From 2e7c9629f8167be6655f3fd0cbba8808bf175743 Mon Sep 17 00:00:00 2001 From: Dreaded_X Date: Thu, 26 Sep 2024 21:34:02 +0200 Subject: [PATCH] Added sops decryption support --- clusters/titan.lan.huizinga.dev/.sops.pub.asc | 63 +++++++++++++++++++ clusters/titan.lan.huizinga.dev/.sops.yaml | 7 +++ .../flux-system/gotk-sync.yaml | 4 ++ 3 files changed, 74 insertions(+) create mode 100644 clusters/titan.lan.huizinga.dev/.sops.pub.asc create mode 100644 clusters/titan.lan.huizinga.dev/.sops.yaml diff --git a/clusters/titan.lan.huizinga.dev/.sops.pub.asc b/clusters/titan.lan.huizinga.dev/.sops.pub.asc new file mode 100644 index 0000000..af106fc --- /dev/null +++ b/clusters/titan.lan.huizinga.dev/.sops.pub.asc @@ -0,0 +1,63 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGb1tT8BEAC/kYmvJreBYxUEAVIGYz8lstE47WhyUqVXRG541M6M8G1D4S5k +3Mae+gVPwLj5tVnaz8E/G6MSennANN0jAF00BoRjZ409Yt0FKpFaz1EEMEb9RaWl +QV4lmt9VoPbwGFBPvPbVkhzH5/tiDmRSjrJM6cpboGxjan8DO1rPqjeHnUCZmn9G +XqqH3t0Wowg7o7sTvFTH3ME9era8x9kUx819kDyxcHplVjHZKnHH88rcEkJN3qMD +1euiwufUc595qL7fkFb2tUPTbOBa3Wk3xMK1nkQCyfNOrkgo0IPbJgFzLU1dGSvZ +/ZCJBuAfDSma6CV5Gewgh08kezXEtYc1vhiRyow7tHnxJISCFlxLSuU4aaHg5TWk +uZwnPCiBZ5ooiHsnrZ3i8DhF1lwL2m/QEO+Can9Bi6S/0sDZ1+Q1JbKNGwggE0mR +MNgceUpsl863/5b8mjELi6z/NITzD+k6eYfuHR8T/7meV4iTboJoTh1Q3tlOcL6W +p/dvNd4VuU4KegAA8g4UCS+8uVaQdeZk9RipadpGeRZ3tiPl0EC0V/Sfw/P18H9r +wVkyervaMczNu/V6TrHpeTH9zjn7nP4z9ErrKNfo8e30F/r2D+dyEfLX8UMxx2C9 +3KNsDB6DP5ns+hLsoMTYgE063zKQVwIWR5LLNRZAYMizBliydnQPw72mZQARAQAB +tCF0aXRhbi5odWl6aW5nYS5kZXYgKGZsdXggc2VjcmV0cymJAlIEEwEIADwWIQS2 +cY3XtaUJODG77oeP6ZkPyzgZBgUCZvW1PwMbLwQFCwkIBwICIgIGFQoJCAsCBBYC +AwECHgcCF4AACgkQj+mZD8s4GQbaLxAArVN/1K988KZpbgEj1tqktDwaQ3aXdBgH +Fh4wBlHMCGJMhwqBRd04Apxhwvmuc8H5WSAo7AQPSK8AZ+hDi5Nu6Y+7JBdIqqOc +yy2FkGAAxQGoj+jxaiL7AX1PQSdpCIGBlwcCtaZe3zyAYxosLPLfOtZZy334TS8t +qiPybJ/VMZ8yQ+IRHm6wxYXlkW15jfJQcB75XGs3XsrvA5z2w+WdrCbBjEePxsaR +joTXCVtV0bv617pUrCqPs0VvLyHouwfTxizOClOyEYNKQG2wj1Q4yvJSxlEzZvJm +FL2Xnhh5NGsmg1rQAlDXfkGB+R5bAl/+LDeOtSA/dWzoi7KJDtQRqCtt8ckfyNU6 +eGNYTtUK9v3P+8SZXXW+BPYdjszt1csxVeyddeFndfoSzP8KZETgGGVijGlnT2uE +Y9P/aQ9TTSuDTCB2UE3EUYrrUA190SxwXvgFvPHw3bTMlKdRw8qbHvj++XCnM8nx +N89XfqIZCGF6NfZKD/wJZmQp36SP/yWz8W31MWCUEg3GZyIfrEPUWnb5dWFam75Q +2qu6UHbQgZcOxz+cWvuPWrZVWCLuUmn/d93lhYDsA39HFFwWRYygCuNLMnEFhtdw +15qYu05OXX99f7pRWiR5gAWQI/ahzlmIVQ6aHwfEvhScUpnNGxWsWWuwpxN7mEc/ +GbTsjqaF4+65Ag0EZvW1PwEQAMy36c01xTrNv6gTGev4uAPo0Rem2ckd73GkuvWy +2SdABlWa2Zm+B5mJe8fsDqK+7MSRqYUk6pLxJBh4V+IEMWyfmyEW8CRrQLTSdSRM +3KgSUwgrto8fIgeZklFTP+tg93vrAwOY+qEJZBgi3MeAxpFkFR3k1mP8eRvxKfqx +vKzB4XsUuDH2k7mQH68Xap/BRSHSWiHY7d9Tm3HRTwVUZ3dsBp8qghxBGsD35GzV +AT4aiMzdgNwgvnoz83API6Bqx9HBGX90iCSjjpyrLJG5aySb0nmTzZsZSOfEaT0z +IF5JG5/zTAEUf5aqs2br4CYTOFZv7FZAA6eGaVKOJmIVzlBxcdGSZzdoDQTDAmXS +H+ftcu5XX9xILa0sGA9xFovhvoPKZOo1cYBtvB2WEqfmAFQYIzwRN0b8j4vnFKJR +pimPLj8xzNxvvoK0ELtfS9A7mh19E06V/Qp5CYItM2iPJy478dabFjS9uZ/GbxJn +Gw+QC1DIQrFdcjgS+Ce1mNcK/zs8XrTsn06Fr890EJGaV6cZWfkdN33XiK8uhDoR +zVEovxSBIaJCRQhhV5QG/jAT+5s/pzpQnunyd7hG9BMPi8UXfTzksK9+CvOe9/Op +OynvSHVZ4JR1cyCIHGvvB/lv7m/sj3fqRy1d4/aeboO8JxpfaFryW2BHj1JtEkxa +VOqpABEBAAGJBGwEGAEIACAWIQS2cY3XtaUJODG77oeP6ZkPyzgZBgUCZvW1PwIb +LgJACRCP6ZkPyzgZBsF0IAQZAQgAHRYhBB4M84/3ya2u1YtDarpKPTYH5bqOBQJm +9bU/AAoJELpKPTYH5bqOCx4P/iskv8rKinps4mr1VZJZdBmuJz0g4RMjPxleJ9do +n+AOjyoAOmAioogD35ZzmQiFY0NjNDUr5fb7/N790NYTv+gWq23hWZMqlN1ZfbNy +iaRZ5Y600dPbKhx0Wclc4krnMuYQbaDSOYGVcDk4G28HGweyEybQULW+vVK59Ztg +8iia6PmUY7+QMViQ6TqDl1RNRAhvbFVOJv8XIPSUuJ2RU+hObyzTBi/L06l/gQmU +i3u00cZJ2K9e1HzfoGDBnprawt1ephdQaerTtwIsOoKp2w8AjONwS9hX5La8yKcJ +XcTm6a5+unNEmikHN3BMuuy7EJp63hcBOLWyoe6ZNBLF6eBV8KwIyFPumCbOff/i +Hb+6dpISPw2KMjM7lBqd4C3BtJO8RbxeI0Cc44AFhxOaqRowomOevvh0wbr/apLy +4oyqJ643mjTcJzPy985UyQGaWrzhGOwDNdo9cBQOye5FKcS0151P7ujYg9DflSwg +a6QOLoaeSzqjiZk0fhXLnKWsXLguFMkI/N63Pn2n/rsmLUuq/3XxhPDDhP5wxJAZ +KRDEZTkUKFMu6NGa9D1JveR38amPt/RKBtXw41yxPP87tSJb6nP8HZzjAJk+AxDX +mnTEtnyiNICPdf5RkkE04EvYHzHCrIqZYecmdDLXTy1z+RfYCPrnAPPrzWPUJMiM +reS9CQcP/2K0X4eV+U59ZJtdWTrPGDsNdMKY+2G+nCuHZPZrD2bDxt9fzZgKOZvi +XGRe+VgWCtk8PfpzqhhSVlIVHMBz2xpmf7GT1Q0E36jxn5GdONaOOHxs9pzShWuT +kJMKn9hsdKWeEyOYUOPDCFo997SM8gz9wb2X/0qvandNGpQfzMWvUBNlG7z1Qj6n +373w/tbrXCSjxiZOJCFErtGpf4RlvPJS7Kd+/5Ki8AD3uv9la7Ac94lrWNEEOOvv +2/XPDY/qWMqGNs8defsf8JpfL9ypo0jZogcohEYHJpdq02sGNHIiLvfAEQXsaKVe +5/XCOHcTtmP7gTNukJOVCYnyxrnb7bkFIpyvDiU5hZQsZIHpLCxXiMMRIbavXA5d +RxDTJIqwwcqOqsBN8IdgoCqjaEwz+VYg0MfwoIlQ7UoJ4ZHnWLl2iv1tqz8O02WH +HC1xRuLKc7lUpIV46/ibay2N4r2/FPWoncu0cousFuBEY4vnfznpThmws7SToMIF +CKArMPMi5jeaHpP7EIzjEM0Cc2NghvxuCID/71lPxpj65CK2nETFXl4aY7gE/UFu +zEYkyOxfQdRx6yOhfwo0TYPvFo1DAkrbwYBZ2Ry12M97OXCypvvTUmhxROYACMEs +Bz9bopl+5hp6c2gY8X2GcMlwNiCRbwNDhKY9sA5NCnxXL0SekgI4 +=27v+ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/clusters/titan.lan.huizinga.dev/.sops.yaml b/clusters/titan.lan.huizinga.dev/.sops.yaml new file mode 100644 index 0000000..1e75cb8 --- /dev/null +++ b/clusters/titan.lan.huizinga.dev/.sops.yaml @@ -0,0 +1,7 @@ +creation_rules: + - path_regex: .*.yaml + encrypted_regex: ^(data|stringData)$ + key_groups: + - pgp: + - 1E0CF38FF7C9ADAED58B436ABA4A3D3607E5BA8E + - 49F10679C425233EFB4B1B6F9D641BEFA42DEC28 diff --git a/clusters/titan.lan.huizinga.dev/flux-system/gotk-sync.yaml b/clusters/titan.lan.huizinga.dev/flux-system/gotk-sync.yaml index a084b1c..15f5cad 100644 --- a/clusters/titan.lan.huizinga.dev/flux-system/gotk-sync.yaml +++ b/clusters/titan.lan.huizinga.dev/flux-system/gotk-sync.yaml @@ -19,6 +19,10 @@ metadata: name: flux-system namespace: flux-system spec: + decryption: + provider: sops + secretRef: + name: sops-gpg interval: 10m0s path: ./clusters/titan.lan.huizinga.dev prune: true