Update fortress sops config

2025-08-03 12:33:17 -05:00 · 2025-08-03 12:33:17 -05:00 · fc27fc72d4
commit fc27fc72d4
parent ae96ffbc0b
4 changed files with 56 additions and 38 deletions
--- a/systems/fortress/.sops.yaml
+++ b/systems/fortress/.sops.yaml
@ -5,7 +5,7 @@
 #   mkdir -p ~/.config/sops/age && nix-shell -p ssh-to-age --run 'ssh-to-age -private-key -i ~/.ssh/id_ed25519 > ~/.config/sops/age/keys.txt'
 #   nix-shell -p ssh-to-age --run 'ssh-to-age -i ~/.ssh/id_ed25519.pub'
 keys:
-  - &system_fortress age1v3nya8n8fys8une6cp0t4agrqh4zjk7dk3lel5403xjkf6k87qdqhgjrk8
+  - &system_fortress age1fraz2lnnqtcxnu6tnjy4f7y9tuc0fnqekzmdynnhtt0h8a230v5qddpxdu
  - &system_ll_latitude age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz
  - &yubikey_lauren_primary 5F78261B65C565041662A3B7FF8FC3C735BD4A51
 creation_rules:
--- a/systems/fortress/configuration.nix
+++ b/systems/fortress/configuration.nix
@ -33,10 +33,26 @@
  ##############################################################################
  ##############################################################################
  ##############################################################################
-  # System-specific Tweaks
+  # Services

  services.smartd.enable = lib.mkForce false;

+  sops.secrets = {
+    "dotspace/pki/lagarde.dev.pem" = {};
+    "dotspace/pki/mlaga97.space.pem" = {};
+    "dotspace/pki/bauble.boutique.pem" = {};
+
+    "dotspace/fortress/keys/wireguard.priv" = {
+      sopsFile = ./secrets.yaml;
+    };
+    "dotspace/fortress/keys/tinc/rsa_key.priv" = {
+      sopsFile = ./secrets.yaml;
+    };
+    "dotspace/fortress/keys/tinc/ed25519_key.priv" = {
+      sopsFile = ./secrets.yaml;
+    };
+  };
+
  ##############################################################################
  ##############################################################################
  ##############################################################################
--- a/systems/fortress/secrets.yaml
+++ b/systems/fortress/secrets.yaml
@ -1,48 +1,51 @@
 dotspace:
    fortress:
-        tinc_key: ENC[AES256_GCM,data:TYiAAgb7hiAzeeqlLQmj7b/50Yht/EXPUz5WgOs4aWPdCmYmZ/Qy90cUOFP4JDGuwj6BqqcPQ2xMZn3UzHOMlhhFMPiAGrD9ClzhRcti8Y8N2hyElgpTOcFwUiHyB92R4y3SCHLEhCbz0QpqDVKlsHIZyNC+hQihTmGlN53Uq4wThVdriJv9JsSABvwXHyjh+uGmYzKM7lZU4no2xn4CKuh4pa5Rq8GvDlAjJQNg8qcCucTz9VjH8rPZRJoi9GFFrl6a71ollg==,iv:50iiuhG+QVWM27rYP8zjCGX/Zp3TnjG7hUk6x2Gz99A=,tag:3NeS6Rlj9y9lAqDuaKMItA==,type:str]
-        wireguard_key: ENC[AES256_GCM,data:91oquuoknEoMQ5NEwcFwwb/DXkpz0ImSgWpU3CPOrRTQ0VjI7FHluPhKsPA=,iv:STBb0c2lhno+Wylx7L82tBBEdPtCGa8BkmBxrYp8K0w=,tag:nj9gCA9jrqqN6HBmpcY8wQ==,type:str]
+        keys:
+            wireguard.priv: ENC[AES256_GCM,data:/ZMLzSpt3HlUjomdTUOC8ROCOQ6V+tFiEbiCKqa4zj7KAtSNHf0dGlTJ8yU=,iv:eQt02G0MUqaOvF3mPqX/K6698EYl9346kyE2Tf+Iiv4=,tag:/s38zd2ng7Jp82zZhfC6IQ==,type:str]
+            tinc:
+                ed25519_key.priv: ENC[AES256_GCM,data:FWAyZpadNbXfc0pemWxsYRq4AOlyopRp9TtpqFGoeZQhBrEwexEKtaaltlHiu07fYxMKV9DAx0x9CbBPwL+Pk+S47KuQGTvr64E/lbf17BiblylNPkPeL5KCmfJNCPQXN0t55PpuA3o2+ga59w/ZC4hIE9zQnbE+vyK8ucZW0t0+I/CPc4bw2gbiLQqza077gNykz63EtahytO8SOuuZ6OfiTYG/1LvlJ0tHTyHPkyejKKw0HJyP8bRvAy1QW3uGUHBjQmPVBQ==,iv:OywVsBfhoXLk7FLTpoMgZhC1cVx1HKcvAiD/FgVWdwM=,tag:0l6ZtywrlrYL7RM1Muh0MA==,type:str]
+                rsa_key.priv: ENC[AES256_GCM,data:rcHb/7NulD63i9kIrOL3BRMgqzNT8ZRKcGEbP20xmbnNYARnZGr7xsz4kO8fYyRnmQjMUZMY6SXuXAXhF7/DeNFynXHCucGzHXjC+kPK7cyG7uBpcGkV5UBwbR69VNcluWYh8W0JDv2nF6EKl5SJ7BAd1keH6gZhlMoW0vVMEpyz8yYpRpOxgWvuMonVGKJYjlXXANxLU1eZYAOKMxPdIiSGQS9REK14wmnWXs7dD+iTs4TWgnb6osCBvq+wL7tGKEOSezDwi5f9TO/ivW/7siAl9AMLw/R4aIKnQioKteU1zUGJqHOaxkMdNVGp9EILE5mN4Cfl+65raccDBX4NWKNwK0tUqKOayNgk4aTbkndQB7yLt5VFX4EAQT2qgRwiRpFBRGmUVsrJttFBEwTkEAVr/P6HumUmPTy1TUPjDgQvQzpx9SPxeOwBSuTF+j3gVpgnCEcDuXw5yV0YpmamAPdcfk4IzB3kY/ETOHfJwnWSbU2kexowDmCqoktGDaE42lSA23Q9FQcLifzJJKh6Uc2eKCWNHZB9LTz3MdQx3mHghO1F2G3VkrTukTeU7MzoNcJ+DvL+znKw4bBBuL+YOpddCreOdgl18wBck793aHcPPROauAosAaAIJivjN0NCGDIGvEx1c4rboybf9ZJQZctpKF89FHO3WKZ38aT8GpOkxEAS6c0nca8n452hdSb6EMZTCDw7K6bauBp51oykBxxLfiDml99KQaSl5WC+b098ZYaqiLYmUCAxTABZvSEaWf7Z4xzkTQTp0FT8yjv2eZwRfk5UG6UqtkUqakWQuvwQVJ9VHymW0R4X9+WvA2XVMh9mGOHXObpDGq/+Lf6F/gfOAf2i4axGgIhLFZxhQrp4gIMu0g4HINj80lZjlql59D519nNfUgkPOPVc68tt81Jpgn/fRIE7CsXnboDZlf5NF43XlQLJOD2AQnxhUit51lAOrY6dbibsFCMgGbyotXQgEKJJ3vYlTQ7uFZpO2lkpRuJGIZVfFKaUrhtk9and3j+Y5sR/KeOTHGxcIWGR0YblXF2muKFfBmueCt0j3nvaB+Mvbu3stpcelQQ15R7Ef+ExF3smncx5LKHDIYDHjvmGK20r9SgqXyP4wq1Bo3uwvopF9dMFhL14xqFrlXllYi8oJixZHxaX5MYE6allMxnSz4vCfWuEUH0ANX0NBzYu30mUMUTwPYzvna0m4Vn6M9bPh4w4ruxdfXuytHf6be9nBTeneUEXiu1pLG9TZAfA9n+76c9FaPu+tbuMsoH0OoFdc5T23wTANbxdaBSD9iaOlvWlsl3wUVv3ymMl4xHCIetWPytYKN50ncAfH1NFkHLfsK4i1lojG1A2J6KcmtIqiIEEKMBmVb+aQlOLMIePYEuYgKD0mkBvlNfcuLgEZ8S11n6kYNUsJaRtl2wuqWr192A1Ts8Wj9xHX6pIbqfnskc3bEsb12LVaW+LinooKHzlrvGGM+KubrcRW0RXrvZ7HoG76Nilm+lgktgCRDPLrD3LSRmVID+dRwsBu12Z2oEpf/yaot67ZtAGMwWPG7UTdMEweVUobLliNfDngB6jWnFqCW5Vl6+RAb24nwRxZ0jSAJkdvVuTE1PrSWUaxNbzCLY9wlj3/pUTbGi1o2LJBX6zXgQxQ1ron6HS5umZcpEccfIZezNXDRzQzqdQg9X0z98iA+qlF6jb9TvGv484rWNa8OGb313ziRRHXV3YEO+CC3+AlvWWc/PCD3J/cuUPAcq+gyfafW0gTb/iez3qSE/g7ojiTmFQuvMHRS3kRbPnnJwygylthPKAsBORz/k4FTGmhMhRZjwYkS/nl4lucIGgg+GaZVik1HVvdMoOHv630PQcTExJf+PcL603TwJmAXXxgQGTQFB/MZcl2zAKHYR6HGBYQ4M4bAJ6jKj4qd/Rexp1WPu9VaKKhAU/MIFt/5RFuM3L3Cr+VlnLEPdqCS73CzNxTNfsjI8ljVegy1xWVqO/LRw2kSYzJ77j9FANhb194u4PLc3KcAdnTfTUnw7mzt50kQiJvXkk/ADO/uJ+RCd8c3cuXVZIgFEDcUxS9MukDK9MTStRJIIMKpeR8HtKyc5rD73UB/9PG08/YPeYFvZtE9jjAk2mRwpatqFf0l0sck2Mx/XX5gtVVGdEmRE0ywczK3heglx8lnfM2I1eTdSPW3S8Gw0GmLdF34/xPPfHgnBcE6AVtg+EIwKb+yEnH+tyPRcD1JjCOXuL1T8XWZ+Cubt7QoYSefX/r/mCFJGJntjZ02CfNZK7eWJU4K/EFTY3SGV5Bc/kBJVlT4vT39scKjofjSFbZ/cyi9SyBluvi9EYYLuWDmb6iLENQmmMEbLz90Gz9inQcB0XsRPdOS4lGCfsIW5mbbJ3LuA5D3GQDUE8k5AYnpf+wuxQSIvIGCetR8AT+x/+93JEQ6C/dhbTq2QmdPJJqGuKFGIp5ivoEu0QN78Aho3BJ+uLZs39K2I2u5W3IfTm6v+N5z+YLqPtIt8n7aPeGH+pyFZ/pZeKH1ryxeG59rMWpG99nOfOUJOqKgA2PX5bkE07ya4JTjO1cSKpu9FUYsCKUo3K3/8TDj5I3tBZMkijyMSpGdacNQAQcN1kaDtcLS/Z4KgwpSBTrYtJs7dAzpP8XNMkBToD7L/ZQzPz/rv5Yc2/q9ulP0OlPAuI4bJSBgPshbLDat2N1oBtI9t6eudae7t8fUfOFLtrBgZKL4OgPiaUNO95SZsbzVOO8OpG5a3Y+SXpj3MFDVXX8ZC6Je2I1b3J+b3Zv2rEjohzGoKUu3Ruts1UFPUKi+VnPb5SLbuZUldKf/fx05m6zGlb7YVHJx5V6wZWhU0NmaMTiH2n8+vdaallOftOC2OsLhICYHS5aGrLYPV5Rqz0++73iBWMUDe/yWwvJNEkiIbsPudDi6Eh6ziEWV6aJQj4xqq1hV8Mx/s3UxypKTYCj4ToBpvQ/DHed0uxlhhTam6XXPzfSiK7VuKejwOa6zLFksumZ3sbE+ioSZmNLPJFdNipwtIVvsqcz32HfomtLZZ3h58YS01KwR0rYHR3RI3Y6Q1ZOdbgiWd1jROpDrr7pADRRNKtx9uGA4cegOURG1u2b/C6y8OM4Cf8mXOU9e0TrYG2C/pnQzl4tbcAfvTgFqzHOOPkboMD2kM9YlfTRVu5niGzL+adulFyUY7AsO4xTjjSP4wf6RK7QsWbJFd0iZF+hQ51izaRy+ZZY/qRn3eIcJaSDeNgYisTxQlaylncaZGa8ySI84EV5znljJkdJxHCmh0dqkul7e3/rBcr++AlLmUQknvquadkyYD+ybNlWMIFpnhcPPSPyLcqFXbfgbdspVMfuruej9zeZHexi2oh5kG6b9jyF2+ePKMly+eGZbWJFuWU+SDWjO0B5zcMk2+TpLJWCI8Di+pqiVEa3MDrtLcTL39T60fOwg7NCTbEWNNJmYRYXWCzJ4E7gvsxtwW8jv5LXKL6txsan1LqZpRAoN8MDxM/1WRmUzbf5o8eGiiakhj9VLptq6TcMMer/Mxo9/r3ZNLhERsgUBHp0rIjxsbh2rUKNKI3DJUMQox1QqacnVeRAI9tKVAUosL/Y53XPx3wz1A0tXPuHQ1GCltZl6eZSabvgZ9Tr7ZvPIlWvfe60BQuSGneD4M1BafnaR9a171Zr70fFINTgrCvu0wrWmfy14IUDLv/Dg1CV918PBgxnDxbh73Ia3blx14q0Bs8qFLmPpyT3rIHzieO4xybGqOgyPJvhiaD1r442gAeqS4+iBW4xZXRmrQ0GlD2Y4vJXpOLOM+rq1QFgYiTpdFSbKo3jTp/ktmziG9HmOKff9Bkoqd6pea6sS8FFnQ/qqxRvPYYZZvRnUWdirPUxPXHbmDqp1/lzkwO/md/BURfCXnB5ROGIgNFA0us5AQ5/mFkuxiryAlSLLo1+PDOYCPahnmLa7A06LoaOr0hVzFhIACxsKnHxihXGrAEuNKPqlMhR56bnVlqepT0mjM9hXTZ3SpuomaPxN1ELBdv0E/7AyXbXqTjHEv+Zo+VZp7zBW3Yflg8IQSkVRDkm6AV1W27nK9oQezIh1eVLMLnjiLsWoMPKM5hwyRtXOlibwO5r6XKYV/nwCZWgYUa1hvvn0OKNW53HaHZRGirS01KTQE1HOo84zIghpMZ4ivIWB2Vbx7bQ8YYvniA/SRqIOHdTDDOC0GTW7ccxOQWhMbdpwIwxXTG7/0+1UZJjjucEiEhe0ZNw3MKiQlXUMqWf9PhwP0Xy/eO/V47hHb5YztOSfGPdrpLe/rd8qrXiIvM1XMsISvJsTr2zrj5Yyhr79duP18qMKjb,iv:ceOt2sS67plEI3/DBWN6pD5ma78xT9b2HJXDzXOCy/c=,tag:CtPpE8UXs35cfru/1bnPkQ==,type:str]
 sops:
    age:
-        - recipient: age1v3nya8n8fys8une6cp0t4agrqh4zjk7dk3lel5403xjkf6k87qdqhgjrk8
+        - recipient: age1fraz2lnnqtcxnu6tnjy4f7y9tuc0fnqekzmdynnhtt0h8a230v5qddpxdu
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEa0k0NC91YnhlRnl0NWYx
-            UUNXSjM1UWFNektJQm55RTB3bzlkZmYvSm5nCjNMUitYdVdBNnNOUVFpYXNQb0Nk
-            eWlSM0hQT0RhSStPRGV3VFVZU1hBdWcKLS0tIFNUWlVVK0UwNnJVZVppRHJuSEoy
-            N0RqWEwyTkRESS8xVmJ0eThRa3dOZkEKiqjDn6WedlB+mmodYeMK49Rbm90CMB7c
-            AQstw4G7v4y6jnhLklHYQUsIKjMj2qysB4qLl63q7PjJf+THsY4UUA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVQXhGRzlHTkJJWm1vcC9x
+            UWFjV2Y4U2hDYVNieTdxWEZWUTZuV0tjU0hvCjZ5d3BaNmVBY2Z6anRDWG42UUhF
+            RTAxRGRienNFaWFRV2JsM3VTOWp0U3cKLS0tIGRnR1A0dmh2S0cvOG05dCtIVDRZ
+            NS9OckdtY2hIcittVmtBdjhDQ0M1Zk0K+kyD9AQi1Rr7Ki0sRSyedleUZH4v3ojx
+            JciAeoBi05kcmqxZW4BUOQrDTMMxGQcn0UgZCaPMC8PLmH3z4pcOcA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age19v2gpucsykaqu3hsvskl67ss8mpqstp59vn687am6px9nmg585ksvlhctz
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1bGVxNUxSK1lxRzFjKzRP
-            a2dBQWdtRlR4N2N1dFcwU0UyU1RNUXRLREdRCmxEODhJaHQ1WjdyYkZyZDd1UjJs
-            a3RCMkFIejJybDJOdWtKRi9nbVZGODgKLS0tIFp1YWdENUtQemR3VmFsRHZKdVlG
-            TE1xT1JWd0dSaVN2TDErNktucWE2K0EKwjd572SoW6SZZzQ9Nxr7Z7Mc1F2h+FSJ
-            FS4iqRRb6Py8l4DrQ76YSwze5Uxl1jXK8WaEP0V7en55B8Yn2D04Fw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM2N5MGxHd2FDZ3c1UWNE
+            K0xwY3g2YlJMMFE3OGEwU0xkVC9UN1BRUnhZCkk5MWludlg0MnY1YlJWVzg0Mkd0
+            ZXZLVkdUU3hxdnptelhPZWZWbWxRTVUKLS0tICtxK3dTckhDalo2cFY5T2VScm5t
+            V1VpZTFOWjl1WDQrUnZzcTRZTlpzaWcKJa6wuG1od4QpTLvXvNtRHIqlSNogDFFS
+            7YLDHW3jCMQFWCUcLGbqO9v7ydRsb3C96eAIszoIgH3HCqZaYn/v0g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-31T03:47:30Z"
-    mac: ENC[AES256_GCM,data:GGQz5aa52oYfnBPTjxbLGaJGOUIxotvwRQQ1NzNMJnmtmEeZosDlLAhk08sG5f9u0Q4gYlxxB+XVPq23dbleGXXla/YkOR+z044ppriKpzTa0bSzKyXgSgFn4qtWC148r5iqGaeYPXjHdZARgUVHmQR8qTdAey6nk6k5Oz2I6yc=,iv:1m1ripzQV39VxNAED/xgwOTnu6+wgSmf7iul40Y2tsA=,tag:7eRFgOxR6CkHIg1/8i66oA==,type:str]
+    lastmodified: "2025-08-03T17:16:58Z"
+    mac: ENC[AES256_GCM,data:ydAdU4QqpUGdh+2c0pPC48cWPHsvVTHRV18T4vRTP3jP31BM4tfwbUC+XyBPMTSUPCow+jUpgh7ssgGoZPQCHdGHwrI25ehUY6uLOqiVboBgS+3APwDYHg7UQM+gJOGrbq97P6T3zbtYiQnB9p9rHXWb/W4RUYMevxfghRDEWig=,iv:gSyD5tD8sFA+mUjuxhOJDwDArGEoFO82vwWe5kR5n6A=,tag:XCHyeOJTbH6Kp58drinH9A==,type:str]
    pgp:
-        - created_at: "2025-07-31T03:49:46Z"
+        - created_at: "2025-08-03T17:32:24Z"
          enc: |-
            -----BEGIN PGP MESSAGE-----

-            hQIMA9BR1U1EkAnnARAAsvw3aKlrTM5+Z/DqWzDPpgpAhO3qO7eFFuZzwTnoKxzv
-            9Dg+9qwkG1QI5R3UVv7J5a9hCqjfnskZnHSC7lwo/xkA9cCifCTohCtUe+4s8+Gd
-            HgcWrx287oqnuMBOPjZ6WXIYXKLUZPgQ4RciggbyoOStrqwDO2s6RYMVpWAvEBTz
-            18eydqdD57KL6YUmq6sc9wGKFlhIRvpxay6RltohRRPq1+bReiAuEP69G4fThELo
-            ND08l3Q78lQx5cvKStTFbPCOHu2da991gzfRmLpyPjKtGZ5pIfEULui13oUc6iAX
-            23BSn3iHXuEuqYKCbM19D7xRoCvlDpf7gY6M77ZzqEjG/u3gey1JAW0YzDu4brXj
-            3JTKe72ASc/38D9P9NWhCYDk1uOY0aWO5Eg6j5QZ5fF4eGH836HV4ouU7g74Eige
-            gWTMi3TKmWrbvnRnRMNb6ixR7EbHOKRawrajACtzG55R4TVZDXJU0pv5Fas9TBXa
-            wruWH9a1M0prD//ueTss2b2NOMqkyl3O19sVvotW5xgkiXBpjDsj2bCR/uhmLTkp
-            QKlXa11P4ZiDMNkMbU/1USwMNfYH+pGuVS9CbeIvycnUSDDMV90eRZu99GyIc0+3
-            BHvE6mThfKRkpz/B3hiZuacYK/nINxZ5So1XRR8jO730wwuQ2KPkgroJYd4flLPS
-            XgEpnBwMa+c0y9KBDfoGgoB+urG0bDolLL1DqhvBq93jaNT9dF+VSHHMHAcOvVVd
-            oHagTK56+RWUyg/MFThWeIcNUXKdukwlFdQN3Pko7agawxV4zi6u1dYi9fxFq3g=
-            =N1Pk
+            hQIMA9BR1U1EkAnnAQ//eVrNkxwyh8PA07fWjEByI4rKynyiX47vhBbd2PQ9W6lo
+            y0UWUY0eEWpQlMuoEFeUsZVJiKEk02FpbQX1RkLy9YPgrhLSjI4jxZs5glwWzjWj
+            b3S5dI9sfQxhJ2UwOKQ0Ezu+JmCS1MbwsFY2nz0LcI1MzHvMDUXXMBBTZxqlMxc6
+            5NRLw5jfShbI32pUDk3pxXIcU8bGNLRx8fs1vNf6XrSCm9H8A8A3kbUWSRO2oUEq
+            GCgenHiKjfhA70B0JDyZMa2fSpVw9dMUYYs4D4GjXWXILmiesq+EtS/ExobSW976
+            WEFFZFNCL5Q70t20xMnYEfrP3gjH1im05fOGuTeVE3pgVjfusOZU2mDbzMwvdmHb
+            sHzMW3566GNyOtSQZ8YZBvOkWJtd7U1myT/unRupnpbSMDYn/2UXP2gy4SWNhMMV
+            xEUe5UFbPYwP0fZ8w9/UedgUxagUA9qzBozM8mEjuUwNbd367mlW5dlkW/ZD+dMG
+            51ucjur88dEWcXcFaIOCkgRgpqorWxRSfrvIbiXEVm3jH2jxm1Z7n02kuZpl/Ef6
+            Lh8AiKNljoj0/iqUzWiCeq2Dbns4PFflAawdxgAb1WK56aAXx5Zerr4zDbgNVVIw
+            ozwvoO6nqvBDT6yX0p6Kfs9Sfw4ugHcxFLuzDiRZqt0qYW22tgHU/cVtJBAz3hrS
+            XgEp6NSQTJIcUJwppJSdiiNAObDlEG9bqwfwcbwdiRgqZemhsUSWg/MNfI4q+iFk
+            vfz1bIo/Wv3a07tCaB6PTwXxYFvhdaGRmsudHMdmqxnNyZBH25MYmppQQtIllYM=
+            =J1zp
            -----END PGP MESSAGE-----
          fp: 5F78261B65C565041662A3B7FF8FC3C735BD4A51
    unencrypted_suffix: _unencrypted