From ba30b3034b2ac0a39bf28256d342b52bbbfd1ad9 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Thu, 22 Feb 2024 09:57:19 +0100
Subject: [PATCH] feat(dgn-backups): Add encrypted master keys

---
 modules/dgn-backups/keys/compute01.key | Bin 0 -> 2168 bytes
 modules/dgn-backups/keys/secrets.nix   |   9 +++++++++
 modules/dgn-backups/keys/storage01.key | Bin 0 -> 2168 bytes
 modules/dgn-backups/keys/web01.key     | Bin 0 -> 2168 bytes
 4 files changed, 9 insertions(+)
 create mode 100644 modules/dgn-backups/keys/compute01.key
 create mode 100644 modules/dgn-backups/keys/secrets.nix
 create mode 100644 modules/dgn-backups/keys/storage01.key
 create mode 100644 modules/dgn-backups/keys/web01.key

diff --git a/modules/dgn-backups/keys/compute01.key b/modules/dgn-backups/keys/compute01.key
new file mode 100644
index 0000000000000000000000000000000000000000..87917b05a6d94fef37308d29a2fc0ed037672e57
GIT binary patch
literal 2168
zcmZA0>3h?L0SDl&E39)jG6owI%5XTwn3l+rkH{eeWLvg;%cm^U!fe@+9m}#U%eE}a
zN+>ON1|iUOG@Rial%q@NM#eZs(omoULMg1Uu7Qkljy)_LrN{Wfm;43q^Zbqo8?TD<
zv{259$qZke5m>MYDXQv~`Fx@(9)q=7NUv<Lh8O}>rb4+q;bM#_JK!or!bv;f!vhW-
zO_@kMNKz6``8hWSGl1k#kak%lQlu?ah6Oo|GAK!gjUt~ndgLUn=b$XXSk=XxDq_kH
z);yfop!X<s2_I%b(?B+Xv1yAs954x@mvA^!c83J#Vi?T(@&;>-hfJvytd(cYIuDb@
zv#}^%&Uqb0Cla(~axq^j$N0@CZjNTvwpbcK25SPq+d+?#<Rv$qFqRD#K}BYbS(D4l
z!V(<R>Fo^}l95SwP0UNhHDwE?h+_>Y2m}#I@<PdURx}ha+2SZ;<zz7k=4o{rmM~)x
z=Z)6X6HUlRlqrEUIy?$@tcD|5wgD*?YZ9t}qd@6}vcHJ9M3X4{%UZLHdqXszhTIl9
z;11>0q8SQMP_ztU9=z-hDFhRr4l;g!2F=GI$|qTJY8M<bI&~0G3JMsLF_EOC&G|K&
zqQ#6S{k$>A2n7V;!WqB|7{Usx#0O03g4?23JLqIo*FZ68+=~lfE@xnDI2(5%2*JZ_
z8i!?;!K55w$4i7a>GZNSAnd{w3_wXijm^pdNyOx$Ls~NK^N<*X@@7UQp_Ww87)#M<
z4-u7|g>XYkO=&c=A*3tWEd_g=iYa)x0F*U0%o{^ZGJ}Cwx+EJMCKDH70BhczPzfBU
z%Q}FJisos~3-f+!00CT9S0rARlJ2mAmv~8!f<_;SL!8aw4u@rvtMnx8C%XlUB@gXU
zGKeo?b7m#2Tc_vEmZG2ZMF@f`Ma*biBcNrR3}s>x8?>nqMcfK7EQ?_Ql`)_8#7xm>
z&IAFT5`l@J2}*zlDDCpb-H?N!2Wu*?zUJ{uScbRTlVxkzAB9nKoOPM)+MK#5kh0Uu
zr;L`zha${bFdvpv3Yw2w%qmP2-7(l5OUgQlA*>0fJrhdiWf2eNf^k)d;6ikQ9jw_b
zQjLpMYO+xamvSJnBuIED9*{Fe+$9=8KBCox-DYQs=OYvtPbU0%1;yJ7Ik%o8ty+6g
z%{ft{$b~UMg^G+(t<|UeI<pL0Lr_iLGg#C5s2V$~gsmAdsg{CPml<V6nDwU05tSZQ
znL*Y~a~2PVMq&Y6&w?nbNL$lLR#zsyen&uX=TcHwP?b<?Jk3VIlEL6dV~z||!+EqU
zHCW4nPFCYlhG4`QRu}xd&H_?pv$lZ%Bcv%z*=fj{NRmOHKuRefz@`1HA}R3*kxvue
z0t~1<K+vlLy&?w2c@bgE<+MFwH*yvOnzfUUd#kEa21|ydF(YPt_CPvO%upr`ZYcTy
zr(1ML8J8z0a1J*b^_2nGs(5dXW=m`DjO&Zd>+}Z~EW_sw8(UZY-mTx%XJ=fz*Uo5$
zgl>GcwJJF4!&7f8(_Y@PsLR?qdFtt_%d0oFt``va@2TEh)7~7@H}TT$f0|{x{@$mf
z9}FC<|46;J>c+mqEzKXib9?ff16!6dOl|C0@Tut|MrxjMLZx|q_mXpK0o%gu)yB@L
z7Y&USi|C(Mey+K6vTpwAa2xSO-!7U|bl>Xw5gIP<5dU^P4GlS5HEq~Xr=!hNw;}P=
zq0X;2_a1%c3~=YC6Oc{BhuZAZ9Tho*+i;;0IQ_%@(=*%N4VRGZ)8~G)rC#5*vTyom
zMgODT!^iB?&NiN$(gR=iGe^HtAA8FZy-S?x>|8LgqU7lQBhfLxyLn{m4#&m4i@WwD
z@7cOCFWsxV-!W?Zw(Eb{ix+Meo(sIz+`Q^8wRb3uZeH;5^@q#rZ?0@!eSN?73i#P;
z6MGt3y18lmEV?gZf!uf2NL?q_FT3{Q`+*A&Z$4<(R_y+9&#^zOT-BrhuWQpKFw(Sk
z{C7uX#!Py9cR%Cb`e@*YqC8<3(7k<I(}|j$6I%Z??G-Bb>hf>kDc^aaRJnE;?%Mk8
zpVwAa-0!~McBK7{IXnG7K!0_-V#=4_Mu)`a4(l<#aD42hTKOMK#(n;irUxxMKD8n3
z+jiXWRrcL6S8kZQ=+GpjcIvS;7Y=BDw{-9SW^Zb3bIKpAouq26yM<O)zcu;$t5fdY
zPsE+X)Q+cb$k?HMP3Pw}E&NYkG5or6;MvRDSH`qgCoI~tuF;H+sU<e{SGG*JYZ&^9
ze#+8?!~69|zq-6``B>&b;NzB;&(|c5%ye9f9%+8DU#vI-)l;{0nLcV?WcaReOdydS
z_svNH1;=|A{cH1YpP$jb5&gPx@o8r-;(PPl>v~CLYJ8qrr=H&h-5EC1*tn|ci}&Wu
zs#ZFM-#^+oR9dlg^5Oa`S2t?p6CgZd_WVmH;pc|G^otd@KRNQVGwW}?Tv#)5X2a}5
z@wR{4=$3G0V%G`ZUuQfW87cU7a+5pmTv6S7IC}qq0p*ZZFuGa?-Q07$w)Gi!?Zz*!
zjX76ppEPCQ?7>&L6$a<=86%cljr4c^dX&C-$twN3=jsq{fBWtCCl3GR!t*_gcXo`8
czkQzdE;~B{Q=Vem3d8l6JLQWPg1QC&2X=%^;Q#;t

literal 0
HcmV?d00001

diff --git a/modules/dgn-backups/keys/secrets.nix b/modules/dgn-backups/keys/secrets.nix
new file mode 100644
index 0000000..0d9d49b
--- /dev/null
+++ b/modules/dgn-backups/keys/secrets.nix
@@ -0,0 +1,9 @@
+let
+  lib = import ../../../lib { };
+in
+
+lib.setDefault { publicKeys = lib.rootKeys; } [
+  "compute01.key"
+  "storage01.key"
+  "web01.key"
+]
diff --git a/modules/dgn-backups/keys/storage01.key b/modules/dgn-backups/keys/storage01.key
new file mode 100644
index 0000000000000000000000000000000000000000..1739bd48751fe7960294c55c7220028a1f608f2c
GIT binary patch
literal 2168
zcmZY8`Ii%g0S9o72Xw=7)uJ3L1QrksORkw@Mv8WFPL54xGP!}J$z*1dnPf7VB$G)N
zRtn+)2)N>cTM#Hm0TmEXl$+wR6(~@JiVDKApcHxV<R}PRZTkbi(7)jGzTfx##u%!O
z;z_YA6jE7!QdVTtl2%doyfU9p)=>!^2x?&^>j={rq9o&VS)+xiDC*&o4l(2vMWdGk
zve}F&mA7P7CPJ3V>R^N_kqRzHilVDTI*Zl<nlr{l8iQ1HA|^Tg@v<o=1>=D*0hv*&
z3_PykX`czkm6BjUU1@v7Vz>EJ0hc|%mkFkj5nV+aYDhR_(yY(&X1-_)lZs5H93czl
zGUH|aK(d_hl`1L#G`XQP#$mjmGg=TFiojObMn0~ID&D2Wl@?PrMLRvd97KtgRK?=N
z+>y8;6H4nbP26ft10>6VWL(a$B}JNr1(gem#Spy;W3v+LF+s^dlE`x*2a7}i22~kN
zA%f%+^^Y_$A5(H-$n3@yVaTHu^N2dB@py_^xqz#5V4)IYoMeHZ>@LbJ0SSLBB-B&B
zf>&^{G8Pjp_K+5J`)n@J04Z{LStup_0RjfR45BB)>8Kdg1du4qfickQrGtiaih~`3
z&cGE>m(>xL&2|ePryMpUjNpJG3}6wRzQpG6vf5_U>oPGD<@BX>#)@F~kSfq)Q)?)@
zR1AgKTs@m5f(hKtVrqt}IC4o{LaPuXB<1&qAYSmJ02xRzBm&@`V96cz*&rHaECqpM
z5W7jV^F|Cb=B!#s2<kFE2PYy)IhIr;N|G1MrUk?iwnc0z$eb=XO<)0vxD2U+Mz&!-
zy-N%E`It=x2$d9p(TJXm{I{$U7=^SXra)oTXeh!q*#-qM#w9SYF%rcewf$(fYN>>i
zxRSSkW;Y<JC@fizngYC>q<Is^6JnAHn<CCYjP#26lBA(fNTC6OumzUn9BnD8@<EHt
z7LrblzF4HNoW2N)PFV`%Qz{)~{=X$@e6aC<FX7>IDx<-CoB>I|CR(8DNudzJy&<R5
zs2BYloz&o%mMf!qg=`LIl3*At`FOR(%@Afe#c?igl+~Gy^;s=qmF$qkNZ?_E_3>;@
zyKM9@%4F7=^AyZdz1^8bbp_NON7Mddprj&!Qq&WdS*jFK3l<y<aEgprL~N8>DAQrI
zWHf6Ll(xC7tX1Pk`BJjqA2-?J#Ymd5fXL$-NJNY-MoEJS%#*VwNuIR$I1h^nKw6(S
z!R2TW<IUE*7{IU;21x}Sr{DpSG?Y?EE|d;w5QBvHL6%2y83a?~Sw0+*0wg1PY#x)U
z^tdLd>lpx70{*B$E<4kCZP7rh{pvE|Nswty&6F#lipLYTY6-4BSmf1dTp@)VV8Dr&
zkQfyrTx0}?X;jjXfU4}tQ>ADoW3yp7!ek9d4n<vEow6va7$FChodT9abqHYB!9mUg
z2LLx4W`jn7F1R&D919gmM6upV?p`;w3t#6YZw?vRZ#%Z5;cov^XJ~C>ci8mAx?~S-
zhJ5MnoA;L%o?LY6!<n<++InpD@o&b)CLFE$i0Yub?zG_zwbR}XY0l3&>~ftvU-Qzs
ziEaBE>z*6w6(;xA&-k`aZq(gdEtA;&#c4}F+;s0;pM}$wcW!L8Ad4;@dNt7TPJ26T
z?4{gvB0cZxITs>-cT<7oySTAO__YbnK4-SJ?ARXGt@_)T7Y}`gj9yW&Yu-6Kb;!<r
z#L6At?tOjLe*44PN#wg7*T!8x`u?C1<t?vNJ!3uCx_#~0uMa=C)Gv8@(%8}6U#&gR
zvg@Bj^@QS|CLG?eIKI5{LA<nM-mHeczu&a0Va(3i>yNy9sd3gNeXUtJ{rrfnJBROT
zySXI%-GR!(!!ys^$hp;;>oxVw)pITQ={fpQpXn>1H<+tE&%N}`f)?@Wja5CT-CjRF
zx4NmhVP`7z<?*iF_g)#&c6+L+N;zrsd(swoRx9}PoDEOxdG<=Lkywub;}^gG@v#lv
z2A}x(?C*Y@eARU3&dG~^89H8CEB}P=Yx>mv#z0@kvgi-1iz9|^cK3OGM%&G9RaJQB
z67%KJGdEYyd%HV*=2tCWRZQ*&`4emUHxsVC#OXV`=WVP`UTcP*9_6m7y?)5oZ**JV
zraco6Zd-X^kCIc4#?0fXQ$40{{q$ULW;@(y<5k*+UrcXuRQ~}O*LmZE1+Ha#8t|rP
zSDxKQ{Q9d>|4rA9F9bsIp0Djb2pwBeedUEfmP6vpo-aPLJwIj5_p8?Hr0;z%w`}_}
zIJa}qMz-^m>f^t5?E;B%BRa3RW;}6MJ*utdy4yQ#;i5sEUk>`?oASRKO)EZMlHE+#
z_po=IJ_JO)=#u$8@BgwpKCoMNKh+moarfoVnP%SA`vMCObKC*je;fT`+&{WT-G2?b
zxcI3tLvt$XO!Mki{Xk9YaNF>%zLzZu^NUYjX#dUa%9PZw1s_eUjbBPPP6_>T%=a(-
z{H`_Q?k=vn@?g~q`~0;nHP=>NJH*15<$=$wT261gIv_M(^A_FbUYxo}`zKf3-ud)T
z2Ri}baLbQL+sfV}zT?x$bz6?AYxY9D@7%l4^FaKmUaI%{0ZjY21A~{Iywz2hs|2rn
fGI-^(Vd-{YU`=z)l}~;+(qu0Vu(ozg-_YYfIY~(C

literal 0
HcmV?d00001

diff --git a/modules/dgn-backups/keys/web01.key b/modules/dgn-backups/keys/web01.key
new file mode 100644
index 0000000000000000000000000000000000000000..66416eae1cdba74989f8814dd388c35a7dea8491
GIT binary patch
literal 2168
zcmZXTX>b#V0fjMUj7Qj{(AI>;fN;1sw$9bATuh^5bziG<S1`azt9!Lttya>m01x3z
z<3ikU#R-9yf(<2*Kw1hDFbpJI2@s%(33ePOfe<=eF_{LNg3BNNkYDf5oB8I=dyj}k
z>LYZR6&Nm&p&K%6Oj3}E>gR}axp;kql!Ks5El!%Ts7oVe1+PVmF)$B%%_Ro1_#A{b
zQ<4^S4kH60bOb`l1fQh+7@rb(@)4{c2|+A}%K?^U!qIplLL(tg=k!X!P{Hoe25>zM
z=7YXxX(;8^s!_4g;6f4@mGcw|5T4^~3b<&5A}G#)dZfTx{SgO6I3<}-E@2nxaZ0es
zp{SfE?5Yr_#;qYTpUXhzgq&9aS<1vp1hbz|O1zq9X)HinC8#(Jgfvk>B4cbS37B+o
zu#`{eb>SEfNHJ4h0r)5`mdN;xn87FF4R9#SO01NTl~Ed}2Jywxq(3Pyd6QZyX#wLV
zwL70QM;OHXl*Z-=af%J-Y^X>Vl<5UW(r8dQiYj->kt=Cfn9-Opt6SqyDFj63i4>ha
znY<VSV#O2|#n5mGj0docN`aVzevvknl$%2Ch$7|3K{<nI7!Pg@SUJ{`m+5s`eJ&DD
z0Jx@*QY#594JFbg6R!-XO*RHCqF6R0(wh*Ti?MQ-!zcACkb)3Y;TA;ap^6lNDU4xR
zlnj)D9O+g^a#?qruy6>Hapn|6%<oIONuS7I!$aPL$|yG_*eK$MP=f>4qbUL))H0{r
zi8}!um60=1U6wVG(JaME6lQ^Q;Dj{~L?T+Xh%uB92>{AVAv!6^(}E%@NVEQ=Rfc=z
zuCPAj%ORA+?}gNy4E5qx%%w6CxZL1J@dA>Mcnu;Oh^ActBfzo{uVAc#2~Jxbzvxy{
zD57Ch4AamPu_$F3S4<`G*=0DK0gGXpEHSRIG!bQUTsjp_8^T3IglBcMG3R(<^P93J
zJQ^w)66%~LnoP@lwsgc<3gt-(1bt>!`Lx@oFOj;{(36)S*(`0hd2|6z3P2tw3}YTu
zill)kiDx(>g!oydDXR!T5_w95WkDvG*DH!eEsmz?XjtzQ7+42*X|Dyw3EmwISSd2Z
z27kF*i;;&MF)?Xijc%n4PWuZ6j}j;ZO%Yc}V&Wr4vyn%Fd^}rF%5^fmrf3(LeF?jl
z!ZW;EEpx<yQaEmuNrQxsQfuOATUhyIA0emIZ3#MZ&t?NXIAo29<9P#`i7WN6uS7Cf
zsDQ?@Mob>g!A1)ik_1g|wgh<9NxLS2i!4Pn?<pk%ytA0o3yho88x?-g>hnQ14lL0g
zoI`|y;K6mA{aG3#vB#9CSPl7MEUpduGBInM%(x{GYYOUfS%Oe`V<t7_Eo3A%6%VE~
zVUb=Z_~jas*7*FslnnO}WW*a|-D*BS7ZAu}({n7xkgVO4ghloB^<q~Z$a;~WJy9%h
zyv1Z-m08-P(NK0FLtqf&C%HJq1J<;M&WIeB=Zzlh?>&8Ndim9vv+r)ae)sywm!lJQ
zj+-9&UsubCiT&+yxOL*(3GajZ7FIUh>BIY#$^I8-mk%^}t6y6+i~n-*gU6lO@nb7<
zU3GiAoBzAX<vG<?b*1W3g=$vMn!4kUHUW#~ZrMNeEHLM6$24H}lJ<Fjqz)fXo3EU^
zyukeLVN+K%Z`yaTv23$$)&SO93m<*+M1$qi%gA!-AUgT0v3>X3|MqAWaO&LamrgbW
z1{~rIcg8KR-WfK0w&KD!s=LdlOhRvtT{8(h3CG7bXxDDM-8UMeCYHB|fMH|qB^Dfc
zWrMx?xeGf#TWfyx{mzO%bku=m2TJoBLOagCIz!(vZAa~zb$iaQb5%5cd-cuwlND9{
z&5c)$^3?cla;i{Ut-rstXV;#Q!j9X`{rfxjo>|+ydSus1ON;A2%lJtZ?$saa+GoVb
zj>?(lBSYUG+iqHW<(>DMD(s7^`&%YER<@pbi5U3$96hOJ`NMZk^&j2*o1%Ehd&t(Z
zN@d?*Es0poH_+fv|63a$AL;#-SlR6>ANqNsZICt}-GBDy?bn9a#GG5lbk+@h;Mv-C
zt_i9TUpR2>*iR=uC(gY60=O_!xwFeP`=h|r#=s|CL3WCIjHau#?2G0V-@p3`IBJ_B
zST*$1N4@j+t{jCq+kg0YK)d9kZ0~$k*}!+q3*Z|!M1xIjgm_Kr*1g6pszswZM$C0)
zY(}B#PXm(GHM@tSHNV}}H}t9K=-@4~<9<s=;h-(n^ufRWT6VFgZPU_|r^g~AT2@^d
zs)KU1YH_8z0Wq{5ZkXzs*|+#xBOn_8`hrcD=OM+~>GdZT-m4isMW=h?-F^GRH|uI1
z?VVFqxl#IHeSKovnBi^mVXXtlt4lY2H~1sFtY?a{JUnHmP;vO)IC0ym?QJU!xc@cv
zx>2h3itM4j#-@_<tAQ=1&awX#hJSH!My&Ib_3*GSZx$7I?7{Blxw6BB324t-9f~m<
zhW+K_jvpeaTkYMuUY7LY_@N(->6+)ATTc^<&R>7He(+=d;fZg0{=6ss+}kU9d&|w6
z|MB?r2x3{izw^+xGiH3()>R+szV3fstytP%JH6z^*4;0;AAG*(@uh=*zx1ek@W2Jn
jca6K(Jlub^cA<IlH8phjP;~q>-)&Xb;$Jr!f6x6Nr))_X

literal 0
HcmV?d00001