#16 Configure decrypting config.boot
- Add age recipient key for wizard to .sops.yaml (also placed privatekey on wizard at /config/wizard.host.key) - Add step to install sops from specific binary release v3.9.1 - Add step to decrypt config.boot locally - Add step to push decrypted config.boot to vyos host - Trigger workflow
This commit is contained in:
Joey Hafner
parent
d9e32c2074
commit
1c450159af
@ -29,14 +29,15 @@ jobs:
|
|||||||
- name: Connect to VyOS
|
- name: Connect to VyOS
|
||||||
run: |
|
run: |
|
||||||
ssh -i /tmp/key vyos@192.168.1.1 'whoami'
|
ssh -i /tmp/key vyos@192.168.1.1 'whoami'
|
||||||
SSH_CMD="ssh -i /tmp/key" SCP_CMD="scp -i /tmp/key -q" ./vyos.sh op show system image
|
- name: Install SOPS
|
||||||
|
run: |
|
||||||
# - name: SSH into host
|
curl -o sops -L https://github.com/getsops/sops/releases/download/v3.9.1/sops-v3.9.1.linux.amd64
|
||||||
# uses: appleboy/ssh-action@v1.1.0
|
chmod +x sops; mv sops /usr/local/bin/sops
|
||||||
# with:
|
sops --version
|
||||||
# host: 192.168.1.1
|
- name: Decrypt config.boot
|
||||||
# username: vyos
|
run: |
|
||||||
# key: ${{ secrets.RUNNER_SSH_PRIVATEKEY }}
|
echo -e "$(ssh -i /tmp/key vyos@192.168.1.1 'cat /config/wizard.host.key')\n${{ secrets.AGE_DEPLOY_KEY }}" > /tmp/combined.key
|
||||||
# debug: true
|
export SOPS_AGE_KEY_FILE=/tmp/combined.key
|
||||||
# script: |
|
sops decrypt -i --input-type json config.boot 2>/dev/null && echo "Decrypted config.boot"
|
||||||
# echo "$(date)" >> ~/hello.txt
|
- name: Push config to VyOS
|
||||||
|
SSH_CMD="ssh -i /tmp/key" SCP_CMD="scp -i /tmp/key -q" ./vyos.sh push
|
||||||
@ -12,7 +12,8 @@ creation_rules:
|
|||||||
- age: # Author keys (again); hacky way to give author keys a weight of 2 shares
|
- age: # Author keys (again); hacky way to give author keys a weight of 2 shares
|
||||||
- 'age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00' # joey@dungeon-master
|
- 'age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00' # joey@dungeon-master
|
||||||
- age: # Deploy keys; to be held by the deploy environment (e.g. Gitea Actions)
|
- age: # Deploy keys; to be held by the deploy environment (e.g. Gitea Actions)
|
||||||
- 'age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3'
|
- 'age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3' # deploy@gitea.jafner.tools
|
||||||
- age: # Host key; to be held by hosts to which Stacks should be deployed
|
- age: # Host key; to be held by hosts to which Stacks should be deployed
|
||||||
- 'age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855' # fighter
|
- 'age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855' # fighter
|
||||||
- 'age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe' # druid
|
- 'age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe' # druid
|
||||||
|
- 'age1m0jpnk4t7hph5tdva3y9ap7scl8vfly9ufazr0h3cuwpcytlsulqjrt58y' # wizard
|
||||||
|
|||||||
File diff suppressed because one or more lines are too long
Loading…
Reference in New Issue
Block a user