcYMg==,type:comment] - user14: ENC[AES256_GCM,data:dgNPPlJD5JOFPbKhlvlRHBLmUNKeDm/JAiawUVpBE7H07Box,iv:w+t9BkqYvlxVKr+x0MwtBz0/YSR/7z1OnZLIoPdW4gc=,tag:CR3GLbaO0jSQgA2HuwzRqg==,type:str] - telegram: - token: ENC[AES256_GCM,data:xsJoGgQ8pLeZqA2alGKkCyrvnjY6rVF5TlXn4GWDrStFBl65XXzwVY/9ZZthYQ==,iv:qTLfpRUyuIGFM668URfknhSRtx3WEHp/WTGzGUPuFd4=,tag:p8mF0tM+t02g7v2EQZN3Vg==,type:str] - chat: ENC[AES256_GCM,data:X1JxFQw0bPCu,iv:hf+TOSH2p9RdnXDFKxTpSRzxDLdJyzNHVV8MfOQuGWY=,tag:iiWw9IFiBGOOyOSl9Jj2wQ==,type:str] - private-key: ENC[AES256_GCM,data:ts/LRGFAsYqvGvkvlxUI42IW1a8cGsSkpZhMDd3QVceRKvhPb1SRDaXoSw==,iv:6xX9xFIFUNlLBZ6CPBOz9JbHpvC4+QG9ZaCZcWdl12c=,tag:DYIa+QTV8vyl1l7OKKykTw==,type:str] -nginx: - #ENC[AES256_GCM,data:85LrqdTMIhSa,iv:mIQPYz8VPd5AxeMCQEdTGMD0Iqa5QEAa5+8JVFaj3JM=,tag:TcZd7S3WRPpEV9lHI1fzbw==,type:comment] - #ENC[AES256_GCM,data:rVTLpe3uIQ5LArPnEY8N8kjtHq8kZddbqR+nyUaia72Y7PWEfHzy6wgx3Q==,iv:AZEufH3zfVL0XbUh3CQZGYcx6zIMFV4tF+jHf73IplU=,tag:B/UbtQh5dGrctNih2uoO8w==,type:comment] - #ENC[AES256_GCM,data:InzwjKl3R4SJSXTz5u1Pt0kf2HYEtKfSkJO0cbPhhXADNp2/Tn0nwQJFy9EzpMvK9mw8+l5LadbY0tIwmTVvV5yxUQo78HcgXWInfp/zJ+GG1L/RQOHck74lEA==,iv:UBMRYPd0loOQBs3mNyndiKPu72aRA8HbOKWDfUWPQg8=,tag:t/ONqdwpWcbo/2vy5TOjlA==,type:comment] - #ENC[AES256_GCM,data:HTinhnsAbVujUOuLIVT/CkvdtTN9Nk7wZKZ5SyrPC+vZ/cB9E10FffMYLQ==,iv:Clby9A7MIUSknNFkzKuWEDL0yUW/ctd6KShCIEYrDZA=,tag:CJKORoXrspDjRmaSHUnlqw==,type:comment] - #ENC[AES256_GCM,data:cwAb68VgebTwCCeAFUbOG0CUAuggfRnLNv9NWldJN+E9NY4WKxs12Nz7yX/vtelcqqJ2TOUL78uAR88Nzavv7VtCTZRivWjRG6GvAUyRdv8lAZo=,iv:PScTSTCuVnsoZlvyTVL+ZgqqEm4m2/fUqWzPwE+PvuY=,tag:1jeRsHqgMheXbcnhRicsnw==,type:comment] - #ENC[AES256_GCM,data:V5XRrTvyeezkcJqw1/BhhZz5K/egpl+PtNwjAGELjWRp7IqDfRsInxBKEg==,iv:LdOTkL22HvaNbiUi6hG8o0ownfZ22OKFGxCuGPqG8xU=,tag:/06I/mLzBlgS489iuwFTuw==,type:comment] - #ENC[AES256_GCM,data:i9PXzaO1od7HimP/6vxYfh30SxFbdXRDcnXujH3VrvngFcWaVcXgigncp3cboi6RoERSZ6yakxviVyEBIS4v0qRfombj2UtJg8N3Kg==,iv:aohIMhAYfZhlGDrcEvi+Qc16nF8ZgrPUGhWj/7nl8Fs=,tag:o70qsk/2cAbZgbVBwfl3Ew==,type:comment] - maxmind-license: ENC[AES256_GCM,data:sESU6uK9EYLido9/0sXO2Zw1SjuKmxPh4r3giJcaG7068gn1kByjsA==,iv:htnFgnLrH35zSvmlRAdoRDLFIpKroKO5dW9TNK9soUc=,tag:6pJuc54SrKP5n0kJJ7fGyA==,type:str] -send: - redis-password: ENC[AES256_GCM,data:6zVKw9AmKwSWvHUZhzy0F2KcJW96uFoZY/N1Zq8ilUJOLZeX,iv:viwLIgJz9v8oadr8784OgETbEsxzGsJvVoxmOwWEFxo=,tag:XEYFnoCGwlnrkqaUbgeH+Q==,type:str] -coturn: - auth-secret: ENC[AES256_GCM,data:50KqO4GQ1ERbCnK4IjYu6aywT+IPMtVlTzh/TE4MwWApU4pO9yqz25ENGUAKRLi4p+Ecug+Rn3InRl1b+q6bAQ==,iv:SgHkHvHg/+yA1Z5E9effgCnZMVXv5amGNUsVKErai54=,tag:PoYLV9Xr0IXXsA39n7wiTQ==,type:str] -wireguard: - privateKey: ENC[AES256_GCM,data:4DKPPqQkjb33rQzFIz863A2arDRQA9AivWFBaWTf0xXDX4hWvJFiIlJQfvE=,iv:0R2TH3CMxHgwVjojzjE2Gnp8SXonmBDLWF7hB33NiX0=,tag:vgtV8JkuCdspleN/SvgIqQ==,type:str] +hello: ENC[AES256_GCM,data:mX0hKnLdaujfHSyIikkannf8DDo+r7R0,iv:my9nYiaburkWHQLsNetqD3dYVwsEkJhC7hoh0XagoOk=,tag:D7uhoFGMrTWT3K4LNMFcUA==,type:str] +example_key: ENC[AES256_GCM,data:ezHOG8aSXYlosn7ymQ==,iv:NLm785UMihcL1K/M4u7k+P2XftyLlIxtQGPmMLc+rs8=,tag:h9xk+do8pYzxYzUaKKb1PQ==,type:str] +#ENC[AES256_GCM,data:pgOf9IVK9ijocRr0uEO0ZA==,iv:aQ2dvfAVhkFWtcDM4VeJQa+NN6kw9IlvidL/usoP/lE=,tag:49iS4s1EfQK5VhlF9nqWRQ==,type:comment] +example_array: + - ENC[AES256_GCM,data:W8QJiOY6ofqE+XRodK0=,iv:KQ/mYY4N/YA9LhZvJtPJPqRVQq4ob/xa8JSQY06Vm4M=,tag:7NQgidSCjER//ru3AXgLzQ==,type:str] + - ENC[AES256_GCM,data:nNML0iYEFdW4S5rJVHM=,iv:LQ1/E/7FExXB16Ur4b59XAUlWSFPub6LQBaFCY+a2lE=,tag:LqPymQ7k5ZsS8d9Z09xJuA==,type:str] +example_number: ENC[AES256_GCM,data:UiALks+CeKFusw==,iv:8gQ0aB+9YHXKVDX7moqdQmNJLGDNGfo+glezE39xXgQ=,tag:sJG+DJNzCtx+l4bBgQTtCQ==,type:float] +example_booleans: + - ENC[AES256_GCM,data:n3cV5g==,iv:z2p5oh8BhEMvwwIDaO8aM8VfxmsR6Z7473pd348tsmU=,tag:oSYsNuk6vY21Nepy8Hkb7g==,type:bool] + - ENC[AES256_GCM,data:ns3chHI=,iv:db8M/qF03VKaT/8Q4NqfCdI1zAU9H8JWZFqnzwI7QvI=,tag:FdgUanhezouVdv+9a9/gxQ==,type:bool] sops: kms: [] gcp_kms: [] @@ -62,23 +17,23 @@ sops: - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1QXc4NzREZHlhMDV2WXlM - a2I4d1pjWm9Xd2gzUDUwZ1ZSTkFGR1ZQNDJzCmJwcWFxRWNNVGxTNno2b1NxNktO - aHhINXBjdmE3alFGYk9kUHZ1UzdJUk0KLS0tIFdKMDlvb1Z2Qi8xRjl0MXpKMDMz - cVVNdDRDNmtHZlJEcVRXR1FLVkZrMWcKn2iTHH7/52fJNXcbDFbzOxNAaiQRA0nO - we74EeNzcaaQwuEmBQPKxd/g7/kjhnHzTkoX3OneXMd/gBZMn2knXw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIaE9nWEZFaE51alYyTUgr + RVBKZ1MvNitBdGpMWURIUkhCTlF6Y1hueVFjCnp2Q0JVL0t2UEZrSmxMbFVwZ0k5 + QVZDdXNjWmg0S3BIaXF0NDBHOThiMDAKLS0tIDBpenAyTE51MWVkaHFvTFhzNmVV + WnlKUFZWNWtaYUpPZkplSm04Q3RFb00Kghj7jLLcLpc8njNyxPj6JWZbBRn2Ou9j + FJLfCGLePuJPmdBBN4AGHmtrkfw/SMZJ50DXhKSJSxM91zuJSqFV1g== -----END AGE ENCRYPTED FILE----- - - recipient: age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6 + - recipient: age1nnd6u8l20julg4jz4l6kw5gmj6h2tsngpm7n8dx59umgw2s66y4shq6jv4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBycEw1bXA4QUZkUzJ0Z3pM - Z0xHam5SLzRGV21XYUtxTFh1VnhQUk1NbzAwCkU1Z3VTR1FtZ05GOWNDOENlZTgz - SitzYXo2Q2VEaGtLTGE2UGRoUDkxN28KLS0tIHhRS2Y1cnQreC9Fc2FLdGR1ZXdJ - ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW - ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYkJ1NllUR1pMaUdmZ3Z6 + OEVLWC9nZHNxNWJSZ3VZUVZ3eWlLNWN5V24wClZ3dTh3SVNRS0Z4TFJrNDJBVnJj + aDhYNTdSV2JmUVNXR1ZkN1BOdzZzRHcKLS0tIFNhUGIxRVM5MFdvUWZWOG5kYlFM + RjZtLzY5b00vMExFSU1xZEl0NFJQQlEK4yUe3V0u6A3niES0Nq28rRYZ1fTEL0Fh + RBGZNCute1SShrLZPgNr/lFAc6d8DH6N0IuDKcjguuWtyHY/LFYuYw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-03-28T10:31:05Z" - mac: ENC[AES256_GCM,data:6Z+ltjbvQaYhDPoiCN7ajQeWcp6vj3TIcUXUm/r/tZU4mIOvfxA7hxW971b76bYPTeVwgp7ZB9qQy9emDHV9i+aSyJpTPKQHRRz5J+T+NJhTP/IL3R3VmG89ssC6NH8FSk0S487JkPd8tNz+G6bvwFCPRxRLNj1pXX0Dp6tgwIw=,iv:xLw2iX1ODAbJCTJ8fEvG7SdZ1GnGwADIckH8DibVM2Y=,tag:TTzlHdcyIQr/92ZHmViRXQ==,type:str] + lastmodified: "2024-06-27T09:40:19Z" + mac: ENC[AES256_GCM,data:ZdocsIbkzcWsTia7s98T5hjM5HDyBc1a0pwAb3IEFAom9Q0LjOs02BjsBKQT9Z+eMU+Ugkaz+kgP4hwYbcUuAbiVChU6sLMxUPwQDE8E7sJINZvJzth4Kl5SF4qz9fEuY8ZTP1hHc/HC6fSfWm+zH8n755aBjrzdIUvPV0Qv3xI=,iv:SSjyvgMSgZsoKHspRrNJpkmRTDdFqQlJGLUybyMcXbg=,tag:EBLpGZLNwDZxsWwh7Eva7w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1