From 09b8a6bf33295ac93c16c95f79d705ad8f67271d Mon Sep 17 00:00:00 2001 From: "DavidCrompton1192@gmail.com" Date: Thu, 9 Mar 2023 18:34:50 -0500 Subject: [PATCH] Test Deploy Secret --- .sops.yaml | 7 ++++++- flake.nix | 21 +++++++++++++++------ secrets/deploy.sh | 24 ++++++++++++++++++++++++ secrets/deploy.yaml | 4 ++-- 4 files changed, 47 insertions(+), 9 deletions(-) create mode 100644 secrets/deploy.sh diff --git a/.sops.yaml b/.sops.yaml index d796f2a..e8bb936 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,5 @@ keys: - - &hydra age12qq2fn4nxx9g99vp5knndtn0xa0p6g9ztn48gv9ap8054am39c3qsezz90 + - &hydra age18c3v89md4yjc9exjgfmk42csn8yqr9fvumsqjm8rnku5ac3q6gqs6s5un9 - &universedesk age1apajqje4zvah0n2dzds3kstlsakqr2ntk64xl7xc4erzedsuy9jqqk7cd7 creation_rules: - path_regex: secrets/[^/]+\.yaml$ @@ -7,3 +7,8 @@ creation_rules: - age: - *hydra - *universedesk + - path_regex: secrets/[^/]+\.sh$ + key_groups: + - age: + - *hydra + - *universedesk diff --git a/flake.nix b/flake.nix index c3f2cd7..ad12d3d 100644 --- a/flake.nix +++ b/flake.nix @@ -119,12 +119,21 @@ newalan = pkgs.writeScript "run-me" '' #!${pkgs.runtimeShell} echo ${self.rev} - ## Todo grab git deployment key - ## Use this secret to deploy - ## with deploy.nix - ## - ## Need buildInputs to depend - ## on newalan, and also newalan-tests?? + + tmp=$(mktemp -d) + + cd $tmp + + echo Working in: $tmp + echo Downloading revision... + ${pkgs.wget}/bin/wget https://git.syzygial.cc/Syzygial/New-Alan/archive/${self.rev}.zip + + ${pkgs.unzip}/bin/unzip ${self.rev}.zip + rm ${self.rev}.zip + cd * + ls + + sops -d secrets/deploy.sh | bash ''; }; }; diff --git a/secrets/deploy.sh b/secrets/deploy.sh new file mode 100644 index 0000000..3eda78b --- /dev/null +++ b/secrets/deploy.sh @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:NFjcna329yigEMkETH97dhE/KSGhaXeFJ+UN4jiVPI4Kx6TGyrPhIXqqQu1kckI2x6TFiIcL9kh/SPawsVJ+wHcnLCqESg8Dl6FSFpqD9ri4,iv:LyGZJtr+TpFwrce0UpiZBDNI4Gy95uGwUH8pJX5ZZ5E=,tag:4vdqG4TYaL/xPUq8PN1hkg==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age18c3v89md4yjc9exjgfmk42csn8yqr9fvumsqjm8rnku5ac3q6gqs6s5un9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdU9yTms3clY3NTNqRmNa\nbTAzN09kWHQzYnIrdXplYzArckxQL3kxZ204ClFqR0VjY3VaMDRmOWRZRFd2bVBk\nUC9uKzBMaWhXS3NiNkpnbjJ2ZVNqd1kKLS0tIFVUZkFxMFl4S0t6Wi80c0VCUDFY\nOXQ1Z28vc0F6MWZuY0QyVTFtSkc3UFkK1r21ia+jaJqv9BN+O0dt3q5Xu/UfP7YR\npDowsKfP+zguP7ILYskmk57YIlIY46+8m7LOVoGrxDeEsryThjohQg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1apajqje4zvah0n2dzds3kstlsakqr2ntk64xl7xc4erzedsuy9jqqk7cd7", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdUtHMERreXlZTGRGMWlM\nbldjMHFWWWRQZHRvZWx5QmhmVno0VmZQNmljCnFRUnZxT29iZkNxaExQbCtUNFFy\nMkttVkkrQkh0Ky91bnRxRmJ4VDk0N2MKLS0tIHhYREFwRUZ6a1BDM1FWZjlpcTJR\nVW5YSkwvZWQyMXNuaUdBTWpwa2Y1VWcKawzPRiMB/ruOBCylNssB/k+hITJDYX+6\nKpwHk9Avh6Pzhptm21yeY1zmVQkqEx6YU24aJiqs1RRmrQAvnWr3WQ==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2023-03-09T23:26:22Z", + "mac": "ENC[AES256_GCM,data:3xG53sCw4EWx7ZUYfLzq5LMJi7Ylg8W1fdMcmHR0y5vcCdf5TWiPNp0YE1KK3xFrXXVZWZhymIudAobg1I5f0koLUmAaeclg3kcbibs4VYrQbj+0+BqLIMkKfq0f33BUohGeu5P35i7vmBCS2LIgH+VLxpBMofYoUqhrfwKLdHw=,iv:XowpZZnnHzIby23Ied8ONTcIxdd08fSz/Ub/mW63pqw=,tag:xdSC1LwC06lRJuM0wXQRsQ==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/secrets/deploy.yaml b/secrets/deploy.yaml index 1c8b8bf..c2be17d 100644 --- a/secrets/deploy.yaml +++ b/secrets/deploy.yaml @@ -23,8 +23,8 @@ sops: TDd0dG1RYVFhWkkrWmlPVmt0aVJhclEK991J72XkQy2+1jQpY4rZSFkRFE8v/nqb Vt3dG7GfnCjpf/F0BZscLsQdo1fcZcwgumlG3omyBTylFXTGnWT4VA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-03-09T04:26:07Z" - mac: ENC[AES256_GCM,data:Hj8QDZZj7NiLqjvA6cuTfvePdtkDt/noqO/g8sSsaUhkVceAbO8asKmRWezB9lhCzBk+EMzA/qZA1PeBqiw2FxU7DUQF2jC9RJTCrn242wUn2Ba9n70aj2QQQFSxjbBG0LwwAV2hqbxa/AhmLizvX2xd6lI/3E7Az7vsf9quFm8=,iv:oDZ7itiQ6lL9YHAlVk9izyjDVeUYtOJygaclSRl+SDg=,tag:hX2V7POGSjuFEqWw26b+IA==,type:str] + lastmodified: "2023-03-09T23:19:57Z" + mac: ENC[AES256_GCM,data:le2wHQqrAVNYyPbJqhtmqb3teV+LVP7yQ9nPngBlC546vYh/rwY8NtOb8uiFpUiDAhw8P50QLsUVF/lL/i2D1DBd1MyWV3xOPH4uJ3W1EpB+gKZdDEV/XSEtvSkUFB9Lqp5OVCwOl41kA1PafD2qIrVlX8obGe9837+mFLb+Ys0=,iv:0yEZZPO+co1t5AgKAm2nHku+BvGJJ/j04Td6JtMMIcI=,tag:VA0jGJNDyPj7GbAxUcwP8g==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3