fix(secrets): update sopsFile path for internetbs

Change the sopsFile path in acme.nix to point to the sgx directory instead of hetzner to ensure the correct configuration file is referenced. Added a new encrypted secrets file specific to the sgx directory to maintain security and confidentiality.
2024-12-06 09:50:56 +01:00 · 2024-12-06 09:50:56 +01:00 · 95c68ccc7d
parent 818ae41e58
commit 95c68ccc7d
2 changed files with 31 additions and 1 deletions
--- a/.secrets/sgx/internetbs.yaml
+++ b/.secrets/sgx/internetbs.yaml
@ -0,0 +1,30 @@
+internetbs: ENC[AES256_GCM,data:HTTxPwcGWFo/WkWD6UZhE6qUaBmJSVFzDux3EFn2uH1mCPoW0vKykfUbbMCJo0tWMvQszetAuO5jnQJJBrIkM6vaXX06ZlDUWluh+sPavqKFeq9HDobgf9qhhaaSHgrD/hLgz+dJ+Lj87/huEMhWj8KrnPY1Hj5uDUFVaJOMgNzczSt6iLA/mdL/cEiBT5st8qk8,iv:Ug59B4G7p0zVEAuMQlEYk+GcOjy/QOxEvxbdLnRTgpA=,tag:Z/7ceoVgr3ciNFKSlncjpA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaalQzV0VpQXJVUFVOZWJw
+            UVNMNHI1UURCSEVaaUxlZHN4MnRSeTlRandJCmlwRlNFTHlHY2g5WTc0OHpEVG9m
+            U3ZsYkhPMHd2Z2FMSlF5TWlRR29OVVUKLS0tIHhyYzNUcjlhL2J4VlVWcTIxNE9D
+            aDN5RURrZXF0YnVEZjNDN215ZWd2OHMKtyOhWXFIJOhRUf8UoKql2S9xd4vXuZR1
+            SCpyveq4Pe518MX2wQ3cnLBJxHrEKiEhtzCQu+7vfsHIaPBKUSBcsQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4VTRLV3BpYlJqSjVTSzJ2
+            c01XZi9EcWFlOVhONWJUTEV4ViszZ1JadGt3CmttRi96NVVqQm9MdnM0OTZnWmRG
+            WUhlTmNjWWlhNC9Oa29ITDBDRXRlUEkKLS0tIEt4Y2dlNE9BN21YQjBLZ0JmazFS
+            NUVyeW1lQzl0YWY5ZTRNODJWUXBkQk0KzzDHgmAGdc6PwaoMYm1p+vZBREjNVPv2
+            Yi13wXXtWPV1hhHATZKplEeuw5JaalAsGwZeeoKWNBiVUDNXywEFng==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-12-06T08:50:35Z"
+    mac: ENC[AES256_GCM,data:Tz1EutxDgl2DQgNWNJWap5cwSAgR/Y4EjLUva7qHtXIMWa5jKPKqimY2IQhcsbqYv1zZmm+OnbO+OCIdZRbpnDCk5waBhywQNxNxjGAbv9fo/hbRFg9cm/vwA2BrXk9BR1L+gMcejRyZnnlMwEK+NomBkqAkpDZDlKjE7ebHoz0=,iv:Lk9kE3opD9y4oheETzLOiPn6Z5dLx8JEAuyCaYbkpQ4=,tag:/KtGrq7sGUxfi7BaJObhOQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.1
--- a/systems/x86_64-linux/sgx/acme.nix
+++ b/systems/x86_64-linux/sgx/acme.nix
@ -6,7 +6,7 @@
 }:
 {
  sops.secrets.internetbs = {
-    sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file
+    sopsFile = ../../../.secrets/sgx/internetbs.yaml; # bring your own password file
  };

  security.acme = {