summaryrefslogtreecommitdiff
path: root/secrets
diff options
context:
space:
mode:
authorKjetil Orbekk <kj@orbekk.com>2022-01-25 08:01:38 -0500
committerKjetil Orbekk <kj@orbekk.com>2022-01-25 08:40:05 -0500
commita850dad99672223cb453d4185921ced36235771f (patch)
treea1209220c2c82c6df2f98a0b954aedc379f9fe4e /secrets
parent3d6a49a5d90a0909fc04e5b70286b4de83aea6f4 (diff)
Add agenix dependency and start working on borg backups
Diffstat (limited to 'secrets')
-rw-r--r--secrets/README.md3
-rw-r--r--secrets/pincer-borg-repo-key.age19
-rw-r--r--secrets/pincer-borg-ssh-key.agebin0 -> 1356 bytes
-rw-r--r--secrets/pincer-borg-ssh-key.pub1
-rw-r--r--secrets/secrets.nix8
-rw-r--r--secrets/test-secret.age21
6 files changed, 52 insertions, 0 deletions
diff --git a/secrets/README.md b/secrets/README.md
new file mode 100644
index 0000000..812f206
--- /dev/null
+++ b/secrets/README.md
@@ -0,0 +1,3 @@
+# Encrypted secrets
+
+Add new keys to `secrets.nix`, then use agenix -e to write the actual key.
diff --git a/secrets/pincer-borg-repo-key.age b/secrets/pincer-borg-repo-key.age
new file mode 100644
index 0000000..5ae1ab8
--- /dev/null
+++ b/secrets/pincer-borg-repo-key.age
@@ -0,0 +1,19 @@
+age-encryption.org/v1
+-> ssh-ed25519 Yx9stw t1Oc7D3qbeobY+yggKoaMmU8tT1ShFdniNplpDyFCwI
+nCAHD6S5FSAdIYr3KoVaDc1UPQA+OhSX89iLu77qzdQ
+-> ssh-rsa xgQQbQ
+Ox6Ye5y7nmmYv2FWmhBT0SgzNsp7L3ft5ZAhzK6S12Mx9TOZstKx5ZkimPjAxJLp
+KWJHyXs5abrsaC386ux6h/d8OZcBrPGxHLULxDG23JEGBfnLkhV++j98y3Tt2jsq
+ptwF011h2+mMvxm+ZePQqhtZMJCi+Bb/zdN+ixqSXnTY+LyUJtyhQUFn0Grkulh/
+KX5PtaFG7EBoFox48ul/ImrO3scSHc1pqZnw4Dqi/Z/RyJ+kWynlUVbhWAFpzbuF
+zO0Xl+y4B0lQ7XD0mNW+lGYM1UhZDfjZ9ZHeeF5tEd11yRNYgghdK3zYOr6tsMrk
+7pupTbo6hqMHnv/hZe+PwM9U46aQ7JDI3dT7gZDDed1Wgnq148Va6iqIGm7A4Ngu
+XR1GhWaOo9zvF0AW23rPiLaLlBxztSH9Q64iIoTDPYmAPpodrkOU23hlceWkBwcD
+XWILOaPqHqh5+ibx2jTDFE5p4nO0Xg7UKYU2vD2Shc1ZszSIXvovbYl8KOIG89G6
+kCGJdwBDrE95tp5SJejcmOCSsO/keLr81F3+z0Fo0HUHRaUG5UH8Fzi8UbH79l1s
+MPJ6k5gGI63FskxkWyfN/NRogDUo6DzsfqCHu7A2dMWwv0OygBnwRU2TYmFKl2fa
+KiMsxm86CV99ZaAvGVJJA1gz6bgtWzCfAaWgJaPz3+o
+-> ,Gj5rN-grease krGDTh `!#Lp<
+Fg+PdtWhVgQCnYCxI0jGy04TRA
+--- rAP3GU3p0KdGOt5zctfl/3XqVWaKv5m1JkqTFNTuJNs
+��X�R/�Ӂ'�ڢs.<����O��\0����&ۍ��yXY�[�b#�¯ (h����>R^� �H�)� �?����:-Ƒ�q���z��'��0��� \ No newline at end of file
diff --git a/secrets/pincer-borg-ssh-key.age b/secrets/pincer-borg-ssh-key.age
new file mode 100644
index 0000000..fd48aa3
--- /dev/null
+++ b/secrets/pincer-borg-ssh-key.age
Binary files differ
diff --git a/secrets/pincer-borg-ssh-key.pub b/secrets/pincer-borg-ssh-key.pub
new file mode 100644
index 0000000..951aaca
--- /dev/null
+++ b/secrets/pincer-borg-ssh-key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF8z/TLGajs/1ibY9qaafx5wl9BTZXdBnv0YuGP3G7OB orbekk@pincer
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..186b44c
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,8 @@
+let
+ orbekk = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCgvHMjYQ5Ty7Em2Seji6dvYhgQUIbyhiHdzRINYpiOUMuVA8wgJOV0ZggmFFTO5zfJ83m7E5nc/zMuBVHwkx1gJz5ic8YdO9eLIhymQn9R+9fyLA+g+h8uwTi7UlFmQp+My7MYYxdA2tet1wwgm39Yu49mxi8lARUgi4awXn5K/ZFy08GyjGia2E/YKx2gXPKhHsWFKWPO5u8ik0v8AFCliY2wXiG4jkZE2zI0gI5FUp66tpxkaOSZqreH+lVJw+S+GAJIqzGI99zqZsAdpr7m4WALZEYwj9D7/lattSG14CAjXxjqcMSsfi6fV0ZsF1O40eoZ9mNQpIvatXtL6HBSN3kuUfraQMeB8o5kbxwyXt2Fr5hMKtEGYlMv5uPqdn+yHcC51F3RkUxFJplOFwZ3Rh/AjLLMKo+vEtL9UjhTuYiSQ0ySunY5JbBVkJY4z3pLT9MOPnq+KIfBMFBI/eYE6yeMNTHxIFMDaNMFOxWc0SoBDhgZJX5eblYidt/YWMOEPbqJNCrWIzQwtDsiYsF9JS/3D5civwTP/oaASaiJWTAvluwbibMFAC1OSBFb20xM5gD0C1q05pxVMN3Ioy1P0CIvJMLWfQR1yrNbnmoGUGHeSA/gwaxqMg7G+P/SBIheDAYEu5fzXXgFgO3sI8JvIdc1NTJMmHktahb/ecG1MQ== cardno:000605483607";
+ pincer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5z3Ht/CjNxMfzjRjW35SlwZgwAOUkV3Cr5J0kwehpH root@pincer";
+in {
+ "test-secret.age".publicKeys = [ orbekk pincer ];
+ "pincer-borg-ssh-key.age".publicKeys = [ orbekk pincer ];
+ "pincer-borg-repo-key.age".publicKeys = [ orbekk pincer ];
+}
diff --git a/secrets/test-secret.age b/secrets/test-secret.age
new file mode 100644
index 0000000..bc2d920
--- /dev/null
+++ b/secrets/test-secret.age
@@ -0,0 +1,21 @@
+age-encryption.org/v1
+-> ssh-ed25519 Yx9stw NQ894qBMEbMfn+Iqh6oZZYp2Ul8Gh7oovVSekuCa5S0
+xmpoNUcstscI2v91ahRZzQCeY8VKsT3ZKmn/p9NmD1k
+-> ssh-rsa xgQQbQ
+chqe0rwVbHYsEHpzC7RDeQDUYGV6poI6FvXkWNOdmtLrsZ+DWBgDX8tkufcdsHYn
+t9D2kQ1F135ucifxXcHCT4rUypDIngzu5LXNy0TqdUAnU15fUFXvb5C36EUbS8Ft
+nNEIqh9SctXCkNEg30FupmfHfTmxVhjPpdBO1ai7tPCqLGnIhfMVBqdAeNA57Nmo
+vxGdqXuCsV6gP47H/eGRcTBzycBqHFJ+tpi7U8LPOs0RB8V3ivYvJguC8PkHmm6O
+bsP8tFqyw5FW9Xl2ZKymAH8m9hMG94MsCBX7Ly27ADewPM8kMK2DQAWohNt1T4uO
+7B+SyHCZx1u1e1FCKvRjBnucMWM8koqMO6SDJgwHazOX/VwJvTFpUWdfsG52MjBA
+QL4O4gdCSLI1KnKiJfJEBeiV98kddM5WUbqWyMcFGVPDDVzz4kQmUvwESUoAgNHl
+yLw2K/8D5xud/vSSMUGjM/igpwhH/UVApLZ1keZakIXrGvnen5ErBWb4DIfLLRHF
+IAuZucTpTeBBuqN6VmO0uWOeKYVlGys8xBdxwKTzTr66/s08pKetd0Xk/AQuQO89
+uAjvoPMkmJsh+vv2uFqtI3bjpk4jePc9QbkIS5OAYzMSx7CVUpeMd3E/7k+kW2Ek
+LWPgkZ29BWFR6bLyPqB9RCsxUxrhC/Ln6deVBj4SzOk
+-> k4-grease . r
+bryo+3JU9atXp5HZ7M/FWRWXD6kgw6yV08SR9iRb/QbQ7MT1JbYv0PhRRpnT4MMR
+zaWMOJjw1g
+--- SGG1/hxUHo+zpuNsbwsMrLTtuQin9xgD9fAoEhi1F7g
+]����
+�t��9B�O�$��sxo_@9'v|����?�S'<������ ��1?*�q߼� \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-13 00:20:25 +0000