From 95c68ccc7d212d3108aa33fe014182475e8cece2 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@hoyer.xyz>
Date: Fri, 6 Dec 2024 09:50:56 +0100
Subject: [PATCH] fix(secrets): update sopsFile path for internetbs

Change the sopsFile path in acme.nix to point to the sgx directory instead of hetzner to ensure the correct configuration file is referenced. Added a new encrypted secrets file specific to the sgx directory to maintain security and confidentiality.
---
 .secrets/sgx/internetbs.yaml      | 30 ++++++++++++++++++++++++++++++
 systems/x86_64-linux/sgx/acme.nix |  2 +-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 .secrets/sgx/internetbs.yaml

diff --git a/.secrets/sgx/internetbs.yaml b/.secrets/sgx/internetbs.yaml
new file mode 100644
index 0000000..883b346
--- /dev/null
+++ b/.secrets/sgx/internetbs.yaml
@@ -0,0 +1,30 @@
+internetbs: ENC[AES256_GCM,data:HTTxPwcGWFo/WkWD6UZhE6qUaBmJSVFzDux3EFn2uH1mCPoW0vKykfUbbMCJo0tWMvQszetAuO5jnQJJBrIkM6vaXX06ZlDUWluh+sPavqKFeq9HDobgf9qhhaaSHgrD/hLgz+dJ+Lj87/huEMhWj8KrnPY1Hj5uDUFVaJOMgNzczSt6iLA/mdL/cEiBT5st8qk8,iv:Ug59B4G7p0zVEAuMQlEYk+GcOjy/QOxEvxbdLnRTgpA=,tag:Z/7ceoVgr3ciNFKSlncjpA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaalQzV0VpQXJVUFVOZWJw
+            UVNMNHI1UURCSEVaaUxlZHN4MnRSeTlRandJCmlwRlNFTHlHY2g5WTc0OHpEVG9m
+            U3ZsYkhPMHd2Z2FMSlF5TWlRR29OVVUKLS0tIHhyYzNUcjlhL2J4VlVWcTIxNE9D
+            aDN5RURrZXF0YnVEZjNDN215ZWd2OHMKtyOhWXFIJOhRUf8UoKql2S9xd4vXuZR1
+            SCpyveq4Pe518MX2wQ3cnLBJxHrEKiEhtzCQu+7vfsHIaPBKUSBcsQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VTRLV3BpYlJqSjVTSzJ2
+            c01XZi9EcWFlOVhONWJUTEV4ViszZ1JadGt3CmttRi96NVVqQm9MdnM0OTZnWmRG
+            WUhlTmNjWWlhNC9Oa29ITDBDRXRlUEkKLS0tIEt4Y2dlNE9BN21YQjBLZ0JmazFS
+            NUVyeW1lQzl0YWY5ZTRNODJWUXBkQk0KzzDHgmAGdc6PwaoMYm1p+vZBREjNVPv2
+            Yi13wXXtWPV1hhHATZKplEeuw5JaalAsGwZeeoKWNBiVUDNXywEFng==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-12-06T08:50:35Z"
+    mac: ENC[AES256_GCM,data:Tz1EutxDgl2DQgNWNJWap5cwSAgR/Y4EjLUva7qHtXIMWa5jKPKqimY2IQhcsbqYv1zZmm+OnbO+OCIdZRbpnDCk5waBhywQNxNxjGAbv9fo/hbRFg9cm/vwA2BrXk9BR1L+gMcejRyZnnlMwEK+NomBkqAkpDZDlKjE7ebHoz0=,iv:Lk9kE3opD9y4oheETzLOiPn6Z5dLx8JEAuyCaYbkpQ4=,tag:/KtGrq7sGUxfi7BaJObhOQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
diff --git a/systems/x86_64-linux/sgx/acme.nix b/systems/x86_64-linux/sgx/acme.nix
index 76f7414..8bda91f 100644
--- a/systems/x86_64-linux/sgx/acme.nix
+++ b/systems/x86_64-linux/sgx/acme.nix
@@ -6,7 +6,7 @@
 }:
 {
   sops.secrets.internetbs = {
-    sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file
+    sopsFile = ../../../.secrets/sgx/internetbs.yaml; # bring your own password file
   };
 
   security.acme = {