aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEuAndreh <eu@euandre.org>2023-03-12 20:09:36 -0300
committerEuAndreh <eu@euandre.org>2023-03-12 20:09:36 -0300
commitd0d1fffee8dc94c53f4841dacf8b6bbdc99ee58a (patch)
treeb3ecc5210e9f2dc4ae82539b140a5e1694c7f04a
parentsystem.scm: Use generic title for CGit root-title (diff)
downloadserver-d0d1fffee8dc94c53f4841dacf8b6bbdc99ee58a.tar.gz
server-d0d1fffee8dc94c53f4841dacf8b6bbdc99ee58a.tar.xz
Makefile: Add "upload-secrets" target, and include borg-passphrase.txt in it
Notes
See CI logs with: git notes --ref=refs/notes/ci-logs show d0d1fffee8dc94c53f4841dacf8b6bbdc99ee58a git notes --ref=refs/notes/ci-data show d0d1fffee8dc94c53f4841dacf8b6bbdc99ee58a Exit status: 0 Duration: 19
-rw-r--r--.gitignore1
-rw-r--r--Makefile22
-rw-r--r--src/secrets/borg-passphrase.txt.gpg33
3 files changed, 56 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
index 4a4015c..269dba3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
/*.log
/vendor/
/.sentinel/
+/src/secrets/
diff --git a/Makefile b/Makefile
index 53be13d..1e98bc7 100644
--- a/Makefile
+++ b/Makefile
@@ -12,6 +12,28 @@ clean:
public:
+secrets.txt.gpg = \
+ src/secrets/borg-passphrase.txt.gpg
+secrets.txt = $(secrets.txt.gpg:.gpg=)
+
+
+.SUFFIXES: .gpg
+
+.gpg:
+ gpg -d < $< > $@
+
+$(secrets.txt.gpg):
+ gpg -aer eu@euandre.org < $(@D)/`basename $@ .gpg` > $@
+
+upload-secrets: $(secrets.txt)
+ ssh euandre.org sudo -u secrets-keeper 'rm -f /opt/secrets/*'
+ rsync \
+ --rsync-path='sudo -u secrets-keeper rsync' \
+ --chmod=000 \
+ -avzP \
+ $(secrets.txt) euandre.org:/opt/secrets/
+
+
## Generate the ".ssh/authorized_keys" file and upload
## it to rsync.net.
upload-keys:
diff --git a/src/secrets/borg-passphrase.txt.gpg b/src/secrets/borg-passphrase.txt.gpg
new file mode 100644
index 0000000..c5e7bd3
--- /dev/null
+++ b/src/secrets/borg-passphrase.txt.gpg
@@ -0,0 +1,33 @@
+-----BEGIN PGP MESSAGE-----
+
+hQIMAxJMwbOrBV1aAQ/5AUlHhA8uUiSubdPjigko+tmKzRUfyke6d6LDDiDXQlt6
+7RlOzIDXtYr0nqSx5hI3MSV8YXZ018xNRmsw74CSW3CiQnmIBODnnkYOSc8vVu8d
+P7FBPjeL58D5Qir6UCJcfCGvCWMFECNqiVQmQTvxCWSAenW7awI16IDZXsBqCWLj
+6zLwgqor0D41F6kR/2f6Zh033ZxYP3SHYg+FcxeHWkGmteMzP3SeEEDCB7p7DFHj
+1Kjv3lhPPDrufzo7OwlCIiS5O4ptOHXg5IVKg5XdCkSVZ6LyBXREKFr7xPzMAffw
+kI1JdH9PxgaXPuOpRipQEP6OaLeoHvm4AvhBDbJ8aVLu4BBK6aQh/pKyIONPG4Ib
+SyBA6+/6WExmkGjXxI70M7fN+9c2JfnO+0eo8fosdmlpQgdM1y4z3MsydSP8Ec1V
+Y47SbFBWAbdy+i2O3ka5f/RSgsgWOkN0VD6F4HR7PcDb1wLGzaTyniD+tLpA/OxT
+la/PFWE0QYheVAf9jAbdh0ftoONGtm+TEhq4fSkIWCUfAvXV70Si3DEJeNjaL9d8
+STKiB1I3BI+4lPlGDoeenbJ0Jh8ZrTSuf3hcBVsBcpJlxDWggwFPUeXuJReupIeL
+Ps2YdRJoxUlmiLLtBNIo184H+1RJ759XjxHEIOcNYvyPovo7jClfraMNHxElBDHS
+6QFpfpTeKTNTlvU0p9MLh6p2gBA4GCBwSHwlWQDTV9PDjBKLP27AGck2MOfXeh6s
+esqek20EX0E0QdpbShDquXdIjSRRlCu4Y1HHWIVFsbY9tB9lvSQ1BtQnAZ8EqlKX
+5yilzNmmbFTrnCskpDarF4nw87iyaf47K/nlZgkBa9YGaydTcjcSmB4wNTA1a4WW
+JmL8B/Y79BQgWQ7fanmhrFMouuxJWZsbvcJ6cWEfFm2plD5ftlcSZtsSgGVqrwsE
+4sDRA5oqXlYEvN8xIFBBEzA4rFrQkTFfeMWTGsxECWMNykvUATNkz63gbW6PvkKC
+8Uj6AmK5hr/ASv2yNuFBfQpc/yu073Bv5NFMYRNvAEBkkXHC808goQKrrNWJUj4w
+Ne/R93BNqhyVok1qWWP4xIM2tpVjZ5J3jl6iSuj171XvRaXKZ4OhEf3yFbMGrm/5
+zGxyLDJQeBqxJ4+gC1a9rES+9XuezX430eOgqEUYpGwiOuhTR7gEsnz6rN1TElhD
+1FkZowwuVi0c3sBvKaOwfBebgMeJPX955Dsyx3dXwdVYNEkdTBFzounLY/QZcKfk
+XgzI6bvqdGrk+2RBfCA7dblNJvEhC/pv6xsI+utDYROnje1U1X9NDCQP80L9qZ8k
+25zMQvXiprt56O+ckKrYdg7wiSAiqA1v4z4YuVdr8lQ5wI5ASZbfPSN46b+Vq5Ex
+ENTjq+bzklq6XfOMPQMCg6/4+QI9eFGoicjKNthWK9vB1KjYDa3pwtFYiPhCQyT2
+kNAaI3C5xp4r/f+lJxtyAylTC4Uhkfep2mThXqIDUhtIbYr6hXI5C9JfBzz5pSqm
+E1Cg5mscKoYzyPdoqbu4q9otctWsN4HlmotMqSRyGAirSlaw3iNv+ukaL1yc9YnP
+Qcw0dR1Q9/bwjFEzWoFpCcqe3mW1iRgD8He75QD7dQRpi34r23C0pYwvrQlcjATg
+M9uZotSg8qsgcm1ZCG7qeOjrG/PG0iCU7f4Tueuy+auuOfLVPpUYAH4fqfapqyBN
+En/dxdTyxkFXMgWvqUG1ArZRAgqHsWqSPnugtNQnS3edwfSKPdVN3ki4y7tGL98a
+IL77RotbSOUSnQzbag48A1xjNFuknDFk2t4OMDx+yTtQ
+=9jXC
+-----END PGP MESSAGE-----