diff --git a/.sops.yaml b/.sops.yaml index c318963..30dfdd7 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -7,7 +7,7 @@ keys: - &A_sky age1g4j0hun2ttt7h8870zf5pm7nqgw9p23r6mjj9vpm4guqetvth34s8v3t3w - &S_tofu age1mfsjys8gzazkzurcpz2grcdljmzq0zvsllk8j7ssse6wt52jrglq5t59u8 - &S_observer age1hc8vdkk34rqfnlxm6xuzwyyl63r24f2xkkjfrfxzv3aveglklfmsxgll9q - - &S_graylog age100esdvd2n4fqzg5f233mct6u8hu3j4m5ed676fqx0r2xmnu25fjs8hpz8e + - &S_graylog age1jp77cvhn0guu4n9rtg0pz354zvuccurh6n3xqrc35yaxx93asv9qfpkk63 creation_rules: - path_regex: secrets\.yaml key_groups: diff --git a/configurations/nixos/graylog-tofu/default.nix b/configurations/nixos/graylog-tofu/default.nix index 825a790..e61417a 100644 --- a/configurations/nixos/graylog-tofu/default.nix +++ b/configurations/nixos/graylog-tofu/default.nix @@ -25,14 +25,13 @@ in ]; sops.secrets.graylog = { - mode = "0400"; + mode = "0440"; owner = "graylog"; group = "graylog"; }; systemd.services.graylog = { after = [ "sops-nix.service" ]; - requires = [ "sops-nix.service" ]; serviceConfig = { EnvironmentFile = config.sops.secrets.graylog.path; }; diff --git a/secrets.yaml b/secrets.yaml index 12c9a39..d1c315f 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -8,47 +8,47 @@ sops: - recipient: age1ja6zky2xlptgmu04ghp30z9gcyw240p4p8jpqeznt9msmmrwjdjshl6rx3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3N25HYkN2ZGdSSkJCNU9t - WlUzZDVUTkU0YTdLbmZJaTNyL0FMTk95UTFNCm5HWHRCcCt0aFdtT0Q5NHNLelpn - Z01vWUpiYXpkRHMrVkRIS3pLdEUxSjgKLS0tIFZBSjVzUkFrWlJ4L214QmY3NWhG - akVxcTVVSm8xVkw1ZnBjKzVkNko1UTgKba6n5jOBZQ6ws9dxALDNh3bkDe5tWjuv - 4f83fHjTd04ptzNU4ccVfZue1mZOQbFq/yiYWoihQJKkMs1ST3yMog== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHTjl3Mmw1YlZWcTErN25S + YXdrQ2h2NDhldkMyOEN6d2t0WVp2UFZqeG4wClNoc2RtRG9Xc3lBZExBSlpTYzN6 + dTVMSVJtT1FlNkJuSWk4WitDNUI4NTAKLS0tIE9tY2ZlNThPbjhEWERielFrRHVK + QkxFcE9yQ1pLcmsweUIrTS9qYkhDS0kKi0Xt3e/bXsbVs4gKz1SVoBuHRwBG4wm6 + /vbdcP7XbZ3++/dN1T84Ym3mJSDygxapWC1XF6+FYE/N+6+pluH+4A== -----END AGE ENCRYPTED FILE----- - recipient: age1g4j0hun2ttt7h8870zf5pm7nqgw9p23r6mjj9vpm4guqetvth34s8v3t3w enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWjFGYlYyNzBNbU8zYWRn - aUd6dlNxNm1KeGtETmkxWlQzWHlKZmhweHljCjRJbVBhV05MV3VTSkFjZDQ5Z3RZ - SUpOSzVzcFF3eDhxSmlxZTN0aDNFb28KLS0tIHlLckVxOTVOTzlRNHI0RnpsYXk2 - cDRKbnFuem5sSytYRHZhNjR2dE9zSkEKR8ErFAqF8yx94BVVnlrdIg3to1hB39sP - pDNxZXRR2msGCOexzJxnmLbnzEkOtuS5nowPbPzedE09eACTs2pY6A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnUmhDY1pLUHJPWHYxYkpW + SXdhdUV5eVFPUnlLdm5QTkRVeThyVjNKYnowCmFvcUVnUlNVZkZIZ3hhOWhrM0Uw + eXRiSjNYdDYrL2w0TnQ5azhEUHhkME0KLS0tIFZDOHFTZ3ZnLzBhOUN4V3F5RmVW + dEg4dzVkVnk3VVluVVVDTGRmQVdqSkUKPLHOWzI6AIEoI5m0WiouKVS+Rhx0T6Df + l2cDxBqG4HRdCr80CpUEBXjuhRUe53gVV1nkKxpM9crkLt300605yQ== -----END AGE ENCRYPTED FILE----- - recipient: age1mfsjys8gzazkzurcpz2grcdljmzq0zvsllk8j7ssse6wt52jrglq5t59u8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYWhOSGpFekhTWHZ5THoy - U3FJa21wTGhaM2l1N3lKdzJLNnBPZWlJUXlzCldXblhpbjlWaWRrU25jWDZFNDRr - MVVvTkN0N0pGQWx0b2VJbDRDUFM4cFkKLS0tIHg2YVFZV21vQjk3QXNya0xDYlVo - WTEyWSt3NEVRNm9qQXYwOXlYT0JxSWMKymwlK0TFZMfQ5qNbfv6bmI5g3N+sBIgc - 2GCOfFMyIxo8GE7hsYlnlDs4r9iQcYy+/x1uyvj5YW7v9b33IJLtnw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQjU3U05IZnJBb0FkdVAx + WmF6eGxBazhhWUVFMVdLOUdzVEIyUks4cDM4Ci9Wa0RUT3ZaUE9EdUt4cTNrMHRM + MkFkZEdJUk5HOFY2ekpHTnlSUG5WY3MKLS0tIDVVMjlNelZsSkJDRC9BczYzYWZs + cmRhcXY5NFNydjZNbUhQemgvVHFQTlkKNrwDfySiyJ+c7ZC7X9Iq/vduy1aP/Y8P + 7WGS4bj66OO47xzcC4czbPNLUz+8KQNdZ2hpbBwGs0+f1y4dEu/tIQ== -----END AGE ENCRYPTED FILE----- - recipient: age1hc8vdkk34rqfnlxm6xuzwyyl63r24f2xkkjfrfxzv3aveglklfmsxgll9q enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsalRrdkR5K01lUURvYmJJ - cWt2VzBjM1UrSDhnRGtnZG1DeWhDT2hWNFU4CmNjMXdTNW1BQy9MRUdQbktjaU8y - TjFOeWgzbmNyNS95U2t5a2JSZFNGN1kKLS0tIEI4eGgvYytOM1BieUFqRklGaFBu - ZEFKaGViOGNSRE8xaklZK0FOTEJpRGsKbJbXD4BFvWyN8zm7HD7cUz9T08lqmqyL - 2no3hdrrGvJaDKLJvgMhVjRZk6koZ/VfUXcRAlrXMOMbr1FrgGSYOw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTm5NLy9XZE9uSWwrVFVJ + RXFZUTBFUWcxUTFpSklLZWNndVZlaFNMMDNVCll5SmEyMEdqUVh4LzQ3SWhkckdM + dlZmalZrdzBtcFRJVDV1RkFvalBoZ3MKLS0tIGswUnROemNUbThLVnd4NUgxVnJZ + eU4xYXlSQ05jUEwzL04yWkNnY2xxemMKZ0aemAawXxNo75hI/9n6R0IsziXeZz56 + DTLE7ZKOUmVzQppzEIVqAYaOHYO7Cpv8ROy5OPCb/hODysa6aoFvaA== -----END AGE ENCRYPTED FILE----- - - recipient: age100esdvd2n4fqzg5f233mct6u8hu3j4m5ed676fqx0r2xmnu25fjs8hpz8e + - recipient: age1jp77cvhn0guu4n9rtg0pz354zvuccurh6n3xqrc35yaxx93asv9qfpkk63 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReHRiQUZHRGF6b2wxYWta - N1UyN2JSL1g1SlJ4d2QvR3d1MDhFdUdDNnpFCkpvMzdwczZNbnNoTUN3aUhWTVFL - M3dKekNBT3dhcmhzSmVIVjllQ2xIZVUKLS0tIHNLWmJLVW1jQk5WWER6SHNzYnhW - RUcxOFlLUGhkOTB1ZVY2d2pRU3JOZDQKtvIX8Q9KGXA8J3d8m4PXZJOKpNrpmZ9B - 2oj+k4b+7fZf8Y7IYG7pZN863U5frOjR4ZCY+64r/WF/u59lzv6ddg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4M3ExaTFvSlZrek16ZEdV + Q2o1MXpRbHNuUmpnUjJKZStweGg3Q2o0TDF3CmdtWWV4bWI2WFQ1dHZUQ0J6QWt4 + aExCeWJMSFExZkNjQlFwUFBWeXRscGMKLS0tIGFPZ0lmb0ZYOUlGbVFEbnNwVEhF + NGV1T1NlaE43dTF4M1VlVWtIbEIvYUkKZ0JmNRKvbrF6qziZI1WUIuAkz4Xad0xP + l39Dg3IRC8+UtwjKbhCGZSJbBDsO1srpk4LOYiYD4R1hsvn/OagNUw== -----END AGE ENCRYPTED FILE----- lastmodified: "2025-06-29T01:23:00Z" mac: ENC[AES256_GCM,data:XqyWXYlcZoDnHMTIISa2hUQgbtwUopZeEzTizoTM6Nnu7Yfh8hKgVSG2LVhXasjNw6/u/SPevr/pq/pBzVyQwvud/ILmvg8aLm7/mMxcrblKXCdr69lpqQ1bJ1ZDtTU6DMjXcRaEgzU+7vlLD9BiyRmk/Ncy5MWiQ1EkosM5/EI=,iv:qbUc4I4J4xpPZ/tS4kxXdquLnZ6Pp15A6Z19pgn8YS4=,tag:H6K/Sqh4rCn9SmVtbRqVJQ==,type:str]