also auto-import group secrets

2023-09-03 14:55:53 +02:00
parent 2a9be18d31
commit 89cdbdd62a
8 changed files with 54 additions and 21 deletions
--- a/checks/secrets/default.nix
+++ b/checks/secrets/default.nix
@@ -5,13 +5,17 @@
    imports = [
      (self.nixosModules.clanCore)
    ];
-    environment.etc."secret".source = config.sops.secrets.foo.path;
+    environment.etc."secret".source = config.sops.secrets.secret.path;
+    environment.etc."group-secret".source = config.sops.secrets.group-secret.path;
    sops.age.keyFile = ./key.age;
+
    clanCore.clanDir = "${./.}";
    clanCore.machineName = "machine";
+
    networking.hostName = "machine";
  };
  testScript = ''
    machine.succeed("cat /etc/secret >&2")
+    machine.succeed("cat /etc/group-secret >&2")
  '';
 }
--- a/checks/secrets/sops/groups/group/machines/machine
+++ b/checks/secrets/sops/groups/group/machines/machine
--- a/checks/secrets/sops/secrets/group-secret/groups/group
+++ b/checks/secrets/sops/secrets/group-secret/groups/group
@@ -0,0 +1 @@
+../../../groups/group
--- a/checks/secrets/sops/secrets/group-secret/secret
+++ b/checks/secrets/sops/secrets/group-secret/secret
@@ -0,0 +1,20 @@
+{
+	"data": "ENC[AES256_GCM,data:FgF3,iv:QBbnqZ6405qmwGKhbolPr9iobngXt8rtfUwCBOnmwRA=,tag:7gqI1zLVnTkZ0xrNn/LEkA==,type:str]",
+	"sops": {
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age15x8u838dwqflr3t6csf4tlghxm4tx77y379ncqxav7y2n8qp7yzqgrwt00",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArMHcxKzhUZzNHQmQrb28x\nRC9UMlZMeDN3S1l1eHdUWmV4VUVReHhhQ0RnCjAyUXVlY1FmclVmL2lEdFZuTmll\nVENpa3AwbjlDck5zdGdHUTRnNEdEOUkKLS0tIER3ZlNMSVFnRElkRDcxajZnVmFl\nZThyYzcvYUUvaWJYUmlwQ3dsSDdjSjgK+tj34yBzrsIjm6V+T9wTgz5FdNGOR7I/\nVB4fh8meW0vi/PCK/rajC8NbqmK8qq/lwsF/JwfZKDSdG0FOJUB1AA==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2023-09-03T12:44:56Z",
+		"mac": "ENC[AES256_GCM,data:d5a0WfE5ZRLKF1NZkBfOl+cVI8ZZHd2rC+qX/giALjyrzk09rLxBeY4lO827GFfMmVy/oC7ceH9pjv2O7ibUiQtcbGIQVBg/WP+dVn8fRMWtF0jpv9BhYTutkVk3kiddqPGhp3mpwvls2ot5jtCRczTPk3JSxN3B1JSJCmj9GfQ=,iv:YmlkTYFNUaFRWozO8+OpEVKaSQmh+N9zpatwUNMPNyw=,tag:mEGQ4tdo82qlhKWalQuufg==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.7.3"
+	}
+}
--- a/checks/secrets/sops/secrets/secret/machines/machine
+++ b/checks/secrets/sops/secrets/secret/machines/machine
@@ -0,0 +1 @@
+../../../machines/machine
--- a/checks/secrets/sops/secrets/secret/secret
+++ b/checks/secrets/sops/secrets/secret/secret
--- a/checks/secrets/sops/secrets/secret/users/admin
+++ b/checks/secrets/sops/secrets/secret/users/admin