diff --git a/.sops.yaml b/.sops.yaml index afe0d19..a9e2120 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,9 +1,14 @@ keys: - &joerg age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz - &nixos-wiki2 age1p3dl7q5ahjdhl3g72mqk9pxy3gcptw9dqmg6syq9f9s03ppqp4rsqm93n2 + - &lassulus age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2 + - &julienmalka age109qksyjgdnf7elnk98dh4vtxt0epju7xjemlqng0j0x75st5zg9qm9h3hy + creation_rules: - path_regex: targets/nixos-wiki2\.thalheim\.io/secrets\.yaml$ key_groups: - age: - *joerg + - *lassulus + - *julienmalka - *nixos-wiki2 diff --git a/targets/nixos-wiki2.thalheim.io/secrets.yaml b/targets/nixos-wiki2.thalheim.io/secrets.yaml index 89891d7..babee8b 100644 --- a/targets/nixos-wiki2.thalheim.io/secrets.yaml +++ b/targets/nixos-wiki2.thalheim.io/secrets.yaml @@ -10,20 +10,38 @@ sops: - recipient: age17n64ahe3wesh8l8lj0zylf4nljdmqn28hvqns2g7hgm9mdkhlsvsjuvkxz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNm9scHFONkwwY3dzWEtH - TWJnSVgzQldBd1NsVS90MnVyQ3V6aFo5YVFJCjc2S3lUc3FUaTllZGQ2R2FFTTNj - cWRQSC80a2FWQm12cnhXTmJNN3lSOW8KLS0tIGpPL2ZzQzBpak9HV0lES05SZk5x - KzM1azdvWlZIVU5VWVd4Q1AyN1VNTDQKZPtiA9MWZMOi+u6d0/Cg4vlJnP8dcaRq - QQKfP3LYCRqWBIrAPP8LWhza3kEjh22Wquh8Zh1SJtq2tgGKy+Pt+A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5bTM3cDN5clprd0JENXpB + RmJHYm8zak8xa21LYVhTS2VTVTg5akRyb3lnCnpPU05KTHhtVG9hMlYyMDhIbzd1 + NkpOck5SUTNJZkdNUFVyb2x3RGdYQkUKLS0tIGRORUVXWHNDZXF0bmtHaDlqZHU4 + UWJ2Z2VLSDBXQXBmaW4zeWU2NUt1Q1UKbb0V/aQ0gukeN/F+nDVzAQI79X7bNZtQ + Cy8JZh8+NCXx9IYDQHbsvVsq//M69UO1WJjqiAIOa/LUOtytcJ3FOw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1eq0e6uhjj2tja8v338tkdz8ema2aw5anpuyaq2uru7rt4lq7msyqqut6m2 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NXdnRUtWQWFWWGJuUzZS + ZGdPRGw5Qms3Mjh5N05aREFNWFloOWF4QTBrCnBIY2RDaTd0TE5ydTMyQzU5bitn + eWI3OHZLTWhRWThJVjVGcElLN3lWS2sKLS0tIFVPSWVrTXBib3M0OThhV2x0eXJF + TFgyV01iWk5RQXQzLzlna1NEd1MwWncKiZHoBrCZq2qfZIm+jbsv14QTvD5owODz + bLnTzQ7O3TIEsyuNXlpIeNjTZXEcSmRj981WScxTYvEwy9vcJq/6+w== + -----END AGE ENCRYPTED FILE----- + - recipient: age109qksyjgdnf7elnk98dh4vtxt0epju7xjemlqng0j0x75st5zg9qm9h3hy + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQdUVSNGdTcDQycEpvMkVz + VlJlZkZ2M043azhMa3o4U1hxOGcvbUxEejN3CnAvN0ZuUDJtRzVGMHNteDVaY0Jr + UTJyVjlKNFFETlFWbU80R0YxREF1Y2MKLS0tIFVwUFo0RHU1TEJuQ1RNY2pXZnUz + VjlCN2NnQnIzcHpvU0IwQmgwWFprYTgKaWBhrnch+ufylR4a0Lhc+fB8D2Q/NJ6p + bpxZK0wwlOgv7ZB0l9x4sJUq9gRpLYTinx0Rr2C/SlkOOIEzx0TbJA== -----END AGE ENCRYPTED FILE----- - recipient: age1p3dl7q5ahjdhl3g72mqk9pxy3gcptw9dqmg6syq9f9s03ppqp4rsqm93n2 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpaHFwd3B5YUFUcnR2TTFw - aTQ4UFFBUXFxL2pOcUhyTFAwQ1ZvTGlEQUFnCmlQeHBrb2NhQXovWEl4ODdvd0FI - b2JMOGpXRHB3cHVHZmt3UUx2SUdtc28KLS0tIHVTZ2FISTZWbmdPaWlTdUZsTG1I - OHk4MkVmaFozaWdRV1RpbVM0amEvQTgKHk2ZxC+ZMUzTWD6KS1miOtLCtXF9SN/t - 2DDz5UAadLKaJ425AL3Qg4BhOZqUz4qPoyQvD/3aBKXg0IxXHgJCtQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcFFiMklwQW9nQlpqUjNW + cDc3Z2tVUVBzWTNlcFJ4YkZzcmw4NzZDU1JZClRmQmdGaElCWTRuSCtsZVpjTUk0 + SFNRY0FGeEx6NkxlWHNtTWxQUzlKajQKLS0tIExCUXFXMWZTVk1CTHVxUzBhYmM0 + NzdoVWR3TlBrZHYzYzBKelc0UTRvbUkK6O1Lpi6hcMHyFA3E8yJO+1LkXR/10xnW + ViKILGcsw4AdsRGNL5fHxQECR11WsEARetpX5GlixC0lvS/Til8YWA== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-10-24T15:17:00Z" mac: ENC[AES256_GCM,data:jPInsdN9mTROhh+fyYb4JSy937fuSGr6lhRIZhDc8alOO7TYnF9GSbum3KPPHYLm8LPKLQK19umyik7a5P/c983sfRHhaOibAugtPQT3fzw0/jAjwUJ9F4t9zhrZ6k7KfU9eO/34vFM0uKYhq+wUV9ztgDLJbARmtO0Dka1ks7w=,iv:NudkNhomCsFlqkU/QjQcrsqoTdAJC7HzJDpRuqHCx7s=,tag:K20RqA4EcDmm5V27ZGPGpg==,type:str] diff --git a/terraform/nixos-wiki/main.tf b/terraform/nixos-wiki/main.tf index 42d9484..bab73a7 100644 --- a/terraform/nixos-wiki/main.tf +++ b/terraform/nixos-wiki/main.tf @@ -17,7 +17,7 @@ resource "hcloud_server" "nixos_wiki" { lifecycle { # Don't destroy server instance if ssh keys changes. ignore_changes = [ssh_keys] - prevent_destroy = false + prevent_destroy = true } }