use sotp for TOTP secrets
This commit is contained in:
zowoq
parent
f2ea7aa875
commit
e18b71ab99
4 changed files with 35 additions and 4 deletions
1
config.yaml
Symbolic link
1
config.yaml
Symbolic link
|
|
@ -0,0 +1 @@
|
|||
secrets.yaml
|
||||
|
|
@ -15,5 +15,22 @@
|
|||
python3.pkgs.mkdocs-material
|
||||
];
|
||||
};
|
||||
sotp = with pkgs; mkShellNoCC {
|
||||
packages = [
|
||||
(buildGoModule rec {
|
||||
pname = "sotp";
|
||||
version = "e7f7c804b1641169ce850d8352fb07294881609e";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "getsops";
|
||||
repo = "sotp";
|
||||
rev = version;
|
||||
hash = "sha256-Cu8cZCmM19G5zeMIiiaCwVJee8wrBZP3Ltk1jWKb2vs=";
|
||||
};
|
||||
vendorHash = "sha256-vQruuohwi53By8UZLrPbRtUrmNbmPt+Sku9hI5J3Dlc=";
|
||||
ldflags = [ "-s" "-w" ];
|
||||
doCheck = false;
|
||||
})
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
13
secrets.yaml
13
secrets.yaml
|
|
@ -1,3 +1,8 @@
|
|||
accounts:
|
||||
- name: ENC[AES256_GCM,data:1I+YcmRcyrJPEm38O7c=,iv:PV6MWf/GliqPJj2WGN1hX6L9RyNegm9lzEU64eRKzqY=,tag:aBDSJnyho5hjSUL+RVkilw==,type:str]
|
||||
totpsecret: ENC[AES256_GCM,data:qLW83fxwI5L+IoQjOfZFle4KEDMUx14gIldTuhmzvvY=,iv:Hsjf7FcncKoI72ZbmocNP0jndGpH4euFxTPW36n0iOQ=,tag:KBiu+hYuH11ON53i7tVMaw==,type:str]
|
||||
- name: ENC[AES256_GCM,data:hnEPU+XXIeOkf5DT2w==,iv:wZux1caDhtUF5TcUtqAG03oxVUolUnHq+w35zVtDxw0=,tag:dE3DSzK3FlLlldO7FgbWeA==,type:str]
|
||||
totpsecret: ENC[AES256_GCM,data:75Til5U49fkBCYxzqDa33w==,iv:rataIY24/u0ldHid4PnfJyh1E6P8U9OUYszsk/tfMw4=,tag:dWeqIxcO7ASnAZiVbKLiLw==,type:str]
|
||||
build02:
|
||||
admin:
|
||||
URL: ENC[AES256_GCM,data:re2xw3zdIQm8uRXDt16QW3T6fdEkta2EZ1inGA==,iv:TrrqcYEsaibRjfvG28V3FEqaOusP3JjedJf9S+Q8mHw=,tag:dpjiQGrLddATuOqN/mJobg==,type:str]
|
||||
|
|
@ -20,12 +25,12 @@ nix-infra-bot:
|
|||
User: ENC[AES256_GCM,data:TK7VamXfCTELo38vZQ==,iv:koHFX5tWA4kEOvLdXy8WkFF5GQX6NZpo8p5aGUc3WWo=,tag:AJNpBhXiTxoQ+h3UTgB1GQ==,type:str]
|
||||
Email: ENC[AES256_GCM,data:j4Dp9Vm0cmpwLGFF7S9UC/ZLvTaZr8jU8HGQQpVoD0E=,iv:ucf5TjmaYFHskc6wvxMZKDfnhS3mdVU+COcB3Hc9crY=,tag:U1A6mDZCkJd0DODrO0jwlg==,type:str]
|
||||
Pass: ENC[AES256_GCM,data:9WnV5Hgjo4qqEu6L9JSvWAiTkZacUGFbrJDahxv68JJVQaYWzlRub+NKvQe7Xe6Oqw==,iv:sg6gZ3a7C2h69C79k7tNJFoYtg7kKcpgsDnPJ0bPasg=,tag:wLFqb3FrZqNDs7wbRqgwFg==,type:str]
|
||||
TOTP: ENC[AES256_GCM,data:kKdL3Z8mUB37TLBjFJ4PMyl8kz6jL6+RtUveeANZ5xAblYqWBG+PjuFKx9bnAhE+pKfGCb2bKHoHmOCK59Qv6DTFfuXaatvbJg==,iv:P3vGlKvIEqpHhzars6wGWAr1CqxgT6K6LItQInmdEl4=,tag:qqAHfQ1ZqqlwTyP+fHV0pQ==,type:str]
|
||||
TOPT_name_unencrypted: nix-infra-bot
|
||||
cloudflare.com:
|
||||
URL: ENC[AES256_GCM,data:jVddkKo753cRs4ym1wn9It+2j7ZB4g==,iv:7emmQTyHC14dmUS8xpXeFoREw+s5DQmijbUTtAZkNY8=,tag:XO2BwiW948XOof9WqrhtYw==,type:str]
|
||||
User: ENC[AES256_GCM,data:cFwnWPJBJf1RPeruf5kDlFpYhZy9O70=,iv:9hIjM6unUWpzwal6M6K3RZiznelyg/jgT1/qlzcd1fU=,tag:xLHw6+t6kXs5XUBp3GjK4A==,type:str]
|
||||
Pass: ENC[AES256_GCM,data:az1TczlrbRsr1A1LiHF7XHo4Swc=,iv:cbi5oVMLN0zFBkYoUNcnggJioATbf8iZQCETyWPRViw=,tag:jER5RbhQi5vk+a5gP9BXVg==,type:str]
|
||||
TOTP: ENC[AES256_GCM,data:APifo3XJ8+KKiwNZQiJtWHvfGt7fzccKXcvkXj32stbmXjHPaSqRiUfD20vTybHaKgqaLKiDCXwnnWBdQivLArSMtnMnVpI3Wexaa8zI9KPyVzJkuNiTOhYe9TCqmxGiQwbw2GT5O/cHKILRkOq1,iv:NL6JhsdBZsdaTTwWB9Ew8sBfiiPbJsiSkeF6jivGvBI=,tag:22MAfpKCpT90xnbnbKQusg==,type:str]
|
||||
TOPT_name_unencrypted: cloudflare.com
|
||||
hetzner.com:
|
||||
URL: ENC[AES256_GCM,data:sGHpEn+n42Uepeu3Rm9vb5h+CYqeC7Yh35dW+1k=,iv:Du5ii4RT1bid09F0JxBUY85+444nE+2SOcCDyYF7WDw=,tag:6nJCfxOMnMqnrZBJGSsLbQ==,type:str]
|
||||
User: ENC[AES256_GCM,data:NAOaXewnEkdQVZgBeK1KvpkKcAd1yq1WpQ==,iv:PgmnReAx6LqhQZl3PudtN9VErEE+WMaw/OcntBf6DAQ=,tag:Hxo+yx+Wj3EmtaJRFwBpUw==,type:str]
|
||||
|
|
@ -88,8 +93,8 @@ sops:
|
|||
MkcvL1JyVFBJV0Y5RFFCMGN1OUFXdU0Kdx1wy6ZOOTg1a6VKaq52SMBvC26lMsW/
|
||||
oMP+hmXc2WtoqZp+jZ9rrXz6cZW6/dO7CPqxl3aUEKg6BkXIwgyKeg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-25T00:36:32Z"
|
||||
mac: ENC[AES256_GCM,data:Ob2jA5amKLlOBJR0xEz/8/zPyK1kKSo+bTyZXeDHQZ1ZQNL3fJZn30eQuFBIfHDBT5nVtMqcqt6CEagSPdaEF8z03or75GRPuBNNAPPPJFI63eGW7mdH2VbzqwIreB2qre2XNNoXEVFBapJdceHxPb4tQhfiLVIrWHQDry1r5Oo=,iv:T2MnVa0ZuCtJDDntgEaRRT5a8z0kbqNPrOc5M5VC2Uw=,tag:cgvk7P9i6ygL/FM95gPodg==,type:str]
|
||||
lastmodified: "2023-10-01T23:15:35Z"
|
||||
mac: ENC[AES256_GCM,data:EvcNn3jKuy8K9iR8YkzsB4UK24C3RKp+7zqowCVXR12KtHuJc0shq/DScX5aSD4Y4tMtXPMASvyi9yS3muYLubd7hhSkm0JAEFibOI4uqGnXjDb2AAQibpRbAydNKPcwIN58pClc7UL/WLgGo37nbpsIz0qkG62iGYWqUW0n1N4=,iv:ZhN5j4S7zpLHAsSU+wROVZg+ako0zvILndQBmrdSDgc=,tag:Dyz1dwvncA7jKSMp3pMixQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.0
|
||||
|
|
|
|||
8
tasks.py
8
tasks.py
|
|
@ -41,6 +41,14 @@ def deploy_nixos(hosts: List[DeployHost]) -> None:
|
|||
g.run_function(deploy)
|
||||
|
||||
|
||||
@task
|
||||
def sotp(c: Any, acct: str) -> None:
|
||||
"""
|
||||
Get TOTP token from sops
|
||||
"""
|
||||
c.run(f"nix develop .#sotp -c sotp {acct}")
|
||||
|
||||
|
||||
@task
|
||||
def update_sops_files(c: Any) -> None:
|
||||
"""
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue