commit 2b74eede40bca050694f7731207c16b8c5c3ba79
author Skyler Grey <sky@a.starrysky.fyi> Fri Aug 02 19:01:48 2024 +0000
committer Skyler Grey <minion@clicks.codes> Fri Aug 02 19:46:49 2024 +0000
tree d7c8f3269bb92c52111f5de73dddb7318d703e58
parent 2c9c3e7b56d4573bbc9b7c694941627e2fd266fb

feat(secrets): Base names on encrypted contents

This is useful, for example, to make systemd services restart without
fiddling with restart triggers. In sops we achieved this by setting the
attribute name using a function - this isn't possible with agenix-rekey
because it needs to evaluate secrets (including their attribute names)
when the files don't yet exist

Despite this, we can still set the "name" - which is used only when
rekeying and deploying the secret - and manually handle attribute names

Change-Id: Ia49c7fe9eb55341f433cbb7c49935584b48518fe
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/806
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Skyler Grey <minion@clicks.codes>

secrets/rekeyed/teal/035988d5aa30b83dbdb77a1c7546d45b-6b95b5ae6fcbe0d6537636bd20523d28b45b28d36aa27c34a096c1e99c47435b.age

diff --git a/secrets/rekeyed/teal/035988d5aa30b83dbdb77a1c7546d45b-6b95b5ae6fcbe0d6537636bd20523d28b45b28d36aa27c34a096c1e99c47435b.age b/secrets/rekeyed/teal/035988d5aa30b83dbdb77a1c7546d45b-6b95b5ae6fcbe0d6537636bd20523d28b45b28d36aa27c34a096c1e99c47435b.age
new file mode 100644
index 0000000..8c9461e
--- /dev/null
+++ b/secrets/rekeyed/teal/035988d5aa30b83dbdb77a1c7546d45b-6b95b5ae6fcbe0d6537636bd20523d28b45b28d36aa27c34a096c1e99c47435b.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 BfRbTA Aq01AXbt1t5l/cnM8VDRsozTVyyIyKp/mLNOJDrTaQQ
+mxDu9M7SEBetniRq9FFYq00I83uQTw2/X+p3M8TskGE
+-> g"jn$G-grease ~2v Kg1NIk7H ^&7[ *1]
+E4yMjCQVGFb/t6ZgZ76eGAHh9giOF6S1Dhv2lp129wAMtAvWai5l6qmLh7YonyAj
+3TFSv5ccM0KHTL8eJhaLwhPQBIxWXV/0wjcM9d/xM14wqb0I8Q
+--- dZWO3BAyJvPnqUt8uWixM8iomMKhRNHfyXW5zqjlHqs
+±7,ïÜ!‚NþhÒo맞’ß—P4]„—^Rg(ôNë·
+ÊٌéÞïÀT…f…å)8ä1¼Öh*ÃMòJóqNª–Unzª¶Öy,\­ºÓÕê§~«–|ýhX™ôjϤ¶9`-ÇÝç(o
\ No newline at end of file

secrets/rekeyed/teal/035988d5aa30b83dbdb77a1c7546d45b-clicks.services.headscale.private_key_path.age

diff --git a/secrets/rekeyed/teal/035988d5aa30b83dbdb77a1c7546d45b-clicks.services.headscale.private_key_path.age b/secrets/rekeyed/teal/035988d5aa30b83dbdb77a1c7546d45b-clicks.services.headscale.private_key_path.age
deleted file mode 100644
index a50c96a..0000000
--- a/secrets/rekeyed/teal/035988d5aa30b83dbdb77a1c7546d45b-clicks.services.headscale.private_key_path.age
+++ /dev/null
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 BfRbTA PxPtfASwbluRZaarn28rBJId3YuASEjV+7NC4KcXkUA
-vRy+qGCBKcs8QvlPRalY7SGKNLM/9ePMMM9Teoc1qXE
--> !-grease Ib, "%_
-bQhUIOKRzSZIr1vX9lFkXNa0PuvEjOCzXOfIda/AjZ8heizSWbNNzP9HIR1ApGwn
-hJpRlYlSab4tkHnJZEOMdDNpOeTR7MQ7hLg
---- ToA9JamqQKKy+94TIdE8tl+aOnjm/X3dlSB9Ftii0GA
-½ÍASQÿº:MŽÆ†wëÿÜ¢e|À°v?¯è®ÄÃ
h-}üDKD„©ÆïóWÃtz-¼UE Æ@.E.˜/lá–0<.„«n:F<$å·ÙX•_ÿG¦Æ½
-#T⇔H½ö4
\ No newline at end of file

secrets/rekeyed/teal/11d9d957b13608f13fb57001f76bcf3c-c4c037e34cf36b8bffb9edf5f5d8bfe94d77328dfb336a430afb03348327de81.age

diff --git a/secrets/rekeyed/teal/11d9d957b13608f13fb57001f76bcf3c-c4c037e34cf36b8bffb9edf5f5d8bfe94d77328dfb336a430afb03348327de81.age b/secrets/rekeyed/teal/11d9d957b13608f13fb57001f76bcf3c-c4c037e34cf36b8bffb9edf5f5d8bfe94d77328dfb336a430afb03348327de81.age
new file mode 100644
index 0000000..116f01f
--- /dev/null
+++ b/secrets/rekeyed/teal/11d9d957b13608f13fb57001f76bcf3c-c4c037e34cf36b8bffb9edf5f5d8bfe94d77328dfb336a430afb03348327de81.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 BfRbTA 4fv3HkHjLrAzbwUxBI6t9eulii/6ntjEOXyKYDs9Jjc
+bIO+liIXt3rA/bA7kZudmtsu2pa5iTwx7ecpGNqnqx4
+-> .|rp@~-grease c^R4&_n d ?<deuW Uyk%dh
+5qJZTbzAG9OUsEunIA3inP6/y1rtw2UjkBv/OY4BjyGTR6a6LwRa0V/JAmhyA0rQ
+jWoOPWQE4BmSnJ3stUrTDZkBHk+S5YEvEJ7Alq3EojYHKI2ph4hdyTa+kQ
+--- YNFzHWhM/Z8oiJ1KcZrCAAiiBMco/TDdUiXS199+l/0
+c¸d¸_%¬ôáʸ¾ñÄùÅdù†0gk…‹Câ]Fg\¿[¢FÎÏë·©ÉΜãZ‚„ƒðbċøèêH¶¡ŒÖ·	XW¬Q
\ No newline at end of file

secrets/rekeyed/teal/11d9d957b13608f13fb57001f76bcf3c-clicks.services.fava.credentials.truelayer_client_secret.age

diff --git a/secrets/rekeyed/teal/11d9d957b13608f13fb57001f76bcf3c-clicks.services.fava.credentials.truelayer_client_secret.age b/secrets/rekeyed/teal/11d9d957b13608f13fb57001f76bcf3c-clicks.services.fava.credentials.truelayer_client_secret.age
deleted file mode 100644
index 413bca4..0000000
--- a/secrets/rekeyed/teal/11d9d957b13608f13fb57001f76bcf3c-clicks.services.fava.credentials.truelayer_client_secret.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 BfRbTA COJ+xJVK7oXXPoZV5fldvF01MUo85Rpg7o0K3wEvHF0
-A5o0q3Z+zuVH0LV5zQ6xCmG3Yc9hdzyZYCZJb7kP1LQ
--> C%mJ4-grease l9
-a5FW55b7DxTahKbUK4d3tjnPQQ1O6WpDdyYaEXbpUVosXAj6Ghnkny/sq/ObdCUv
-VuEP2HymUjTgJbqwV6gjMPbN+6U/Ew8x6fPCtQvKmHaRdZKVbEzu2gq+0DA
---- fAy7k43PzFHKw0aRUwMQbY9lSh29jA9bfXkeJdxChDQ
-Þôdj×všá+¬±Ç֜6	+™ñ':š
¬Ô%ž¤J&W¢<ààÊÓxÕï	?!À¦¥Ô>@ö¢Ó Ps)ç¯K
\ No newline at end of file

secrets/rekeyed/teal/25168036ffa14e9d60c809ab19491686-9cc6921ad2cabe03ed9e9eaeeb5f86eb7fad88ce337dd175cf9a6dab0a1e6916.age

diff --git a/secrets/rekeyed/teal/25168036ffa14e9d60c809ab19491686-9cc6921ad2cabe03ed9e9eaeeb5f86eb7fad88ce337dd175cf9a6dab0a1e6916.age b/secrets/rekeyed/teal/25168036ffa14e9d60c809ab19491686-9cc6921ad2cabe03ed9e9eaeeb5f86eb7fad88ce337dd175cf9a6dab0a1e6916.age
new file mode 100644
index 0000000..022c2b2
--- /dev/null
+++ b/secrets/rekeyed/teal/25168036ffa14e9d60c809ab19491686-9cc6921ad2cabe03ed9e9eaeeb5f86eb7fad88ce337dd175cf9a6dab0a1e6916.age
Binary files differ

secrets/rekeyed/teal/25168036ffa14e9d60c809ab19491686-clicks.networking.tailscale.authKeyFile.age

diff --git a/secrets/rekeyed/teal/25168036ffa14e9d60c809ab19491686-clicks.networking.tailscale.authKeyFile.age b/secrets/rekeyed/teal/25168036ffa14e9d60c809ab19491686-clicks.networking.tailscale.authKeyFile.age
deleted file mode 100644
index fc078c7..0000000
--- a/secrets/rekeyed/teal/25168036ffa14e9d60c809ab19491686-clicks.networking.tailscale.authKeyFile.age
+++ /dev/null
Binary files differ

secrets/rekeyed/teal/46041cde522a863d67318a4f79e6edb2-4ff0a9f10b1f785426a18a32610b8eb23fb537695c6352a673d296cbba9f8d91.age

diff --git a/secrets/rekeyed/teal/46041cde522a863d67318a4f79e6edb2-4ff0a9f10b1f785426a18a32610b8eb23fb537695c6352a673d296cbba9f8d91.age b/secrets/rekeyed/teal/46041cde522a863d67318a4f79e6edb2-4ff0a9f10b1f785426a18a32610b8eb23fb537695c6352a673d296cbba9f8d91.age
new file mode 100644
index 0000000..cce464d
--- /dev/null
+++ b/secrets/rekeyed/teal/46041cde522a863d67318a4f79e6edb2-4ff0a9f10b1f785426a18a32610b8eb23fb537695c6352a673d296cbba9f8d91.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 BfRbTA klHQV5K9PWGr2HHUhE2pMB5ZFUUnyFoRVkTUDvTZGTU
+tDCvQFbIrAZldWvWtYXsQanS7xLgt3MT7QBRFY7s1UU
+-> q<ppk{F;-grease g>&;l1b
+rtYJff1tEUkj6Yd9MhDruZuzlGsuH4mtWeMIVJBE2gdk1SvQWL4QFu9XkMB9P6yU
+Pq1ZxwDxMSAD/Q
+--- YU+P2lOIdgX9EKiAD7qBFyg7No1XhcZQJIl4T/DWFhE
+0K²¶Ôòq¤©ë⾂œõ?Ô¶Üf`#j†nœþâÖnz=! v	ÑDÓ+c¦íÊû
\ No newline at end of file

secrets/rekeyed/teal/46041cde522a863d67318a4f79e6edb2-clicks.services.headscale.database_password_path.age

diff --git a/secrets/rekeyed/teal/46041cde522a863d67318a4f79e6edb2-clicks.services.headscale.database_password_path.age b/secrets/rekeyed/teal/46041cde522a863d67318a4f79e6edb2-clicks.services.headscale.database_password_path.age
deleted file mode 100644
index fc7569b..0000000
--- a/secrets/rekeyed/teal/46041cde522a863d67318a4f79e6edb2-clicks.services.headscale.database_password_path.age
+++ /dev/null
Binary files differ

secrets/rekeyed/teal/6af45862331f8b280a01e768b1736fc4-clicks.services.headscale.oidc.client_secret_path.age

diff --git a/secrets/rekeyed/teal/6af45862331f8b280a01e768b1736fc4-clicks.services.headscale.oidc.client_secret_path.age b/secrets/rekeyed/teal/6af45862331f8b280a01e768b1736fc4-clicks.services.headscale.oidc.client_secret_path.age
deleted file mode 100644
index ede49f5..0000000
--- a/secrets/rekeyed/teal/6af45862331f8b280a01e768b1736fc4-clicks.services.headscale.oidc.client_secret_path.age
+++ /dev/null
@@ -1,8 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 BfRbTA FzEL+Xaw+yFAZNdTtrpDr1j3fV3QAENHM9zbmykHtTg
-IEiyq2hbwYorxvb3rxwLj0RZrAFnATz63tOvG1nqXoA
--> tWj,IJ>N-grease
-wgJnIL2gnA9LaFebTsKncKeNo7b86lmPfpWRe3Mll8rESaifEJuKeetzlRieU2Je
-GL03hZVs836MEv9NU34rB3wIuCky+yTMHOq+cfk/a8EYxj+3fQ
---- Vu4jHUeusiQ9+XWSnDeiCYBFMeVVJQzmjMN3l/KOl2w
-,å&3ŸÜW1ì;à%ÔáqÂö(@ƒ]ñjâŠÞŽ·–-ؓ9na9¬
'1piáæ꣓D'Åú¶úûàמz£e
\ No newline at end of file

secrets/rekeyed/teal/6af45862331f8b280a01e768b1736fc4-fcc3a6ac8c8c9ee5a975be1170eab009f5fbf92b6839d90efd0b916196929a9d.age

diff --git a/secrets/rekeyed/teal/6af45862331f8b280a01e768b1736fc4-fcc3a6ac8c8c9ee5a975be1170eab009f5fbf92b6839d90efd0b916196929a9d.age b/secrets/rekeyed/teal/6af45862331f8b280a01e768b1736fc4-fcc3a6ac8c8c9ee5a975be1170eab009f5fbf92b6839d90efd0b916196929a9d.age
new file mode 100644
index 0000000..7e83cd6
--- /dev/null
+++ b/secrets/rekeyed/teal/6af45862331f8b280a01e768b1736fc4-fcc3a6ac8c8c9ee5a975be1170eab009f5fbf92b6839d90efd0b916196929a9d.age
Binary files differ

secrets/rekeyed/teal/77463521eace182e324bbe5a15d2e4ca-77bf5477059992e7f7b8734aa3711993f10216b7e5c1f358a8d5e86a4947fd4a.age

diff --git a/secrets/rekeyed/teal/77463521eace182e324bbe5a15d2e4ca-77bf5477059992e7f7b8734aa3711993f10216b7e5c1f358a8d5e86a4947fd4a.age b/secrets/rekeyed/teal/77463521eace182e324bbe5a15d2e4ca-77bf5477059992e7f7b8734aa3711993f10216b7e5c1f358a8d5e86a4947fd4a.age
new file mode 100644
index 0000000..f14672d
--- /dev/null
+++ b/secrets/rekeyed/teal/77463521eace182e324bbe5a15d2e4ca-77bf5477059992e7f7b8734aa3711993f10216b7e5c1f358a8d5e86a4947fd4a.age
Binary files differ

secrets/rekeyed/teal/77463521eace182e324bbe5a15d2e4ca-clicks.services.headscale.noise_private_key_path.age

diff --git a/secrets/rekeyed/teal/77463521eace182e324bbe5a15d2e4ca-clicks.services.headscale.noise_private_key_path.age b/secrets/rekeyed/teal/77463521eace182e324bbe5a15d2e4ca-clicks.services.headscale.noise_private_key_path.age
deleted file mode 100644
index f719687..0000000
--- a/secrets/rekeyed/teal/77463521eace182e324bbe5a15d2e4ca-clicks.services.headscale.noise_private_key_path.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 BfRbTA jawiGDhN98fuOhz7f+UXHTyCZQdbb+BT1vBsowuJOVA
-yCjkR8A9GEHPEO9kkXBpljXTMy0PIR8cbVz9oTCMXP8
--> *\J<1-grease
-KwZlxA
---- flducxiyeXeYWvX9YgJh5/PBLTu6Epdzkkau/YOMheM
-ØÓO;`s?¡tpt›ªQrؕyÔÁœÛW~)Ð`ßÅÝÚÒ
ë„üèFKŠbÚrkWbÓBwc{q[އ…oJa†ôI·š‘âj¿ÎDÉH%ô¡®ø«ù%Fn¨
\ No newline at end of file

secrets/rekeyed/teal/86966bd336d1cbac315b909759eb9039-0af0da187c81ba156aac3a5de7223501ba4606961e0b1f5e4f9e970d35d8c6bd.age

diff --git a/secrets/rekeyed/teal/86966bd336d1cbac315b909759eb9039-0af0da187c81ba156aac3a5de7223501ba4606961e0b1f5e4f9e970d35d8c6bd.age b/secrets/rekeyed/teal/86966bd336d1cbac315b909759eb9039-0af0da187c81ba156aac3a5de7223501ba4606961e0b1f5e4f9e970d35d8c6bd.age
new file mode 100644
index 0000000..df7a368
--- /dev/null
+++ b/secrets/rekeyed/teal/86966bd336d1cbac315b909759eb9039-0af0da187c81ba156aac3a5de7223501ba4606961e0b1f5e4f9e970d35d8c6bd.age
Binary files differ

secrets/rekeyed/teal/86966bd336d1cbac315b909759eb9039-clicks.security.acme.defaults.environmentFile.age

diff --git a/secrets/rekeyed/teal/86966bd336d1cbac315b909759eb9039-clicks.security.acme.defaults.environmentFile.age b/secrets/rekeyed/teal/86966bd336d1cbac315b909759eb9039-clicks.security.acme.defaults.environmentFile.age
deleted file mode 100644
index 88b5816..0000000
--- a/secrets/rekeyed/teal/86966bd336d1cbac315b909759eb9039-clicks.security.acme.defaults.environmentFile.age
+++ /dev/null
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 BfRbTA F3wDStnzHGo44nFGHzvwkzayXr0ACLaMgWJPruIXT0M
-Ii6WDkM/IQA8OUQHuMLo6orko+qOxreSpyeclrXs/Qw
--> a0v-grease :P.6 V) WO=JTd+
-0IKo7rm6uzGXXZFYdex5SzmE+l3c3YECTg5MY3XMx6worvbkLVPm4/zJTEoXTqUc
-VH8J64o
---- HdEFiENd3nYo4fQMvKxpr2+VHIdk42sSCdsiqB8pubs
-»
ñ̈–Í–¯j'Gç“n
-Äål/™àöe©šëÓrÒe׌›£‰`
 á[]Õ¬tSúû´öØæîz¥vF‡Û?–—ˆƒ»1Z‹4è®Ø‡Ö7Š8˅Ǭ{&Aî¸`
\ No newline at end of file