diff --git a/.sops.yaml b/.sops.yaml index 6e3e2a00..27dc6278 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -8,8 +8,9 @@ keys: # test key - &test age1925katzy5gws3f9hnvnlwspu6trxf488arwt6ayw3urg2mgumqhszxnmqh - &mno001 age1h5zuv4pxjv94gpmjgfahkzmd6c5hfcdmk48vegzagze24a8x6p3q2muxh0 + - &portal-mno001 age1cp089j9mnluv56rnfmh0w04r8mrees4vvpejh7mk9vanljh69y8qmrha0y creation_rules: - - path_regex: secrets/management/[^/]+\.yaml$ + - path_regex: secrets/management/secrets.yaml key_groups: - pgp: - *admin_tassilo @@ -19,4 +20,13 @@ creation_rules: - *admin_marcel age: - *mno001 - + - path_regex: secrets/management/portal.yaml + key_groups: + - pgp: + - *admin_tassilo + - *admin_melody + - *admin_fiasko + - *admin_adb + - *admin_marcel + age: + - *portal-mno001 diff --git a/flake.lock b/flake.lock index d91860ce..23c91f05 100644 --- a/flake.lock +++ b/flake.lock @@ -101,11 +101,11 @@ ] }, "locked": { - "lastModified": 1705701187, - "narHash": "sha256-64uA5KNEUPQvgi7QKXvjcUKRA7M3xKxejsVNFm0MdJo=", + "lastModified": 1705706890, + "narHash": "sha256-MK76EkK7em8WOOWH5q0QmqgM0i0r4aAtcqioOEqoPFs=", "owner": "dd-ix", "repo": "ixp-manager.nix", - "rev": "06f0c1774894f44015ded4eb5bbfa6a92b96f78e", + "rev": "56fbe4e4c095d7322ed60e7fc1ae75ace839cae9", "type": "github" }, "original": { diff --git a/modules/management/portal.nix b/modules/management/portal.nix index 60bc1485..6cf92ecf 100644 --- a/modules/management/portal.nix +++ b/modules/management/portal.nix @@ -13,7 +13,7 @@ services.ixp-manager = { enable = true; hostname = "portal.dd-ix.net"; - environmentFile = config.sops.secrets."env_file".path; + #environmentFile = config.sops.secrets."env_file".path; createDatabaseLocally = true; init = { adminUserName = "admin"; @@ -31,6 +31,7 @@ settings = { APP_URL = "https://portal.dd-ix.net"; APP_CHIPHER = "aes-256-gcm"; + DB_PASSWORD = "test"; }; }; } diff --git a/secrets/management/portal.yaml b/secrets/management/portal.yaml index b8db43ee..d53d65d8 100644 --- a/secrets/management/portal.yaml +++ b/secrets/management/portal.yaml @@ -1,106 +1,106 @@ -admin_password: ENC[AES256_GCM,data:aL4oLO6Z3kYg1oyzEIaZNQOfC18CXS23BSeA6HUg5uPEGpzVzSTED9HQ7zhEyoKOIfsC9aAZESraqwDsKXxkLA==,iv:I7gVQpVcHLBegXin6bRJ7fIfMZtaschps87ZRnNTOJo=,tag:bLJL/Gvj8wLqz7Te5n2Rjg==,type:str] -env_file: ENC[AES256_GCM,data:g0dw3RYHMZ2CVkwKNKqm4CV5XeHsAckP71P9CTdFXna4glNeNEZtUO1ASgqaKtrx3CAQZen9X9j3YCphmZxUFQddC59K17EUfZ3t1Vo=,iv:BDsDSnJOBwiE4ziMW6VMtETLYw6iDNDkAG2W3IsOtqE=,tag:rT70LD6gqDgJwZJ26M0t/w==,type:str] +admin_password: ENC[AES256_GCM,data:5kBLxTAjCG1eeuhdBvOb9nlhL4eS/A5kAl5zEIxYFFg/qYzJm6xY1GMfD1/1KA33gJXCK36HXJ9+3bYZiAcDYQ==,iv:I7gVQpVcHLBegXin6bRJ7fIfMZtaschps87ZRnNTOJo=,tag:HZrViowffFWMzgHfu9KfHQ==,type:str] +env_file: ENC[AES256_GCM,data:gsf7yjpbD/xIMUhmuIoL3Mzz3Ct9MftDCLLG+/HDg7JwyTWXajtG24jqT/tvYG81ghm6qsafa/LJ7tf+bwHs4S+6TBzx3So+80FLxYA=,iv:BDsDSnJOBwiE4ziMW6VMtETLYw6iDNDkAG2W3IsOtqE=,tag:QhTFLOtQyzsrXBIgldDELQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1h5zuv4pxjv94gpmjgfahkzmd6c5hfcdmk48vegzagze24a8x6p3q2muxh0 + - recipient: age1cp089j9mnluv56rnfmh0w04r8mrees4vvpejh7mk9vanljh69y8qmrha0y enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLTzQ3MjhSdWFsbHllNHVU - K0pZYWtVUFFIMjc5OUh5UjE1ZjZPNXAyWDFFCm1uSG4xQi9GUzkwNHpBaUIrUEx1 - VS80eEdlTldRVEorRVRaTjQwQUVSN28KLS0tIEFOSFNNK054UVYvbnV4Q1g1UVNV - MWp4M0g3Y3VjVzIwaEhsUWlNNFNqaEEKCBFd8uA3XqdKGOFJOgANvvkic20gJkk1 - yL4bOzoDSBT/6mSuZQd3LPozn226gO84oxtZWO3JJ6TNTEpFglhjYw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdEZjSDl1RlZUZ29lTDND + bzVPWlpXTHZlRkF3c3o0azl4RE1wYy9UWUVFCjIrdVpQUUxSVWRTSGhYVmQ5eHRX + L1pEaHk2T2N1U0I1NGZxV3VkenQ4R1UKLS0tIE5VZWdMMHhSZUJIME9FV0d5ZUR5 + R1RGT3RpQ3RmYWRXaHlJRjN6aHZYbGsK9hIvpbLe2EsRwMOyNwx10yLfM6hJCAG6 + hJJNEzpKgTmYZ/EZnU4Nc60z8juE7v04Bf9aQ9+v8v5cUFsO0/oxow== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-19T21:16:38Z" - mac: ENC[AES256_GCM,data:NgybBkCSq5GEY+t4z4PtIM3T4Lfz6qetChPjjwIZPnJHvVj72LrKnBe7SC6XhmVqkYHYltt/ZVy9nt1++B3VcVSj8YydMQt/T2zdcw5c9F46a1SoORl2805NgurZ9isS4+eUJ1c40LaIQ+b9vmcOV8ItYQe7YWqiet7xmXlquDw=,iv:2Fxg0MJw37wSoC2QM703tQLdO+xhbdeJ/RIMTJbLBDk=,tag:BIxhbin7SNRYu8Scma/MAw==,type:str] + lastmodified: "2024-01-19T22:52:12Z" + mac: ENC[AES256_GCM,data:6pO48kLcA9iGNIoIbYk7NG7KVzhsz2D8HfbocKOmahEbpOhl4P1WoB5lbuEslCN6OTtFI8qE9/PUXLUl/Z9DYW366BQdD8lstb1cv4BthUK+YKzzHzsEcQ7B81cYGwlXRTK1hL96rgBlTlHlHXQ2oBBETMwxHibJwlIlYoreUnw=,iv:HQmx6x4IVLf0rsYMS/poSPbp8GJLXcMbTFHxnw2dO14=,tag:ghMQwtiG/IPuTPqjRVWRKg==,type:str] pgp: - - created_at: "2024-01-19T20:42:01Z" + - created_at: "2024-01-19T23:11:30Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA/YLzOYaRIJJAQ/+OkdsMb9Urj1yp/t3pTub1PnxfGkeocOPIJe/sEpZqx3L - IXzBej33S8y7n5+szCtqLLaHqqK8Y5kXw/27SzRRVHFGazFguZhnPioPMXOOt5S2 - /hO5vgALtCOhjBKVHJw6DFSLyw5X998C7u+bp/C0f9oTlmAiwPBZN88td9OJ3+0h - KMRxyKX4vkG2ITI5pl0PJj6tly+q4eqY8pSZj9SCCml66BqCZY9njMyE35N/ZuUV - VX728mZQ8o6rsmoidZrrbTgWVrf6w3cUkq5MQxbLgJtYfeoPDO+HhzvLWX/nnHyU - 7ip3IstMFyzWHaayrFav1ppXikUt+uaFToDv81Hio9J0pyBKNWtcm7Nt9utV2wzW - 4UlgQuSuzvmTqxG2ubsgOdfaNPjOQNmNBmt6nEtByXwhZCxXWdU+ZpwOHxZjc/M8 - 5jIDImtjvpQNwIYqEHc6GoT8I1qeybLPLJ2W7AFAqjKW1VKeR4A+9sxdeNve6AKb - a7r/O9o1XzYJU8VoxnD/9Bbxlulbepe4e7XyJxGyBUBCrMg/QYhYHbuLz3qxi2cX - Pgkw87/rZBiT0C1FCq8yL229r6BefUaYMrrStzsbhmXx2t037DzpPmpbXB6ahLbq - aLmGURci8hf0NnR/Onq9kusB9r126vuP72xWMXY403bZv/4uMzjVdvWUxqd0VBvS - XgFvUE/6Xk8IKgzaA7dPiE2HRCJfJtc5VeFKW7t1ALb5RyaBNwoTSnckyNM3XpKn - pJQxO3qZMqQukOy6yq1OFsOkE2uTzf2nfrBz5DbaSqePduHWLEFj6KIbmjFSQlw= - =x+Mh + hQIMA/YLzOYaRIJJAQ//evN13p6Ip8hmEm5GqQF2YI7KoGOyMT/sj0vJDpKOaxjs + QdpIiWjKhs8seYtYlHqF/ymqftvyi6/h/XVcke7j3F+dk3C8ov3QBoZw/x1yNiBl + BY3NT9XOugk/hkZl++UEjeqd4G+LjlcCb6V+qGX3+2aq6rTNLsGIot1TKvkIrp0g + 18sciMc+SGLxaBxHLhOEO9gdn0pmAvxuggvGST72zrWJoVfJmopp0P4Mc2BRQQ+z + bojh65sHlePcfYbo3EWUShJejWpw/1DNJdsc6gvidm0Faled6n+/tvkqIANffp4D + 84uT8XkT8ClapGLL3b/H0ygyVBf3Lc+9r+eyA+kN1tmsF+IIWH7XOCpvNhQeiWlk + WZi8pZdRBvByR8s25jKX0qiMMaPL5TCpeUx7L+bqJ4/qJjPJrQNqrOpy21v4JKEn + GMkAjKaAXY/ixOtzSxyEAFn/HuGuVuWHlfwTkJcI1R2aoxY6zhFPC+X/ExbzdaHC + cjniTje9rR1Xt+Ud92AIZoN6Imk3E/+stWg798SVoXIDXkrVbhiKAVZou16Fateu + Gb+glBnlBaXyFDm+ljRDrPLjKsjyUE+Tb+nqNhFSI59I9KYQLA2+qlXwMY+E8gAn + OzBIWBLIeoT1cNNoMxX4+GrNayir+J6yCczWps4ZyIbgOQh2QVtDv5DRLhjphRLS + XgE1K+Cq8DXfD+3BOaYKRgRV572sCWfVoRYsDYDRB2JmxN8jBUS71UGC3FOg8ynJ + 7pzzf6xZsV6kuljxfB+WW8eGHhfoqpCL2jZOP+R1XVD9UXS84GdUo2Bh6p42qn0= + =GsW7 -----END PGP MESSAGE----- fp: 91EBE87016391323642A6803B966009D57E69CC6 - - created_at: "2024-01-19T20:42:01Z" + - created_at: "2024-01-19T23:11:30Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DscBX0xwMSCMSAQdAe+oxYmY+BL5qPxrl9LIdq/T0JM7Q6RN4IBMXIYigCzAw - JRtaShA1pXnYBn5KJbh71TC/15r/cIElrlUdCsFIETYGGNY64AYhZAvOncBFhc3t - 1GgBCQIQjj9lsSzieSj4jUoyLzR4g7Ow5Pi14us76oK2BwfPaC/kU4cs8jgdqK23 - M4aU6iwItqWYrCKzgjY0YM6AZs0/u1XVc33Alps8qZ3QROy8ecLei37QSQQ9rvXY - n39rmWVgkkQyJw== - =gdGX + hF4DscBX0xwMSCMSAQdAFOgmRZJVuxDpfFDPjFpUAbte7SS1IdX8eVrxJHEKn1gw + O2O1OGUeuxFhFfcRbMFMFvBzoxt0Na4Ke7br2qdg285CoI1o5QQLoXx1AMBWtErA + 1GgBCQIQaCvz8tIsxxJWP8LbNXQywzgQCopSyK5C8RxjkNYGQq1jmwjfJA/5RQso + 44RPzaQ7kb3Kgvan57TlQYiQOrcJK3recQsP8ouMl1e0OA7Y8SPVXb9H8c4Cr4ih + LLJ9RSkwMfNV0A== + =+zyV -----END PGP MESSAGE----- fp: 778755C4893709525F6E62BCC2A819CA37DE8B61 - - created_at: "2024-01-19T20:42:01Z" + - created_at: "2024-01-19T23:11:30Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA+0g9G1sLfsXAQ//f3kXnONj62NAkXYeiBNhx3WgCeadV6qiiNMnZN7XtIe/ - 0sKVMUyiergf3aM2Fp7vHHboDoWnoOzHBkZD0OV0T+Mt3gyu9Q+w7BsbeRSP+mhq - 30nz9OSl6WFVJr2XSVsK0Nok+hzfjV648FUe3P/r2Ex/qmAx+uKVu1LJcv0r1EUJ - tEOeYuPxxA1e6LJT86ZsCFDTTQ9BfKPZx96RjWxFNNt3lSCqCYjSJmrX3/3/Hn1Y - idZKHtPcaIdy14zUgHWXK3ZKCiceEmbbRYicTAAWyn5jrLZSxOTFPLQ9ylr11Ckb - l2Xx2EwR9MoqXxG378exBr8ueLqEho7ILPh/KO0rzkVg4Z6BOsz1vdOBa5cJggEr - tGrc6aQZmPAdXyX0Z7CCa+hkEFI9dZ+hfDStwVtVOTXWc/8le5uCukAI1dwYni1J - s7Jp6+tsbPcsopZxvyn8kky2R4R7vAbxYzrHHo102gAQhB8XFEUM6nF/VkLIaXEV - xH5DIKVemp5rEXVRV5yp33aATh8RMoEMgdo1vT63Cpoui8fsW4cnleoiEu+S1nDU - MAAVUWsoY/nxXYyQgav38UzNXa/LmFaOcmyLGtis826heIV5s/rV2BPXrb8rhEeh - o019M8FjxNy7o2JhZlEqqA7sC7/ItMC24MkA4zmPbptY5S0DUnpImEjSUp5ZTNvS - XgHekABRa4xTocwBvqYdAbJcL3h3IXq/SV2UcCrJ1pbteoJGD4LGSfpmVjYSAauB - uRH/DrvAOv+Z82HQiVzaTmcZM4yZ8USvcJ/asaXm0toT6boGfIb3Mv518/6NHdI= - =8byk + hQIMA+0g9G1sLfsXAQ/+LFvrDItIm8tpNtIXh3vsoEOeOvpKemyJ61U7IbETLeu0 + iGnTAZK0nDmyfSbNaErWi5HmPB0Xgwyo5BJcEPpu68h9UgoHQe7yfcBvTHUEpZd5 + i2GYmum+zF4Qx8yMvE81mop0LieQqBvdZ5sEvtOqa1pAiDEPA3iLMv9USK7GSnuF + u+dOOH0JIzH/qjB9R3kiaDwlvZsNcG8xXyQH+6ApSTJ55yvCZmkHcUzPmlDdEL8o + et9Vf+n9lyWZx3ERcb2rgYwWhwAXD0yJb+4TQHn/3NEAW39AGX3Rr3y4HHn1RI59 + ry1X2dlOWcTqoo2oqnagq9MgPyaDkx6PyqfjH+6u2ralzsFJwg2e2EALu/HREHaA + 3PeFTKsiXJZc6EmltXJxEUtRK3CFD5p/bRkt5zfdLaGCrUInep9crkbycg634tEb + tI28bWxxfSiZPMHFaOeYUrRDBuLJ3Iz53qch01VtFtC2L7UJnJMaGEUoxxs8yVSP + Dozc2/k/nyziViMhhoYYsM+8GG5DvScJEf+d0J7VIBrRu5nDpyG5w/RhTFPCgr5c + bSKrioky3hbKXe+Jw6yIFyILuyaQXrKMIYVf8Ay+Nkvl2Cdod7/eZFwJ5wWhHKJP + e2YqA2EFvy+HDwwud5fg+QtmH4TYxIF+/CJG1ls+cTokHedGFVTVCmNU5zIpWETS + XgG041zICnA2mF6mdeuWUSdsOIqTrrEKFVVMcPuFUGJ0WMGshDXmlkOEv7t7hv/D + /HvCKZjX+aTYOw1Zd+L40yAxAw4+Ic++iJVO7N/8TY1r1xI8B7TbRBW6pnO3wpw= + =cViF -----END PGP MESSAGE----- fp: BCD42664340540E058422472AF9E0821C4A08B44 - - created_at: "2024-01-19T20:42:01Z" + - created_at: "2024-01-19T23:11:30Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA0jS2B1+GdbtARAAqiYNMAE0vQkwpeaSVURgvKR8cBLBF7Wo8xcgPbjNiYWp - EmukxvJQPkebtiyKehGSDvd+JNZ5CIXn70Pc4Ptr4VQfAm+pKv/S+OVFKuxREGYO - mu2/JzLlX46OyJnxS8Lu287Dv8raH49/7GXbCarGEGzklY7ymGT9lCGUrnYoDme3 - eImgergdMbW0xtt5G/TcnlU7NpA3q1ocHBIv6p0Ru3U1UpjgYUL2tWMkkHpcA4Qp - JaeCHLXBAWFiM7C/sn2AZpcCoZY0mBjXQ62Ng7GpIKs492f+SA1jqBMPdheAlAD9 - 9lso47ttlOCz7eHIhcppSmhVBYSzY64XoFH3Pqkg0WEqTLgXbvpOUs7G1FLx8UUc - KuDLwWyUZv0aHA1aoYc/9hyZNyGJ6di5eJTxbrnU4BXd4yEjlHDRbIcw58QaOLO9 - ibsW3dM7lg1PlZhhBrhO7Mroer7937p1akCaeSxfth7a4RRwTUr7LZnKV9klpUkc - geeZ4IE7zvJrYnVMxufRGlpkJMr4qGnoxiOpZAtFcgxT6c1vjKneIwWN2Ntr2YV2 - EeLalUodqhzZwc9WhgjdX91TiC2Q9FFGiejLrxLSE59nJBO0u4zDoTt4OwUuU7Uy - Z3pczzH9i3sdmUInRVAfMynvv5gjGTI6zKporueXDd5ZuZTNfDYrU/0kppMeVsjU - aAEJAhBMvArzI9N8Cfwdg4K5Ho77WO4mx4f5XGeGoGLFyajviKRNSUwF58ikGpRp - ek0dThpTlHphUJLl3vR5lCyOyPRbGhcGul20EkcugKQxR2Y9quV3CPx9B1Td0fGY - IvpNJDhnZy8y - =gOps + hQIMA0jS2B1+GdbtAQ//RRfvcwxX30fNr0FrBnq/GoPK50KmVe8Gdg+KDjuu+w+k + Pah7Ba595B1pLGH2c/17WFksRq2XYTK63bo951hjnHu2sQBhxs3ZtwaEhmG3k0h1 + LI5KHmUFjUkDc017SKv2t0h4UvrmFV2CD6NUhVcOZpy4PJmcDdVP3RskV0S0ZoKk + T+OBBaGEhCUtsIw4RjNlN33q4Pvfw23ykz2bt7mXhZ+uX9z7L8KFBVlSfL5Wfuc8 + OYldWZksMepKnBG6b8J0GJdl+WZJ18t6/sITZSQ7s7PONS4q4HADJuay6NRXBIr8 + Q56jr5yIntztm9vQRU2jehi9eJPH/GYscYOwVcUCIuaNjkAi6pp/QO5z+/6v/vF4 + ZLGg9BnXvPRxHABlkhspUPzf9jKRr6B6SpKZduy5/YRFlf+jyo+OWWGIri1W1rUk + g0LFDu6WKFvob2HMCPRlWyO/O5pqC3khtzr0ion8Wotg4YuzV8Jjjdd35YaRalf8 + 8U3Pf59rCryExB8G1/F3NOtu36t32rIRKo40xF1CJ1yFerbqI+nl/srG28gNFWJp + AK9T7FpDn0lL+FqkgoF8WOqmgcjX/DAPsxS9Y2gWcK+1JBFX3NBD9tCq84bPrbfi + LmCnfX2/G17YH9yXV4EKYHOBJBnBMQW6V7GR1M4v4IdxQNbozKfgtfseb5785ObU + aAEJAhBog75Yuo5UIGvVYI60lUVQ9iIDkUCDZpmdBmTfX/30p3qiX9SLULW0csPV + W3Z9Qg7tVeC8d+iKS3hnF82nVD0Bz63rJdhStt2lwjjtAxIS5FF0J9eRs0xJVK7g + uiELW6hlQ9ik + =TqRO -----END PGP MESSAGE----- fp: 6F9E5DCB111D958035A7B0084653A66E940BBA1A - - created_at: "2024-01-19T20:42:01Z" + - created_at: "2024-01-19T23:11:30Z" enc: |- -----BEGIN PGP MESSAGE----- - hF4DQm4jkAzjp7YSAQdA1xIJPtT/+kuyaFEzOE/W6iEntXLIPEnNBgTRq7UJn14w - Oe/0w9MGr67n46QpISYCVserlKH+zpUjvc8fvnRbe3wIHiqCpp+WUCEq6flibyzx - 1GgBCQIQBn1hgIWLoHUq9GRsk4XCr9LLYQboxI/sW/ut6inIkSPlrPUljW6cmZV2 - 5V4AZ40GGt6xNyf7dhoF06GFwrDWfwKIcHekCh6mXAzyad9Z6UBCYl7hD5g4Dp+p - TR3eyEkfRlrTGQ== - =3oX2 + hF4DQm4jkAzjp7YSAQdAQiJW2kDeSdb1qfQknbSTzdb61brO0gjC3KnDCj/vmWsw + qHJTHE3giQtP3YA8Bso8gfd5PkEpjKDE1lov0+fEK1Q81+1ykCwSDHEqX4y44oaS + 1GgBCQIQe36MsDOiLy9sGHnRTEZLsfSJ/Tjfma2gIglVr+4EsBqcxqqsL2KHpNKw + nnnvkppS/t5PXYJDjUu/KWaVBFCVAolPAPv3cp1Vx2Kior9AP4levtGjGDw46kPt + p3dhuIk8JwAZYA== + =iMag -----END PGP MESSAGE----- fp: 46D4682470DBE26790DF9433446F3B093DF81C6A unencrypted_suffix: _unencrypted