Syzygial/New-Alan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Test Deploy Secret

Browse Source
This commit is contained in:
DavidCrompton1192@gmail.com
2023-03-09 18:34:50 -05:00
parent f02e82afa2
commit 09b8a6bf33
4 changed files with 47 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@@ -1,5 +1,5 @@
keys:
- &hydra age12qq2fn4nxx9g99vp5knndtn0xa0p6g9ztn48gv9ap8054am39c3qsezz90
- &hydra age18c3v89md4yjc9exjgfmk42csn8yqr9fvumsqjm8rnku5ac3q6gqs6s5un9
- &universedesk age1apajqje4zvah0n2dzds3kstlsakqr2ntk64xl7xc4erzedsuy9jqqk7cd7
creation_rules:
- path_regex: secrets/[^/]+\.yaml$
@@ -7,3 +7,8 @@ creation_rules:
- age:
- *hydra
- *universedesk
- path_regex: secrets/[^/]+\.sh$
key_groups:
- age:
- *hydra
- *universedesk

21
flake.nix
View File

@@ -119,12 +119,21 @@
newalan = pkgs.writeScript "run-me" ''
#!${pkgs.runtimeShell}
echo ${self.rev}
## Todo grab git deployment key
## Use this secret to deploy
## with deploy.nix
##
## Need buildInputs to depend
## on newalan, and also newalan-tests??
tmp=$(mktemp -d)
cd $tmp
echo Working in: $tmp
echo Downloading revision...
${pkgs.wget}/bin/wget https://git.syzygial.cc/Syzygial/New-Alan/archive/${self.rev}.zip
${pkgs.unzip}/bin/unzip ${self.rev}.zip
rm ${self.rev}.zip
cd *
ls
sops -d secrets/deploy.sh | bash
'';
};
};

24
secrets/deploy.sh Normal file
View File

@@ -0,0 +1,24 @@
{
"data": "ENC[AES256_GCM,data:NFjcna329yigEMkETH97dhE/KSGhaXeFJ+UN4jiVPI4Kx6TGyrPhIXqqQu1kckI2x6TFiIcL9kh/SPawsVJ+wHcnLCqESg8Dl6FSFpqD9ri4,iv:LyGZJtr+TpFwrce0UpiZBDNI4Gy95uGwUH8pJX5ZZ5E=,tag:4vdqG4TYaL/xPUq8PN1hkg==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age18c3v89md4yjc9exjgfmk42csn8yqr9fvumsqjm8rnku5ac3q6gqs6s5un9",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdU9yTms3clY3NTNqRmNa\nbTAzN09kWHQzYnIrdXplYzArckxQL3kxZ204ClFqR0VjY3VaMDRmOWRZRFd2bVBk\nUC9uKzBMaWhXS3NiNkpnbjJ2ZVNqd1kKLS0tIFVUZkFxMFl4S0t6Wi80c0VCUDFY\nOXQ1Z28vc0F6MWZuY0QyVTFtSkc3UFkK1r21ia+jaJqv9BN+O0dt3q5Xu/UfP7YR\npDowsKfP+zguP7ILYskmk57YIlIY46+8m7LOVoGrxDeEsryThjohQg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1apajqje4zvah0n2dzds3kstlsakqr2ntk64xl7xc4erzedsuy9jqqk7cd7",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdUtHMERreXlZTGRGMWlM\nbldjMHFWWWRQZHRvZWx5QmhmVno0VmZQNmljCnFRUnZxT29iZkNxaExQbCtUNFFy\nMkttVkkrQkh0Ky91bnRxRmJ4VDk0N2MKLS0tIHhYREFwRUZ6a1BDM1FWZjlpcTJR\nVW5YSkwvZWQyMXNuaUdBTWpwa2Y1VWcKawzPRiMB/ruOBCylNssB/k+hITJDYX+6\nKpwHk9Avh6Pzhptm21yeY1zmVQkqEx6YU24aJiqs1RRmrQAvnWr3WQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-03-09T23:26:22Z",
"mac": "ENC[AES256_GCM,data:3xG53sCw4EWx7ZUYfLzq5LMJi7Ylg8W1fdMcmHR0y5vcCdf5TWiPNp0YE1KK3xFrXXVZWZhymIudAobg1I5f0koLUmAaeclg3kcbibs4VYrQbj+0+BqLIMkKfq0f33BUohGeu5P35i7vmBCS2LIgH+VLxpBMofYoUqhrfwKLdHw=,iv:XowpZZnnHzIby23Ied8ONTcIxdd08fSz/Ub/mW63pqw=,tag:xdSC1LwC06lRJuM0wXQRsQ==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}

4
secrets/deploy.yaml
View File

@@ -23,8 +23,8 @@ sops:
TDd0dG1RYVFhWkkrWmlPVmt0aVJhclEK991J72XkQy2+1jQpY4rZSFkRFE8v/nqb
Vt3dG7GfnCjpf/F0BZscLsQdo1fcZcwgumlG3omyBTylFXTGnWT4VA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-09T04:26:07Z"
mac: ENC[AES256_GCM,data:Hj8QDZZj7NiLqjvA6cuTfvePdtkDt/noqO/g8sSsaUhkVceAbO8asKmRWezB9lhCzBk+EMzA/qZA1PeBqiw2FxU7DUQF2jC9RJTCrn242wUn2Ba9n70aj2QQQFSxjbBG0LwwAV2hqbxa/AhmLizvX2xd6lI/3E7Az7vsf9quFm8=,iv:oDZ7itiQ6lL9YHAlVk9izyjDVeUYtOJygaclSRl+SDg=,tag:hX2V7POGSjuFEqWw26b+IA==,type:str]
lastmodified: "2023-03-09T23:19:57Z"
mac: ENC[AES256_GCM,data:le2wHQqrAVNYyPbJqhtmqb3teV+LVP7yQ9nPngBlC546vYh/rwY8NtOb8uiFpUiDAhw8P50QLsUVF/lL/i2D1DBd1MyWV3xOPH4uJ3W1EpB+gKZdDEV/XSEtvSkUFB9Lqp5OVCwOl41kA1PafD2qIrVlX8obGe9837+mFLb+Ys0=,iv:0yEZZPO+co1t5AgKAm2nHku+BvGJJ/j04Td6JtMMIcI=,tag:VA0jGJNDyPj7GbAxUcwP8g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3