From b521cb1e7204ff90a8539b3c9abba33685213f2f Mon Sep 17 00:00:00 2001
From: Clara Dautermann <git@cdaut.de>
Date: Tue, 15 Apr 2025 19:01:08 +0200
Subject: [PATCH] sops for initial user password

---
 .sops.yaml                       |  4 +-
 configs/services/vaultwarden.nix |  8 ++--
 secrets/all/secrets.yaml         | 65 ++++++++++++++++++--------------
 3 files changed, 43 insertions(+), 34 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml
index 1aeae1d..0acce9b 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -4,8 +4,8 @@ keys:
 
   # Servers
   - &wireguard age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
-  - &mcserver age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h
-  - &zammad age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
+  - &mcserver  age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h
+  - &zammad    age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
 
 creation_rules:
   - path_regex: secrets\/all\/*
diff --git a/configs/services/vaultwarden.nix b/configs/services/vaultwarden.nix
index 56b6789..bc793a3 100644
--- a/configs/services/vaultwarden.nix
+++ b/configs/services/vaultwarden.nix
@@ -10,8 +10,8 @@ in
       ROCKET_ADDRESS = "192.168.178.51";
       DOMAIN = "http://192.168.178.51";
       ROCKET_PORT = port;
-      ADMIN_TOKEN = 
+      ADMIN_TOKEN =
+        };
     };
-  };
-  networking.firewall.allowedTCPPorts = [ port ];
-}
+    networking.firewall.allowedTCPPorts = [ port ];
+  }
diff --git a/secrets/all/secrets.yaml b/secrets/all/secrets.yaml
index c1acf30..6da2253 100644
--- a/secrets/all/secrets.yaml
+++ b/secrets/all/secrets.yaml
@@ -1,45 +1,54 @@
-initial_password_clara: ENC[AES256_GCM,data:9qq2u05PsDWBOSAKY/DslqyXxTpuy4OyRD8zJ2EmbvBFnafVuEVgn/U8QXkXIGrMWqXiDhee9hdKuai4VcQRxGkJFAC7HgteLw==,iv:WSgs0m60C7sSezKFFRq7O/LDWKl2zf4OMT3mEx+eX2Y=,tag:LAxjKNND3Ah0qMNKzmTfmQ==,type:str]
+initial_password_clara: ENC[AES256_GCM,data:4kTSXy5f6h/crmOOako0puZyxyeitqjSBKxB987Oh3ZatUy0aR+JwEFNVMGwu4nA1xJOrPyKsa1AUBoRY21mpiqX1oZnPChe+w==,iv:inA7Hnnl7rFR0ORTO7rvZJr+IfvoIP+kvlbnTJwLKFk=,tag:1nIJTuwJNhvId+YO4KgIjA==,type:str]
 sops:
     age:
         - recipient: age12d8mxwnt0a7gl4uu0uwdqaxuqdf5j7zm50qy5qrhj0kd4ny7luaqv7rj4e
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvSHg4SmxHTGFVbm82VDFY
-            TG0ybDRWc1FRR3VLL1A1dk5jcWJzSmFRbFVZCk5lK2NjOTd5UGovVFZPNmwzZld0
-            cEIzTXRBbE5TRUxWbk5NZFZZbkwvazgKLS0tIFN6aHpTZlM4N1Z0dkFZWVBERHEw
-            bjhTUXlFYS92aFpyc2E5NVF3T3JJZ0EK/212uZn6pEmHyIAxef/RZF2XeYbQk0W+
-            PDdnOxO4hizczMjxkI7soMQJm+rn8E+yvv1RqXPCn2iMoZ6XMs7lxw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cWVDWmx5d3c4MWk4Q1lB
+            RDBveHR0NGpnTkVxNTJ3S01iaHZTMmJZM25BCklxcDZjbWJReHl3TWxaMVFQUzh2
+            TEt0WTlEbG1jL3NJWituWXVjckc1aUEKLS0tIFVaSllUTDZ1cGFuWkNOSWx1TzlL
+            NGF5cjN4bUxTeHgrM3BJWVF6ZjhudU0KeUkn4/R2kfrLZsAqE8+kiYi1L92U44oT
+            iQLYfEFVWJW404RsyHrU2hn348g6M5LXICqO5zgN9GeKgIyXRWqBPQ==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1v98yggaarelrp7z8rljzpf3gm70up4q8460trejmptdpv7gjucrqssjz9h
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySkhJeTdyV0UzbEphV28x
-            aGRWNHAwalN5dEhuTy9NZUIyVGtFOHNpeFNnCm1rZTdrSHcwWGdwVU91WTVwUlIr
-            Z2JWSmtSVGp5akY4a0orWWt4ZkptNGcKLS0tIE9YSzVHS05HbjM0VUI3aGNyVDlo
-            MEc3TmdYd3dUTThIcG5nZmRWQ2RRVzAKWI/c5xcj0bNLUmYFIMuY+gOtmPCpd3Be
-            5tFaJ+Dv6q4sT4OS4YxDUyVqoXXrPh3ZBjgVxuiXDSMq884BpJXx/Q==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ3FtekQ1K3JOZjB2bVVu
+            MGhER3h4RjVVYUx1RW54aXc0Q2JIdFVzR0VFCkRJbkVoNVlSTkJQaTNYNFQ4ak10
+            ZDdmN1o2U2t4dnJPcXNaSW4xU1J5SUEKLS0tIGVTUXNWOSsrbUxXWENSRWVDSys3
+            UUhENFp4amR5Mzh6ZWxEdjNBSmRZL2MKlMtaMFXYjrRaUBP41prBwrYS6Avqyy2d
+            aHoU85HdRsfYVu9PC8zjsSSeDrBvL6ByIpA9KpO5yeU8RxvHZOPFqQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-04-15T16:44:33Z"
-    mac: ENC[AES256_GCM,data:T8IyZVfFNwapxymfsdaZoyeGq4cmk4otIuCfbZiRqF6NTJgRw3aIDmNmsT7ZMiyEzCrtpKue92HBA/yLdV+bkZqM+yBWKYM9Wu04nMhJgt5AmpXt0KfS9ISJlsLxuNMZBgSIxoMfndKakz+MW+wGomN7Of8UwQnNNqxH08O3Bh0=,iv:Vj+nlKh/lNxpJdI7WEYENqz4jVbtBErtRs3hutc4DZg=,tag:HRvnPQMyZS/cioj9b1IICw==,type:str]
+        - recipient: age14ukkn4plvnjacvjux929qwpeynxk4cfxw285vlwddqakm43kfyysfdg02c
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwelB5Y21GdjA0a0JObTIx
+            b0Voc1Q2cDFLODdFY0k4bXBTdHplWmpFSGkwCisrRG1XenZQWTlNYTBTVnhZVGxt
+            QzFycWRhRHV3b0xaaUM4QXFnc0dnWTgKLS0tIHkwa2hUQnptejlndDcyZ2lIWERq
+            ZUZVNjJ2L3dUdDBVZ0NXMzBXTXZVaE0KhG/hY232TkDRcAeQOBthQNZRzEryAcB6
+            YiAGzA7LrZvDsDllYZ6riqmts9rZYZhk7N2CQ6hVVJ/p6X6Z3qfMwg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-04-15T17:00:20Z"
+    mac: ENC[AES256_GCM,data:v1UKMevNh/Om1dULmGOADsD6wQ0nhTsMtwT0qqDxtqdgBpmk2vD5VU732ZgQjornPc4ZeCgbfpFK16EVtx9gbwPLRQbgeh8I6BoqcpNkHkZnvGV4hpH2xKeRqOYvSg1ed1j7INLctt1q2O5bHC3ASmidP0zZoqLvgurwTP4t9Zo=,iv:4ji3Ob5mzS6qVWkKce66wZRfASXQi0MSC4m4f1HQlbw=,tag:gSDj3CQTp0NNrexKFxzAmQ==,type:str]
     pgp:
-        - created_at: "2025-04-15T16:29:51Z"
+        - created_at: "2025-04-15T17:00:11Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMAzwtBoBqH5ZOARAAkltkqMBtbtRrttiKUfZVRy/JxzND/LeAVtbB+NsHrIA0
-            CRW4MizreJgAGiuRgkUMWq5QhYbADIrH4UpUJQb0fCfsc0rYcsY40rY1XsGokL/e
-            ABipOkXTt78oMzp7LsAsG+jf2WI+n/BJUmjvvEeyS6x0Z7xXYQ7iYx6ZJYg5W265
-            fW6nxqH3L98GYDlGZ9TQUe2WfGZGtzthVtSx0fTr3z9QC8xsSMsyhLwwOsXjskOJ
-            S6JTAaHyqKGqkECBcV0jGVGH639CHj2QAjJyPjqCmyD9SD2H7oYXVHqsGIUwWyDC
-            p+Ya1YEEdt6twaAb9nw2i53+5fv5Cpok3auk27U8M/S/KOxtH5jbZuUFToHTqMDh
-            P7fXEi4AjuiQF2DuiDL5/4HiUcvKiT86MgdJDwpIbdHqdUrGrT8WYvlApYXBg1EH
-            adN4brPX0BJ/mWFvQl8eGGHnohxuQo9cf7UzWlxAb3jo+pAZHkjAxy8WpCbmdDKQ
-            +2lPXbyXQ0zu0tOdAtUjOVXCOrkPWro+bABw9Q27/Y+apkO4dW2ssGGm/qrm6l6X
-            qzAlzqrG98A66OuuKfaAy99qZflZ1oz+lpeCMaHG5AaLt0XZbE3XPUA/qHOD7WzT
-            1MWvtisUUg3StCkHSbiOv6JZ9Ta2Ng2mlfdCqs7iHCNU05Fgtuj0BVgW/UxFqDTS
-            XgEeus2+EyHN5NVZWPD2zuAM3QJFQ/fpFRx3msP2cr7kueOa6e2Lt+EzkgMsEHm5
-            5OhzLsM+pCWIuZc7+fgGU64BKtFneBMO74TE4fgX204/lEFT3fuQfXFDv4TbK2s=
-            =etKI
+            hQIMAzwtBoBqH5ZOAQ/+Ph75DuL7rX4Wt+dXW8Gcc4ov2dZSaWKVpVngPrj6YvFu
+            1PNAyglOenNTL4zP8g5Xcns4DkbQTRK0+g5HA8UtdpNB/CXNYXWVvzVIx/z2734p
+            d6QdN003s9b/1y1M/foSHXVdxYfq5OvNYMMukAS/ETAlF8bG/5IWQhGiYsCBaK+2
+            Mizr1OSp/XLecJlGuf/2gMfzt6KSeYHe2wcxFntm2HpQgNmmHmCkb6dLTYwOABGH
+            pOKDBBl530dZOx9DM+XXthsMYvplvvUCSC1w7kLivt1H/F+gwqG+zwyQrKra8Fka
+            2+o82eehzQSUzbEQvu9wz7QAmo0uc3vlF9xj3yRSHpmbRxRyVd88i3XlEDXiz9lH
+            9G15PdU5XFUCpp6o+qBMpip8n5tvy6+6E/0r6QD74VS3Ha80mLd8jRWdLmehiJYf
+            FyT9r1XhFemRaPEBVCSWRt2Y6vvBe7x92ed+dIXG1sqcXJBAONs1O8FPCKjgrAfW
+            QPe0nrXVSYCbvldGS1Wx9ASknc/FU25IJydRcuq9NVd4rylK3C5WjnzLSJmDzkda
+            +xoCTmwdGAEGqJPrcC3GQrot/sZFK6Gz1ZQ03miABi+Agrr5Eh1bQzgh7e4YoUiL
+            y89DzlqTWXEvdNS4k0ps1mKg32zzkUkeIl8wiX0e9uil8OHQnL+rcqPe9NN05jDS
+            XgEi6DfmK0Hh6aYjeJMxKtRKYOQuSheRcrUFCfdr1AjXrWfGjjXX1cbfFU+O45tV
+            zhps4J5zhcCgPHNN2eWOE3DKMj4CT5x/ZXKFWSxbFcKNKy7hyVI/DR+i5urKVrA=
+            =UyZz
             -----END PGP MESSAGE-----
           fp: 58EF8D71114EF548DEE3320DE6F04916B6EEBD83
     unencrypted_suffix: _unencrypted