From 57aa5b774a0300f009c7056db828897e3c174c60 Mon Sep 17 00:00:00 2001 From: kurogeek Date: Tue, 16 Jun 2026 15:11:51 +0700 Subject: [PATCH] mob next [ci-skip] [ci skip] [skip ci] lastFile:vars/per-machine/vega/yggdrasil/privateKey/secret --- .nixos-test-history | 3 + inventories/default.nix | 67 ++++++++++ machines/rigel/configuration.nix | 10 ++ modules/clan/prometheus/README.md | 0 modules/clan/prometheus/default.nix | 123 ++++++++++++++++++ modules/clan/prometheus/flake-module.nix | 19 +++ modules/clan/prometheus/tests/vm/default.nix | 74 +++++++++++ .../tests/vm/sops/machines/nodeA/key.json | 6 + .../tests/vm/sops/machines/server/key.json | 6 + .../vm/sops/secrets/nodeA-age.key/secret | 14 ++ .../vm/sops/secrets/nodeA-age.key/users/admin | 1 + .../vm/sops/secrets/server-age.key/secret | 14 ++ .../sops/secrets/server-age.key/users/admin | 1 + .../tests/vm/sops/users/admin/key.json | 4 + .../nodeA/state-version/version/value | 1 + .../per-machine/nodeA/yggdrasil/address/value | 1 + .../nodeA/yggdrasil/privateKey/machines/nodeA | 1 + .../nodeA/yggdrasil/privateKey/secret | 18 +++ .../nodeA/yggdrasil/privateKey/users/admin | 1 + .../nodeA/yggdrasil/publicKey/value | 1 + .../server/state-version/version/value | 1 + .../server/yggdrasil/address/value | 1 + .../yggdrasil/privateKey/machines/server | 1 + .../server/yggdrasil/privateKey/secret | 18 +++ .../server/yggdrasil/privateKey/users/admin | 1 + .../server/yggdrasil/publicKey/value | 1 + .../rigel/prometheus/envFile/groups/admins | 1 + .../rigel/prometheus/envFile/machines/rigel | 1 + .../rigel/prometheus/envFile/secret | 46 +++++++ .../rigel/prometheus/envFile/users/kurogeek | 1 + vars/per-machine/vega/yggdrasil/address/value | 1 + .../vega/yggdrasil/privateKey/groups/admins | 1 + .../vega/yggdrasil/privateKey/machines/vega | 1 + .../vega/yggdrasil/privateKey/secret | 50 +++++++ .../vega/yggdrasil/privateKey/users/kurogeek | 1 + .../vega/yggdrasil/publicKey/value | 1 + 36 files changed, 492 insertions(+) create mode 100644 .nixos-test-history create mode 100644 modules/clan/prometheus/README.md create mode 100644 modules/clan/prometheus/default.nix create mode 100644 modules/clan/prometheus/flake-module.nix create mode 100644 modules/clan/prometheus/tests/vm/default.nix create mode 100755 modules/clan/prometheus/tests/vm/sops/machines/nodeA/key.json create mode 100755 modules/clan/prometheus/tests/vm/sops/machines/server/key.json create mode 100644 modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/secret create mode 120000 modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/users/admin create mode 100644 modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/secret create mode 120000 modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/users/admin create mode 100644 modules/clan/prometheus/tests/vm/sops/users/admin/key.json create mode 100644 modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/state-version/version/value create mode 100644 modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/address/value create mode 120000 modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/machines/nodeA create mode 100644 modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/secret create mode 120000 modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/users/admin create mode 100644 modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/publicKey/value create mode 100644 modules/clan/prometheus/tests/vm/vars/per-machine/server/state-version/version/value create mode 100644 modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/address/value create mode 120000 modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/machines/server create mode 100644 modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/secret create mode 120000 modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/users/admin create mode 100644 modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/publicKey/value create mode 120000 vars/per-machine/rigel/prometheus/envFile/groups/admins create mode 120000 vars/per-machine/rigel/prometheus/envFile/machines/rigel create mode 100644 vars/per-machine/rigel/prometheus/envFile/secret create mode 120000 vars/per-machine/rigel/prometheus/envFile/users/kurogeek create mode 100644 vars/per-machine/vega/yggdrasil/address/value create mode 120000 vars/per-machine/vega/yggdrasil/privateKey/groups/admins create mode 120000 vars/per-machine/vega/yggdrasil/privateKey/machines/vega create mode 100644 vars/per-machine/vega/yggdrasil/privateKey/secret create mode 120000 vars/per-machine/vega/yggdrasil/privateKey/users/kurogeek create mode 100644 vars/per-machine/vega/yggdrasil/publicKey/value diff --git a/.nixos-test-history b/.nixos-test-history new file mode 100644 index 0000000..76e0a96 --- /dev/null +++ b/.nixos-test-history @@ -0,0 +1,3 @@ + +# 2026-06-05 17:00:31.237121 ++start_all() diff --git a/inventories/default.nix b/inventories/default.nix index d4c3d19..312e231 100644 --- a/inventories/default.nix +++ b/inventories/default.nix @@ -39,6 +39,8 @@ "hadar" "procyon" "alasia" + "rigel" + "vega" ]; }; @@ -311,6 +313,71 @@ ''; }; }; + + prometheus-monitoring = { + module = { + name = "prometheus"; + input = "self"; + }; + roles.server.machines."rigel".settings = { + }; + roles.server.extraModules = [ + { + services.prometheus = { + rules = [ + (builtins.toJSON { + groups = [ + { + name = "default"; + rules = [ + { + alert = "test"; + expr = ''up{instance!~"(nerr-.*|theatnerr-.*)",job!~"lab-.*|snmp-.*"} == 1''; + for = "1m"; + annotations.summary = "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes."; + } + ]; + } + ]; + }) + ]; + alertmanager = { + enable = true; + configuration = { + global = { + resolve_timeout = "5m"; + }; + route.receiver = "uptime-kuma"; + receivers = [ + { + name = "uptime-kuma"; + webhook_configs = [ + { + url = "https://uptime.b4l.co.th/api/push/$${KUMA_TOKEN}?status=up&msg=OK&ping="; + send_resolved = true; + } + ]; + } + ]; + }; + }; + alertmanagers = [ + { + scheme = "http"; + path_prefix = "/"; + static_configs = [ { targets = [ "localhost:9093" ]; } ]; + } + ]; + }; + } + ]; + + roles.nodes.machines = { + vega.settings = { + exporters.smartctl = { }; + }; + }; + }; }; }; }; diff --git a/machines/rigel/configuration.nix b/machines/rigel/configuration.nix index 973f8a6..2dbbc8d 100644 --- a/machines/rigel/configuration.nix +++ b/machines/rigel/configuration.nix @@ -4,4 +4,14 @@ clan.core.sops.defaultGroups = [ "admins" ]; clan.core.settings.machine.description = "Zima board computer for testing in B4L"; + + clan.core.vars.generators.prometheus = { + files.envFile.secret = true; + script = '' + echo "" > $out/envFile + ''; + }; + services.prometheus.alertmanager.environmentFile = + config.clan.core.vars.generators.prometheus.files.envFile.path; + } diff --git a/modules/clan/prometheus/README.md b/modules/clan/prometheus/README.md new file mode 100644 index 0000000..e69de29 diff --git a/modules/clan/prometheus/default.nix b/modules/clan/prometheus/default.nix new file mode 100644 index 0000000..920ff24 --- /dev/null +++ b/modules/clan/prometheus/default.nix @@ -0,0 +1,123 @@ +{ clanLib, ... }: +{ + _class = "clan.service"; + manifest.name = "prometheus"; + manifest.description = "The Prometheus monitoring system and time series database."; + manifest.readme = builtins.readFile ./README.md; + manifest.categories = [ "System" ]; + + roles.server = { + description = "Prometheus server that scraps all data from nodes"; + + interface = + { lib, ... }: + { + options = { + scrape_interval = lib.mkOption { + type = with lib.types; nullOr str; + default = "5m"; + description = "How often to scrape targets. Default is 5 minutes"; + }; + }; + }; + + perInstance = + { + settings, + roles, + ... + }: + { + nixosModule = + { + config, + lib, + ... + }: + let + getYggdrasilIP = + machineName: + if config.clan.core.vars.generators.yggdrasil.files.address ? value then + clanLib.getPublicValue { + flake = config.clan.core.settings.directory; + machine = machineName; + generator = "yggdrasil"; + file = "address"; + default = null; + } + else + throw "clanService/yggdrasil is required"; + in + { + networking.firewall.allowedTCPPorts = [ + 9090 + ]; + services.prometheus = { + enable = true; + + globalConfig = { + scrape_interval = settings.scrape_interval; + }; + + scrapeConfigs = lib.mapAttrsToList (machineName: machineVal: { + tls_config.insecure_skip_verify = true; + job_name = "${machineName}"; + static_configs = lib.mapAttrsToList ( + exporterName: exporterVal: + let + targetPort = + if exporterVal ? port then + exporterVal.port + else + config.services.prometheus.exporters."${exporterName}".port; + targetHost = getYggdrasilIP machineName; + in + { + targets = [ "[${targetHost}]:${lib.toString targetPort}" ]; + } + ) machineVal.settings.exporters; + }) roles.nodes.machines; + + }; + + }; + }; + }; + + roles.nodes = { + description = "A node will expose metrics for server to harvest"; + + interface = + { lib, ... }: + { + options = { + exporters = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { }); + default = { }; + description = "Mirror of services.prometheus.exporters"; + }; + }; + }; + + perInstance = + { settings, ... }: + let + enabledExporters = builtins.mapAttrs ( + name: value: + value + // { + enable = true; + openFirewall = true; + } + ) settings.exporters; + in + { + nixosModule = + { ... }: + { + services.prometheus.exporters = enabledExporters; + }; + }; + }; + +} diff --git a/modules/clan/prometheus/flake-module.nix b/modules/clan/prometheus/flake-module.nix new file mode 100644 index 0000000..464121a --- /dev/null +++ b/modules/clan/prometheus/flake-module.nix @@ -0,0 +1,19 @@ +{ self, inputs, ... }: +let + module = ./default.nix; +in +{ + clan.modules = { + prometheus = module; + }; + perSystem = + { ... }: + { + clan.nixosTests.service-prometheus = { + imports = [ ./tests/vm/default.nix ]; + _module.args = { inherit self inputs; }; + + clan.modules."@clan/prometheus" = module; + }; + }; +} diff --git a/modules/clan/prometheus/tests/vm/default.nix b/modules/clan/prometheus/tests/vm/default.nix new file mode 100644 index 0000000..ca828ee --- /dev/null +++ b/modules/clan/prometheus/tests/vm/default.nix @@ -0,0 +1,74 @@ +{ + self, + hostPkgs, + config, + lib, + ... +}: +{ + name = "service-prometheus"; + result.update-vars = + let + relativeDir = lib.removePrefix "${self}/" (toString config.clan.directory); + in + hostPkgs.writeShellScriptBin "update-vars" '' + set -x + export PRJ_ROOT=$(git rev-parse --show-toplevel) + ${ + self.inputs.clan-core.packages.${hostPkgs.system}.clan-cli + }/bin/clan-generate-test-vars $PRJ_ROOT/${relativeDir} ${config.name} + ''; + + clan = { + test.useContainers = false; + directory = ./.; + inventory = { + machines.server = { }; + machines.nodeA = { }; + + instances = { + yggdrasil = { + module.name = "yggdrasil"; + roles.default.machines.server = { }; + roles.default.machines.nodeA = { }; + }; + + prometheus = { + module.name = "@clan/prometheus"; + module.input = "self"; + roles.nodes.machines."nodeA".settings = { + exporters.smartctl = { }; + }; + roles.server.machines."server".settings = { }; + }; + }; + }; + }; + + nodes = { + server = { }; + nodeA = { }; + }; + + testScript = + { nodes, ... }: + '' + start_all() + + server.wait_for_unit("prometheus.service") + + nodeA.wait_for_unit("prometheus-smartctl-exporter.service") + nodeA.wait_for_open_port(9633) + + nodeA.succeed("systemctl status prometheus-smartctl-exporter.service") + nodeA.succeed("curl http://localhost:9633/metrics") + + + server_ip = server.succeed("ip -4 addr show eth1 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'").strip() + nodeA_ip = nodeA.succeed("ip -4 addr show eth1 | grep -oP '(?<=inet\s)\d+(\.\d+){3}'").strip() + + server.succeed(f"ping -c 3 {nodeA_ip}") + server.succeed(f"curl -v http://{nodeA_ip}:9633/metrics") + + ''; +} diff --git a/modules/clan/prometheus/tests/vm/sops/machines/nodeA/key.json b/modules/clan/prometheus/tests/vm/sops/machines/nodeA/key.json new file mode 100755 index 0000000..de7c015 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/machines/nodeA/key.json @@ -0,0 +1,6 @@ +[ + { + "publickey": "age1kxsp8pa8am6k333nxs4akjqkhht8gspznmlqz4pxn35h5dj4uv5qj6q6fl", + "type": "age" + } +] \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/sops/machines/server/key.json b/modules/clan/prometheus/tests/vm/sops/machines/server/key.json new file mode 100755 index 0000000..48a7173 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/machines/server/key.json @@ -0,0 +1,6 @@ +[ + { + "publickey": "age1dkrf438z3337d2qnc7ugkggua99xkh55wuf9zgun35fjrxdpnf5qkg4z6j", + "type": "age" + } +] \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/secret b/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/secret new file mode 100644 index 0000000..830e53f --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:Z8I3ecNV2N2jed1sPBU+tI5r5qB2nVTO7aNyMxvp0ztujn8kXjw+thSvLGtRygL2V9rSmPJalHQf1IYUriXgCmYtfg5InPDCAqk=,iv:O4rSyg2G6PJWHURZ/BTBKmn1AVekbNBdg5137sOPL/U=,tag:4/CLfO50laZ8ljWkr6o4qA==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTSWxnekYvREdZMTBMVlRq\nRmtCemFYZDhLYU93azc5czdoTVUydFFUL1JzCmo4ZHlrNi8yeW15N2JxTytWeCtk\nbjRwWUVlazUwTlMwc1RZVU8xYlVlckEKLS0tIFVPeU5KMVFwdExFT0wzeXZka2Jo\nSmxEM2RPTWdoZXJxK0dpemUzVkNzdGcKfXdiSeAcNwEZi7kh9c89ss5K+dYG0lhq\nFsf2I0A1csxqqnYJqXPmwlVGMzuWDrWRU0uc+hQLndP3TbadVux64w==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" + } + ], + "lastmodified": "2026-06-11T07:43:55Z", + "mac": "ENC[AES256_GCM,data:OCPR2tkbN72MdaczO47UNCJBb1KjABHQH9q7dtVEwoAhKg4QWFtsDaMwBTVE9qe48nlaWQbxT1mM7uztm6RXLkc5y2c3danPUYFj/FK/ffqpaxv3oReyxWqMoGayT23kFbB0TWEx1K8Jp3gOkwCPg+ZRClvhV1dXrfnwIwZHrBY=,iv:3puPIWFIxRF1KtrmyG54LqCc7Zg4/AOMD65QjYdN970=,tag:RoIVltMKw7WUvgW6sNk6mA==,type:str]", + "version": "3.13.0" + } +} diff --git a/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/users/admin b/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/users/admin new file mode 120000 index 0000000..9e21a99 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/secrets/nodeA-age.key/users/admin @@ -0,0 +1 @@ +../../../users/admin \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/secret b/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/secret new file mode 100644 index 0000000..533b790 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/secret @@ -0,0 +1,14 @@ +{ + "data": "ENC[AES256_GCM,data:Nuq6ege3HJOxpRgA6fnxdD2Wj+KCw+3PaJCxmZirJl3mkRVLnZgUUhr+gOVEup9Ifjl1ZnP+PqV7b9pPR/WQg0LARYtxIC1QGJ8=,iv:v9p9lsefP5V9McAJCzS7v9sl8XHr9/hAL41XwFbwMOA=,tag:ETK+CFFJAAzGTpowQNAZMQ==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArN0NEWFZoZWlyeUtZc3hi\ndnVNcHl4eVVHckRLeFhPYUt4a3BwMElFMVZZCklkU1NEWVVmSGw1NmJmWWkrVHFH\nVTN5U0x3NXdiQUJCc095TElzMWZCMXMKLS0tIHRXQkJNREFYUFFvMXM1Sk53VW5z\naTRjMXozZXZiNU8zSkF5d2hhdklBY1EKWwsPi6YiHKFfAyqWH2u75hw47gzcQOz/\n95Im0FgadhqGDCeZhTDfEAc4b1VWQULInsjeRapzf5OJOwekbz6guA==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" + } + ], + "lastmodified": "2026-06-11T07:45:26Z", + "mac": "ENC[AES256_GCM,data:mTKFSBFnUzu3rldQCHPZHoyzDdwPzBWPIAhemC1XyG5PiQ/OczStjYaLzZQGCpPvOjBb5Ntqrc+dnaOedZgKlOdaPjZs1U2ZDWadoeWQ2TAKWYA6+kN7PXomsxtHhntiaujMy3502eh06VyiutpVuCdzK2cfEwuno8nyIcHgtXk=,iv:/5DRvFVDQA+yd8m/+Cyxb+aIsfwoaFcV6KRQ/7ISHnU=,tag:z31P6CL0NNRlQThqwapVNA==,type:str]", + "version": "3.13.0" + } +} diff --git a/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/users/admin b/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/users/admin new file mode 120000 index 0000000..9e21a99 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/secrets/server-age.key/users/admin @@ -0,0 +1 @@ +../../../users/admin \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/sops/users/admin/key.json b/modules/clan/prometheus/tests/vm/sops/users/admin/key.json new file mode 100644 index 0000000..e408aa9 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/sops/users/admin/key.json @@ -0,0 +1,4 @@ +{ + "publickey": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg", + "type": "age" +} diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/state-version/version/value b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/state-version/version/value new file mode 100644 index 0000000..5d86a5f --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/state-version/version/value @@ -0,0 +1 @@ +26.05 \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/address/value b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/address/value new file mode 100644 index 0000000..c3b7175 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/address/value @@ -0,0 +1 @@ +204:b10b:6057:4bbe:2b44:fc58:c6fd:90ad \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/machines/nodeA b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/machines/nodeA new file mode 120000 index 0000000..7982851 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/machines/nodeA @@ -0,0 +1 @@ +../../../../../../sops/machines/nodeA \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/secret b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/secret new file mode 100644 index 0000000..422a39d --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:JkuciSmL5nmSjcYn22W7iHKzuRxWMJ5dixYllm0aSM7DsyAp9mQzIYJJmalepp7sEhSJ5As3vQW6ZpOQ3G8ZheG06++1GlM8lvVV2FKmYvKHQpI+V7WyUJl7dpfu+5A6BzWES0GbC1g8l/a8sb/+jjEoqUTAj/4=,iv:tehdHsdm2uSRAAzImHhwBSnSBF6lzjLzF9HIPnoi9s0=,tag:dWnQhAiJeCkcssjko+dUpw==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVmRSR2xDNmdPYW5MNUVH\nYWVpaTc0TjdOZFBTSEJDL1Z3VG9vVHkrZUFjCklUMUU1bnVmZFJYbzVPd09oZm1U\nNHY0R1hNQnBBc2V4Y2RWQ1ZZRjdOK0kKLS0tIEJkSWFaTDJzMDNJR3QwQzRVdld4\ndDA5ZmZSeTYyVUE5Y1Z1T1l5QmpHRTQKSaN+MIazA8RXhRSyFSkDTyXEp43COpbf\nXOzAhTXja+ut/akUuKadDS4xycZ+ZXAreVmdsF4SWvwZkmPeew+hKQ==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1kxsp8pa8am6k333nxs4akjqkhht8gspznmlqz4pxn35h5dj4uv5qj6q6fl" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMNmZkTHlaRWl1V3UvcGxk\nR0hhL1lNekNzb0REaEc4bitBZkcwYmRDb2hjCnloQTZUL3ZneWZQZk9NTEc1bGNB\nY3ljdFRMMUhLeDdyblhVY3lSOFBXc1UKLS0tIEJUc1ZpQmtuNlRUUEVmajY5TGdP\ncSs2RkZXcnJYRlEvcEtYSWxIWmkrVEkKgQnfxuZuxl1OpZDUPVuqseSN89WnBGFw\nx2PI3cqN67R2tV/FEjOZo+GFgxW93SYdMvxzg2aG2q/7xOQxfj9sjg==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" + } + ], + "lastmodified": "2026-06-11T07:44:25Z", + "mac": "ENC[AES256_GCM,data:gRk1t7xFxXSTUcZQw0DCH3QtRnQJF4Mc4kZeeckhuQdc/VATj+cq+ugicrcGJWbbXzAscQLG6g72+Qiane5nFfzmjNoO6JMe181wm7pY/5St+2MjXZEzwAaYjn6ZAm+U7aiUVcp8RBjFIL9HCvBF8qFl7rqqTvYHnTOU0V6TIIo=,iv:eUvZFDKl8PX5QaQPmwJXaokawQMNP0TGOklTAMgB/sg=,tag:3cHICox8bKWkPKMUgvLuXA==,type:str]", + "version": "3.13.0" + } +} diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/users/admin b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/privateKey/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/publicKey/value b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/publicKey/value new file mode 100644 index 0000000..11e51c0 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/nodeA/yggdrasil/publicKey/value @@ -0,0 +1 @@ +0a77a4fd45a20ea5d81d39c8137a97dd4988c692ce4263959559b8c3f966c1de \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/state-version/version/value b/modules/clan/prometheus/tests/vm/vars/per-machine/server/state-version/version/value new file mode 100644 index 0000000..5d86a5f --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/state-version/version/value @@ -0,0 +1 @@ +26.05 \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/address/value b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/address/value new file mode 100644 index 0000000..1c021d4 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/address/value @@ -0,0 +1 @@ +202:8a70:e215:f822:c67a:f191:b04a:a8f \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/machines/server b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/machines/server new file mode 120000 index 0000000..2bd819e --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/machines/server @@ -0,0 +1 @@ +../../../../../../sops/machines/server \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/secret b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/secret new file mode 100644 index 0000000..f773556 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/secret @@ -0,0 +1,18 @@ +{ + "data": "ENC[AES256_GCM,data:JcxiDqZDX3J3ooSeN0pQ28uvI86mtHUf2BEcOQdFIDhJZODGCc+BhZvBQmu2mabV8Jf4skrTWqD+60c1fkRcsM+MMXfoyNsrRyQ2K39mG4kl8jJKVKDs+BqXa+CvZ96kesOMgi9vdc3YUKo5cCLY4bQ9VwymqH8=,iv:W3z8Pbyo2IMzkxI4k14FlirLa28qgZ3rnTAWuusiw/0=,tag:EQc8mo/UvACbt8hQv3zPEw==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkRDNOSU81alN2THNQQ3ZW\nbHVjMmxaYWpzak1NZHplNTVzZzQvMHg4azAwCkExb0VLYlZUd2JjVGNlcXUyR0p1\nWHk5cXpOeGZ0VFRFTGllQWpxRlBTRk0KLS0tIDhKeUc4RHQvb0o0ZXFXZUNCanVY\nYm04TVBoWjlLT0tFOHRnLzd3RHV2ZzAKVpLtENDySGC6UDgAwhDb+7KJiHXOZF6n\nIaeIQWQqiB+45h72NE3yh02boPK8pl6IoJFcK3e4zSO7/G8jGUp0MQ==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1dkrf438z3337d2qnc7ugkggua99xkh55wuf9zgun35fjrxdpnf5qkg4z6j" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGSUZXVzJwVHdwZGtxOVRu\nN1hMZkltdVM0cnNRL2tSNENkSGV2VzFIU1VBCmRZWlJTODNPMVRjVWY1V1VZcFln\nTDE3N0xsMXdMWityRUNUYWlQOXBMMTgKLS0tIGViTzBrQk5wQXBYQitIb1ZPUitC\nLysyUER0UjFlZm95c3ZGK3hEMEtrNUEKABpoKBUnvzQKSrgsdnU+uyDyED0Tlr7D\nnSsf12c84cvdt0OeCWwf2WvBANZL26XTcFq1fBYOFTJqNLs1ZfO2kg==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg" + } + ], + "lastmodified": "2026-06-11T07:45:55Z", + "mac": "ENC[AES256_GCM,data:jjhkZB9NdpvV2R0k9yS/AcUqeMr1RLv1UZwGCemlKSwhBfs8E5NxTXLhtmJeQ+hltOTYpz51BIporVtlaH6ElVnh7khOrG3Lb5cLBrL41QM59y3Tbfu6TjNOE3NyMiWuxZnwuqUGWQjsjrIIhE0ftKnpSpkGHMie+BC3iNSB1tY=,iv:onOVK9eJxWOaIjChQD54tz8lY+r/jpp6AArsBIuoRUM=,tag:2Oas1C5D2kZOe4iiD5huyw==,type:str]", + "version": "3.13.0" + } +} diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/users/admin b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/users/admin new file mode 120000 index 0000000..ca714e1 --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/privateKey/users/admin @@ -0,0 +1 @@ +../../../../../../sops/users/admin \ No newline at end of file diff --git a/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/publicKey/value b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/publicKey/value new file mode 100644 index 0000000..ddb3eaf --- /dev/null +++ b/modules/clan/prometheus/tests/vm/vars/per-machine/server/yggdrasil/publicKey/value @@ -0,0 +1 @@ +2eb1e3bd40fba730a1cdc9f6beae1848e4b965e37f18a61593327964108fe6a8 \ No newline at end of file diff --git a/vars/per-machine/rigel/prometheus/envFile/groups/admins b/vars/per-machine/rigel/prometheus/envFile/groups/admins new file mode 120000 index 0000000..6765aa1 --- /dev/null +++ b/vars/per-machine/rigel/prometheus/envFile/groups/admins @@ -0,0 +1 @@ +../../../../../../sops/groups/admins \ No newline at end of file diff --git a/vars/per-machine/rigel/prometheus/envFile/machines/rigel b/vars/per-machine/rigel/prometheus/envFile/machines/rigel new file mode 120000 index 0000000..47a146c --- /dev/null +++ b/vars/per-machine/rigel/prometheus/envFile/machines/rigel @@ -0,0 +1 @@ +../../../../../../sops/machines/rigel \ No newline at end of file diff --git a/vars/per-machine/rigel/prometheus/envFile/secret b/vars/per-machine/rigel/prometheus/envFile/secret new file mode 100644 index 0000000..bac7da6 --- /dev/null +++ b/vars/per-machine/rigel/prometheus/envFile/secret @@ -0,0 +1,46 @@ +{ + "data": "ENC[AES256_GCM,data:DhLAWWIAeh356tfxJGHQ05u3uO/RDJV7UWB23mO1Xv6wCgejElAkClYOzA==,iv:3nS9uFaVvug7HYE/wSjAhxgJPLcRVjEyFAjQiV2rHvM=,tag:Ghnu0RQLkh3Dvt8N6m35wg==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMd3ZiRG1ZeW5NUmQ0RU9C\nUGdoRXpKVkRRSklmbXJ2Z3dNWUFscmN5T24wCmNlajhlaEs1UUQ5eERBMnk1NU5q\nSTArMnBEVTlrRDZ1YkZSWnAweHhJTGsKLS0tIFBvWXZkOFVyYk80L3RjRE5XMXg4\nNUhITVZuKzIvZmVBRVFwRWo4QndyV0kKqOYHW/7wR4cZhIYHMPwcTMMFQWyWO0Gc\n7v3QFlKgHGi1utrAFyRiSpElOWqWzIft8NLfVJPd1ZAp5vE1anMXIg==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXVENZdExtS2hxd2ljdXg4\nbm5aQmlJZTAzUGQ1NlRwbzltMnJ1WmgyY2hnCnYwUkRQVlBBcU9tb3Q2YjRISnZ6\nMzRUcktCY3d6MUMvUlhnY294OWFIeVUKLS0tIDJzcloxWnVvTGM5WDBvOXNMZjNw\neDNBOHF0VmR0ZzRpZ3d2OHh5MUZ5OXcKZo33jU88BzBknygnOnTGhLzBZMsNUZaP\ntcbLRXomqUrNocGxt3pwXoVfRHM6bOuinAFJY5QzU3WOxw+J0AkvbQ==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIGs1VHUzRjV2\neVRzd1JFaHF1YXlkbFBPeFBDSDRmZHBUbjBmdGx5cy9SRnMgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQpTWnJCRjNMTVlXdFoxeVkzc0lIaGN2\nMStEVFZZMVN3c2JITVZPaGNKM0FrCi0tLSAzbUtUejhsWjhWRDRnNDBzbTBjcHVF\nd3hRZUJPS05ZUkc1eTdrVDhkMFMwCjO8WelOVwyyIdPgWa+pIoo4XgcflwLa35AY\nQ/hu4HT6yvjBsf40NvgroQnEa4z2OFLFfn+HWkRn/zpOjHRdrus=\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIDdyYytEMldw\nRFlKc09yQWNRUGJsRlRYa0JaWjhjVDYzb2tCOXlxMVVQMHcgQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwpsLzhCb250OWVXZUh6aURraURwczdx\nTkFNSTZ5MUthYUdpNU1GMVpxUy93Ci0tLSBtQkNNbmV1MVRKZ2FSYUtqRXcyKzli\ndHBNTXF3c3owRmdLV1E2MXNYMzlBCqwjzosUR5kSa47sAtDpIKLYUabECYv5y5up\nr8MYVk8uGzhlnQYIzUFhN5rx+rfAP67Mb5P6gg5+jm332XpGDZY=\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIFRaWjBPMDVS\nM2pwYnF4cm0zZXZOODJCY1JSbGhNT21tUVM3MkJ6ZjREVVUgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwpJK3ZrOVRGeURjWnZTQVRQVkl1RHkz\nb3FCaElTc0ZEcEJrbUtwc0RFNVJFCi0tLSBlRTdRaGZTM0pFU2ZHQS9JRUk3Y2Rn\nSzNUUFMwOFNLOG50ZWRiY29ndHM4Ct57PjP9gBqH1HpONjF7nr5bwZuE2okMXY+s\nbnBlRYhW91P+j6qzLRVQMvBweL77CFdJqsmhsNTmTM+wVQO2u0o=\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5VldjeU10R09lREt4OExC\nbVQ4cC9TR2dRKzR2aWFacFpHaGFZY1YrZGhNCkgvUE9sakc1ckNZdVkybXNTbDFS\nZFJoRGh2aitZQUlXc3d1Yld6UWhsVXMKLS0tIGdvTWR6QlFpSmxDK09EVkg1TWZs\nUDgxVlFOUlNpU2Zkb0c4ZlI2V3JEbmsKv+5fszaZIMuvs5XpR94vh6mnTZ59vTeA\nNlVoGsnXixe0JqeoIS/+JjoSXPbtTjuMKGpUes+VWMutQsjax4LrGA==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQT1FEa3pCUU1TYXpKbEho\nYk1RVkhDQjk5WDBtOGpOSGlZb2h5b3R0bXdnCm03eUxGYjgwaFpkY2J5VkZhWHhP\ndjdoRlNaRnh4MjZFYmZpd21HUmp5VDgKLS0tIEtubWNrZUJZekswWmVCWVZwQmwx\neFNZTWc0ZmZ3SVFlWlpOV3loUVhjWGMKIMSB0hSzV/bHoBs0Dq/YylBcutffUpA9\n8gj850Pjevqfs1jmMJgWM6jZwsbmkukK7SzRCBSXf3hCkNOGKB6Vag==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNjducFhvb1NYUkhPMFVG\nRDBJcEpJb1RRSDlHMy9FdmpTSkNxaDJPTEg0CjI4ZVVNLzcrUUlDczlVKzZ5L20z\nRHRxcFZPZGhtVU1TMGh4ZlRQVkhUT2cKLS0tIFpGWDFYN3JEVzcyazhCM1NIQUNq\nRFdGV0wzcFdjYmVSSHhZRC9XWEZZamMKH7XqdBGpQMQR5grlpIkQYYdT1HG9f3bP\naomvW+t9chMhBq8fuFMz3uDXdTA4dcm/sc5y9Qs3s3LSx4lwt3duSQ==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXT05qZ2lNdU11TVE4U3VE\nS2tTTTVtNVFRWlNqTG5selUrZTNleURnK1JjCnZUTVFEQVNib2NKZ3FxWGVVazBL\naVduYktzbm0vbnRua3I5OEptSkQ2cW8KLS0tIHUwbE53eGN3VFppa0NwT1JlS0to\nWCtIYmpVdUM3RFI3OVJDSGowNHQzSG8KYAgjVRoEOnK5hghyA1RcYwFAll2TVzPj\n/mt7BQ9fZjyklDk7q70VFNXfaQCuKUQAJLPk0viOuEcFyXniaIej1g==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl" + } + ], + "lastmodified": "2026-06-12T10:28:37Z", + "mac": "ENC[AES256_GCM,data:iqByPSc69q48rKRHg+WH+TmkgDjE00dKtTGEkaadqEeOKGhtq3oaRxvmvTlmi92OHxzqFiofc9xkSlJh1/5j1UapOJDhEdfuJ0iFMneYCAvUYwsY8ksxGvSMI9LUT8I+sLQ1vWENCRWa9M/jAHh66RZ3k+GNefnIMlq4eoTfkn8=,iv:zKnz88VIjG5/NFbNGlhz9YT4n9T/6xmaT3lRCNYxLmA=,tag:O0gBp4KLKO0xcrr0+4SUpw==,type:str]", + "version": "3.13.0" + } +} diff --git a/vars/per-machine/rigel/prometheus/envFile/users/kurogeek b/vars/per-machine/rigel/prometheus/envFile/users/kurogeek new file mode 120000 index 0000000..970aefa --- /dev/null +++ b/vars/per-machine/rigel/prometheus/envFile/users/kurogeek @@ -0,0 +1 @@ +../../../../../../sops/users/kurogeek \ No newline at end of file diff --git a/vars/per-machine/vega/yggdrasil/address/value b/vars/per-machine/vega/yggdrasil/address/value new file mode 100644 index 0000000..9172cb1 --- /dev/null +++ b/vars/per-machine/vega/yggdrasil/address/value @@ -0,0 +1 @@ +200:a785:5b01:5309:ebc0:3942:2a48:55f3 \ No newline at end of file diff --git a/vars/per-machine/vega/yggdrasil/privateKey/groups/admins b/vars/per-machine/vega/yggdrasil/privateKey/groups/admins new file mode 120000 index 0000000..6765aa1 --- /dev/null +++ b/vars/per-machine/vega/yggdrasil/privateKey/groups/admins @@ -0,0 +1 @@ +../../../../../../sops/groups/admins \ No newline at end of file diff --git a/vars/per-machine/vega/yggdrasil/privateKey/machines/vega b/vars/per-machine/vega/yggdrasil/privateKey/machines/vega new file mode 120000 index 0000000..f8a757c --- /dev/null +++ b/vars/per-machine/vega/yggdrasil/privateKey/machines/vega @@ -0,0 +1 @@ +../../../../../../sops/machines/vega \ No newline at end of file diff --git a/vars/per-machine/vega/yggdrasil/privateKey/secret b/vars/per-machine/vega/yggdrasil/privateKey/secret new file mode 100644 index 0000000..55dade2 --- /dev/null +++ b/vars/per-machine/vega/yggdrasil/privateKey/secret @@ -0,0 +1,50 @@ +{ + "data": "ENC[AES256_GCM,data:lDcpnZV93rkYascekNZS4PZfiKNoDfuEsKePeWIWe4iQZ3Y8NOXcxiOQMCSXNPIwsh2N7lG5+UtWidJ7dDenoXD9AwCv4STuPL4cXi9flgjozgYbW621Q//9p0jqpD2Xxq8R5TqO5WtZeQK9/cOdyJlLTqUPIKw=,iv:1aeRaEqTOndGlRpIZ9sI/BNNFtKj04aBPqXHbYDzN9k=,tag:JbApghVPv5EbSX06tVW/wg==,type:str]", + "sops": { + "age": [ + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUW5jNmM1YzBod1VNQ2tW\nT1VXUENXSjV0RTIydzNpc2k0b3Q4UjVLdGdBClVuVC85L3NxcmhScGkrMGF2czRr\nV0Z0MWRhaGU3TDJuM0JNUFY0YW1BTjQKLS0tIHlaSGdGVmJ5bU4rZDVZRjRpQ3JS\nekZQZEh0OGEvVVdwS3FBellzWGQ3TFUKtkSZgRKFFMCxOIDlXk9r0/GnfH0g2moy\nGbTbC5EfpBHEA/MHuIQTwOngPtGmEjBsVThIR6/hp1ZOJzsYHOhUug==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age134vt63pjqpd0m7702fyn8vhdlzyj2deqc2q78sp9uw9052kxsgwq6d25ez" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzYWJsMjA5K1N1eFNSNTNu\nbzc2QSsrc0hwQ2dVSzgrSFBDTG5MaW5OUFNBClptMFVtcWlnakFuWlIvck0rc3Ri\nNE5aSmJiZEJlWVZ0enFmR1VFaEU2bmMKLS0tICs4MG9oR0FYcW95NzdCT21QNHhO\nVFJldnB2L0srVFRrQWQzZ3VxZk9VVUEKf29mLBC36j3PU+jjY/g+c4pbegZhV5/P\n9yylea0RFXQzyaFGzjKgyiR7pfUjIVMOZBjB9sha0xRN+SPELpfAOQ==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age17d4qt0n9edq57tgcqyk8eu5mrendl59yt6z2y3a4vkq7el8krqtq6lq28g" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIEVXS2szK3d4\nTnJhYVcvZ0JVZWp4cUJDbW1mVXQ2VG4vUXRlRm96TkhOMHcgQVEgd0l6SlBCVW1v\neDl5N0lHYmVrajZzVzVTYjd4WVdNVjZoZVlkUEtmVXlMdyBIdmtoczF0dmhxL1py\nS1hsc0ErckdoVVB0bE02RGdCNW5raERXT1ZJMTkzNjRGNHd2T3ZSTVYrKzZlbEll\nVTZKc2JVN1B2SzRuNkpaekhwSWJQaFZVQQplZDkzTzltbGkydG1QQUpTb0lyS1Rq\ndHNoemNOREZLOGt3VFZxcnlFYzc0Ci0tLSBWUUYyUmNaQWpqNDlOa1grS3NsaCtG\nM1JKeVNBV1N0bC8rRnNOeEJ5bVg0ChU0g2KzUngIjjGrukA/Y9uCjHfHuBV9HNY/\nBHqb4wDjHFR9Usu0YvTKUoOoUiIDHvw4m6VCIuJss6gocoxAP8E=\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1fido2-hmac1qqpf43tgcfjm048lsqskvq34w2t4uvrm5qy6m2eg6zjj82ctca8wctgpczxvj0q4y6337uhvsxdh5j86k9h9ymautpvv2759ucwnef75ez7pa7fpkddklp40mxk2tedsp74359g0kefn5rsq0x0yss6cu4yd0h06up0rp08t6yc4l0hfa9y8jn5fkx6nk0hjhz06ykwv0fyxe7z42q683jy0" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIHV0aDB1bXZx\nT00wMGlBU0NZWWVjODZqN2p4QnBrWXdzZGtEZytiaCtCMDggQVEgZlFBRFNyWkNS\nRDJQaUJ3WWowTEcwaTk0Z0tiRHpQNmhkMTJZUlZHbHlEMCBtMzE5bzVQb1JmZkpy\nY0orbEs2RzBSVXA3UmZYZkRRanNnc2pHSnJjK1pLVmZOWGR4d0IwZjh1YXlkakRx\nTm5EMXR3ZjNHWGl0Ty8rcHpQbkcxRTZmZwpBZ1Y1ckpNNWM0TnN3T3FFaXdGalhz\ndlNKaFo3TityRkhCQkJTV3RlRFo0Ci0tLSBiYkRuNkdqRE9wRmx4UGpFd1FBYWZ3\nWHdzZS9YaFFaK1VUckZDYnNtZWtnCrD+CevFcifB+zIXE9p9qXjNV67Dy6/GzPv8\nD3t84N4A48Jt1dMZc7B3DkBWeX4Iyj0pb6Fbs1qhkuRmPMiSWzc=\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1fido2-hmac1qqprw0vfpc8wzsu78quc777kmee54ln6nnsjrnrhl7nr33eh4kvkksqp05qqxj4kgfzrmrugrsvg7skx6ghh3q9xc0x0agthtkvy25d9eq7eklta5wf7s30hexkuyl5546rdz9ffa5tawlp5yweqkgccntw0ny540n2am3cqw3luhxkfmrp63kwr6mwplhr9u26wll48x0n3k5f60c7hg9a3" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IGZpZG8yLWhtYWMgQUFJIDhpL20rSWNk\nMXpaNHAwUWRjeWhjaEt0VGY2aVdCVU55R0R6RHNBdnlPV1EgQVEgZUh4S2o1R2RE\nV0svbnErTmxodXE2bUxJK3lla2lvajB3OXVwZHJtcHU5dyBKU3I4WFJnK3BOQXl0\nZDh5NTB5ZFlteFJIM2FVTVp5cmNyRXZqL1V0c0l6L0tSb0c5ZU9jbmRXMTIwb2c1\nQjZsREgzWUxaOXBUd2pQK2NncDZuUmZkZwozaVBTWlpKdzFhT1hvcUZPUU43dzcz\nZWFhekVnWndCZi83Z0xYZUVneWVjCi0tLSBBUGYrdmNuV25EVmRFbkJDeFg2NWUx\nNTFZMC9TVGlCVTFYM2hra25Ec0ZFCs1GjLDYmDyzx8VtlNkkPRaNc46E7Tzs8uDs\nCZYAsCojTOaC0IQVpE3uyeKuK/JW/cSnfgNNixYUyEd9w6g+hA4=\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1fido2-hmac1qqpyewum3q8dfcumfgec8nn958aec9f4q9aqy0k06kw5kq27d6fdqdgp0p7y4ru3n5xk90u747xevxa2af3v37e85j9g3axrmw5hdwdfh0wz22hut5vrafxsx26a7vh8fjwkymz3ramfgvvu4detztu075kmpr8l9ydqda0rnjwatdwmfgswg849p37astvld98s3nleeq575azlwc2hhpuh" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRDViZ0FaM0lDaHpDYUdx\nbW84T0NicmpsYmIrckh3aWFpbUVnc2d4clgwCklvL3BENlY2bEJ5Zm4yMllNOFdx\nQk1QQ3JVYVRudXJ0WWd4dno2REpqcE0KLS0tIC9EU1dUVHlyVW1nV2FGTmNZeG9y\nY1l3Z1dQOTZ3eXorZUwySHlBRmt5bXMKVbcXButS420nTtCZQxD/AycDdIEbCA/t\nGfVk09V2+BhYG0WNhQ+0Xw5r8gtPr/9oBwyAIkms+pWkxVTOKDtWMg==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1hlzrpqqgndcthq5m5yj9egfgyet2fzrxwa6ynjzwx2r22uy6m3hqr3rd06" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdE5IajFPWnJzNWRSWUJv\nNXpNZnRQSUZtbFNnNllNSUNSYmxkREZDRWhBCmFJeVRYSVRGcGxXUVdtaC9waUx3\na1FjdHY1Ym1XVWNHVXJHcGpKTnBaaFkKLS0tIFZNYU56QmhRQUNVNkFHS3pyRG5I\nMG1rczZKbHVxNzQ3VEplazVPQ1dkaWcK1QWlmY9AeEKkGLI4qlBp4fDAA4Bs4pef\nPN4CaKt7oON6bnjxfIURgezAOvkoGRrtbUO38UOVxjdYVrLiev+pWw==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1pl3nej4ayvuk75cydwyz5ttzelqqdkun8hweu40vypvspzh9j4vqp9rl0j" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxTDQwVVdQS01kbXgrWHBG\nL1JMWllLY25oQ1NtNXhleXdsMHBpOUExZ0F3CkgrR1dEcXp0SGRpZDE2bm0xZ3E1\nKzZxeHd2Sy9QMDlBTXlKeWRyeENIZlEKLS0tIEd0Ky9oek5PM1dmS09vOEc4UTg0\nRFdrYjJ2VGNwV1crdDJqSnB5VDlZMlUKTP8s5r3N2L5/dArDw249r+CW/hokEwrp\n9Bn0nCR/y8/nutEEIbk12ynB6GtGCVALcXJ02v71BbBf3i+Xb5fwPA==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1sg0rvgyetdcqw7j2x983fh69kdkvqsngpe5x36e5920qa7fze3cqhj4wgx" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTzhvb1FWSGVGMHRNM2Nx\nYlVMVFcrN0R4M3dSbktMUUIySGkrSnVEdkdnCmpBa1JCWGo0ZlErOXRSRkpkWTUr\ndzh3bFMzMFJOQnJZOTZTb2srL2wyRk0KLS0tIFo0TDU4R1N3Qk5TWDM0WXpLUFc0\nUys1b3kxQnRWV3hNWVhiR2dxclVPRFkKb+nyhsLw0OILedW/spASXMGkuapSjOQh\nyRwUUdHOa+JRbjLLqnfG02xSiURiRhZNVz8VSXZDKvGjKdhSELzx9g==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1swlyyk2rzvevqawyeekv75nx2dz34zpe3xqhkqme26gcgeavy4dqrfpcd8" + }, + { + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Tnh6NElYN0crQVM4N0ty\nN3VGQmtrMnArRmJkV1IzT2E2WG1BYUNyK2wwCjlEbU5mdExWTnJrN2VLRTl5N0dZ\nWVcwOWtxVDY5Q3FIVmw2TXZ0bTJEY1EKLS0tIGtMQ1VaVndRT05PMkdjQ2o1LzFO\nemwvWTF3L0l3anRhV0htTG85TlNhUlkKzhNT3lKCaBIUt2UDO6dIe+FGhkELtsP6\nXc9IaaXIVA6vLKAdh9xPHBGP4xG+b+86kvpYrsqMv8IRz+Os6AUQHQ==\n-----END AGE ENCRYPTED FILE-----\n", + "recipient": "age1vphy2sr6uw4ptsua3gh9khrm2cqyt65t46tusmt44z98qa7q6ymq6prrdl" + } + ], + "lastmodified": "2026-06-12T03:42:22Z", + "mac": "ENC[AES256_GCM,data:Mrmfvz/GHbqVFFtpHEB8a0y+9PRhPT38T9F3Ap2DiowsJEX+rC8qaQFTJ71HNkFcGQDkMeL6prY6JZoejhbbkxZma87+6+cfX+xEciQSqL1kBjEEGfLjws4V79lK4zC4Q5NX1Feo7L08fcI7Ko3XbH1dRL66yEtk8+2TjiZ1VYE=,iv:FqqAWCg7YoSOwWovGtlKa5qqU+CM7BIu6CgojXpElMg=,tag:u0B80zW8vMqy9UJylJztGg==,type:str]", + "version": "3.13.0" + } +} diff --git a/vars/per-machine/vega/yggdrasil/privateKey/users/kurogeek b/vars/per-machine/vega/yggdrasil/privateKey/users/kurogeek new file mode 120000 index 0000000..970aefa --- /dev/null +++ b/vars/per-machine/vega/yggdrasil/privateKey/users/kurogeek @@ -0,0 +1 @@ +../../../../../../sops/users/kurogeek \ No newline at end of file diff --git a/vars/per-machine/vega/yggdrasil/publicKey/value b/vars/per-machine/vega/yggdrasil/publicKey/value new file mode 100644 index 0000000..c7967fe --- /dev/null +++ b/vars/per-machine/vega/yggdrasil/publicKey/value @@ -0,0 +1 @@ +ac3d527f567b0a1fe35eeadbd50637ffc60407b6af311b56f997cd863e45ea0c \ No newline at end of file