From f8e71d626e367df01f3cefd2fd30b1d45e58aec9 Mon Sep 17 00:00:00 2001
From: Nikolai Rodionov <allanger@badhouseplants.net>
Date: Thu, 26 Sep 2024 22:55:34 +0200
Subject: [PATCH] Add an additional age key for Minecraft

---
 .sops.yaml                                    |  6 +-
 key.txt                                       |  3 +
 values/badhouseplants/secrets.minecraft.yaml  | 59 +++++++++++--------
 .../badhouseplants/secrets.vaultwarden.yaml   | 26 ++++----
 4 files changed, 55 insertions(+), 39 deletions(-)
 create mode 100644 key.txt

diff --git a/.sops.yaml b/.sops.yaml
index 2f1e424..b9261fe 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -1,6 +1,10 @@
 creation_rules:
+  - path_regex: values/.*/secrets.minecraft.yaml
+    key_groups:
+      - age:
+          - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+          - age1fwhu5m8df98kk2ldf36z24t9vfcz3875fd3uzecke0yv2qqts9dse0jqrn
   - path_regex: values/.*/secrets.*
     key_groups:
       - age:
           - age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
-
diff --git a/key.txt b/key.txt
new file mode 100644
index 0000000..d33a4a0
--- /dev/null
+++ b/key.txt
@@ -0,0 +1,3 @@
+# created: 2024-09-26T22:52:39+02:00
+# public key: age1fwhu5m8df98kk2ldf36z24t9vfcz3875fd3uzecke0yv2qqts9dse0jqrn
+AGE-SECRET-KEY-1GHMQKZHLVGV5CGZQD4HNMP3UCA8D75557KVKJ82JGZX3LTFHCEVQZ9FSVR
diff --git a/values/badhouseplants/secrets.minecraft.yaml b/values/badhouseplants/secrets.minecraft.yaml
index a841175..99f55b0 100644
--- a/values/badhouseplants/secrets.minecraft.yaml
+++ b/values/badhouseplants/secrets.minecraft.yaml
@@ -1,28 +1,37 @@
 minecraftServer:
-    rcon:
-        password: ENC[AES256_GCM,data:lZ2/ZXHCjXEe3VlqzyziGWRi7CWn8jhaLg==,iv:hWQy35yoxZOfTqr3Y2x7yUTd0nzLBpjHtQWrdvHYD4g=,tag:QGMkDh2q8JrBwq1wRJ/2nQ==,type:str]
+  rcon:
+    password: ENC[AES256_GCM,data:lZ2/ZXHCjXEe3VlqzyziGWRi7CWn8jhaLg==,iv:hWQy35yoxZOfTqr3Y2x7yUTd0nzLBpjHtQWrdvHYD4g=,tag:QGMkDh2q8JrBwq1wRJ/2nQ==,type:str]
 mcbackup:
-    resticEnvs:
-        RESTIC_PASSWORD: ENC[AES256_GCM,data:NVwBLhDqZD0+1Yk5mr48Z491CMsfQGzRR4zQmRgP,iv:N60ZtRRxRDH8WdzQUTt6v3TP/UAiibyqCA/Y97g770o=,tag:Lz/lEG23hdva8TWgYxBA7g==,type:str]
-        AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:i0MErquBzs4YgePKfSI=,iv:VwnGxA3PLkILQSbyzJ9XtSzWepF7RYtxnvyhZumWBLQ=,tag:AvXdooV5Cn7d3kNzt2ptSg==,type:str]
-        AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:vrpIZIrU,iv:9draRN4qSnhGLKbndWPW5YR5Tr93f/37/x+2G3rIfsw=,tag:fks0UI/j04MILBFRQGcfaQ==,type:str]
+  resticEnvs:
+    RESTIC_PASSWORD: ENC[AES256_GCM,data:NVwBLhDqZD0+1Yk5mr48Z491CMsfQGzRR4zQmRgP,iv:N60ZtRRxRDH8WdzQUTt6v3TP/UAiibyqCA/Y97g770o=,tag:Lz/lEG23hdva8TWgYxBA7g==,type:str]
+    AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:i0MErquBzs4YgePKfSI=,iv:VwnGxA3PLkILQSbyzJ9XtSzWepF7RYtxnvyhZumWBLQ=,tag:AvXdooV5Cn7d3kNzt2ptSg==,type:str]
+    AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:vrpIZIrU,iv:9draRN4qSnhGLKbndWPW5YR5Tr93f/37/x+2G3rIfsw=,tag:fks0UI/j04MILBFRQGcfaQ==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmb0szVEV3V2l0WmtoRFRj
-            U1QzWkw3UDRKemVQQ0t2TzFrSmN1b3V0Y1E4CkdDaDQzdlNjZTFlSVNMbTlxbkwv
-            dVFHQ1EvYUFBNGs0cWc0SFB2M2xtbUUKLS0tIFFGUzFpTXhXd0UwZVhZSUR1c1RS
-            QURwVEdlK1FWQTh1d0NNUXR1OUplMGMKqc1VSEnCX6AN9wClNZXy+rfhlzpxhnTE
-            GKQQA0MFgAKwjLe2K0IyOXi1nxNxElZnBPzJeDAVej4BTpUZvh14ow==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-03T19:16:36Z"
-    mac: ENC[AES256_GCM,data:/qsVEOLbarzykIPsX0eqQWZcyyWIEZQILE+Qpt2d6XFHBsJ52KUD1KWL5USFOA0qvTP9c4EV9dDfAsXM+VO1jpm61/SZiTAtsTzI+JlY7x+6hqTc1cq0WXZgn4xQXJ9FKwrkCVL8HBGtujg3qb8EoeYaWpuHf3OCyJaAsKTajgw=,iv:8qCXGDQtf+uPUq/qe/koodf3CuJaYf2tFyjQeYTWJ6g=,tag:D5A7noPWEnvtoVTNETqJGg==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.9.0
+  kms: []
+  gcp_kms: []
+  azure_kv: []
+  hc_vault: []
+  age:
+    - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhemlNcEZLNXBDZ3RVcHdV
+        a085NzY4dXFUNFUrTDZkTTFJa21tWkVzMzFZCnRlT1hzWEJhZ0p1ajU2U25WTTdQ
+        UmdDei9pYU1wcGlLcXU5ZHNhSnluR00KLS0tIG9tWWhjLzFFbGJndXJIbDR3OHNn
+        b1BwS1pSTUFLS2h6MlR6Q1N3dHJIZ2MKEpZIcVnlrD3FrzSlLpIxMOGetS0JR0YX
+        pKSkwSOQf6HAYkYzXhcZShQZxlvKkrT9+OmEMAl0kNtGk19mYxuHdQ==
+        -----END AGE ENCRYPTED FILE-----
+    - recipient: age1fwhu5m8df98kk2ldf36z24t9vfcz3875fd3uzecke0yv2qqts9dse0jqrn
+      enc: |
+        -----BEGIN AGE ENCRYPTED FILE-----
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuRkZoS3h0UFRRRUJ6bk5z
+        cWpQcVltelJIVWJZMkw2ZUtwYTdXNXk5eUdJCkpqSTQxVGJnVlpyc3Z1eDFROGtv
+        emJBcklCZVJ4SDhqalBGcUZYUUR2Ym8KLS0tIEQybkZaTmVtb2ZaY2Z2NHpmbDl5
+        WXFsdGYyMHY2eFdpWm5TTlBHL0p0V0EKuzwRGDIGpbqwBa/95/dY4AqoZDDwRBxZ
+        I34X4o4DLMwvQYuYDB8NmH2QwAz4pOsmFKfNRZF4QAqyeD5diac89g==
+        -----END AGE ENCRYPTED FILE-----
+  lastmodified: "2024-08-03T19:16:36Z"
+  mac: ENC[AES256_GCM,data:/qsVEOLbarzykIPsX0eqQWZcyyWIEZQILE+Qpt2d6XFHBsJ52KUD1KWL5USFOA0qvTP9c4EV9dDfAsXM+VO1jpm61/SZiTAtsTzI+JlY7x+6hqTc1cq0WXZgn4xQXJ9FKwrkCVL8HBGtujg3qb8EoeYaWpuHf3OCyJaAsKTajgw=,iv:8qCXGDQtf+uPUq/qe/koodf3CuJaYf2tFyjQeYTWJ6g=,tag:D5A7noPWEnvtoVTNETqJGg==,type:str]
+  pgp: []
+  unencrypted_suffix: _unencrypted
+  version: 3.9.0
diff --git a/values/badhouseplants/secrets.vaultwarden.yaml b/values/badhouseplants/secrets.vaultwarden.yaml
index 2eda8eb..cb01718 100644
--- a/values/badhouseplants/secrets.vaultwarden.yaml
+++ b/values/badhouseplants/secrets.vaultwarden.yaml
@@ -1,13 +1,13 @@
 env:
   secrets:
-    enabled: ENC[AES256_GCM,data:e3fXvA==,iv:Zu9lAd7V/mYTAXFaMaxZaJFrnqfbO4YpeyA5iI/zeW8=,tag:13h7DQWTg8j1ZdWgmKD0Dg==,type:bool]
-    sensitive: ENC[AES256_GCM,data:dywYnQ==,iv:BbfRBvw7H/kRRvGvcPFhSy1p557GIlJHxaWouTes44s=,tag:Rs/MxeWFCmcplHocjmem5A==,type:bool]
+    enabled: ENC[AES256_GCM,data:6v6hwQ==,iv:QHmMiXxR0rK2ezkeEEel6BZYVgnSS7Rbi45EuG5vKzQ=,tag:urxW5xeOMwhGWestbJl++A==,type:bool]
+    sensitive: ENC[AES256_GCM,data:eMSjSA==,iv:l3t2x53K22Nv/RjwjRqIN9iHlyElhzAqXkZwAy4Ta/k=,tag:KJtCvyOcdmm7HxZnOSx7ZQ==,type:bool]
     data:
-      SMTP_USERNAME: ENC[AES256_GCM,data:VzNMG8K92B/z24TdbQfQfWDQIxv8KA==,iv:5EbYpTvuEyyDUG8Tk8OqoEtHwRuUOC+Nn8Ll3oqwOvo=,tag:CCH6AOMFh6d2jw3bwTJnmg==,type:str]
-      ADMIN_PASSWORD: ENC[AES256_GCM,data:teShVLb7WBZ+b92dvr0uZ3KxKLIANdYwpbeBI6LLQjBbiTv/zGpDBEbjBlOKprpktnI=,iv:7/fPn9p/I/2xY1df5xL1Z73K2X+F8vSlMgBTriDPFuA=,tag:+iePuZ5tao/zV8MKKJ88CA==,type:str]
-      ADMIN_TOKEN: ENC[AES256_GCM,data:CoqOi9FbiVD88UItHiuhUGdrMZlPg6DDcJmhCsfQ1tVOQ8qUepisx/OeyNgQ3qBkawARebEaeADEGMvbzqt0eRf0St6HqKlVJTdBpFGlu0kQcJS7YCONLA==,iv:3ZNWJyKp1TlNW+/U3bQD3FsdE5+Ranbn98OkSlLnnGM=,tag:xbnMEHwi5TWxyK+4waE4BA==,type:str]
+      SMTP_USERNAME: ENC[AES256_GCM,data:ot4Y,iv:P8PCLF5tiDKfZrZGaEDH+p7UxSkr+ce8QxJJxpULsKE=,tag:BHZnW96+R1nTPjmCeCtNoQ==,type:str]
+      ADMIN_PASSWORD: ENC[AES256_GCM,data:MRix2LC962BzZW6sRcycNBcsfnvHucfkBg==,iv:TgEL7bUymwG99wb1A1huBl0qbz53zm6BzEvMonHwi8s=,tag:IN4dPYYxaZt4ViDiXOLvnQ==,type:str]
+      ADMIN_TOKEN: ENC[AES256_GCM,data:NVf9NtCnpaC2+8qrSES89GO/8cEm2+V4YJaPA6o5mzk4V7Xuyd0W9USz4UPlwdtdWLO0bjhk3OwpyrZgdCmJnQP9/rWLzDRdMEg=,iv:LZh5jWahnLYaUNgu0G09aftJa9rPd1bqh+82jw4IiZA=,tag:zlnTKxqe6MMtauF1W0dJNw==,type:str]
       DATABASE_URL: null
-      SMTP_PASSWORD: ENC[AES256_GCM,data:ZpimTNDLp5wwZleKfZS6YYSkzle7PbkoJWi3kFCiVH+PoVUTQid3SW/4Zig7yVd4KsfVzth8Q4yRarWl,iv:ANKX4Y8guitZMTayVJz9unhV4PX8/oc6qiuRrS2roOU=,tag:wGZbjpwgmNueL9T2b7qRYA==,type:str]
+      SMTP_PASSWORD: ENC[AES256_GCM,data:zFyeMTHuE7Be9DHMqnlhd4VidTFlyoOGSQ==,iv:eT9wV0ssZskma0bbbM/9p5rZctfC6HY6Y+YFjntf9jc=,tag:WihbTrkvC2v9Wn5tmh6mnw==,type:str]
 sops:
   kms: []
   gcp_kms: []
@@ -17,14 +17,14 @@ sops:
     - recipient: age1vzkv97n2p7gfkw8dyx8ctz2kumattz89th2jq47zyjyrarmnssysdkw9v8
       enc: |
         -----BEGIN AGE ENCRYPTED FILE-----
-        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEazgwUEJGZWxWb3hHdkNs
-        a0M1alRqdStzNmVUWGFWbis4ZXpNMjhwM0hRCkh3WTlUMVIxbzQ3V1EyRXljenZW
-        R2luWVRnV1J2SERsbVlzRUNqeWs0Y3MKLS0tIEV5aUdIMTcxalJXbkVBNVRJR2R4
-        WkV5SDZVbzhPQjNwVEdjUEQ1NHo3QmcKk2g+YWoh2rE73Bj/Ap6HHPd8IXiGCb5G
-        AXuxljIlThV7/EnIStPt+IIZ2fjqRbQTMGGmmqHI284QyA69uoDLrQ==
+        YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGLzRMd2ErUGl0b1ErVkZG
+        bFF0V2dxV3lBc1lGcDFXNmx3OWZadGFqakFNCmsrMmpEWjFUVzRFS2JMOW9MZWJB
+        TG5UQkNmendrZU1oRkJrU3BPMzh4cFkKLS0tIFFxQXRyMWxVMjV2ZGI3Y0JCSllU
+        alJUd1dqeFNLRWJNTzB4T0Rib25ja00KU9O/9ceV/qIs/27sPUHHgOije0ckPPGf
+        IUrshO3wqv6SBI1c/XlPHYWJSASjZZEk4wf3AkCVu3D4mm5bwD0J0w==
         -----END AGE ENCRYPTED FILE-----
-  lastmodified: "2024-09-13T04:24:11Z"
-  mac: ENC[AES256_GCM,data:gJk36JWS36urA8pM2c5U5WRRVf6YpAVV1Vyf8gHaVEmRfzZIdprF6v9co7U+Qz9eT4X/0BJcB2AvbAiuhycnScOXtL+MXKcd4zOfNFgheEz0ctNZQNmsNwCAjjGjRFu7cUp4mCR+7lbZBIHbrQOe9u7NReJlfc9uvK4YXhsKc4Y=,iv:xefJr9cgFSeULcTf0pJIRkMf80i/FkLhVLTz6rN7PK8=,tag:YJ+89kRtLnMANqiYy0OcXw==,type:str]
+  lastmodified: "2024-09-26T20:49:14Z"
+  mac: ENC[AES256_GCM,data:bjYiffGodlB/2tV7thE3LUyyitTF/ovKRvygtDy5Ttfa69UcUyxZltDRhzFPS0J0lNQsfJ1ty+zm7MKtRjmHjUz1uce6xO9svEFNl1vWMaOz+2VcbrME4XQCqZeI9Slwd0C/r4lSWJJEp/8lLe6EexoYDu6t7Tr7TVvcXNO1038=,iv:+pXgGw4/5lFM69HiwSOReqaTB3vrYkyI4qEBdGuyi6E=,tag:TEYfphz57Wo9DK1TZJFK+A==,type:str]
   pgp: []
   unencrypted_suffix: _unencrypted
   version: 3.9.0