Compare commits

..

2 commits

Author SHA1 Message Date
c9051283dd
Add sops taskfile 2024-05-14 12:48:04 -05:00
0a1255b438
Add new host 2024-05-14 12:47:52 -05:00
4 changed files with 58 additions and 15 deletions

View file

@ -13,6 +13,7 @@ keys:
- &jahanson age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp - &jahanson age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
- hosts: - hosts:
- &durincore age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m - &durincore age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
- &runner01 age1cqqclavfsmc0yl74cs9kxvkf4l6690aysq50qx32l7pcg9fs8gcspu3wgu
creation_rules: creation_rules:
@ -21,3 +22,4 @@ creation_rules:
- age: - age:
- *jahanson - *jahanson
- *durincore - *durincore
- *runner01

View file

@ -0,0 +1,18 @@
---
# yaml-language-server: $schema=https://taskfile.dev/schema.json
version: "3"
tasks:
re-encrypt:
desc: Decrypt and re-encrypt all sops secrets
silent: true
dir: "{{.USER_WORKING_DIR}}"
vars:
SECRET_FILES:
sh: find . -type f -name '*.sops.yaml' ! -name ".sops.yaml"
cmds:
- for: { var: SECRET_FILES }
cmd: |
echo "Re-encrypting {{ .ITEM }}"
sops --decrypt --in-place "{{ .ITEM }}"
sops --encrypt --in-place "{{ .ITEM }}"

14
Taskfile.yaml Normal file
View file

@ -0,0 +1,14 @@
---
# go-task runner file - rest of config in .taskfiles/**.*.yaml
version: "3"
includes:
sops:
taskfile: ".taskfiles/sops"
dir: .taskfiles/sops
tasks:
default:
silent: true
cmds:
- task -l

View file

@ -1,6 +1,6 @@
forgejo-runner-token: ENC[AES256_GCM,data:q/K34xSOcqauWTz/WgbfGLWNXuOcL10yghV90uvjc1hpBjDVOCGnSg==,iv:OHuHGPx2HMqKdrQIs8nup7E1D352U8fq/jz5dHGtemM=,tag:kZAxNfhOaftdIGNjeDmhaw==,type:str] forgejo-runner-token: ENC[AES256_GCM,data:aJzmXCePNLPvHqMixVP2tARC36UQZYrwtSweJRszI1GF8Pm5Dr4zAQ==,iv:C7iJW2lSnZKbUBQ6T3uW8kY6F/80kVxA1D2Ixhrkxvw=,tag:ZYW8Vo0hp8QxDyb+X+2ZMQ==,type:str]
cachix: cachix:
auth_token: ENC[AES256_GCM,data:h8xnfojQf+bxUDiUGx1gmGN9xj3QyqrU8kURtjrgJOWTDvg2t3osBkl9j4kUiT9gNyChA2TIUP8RKrHL/Bz8pxQuKLu337taJcj0ept2ksx0D7iMGk6chjez9Xiy+iF9cXqFgglmTHehtiR90BY1f1AFKAe241atpVyKXOdTzl61isANb0KdT6H1Iqyq+AanPO5FIAE=,iv:zVcp3zqmXYU2srHBI6FBzQZKAWu1kBp0zp3szsLhPrQ=,tag:bM3+WnhDXf6wlHT1w7rKLQ==,type:str] auth_token: ENC[AES256_GCM,data:4LrbKQw9XJ90gm7JiSlKoqLSOIcDv7JNu/vtkpSzDPFvo/ZxB4TTSO1pRFqf9FKy/IxE+IXSOV8XAEgtjPtvwq75/8sypZQgB1oIUmVuAaP8qUPGP1tgoObyF56eP9td1Fwm4PDzs48P52LdiN+tdoFrAju2YAAE0shIoeowQXHWN5HBEXhJpVDFfHIydrmqWYICR/A=,iv:34rhdr95kYb/FTTUoVCFx+kX1Z5hQJNCE26xLOS0euA=,tag:h9wxyhVySVGPM79ZB3XiHw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -10,23 +10,32 @@ sops:
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp - recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2SGpyVy9ETldIalAvY2Yy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCNERxeDBORCtBRDlkYk5l
SzQzTzBYQVRiUklsUFU5dUtHdXUvbkhjcVVFCkhKSkZLRmN5MzZFQUdiYlN0RWdF Y28ydkVxUE5NR1VxdmUwT1pWK3hQZHJabVhFCk0zS0FoazBTVkJZTGtaTTdhcWFq
bWhadC9DOTExNk5PMkM3OGhmZ3ovNk0KLS0tICtIVjFMdEo4M1ZPRG5XRDFodEps ZVQ3SFhieFFlSWF6YzFuS3p3SDdHRUkKLS0tIGRISjRvU2lUM01HcldUYnpDZ2hX
SHgzM29SNklYQ2NyWXY2K0xOQWUwUGcKfTaZ4MPjq1XicLcNigcYTB0fWGOSre07 S2RWYWdsVUU2VlEvZmJaWlJsWi9CeEkKp6iYa0YB57CvfGaJJaI0phbFWLNNeSEd
DVh8UHbykCAZBFutF3ATC/ssYUTfMriG4xkI9Hrn04pEvlf52AgD+g== V1IYFGg3yxuuOtozFkKWLJnYbTvQU1dwODtp5fr2FvxTqTHBsSZ+UQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m - recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6R2x1emhYOCtXTnhwcTRD YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUeFozYXBjM01NTUVXUW5G
TjJjQmNkMG40Y0YxNFJzQ01uYzJNb3d3SmhVCkx5cmRiWDk2TWY4bDE3clpMM0hM ZHgwcE81YjlQNlAxV3gwRmRyK0lrU0ZsSlhrCklJOGdsVVJrbEFOQzZDRDNDbWQ3
RGYyRVZ1cFdYZUxycWNQS2J3am5IVlUKLS0tIFNuMklpZGJRY2lMRjhWNU8rcWxG d1JlbmdCVkdYK2sxKzdaZkxLS3FrdEEKLS0tIHkrOCsxcU40T1A3UkFPeklyMm5I
SEdEMHdpcUlROVFhNkVzVHNJOHdvdFUKGNZo/gsmqQLc1xtwoMGA2Gy2yL1U/5DJ L2c4cFlUdGcydjBaYlVmSExUd0lyOFEKapBIbtamc7PcIcvNMWiEJVnV7Ik/gijD
Ltqz8nRTteaSayhS2dxGqkRM0QKEqz/MhPno6mcfMXaRCZLxisQzww== 94EBb+oVoxJaXhj70wpW9S5XAw7qac3QY9m9ZG6LTyeIJvbGFs1fog==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-14T16:14:00Z" - recipient: age1cqqclavfsmc0yl74cs9kxvkf4l6690aysq50qx32l7pcg9fs8gcspu3wgu
mac: ENC[AES256_GCM,data:GATqt5ftIkdZ4jtlrgwmD4pSm0CSdsMkTOZP2E3gqC2kdqbVveseQgOWe/o7gvtn4VkQMWeJSL9Q9xxtCTH3VPSX415BgANeUJfZ8sfH1WJjSPUOKTRzN6VRXWceO4C8yd9PCHMYYhrVw0wd3h+bJEhh6G4Yq9J1lRQ8WKAxdzE=,iv:ehwPu7qGaPoQeQQ9KpX1AXLJsdmyLSMdSFJ8EtGj9P8=,tag:cRr+KGtbePlc/cRYBXsRAQ==,type:str] enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPSFhKL1BGNWtUaHp2bWJx
SXZtSmdoOHdhSkYrQWVLcXN2YUJCcHBtNUZFCkdWME1oKzQzUDgzWmJxOXA1WFFz
SEZnN05TblB4UnFaemQ2MVJXY2dnc2MKLS0tIGZXekl0dmNvN0IrTmo5Zi9DclRz
dXZEdjhKS1VyMDR5SzdUQTR0RjFrRkEKeF4EWi9l0S2rzDqhE/6wblhfWiuZiztS
Ip6GKEkqMLQgZjU6TW+/t7nDRGFhXw6DtSN+1Y69dRxqh5OdvInEGQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-14T17:46:58Z"
mac: ENC[AES256_GCM,data:yyP0V5C67psrs+GrO34Rwoe87Dpg8TNB34AOxO4igAbUy4/2EefFD8EAY2pxTCU/jGZkYbFj7l3bDRt9kECxLXrhOhywxeU347DshK1J26NjtGyBzI8gjhhR7D9z2L/+NiOaVoyew3OWBFJKe6jgtel9iRjkHtwuuxf+RIQLdLE=,iv:3D5P/PTQlyWTrVBNuKfZHZ6Dnh3H3vhkOZkiU340IiM=,tag:uHw21nf7LtS9cFTfaKhIIA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1