From e98672864806fa5592246ea115ab0de192687858 Mon Sep 17 00:00:00 2001 From: Sergiusz Bazanski Date: Wed, 15 May 2019 19:19:19 +0200 Subject: [PATCH] gcp: init, add service account --- gcp/README | 5 +++ gcp/secrets/cipher/sa.json | 62 ++++++++++++++++++++++++++++++++++++ gcp/secrets/plain/.gitignore | 2 ++ tools/BUILD | 9 +++++- 4 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 gcp/README create mode 100644 gcp/secrets/cipher/sa.json create mode 100644 gcp/secrets/plain/.gitignore diff --git a/gcp/README b/gcp/README new file mode 100644 index 00000000..c6a3ff23 --- /dev/null +++ b/gcp/README @@ -0,0 +1,5 @@ +HSCloud-stuff-on-GCP +==================== + +We keep some services running off-site on GCP. We manage them via NixOS/NixOps. + diff --git a/gcp/secrets/cipher/sa.json b/gcp/secrets/cipher/sa.json new file mode 100644 index 00000000..3e890f7a --- /dev/null +++ b/gcp/secrets/cipher/sa.json @@ -0,0 +1,62 @@ +-----BEGIN PGP MESSAGE----- + +hQEMAzhuiT4RC8VbAQf+KITgWe4i+3ohhquH4NP1sL845sfoJqbpRgzCLONOGEXl +tkcOveTsishF3o1Jh1X3Ca50+7i0eHNbCIOImAbrdy4Hm36GQW6pkl0cZR5KFyt0 +rlsuaXNJ1WiR4oyv3YXGMl5asz2aHf7Z1gh0X8qfDfMJE6a2u/v6zMdy8Ihvi2jO +qttsHzESfUOu4caH2Sx4wJVimAXAVj4kg9VgcaKONY27ZhTMo8cQ/KaPW2lDLNLg +7YfadIY9k8LM3I+75JXDEEvSqGnluUoeHWDlckj0MmtEqHMolpgZ9tfD6pQETUf/ +NSTlwqtki53wu/erCL7g4D/S/cboxREvfIGqhsFXZIUBDANcG2tp6fXqvgEH/1xR +ciF0ClkVmCyFPt1ZQubpkffbo3iWBDsqjamZrfX42fZxiEhEuRB4w2IBu/1bjATi +pogevUExHSNA0o24Nkpe58WLIr5o4QRLu1K57whKc8TdERouSjiH47xKlDooWx+y +IBZEIUSU7RcJ8+GyaF3yE7zPKeRKXjU43h6D3JB3zExI3O2d+bctEqKc3ENnYurI +Bbq+2/54aWKvyzf7JYxTC/YIr7o7wOaWg4Nvx0E0fSCdn3bxiLshj3s89WPLf3KK +1T+KYehv6eU5reroGb1g0vXyfH9rsHIPDAv2M80oV3J6bUqIu7BidR81qY1CSMVC +ACzgbaijdXMnaxTQp++FAgwDodoT8VqRl4UBD/4zh67Y9RKKCtKRTRdrr7wW6dno +SWviVIWuP6lxfMiIqP2A3bJf8azGN9bC8Tn807x6hvECrLOrYQQPAfFN3QJQYc61 +XzwDAditiDC0iW3imhmlX8yovH+OCq3Wya0wOhbIpsjLa1c8RU/OXAe7eHh1QqNd ++myBKwMN3PBf2OubEv71N3yrntdv2qgkmWFrt+cMhDrGfqNizS4BVoAMJ9cARu68 +uA9hGSVdoRe3FGaxVmYAyGI1qan+hINc6tDvoNgaNYDqWO2S1AoLTg9Z6BxnBole +Alja7Do4EapfLT8UPvXgtyVVvQ8yekIObd/ISD3sYoen2sIgHEb7wFWv8qgINcZF +AT5ZxxPARvCxq6QY4mWP9O4h/UNi59Cv03UDyd2wN0+vAIIndGfQ5iHIXvx7tbJh +cYNgK3c0Q9eSXncmyUiI7Qsaxs0+ScrgTNi3PEaQO1LxiY5Ek/zz9/A0U2fFBrU+ +5RiB77HsTnx5HsuRO3IqEZXA7TTg2lwDqip2zeYUT1t6WBNGZMQRDk5evH9pmDq7 +hg4eblNISXNtAYfIT0QKa+CUcL+0TgBCnQA12s5LKQEiBWwbmO93QW2am1+nqvSg +QddQAuAj2RMPyrN04L0PT4QOAs4eMgMh41KYJtHlulr6OwyD6M5T81CRw8AmvPWO +DtebLO4M9A50nth249LqAflyvW4cvu42BYdsc6PCX/UnIWw6JPvD0j7XXgpK/H7v +0pVBXZ4IK9Fev+2nuRTK7KbqQ8ODDmps3tfoRA6wlmzjIxd6JridTnTfaPWHjBqz +QQXQdUTyos1R3PgDoAxDKfTqxYqvPIX9ShPcQ5QnL5S/7M42aHKPJdzwkTTMBi04 ++4yDqlhl7x6LqzYGcYr7Rf4z+ECvwYpZmy9dR58+j4+MHGqZjPD9tJHI2VdoI28s +0eOOJHBhz5hh+CAFs7M3oWN56JHM1IhLVp/PzjhMpUJLSnzrIHSrTc4wXvrY8p0o +2Kqd2zc83BIlPsyREgzNEeQk3c/8/zViSAyeGiruYXIm9UT9mTvcNm8Jk4QCiwj/ +vKZ+f4SmsiGUnJFUSokf1gxpC/922v0jWIFy5xnY0kAqxFPUZtK8CWWwKIicvKXa +tMPIXwUoHkmT4wRqjpSmM37ujPWN0dugm2RFzSmfsLaXDhTICd6MZF7LoRcRU29a +KyFzH0eXiHvv4hUvd+NRzdh1su5vfQgE1AJ0v27ob+qLabJnTBLs2OdIK6XZohFG +469CG+y6ldF13THTbmomDB95St+qxh3CYPUb3MgdDAtxIlarAP7DnwTpc1nAv9iW +GJUqXIbQURfUeUdrHBit1SpDgjispsNn/7aOWEMNPfN0YyabOKTjixuPy24cmop9 +mIQGqQMf2R625Iw7vBV9kKzuH4lB9IfTQN8P4UBgyoOsqHhfxHutiS3kRWnIsBDA ++LUzxq5Gg7c2FmO+JCLJdvPGOcu0bH7Y4jn2uiRBY4Ej63WOVSU13afaHxvj25T0 +tOL+9qnSO1Jp6WpYMz5RsFACbitl0urKEOvgib9HxxphXchpYehbsj/E92/H88xL +nqkBvYJtOJCImAl8hIUzn/XwTBZ16qcEpkWcsjTLtJmUNU3WkXQUyMUjvEUJbnNK +XPQa6dhtxmlen/+siOXqxRrr0H9r70c69dat9H16z2O8Lx8c2ZYj13NlB9Li0PoA +QqMJOFItWPMkMj8pRIc6b81RJ8qDbXI8Yuyu8KWga1pSqGqTLfhxBcEDurqiYFRk ++yJoo6Uj7VzSLbcdJt1tDaDQsWKOKxZasQXo9kc3AeAKpgblriD/l7lV2pIINjbN +X+nRld9t8AkeSduN8KyJYJ1HVRXvj8XucNcV0qN03EfVVzY1Sp9SPfLe4PxDaTq9 +4I2XPPYMCq9TsDgSGeaAOybW0jay14hpzM5/k1qyyn3d7DB5j8gq7smNMHroLb7m +ub93qASb7heF0n/VbDheLin/nrVMnNfz8sLuv4P90F8+K3y56JgHDP7UBkl0ahYB +1msvRlnC3dqay/Y7VjMdkSbjk5eGlr8Hj3z+MuXrBOl0e0Xi9hkynadDsRykxzQ0 +oHS9eSm7ePQD8SYuW6M195ta8FPsmTPOvyTLq/5bHSRjkaoF3T+S07jyTh01oL9G +MbBKdz72hiamm+Yf3fI99zSxhVYtjKBnnw418i2OGF19b9tOmNLmTnh+ioGR/6i/ +vlg8rVDchWutW5YpH3uaZVqHmXGWNeHgG/jR0AkeOtvibuJnz2XQ15t5SUoP/pDj +Mejrvw1Pj/JvYhAmXz08BesySyLEGBwrhXrK+ZOcijIs8nesaTqiosofpLYmOEBJ +8eUQCvTMtycjzPfhVv2m6rcwTIAmpdPmfsfcrKPKJnoG6iDZRqsLFUyvSFMO1HKD +PHiGjWW8XTjMj3vXInCu9oIjZ0Ap4KLby1B+9igEdnRBLCNGdr6sLYo2ZJWj8KIM +71+47DihxnQqjrNwx1GaIs5ViAxh/SxFkK3Tse8ENTuI+Jf+zfyyc2hrv41DM4YM +NcG2iXd3S+mZPacm1qwDqvjqPmT6ZSkmUEfHdKdoglxdLBHAoC/yqwE/4ihK+cde +8s89eAUQxXEVObLx5iyBQ5guHsELHjBqJXCIlHsybl0Xl5NLC2+JhKYQ7skaeYaA +R8rf3LnZkk3YnQeq3yVcVzdHPi7vh3hpjBOTj/PQ9weM7oulRxwLkvYTZ1fBdjBR +FDRt2kmiv7VmhpxZ3HbZapvehAl9FEBydj81x3pGmdPEf7+4ZcMmNv06FXcd6cw5 +HnOZTFTmRp2xmosHoGG3YuxqjNgQ+qlEqK9yIcsyz0FMZX/HTufuJNaPJiJtxpzf +uiwkIx0c4Q+prAU0sDlAG2y/c0KohwjCORmv+oRpT80vA7r0W/Vn1Ng7LsezmzAU +vGnkxqBGYf1we5gZFFKmjXLm5EdaHH+TNGENeA== +=K/vG +-----END PGP MESSAGE----- diff --git a/gcp/secrets/plain/.gitignore b/gcp/secrets/plain/.gitignore new file mode 100644 index 00000000..d6b7ef32 --- /dev/null +++ b/gcp/secrets/plain/.gitignore @@ -0,0 +1,2 @@ +* +!.gitignore diff --git a/tools/BUILD b/tools/BUILD index 80678ca4..4b3eb1bf 100644 --- a/tools/BUILD +++ b/tools/BUILD @@ -57,7 +57,14 @@ copy_go_binary( ) copy_go_binary( - name = "nixops", + name = "nixops.bin", src = "@nixops//:bin", visibility = ["//visibility:public"], ) + +sh_binary( + name = "nixops", + srcs = ["nixops.sh"], + data = [":nixops.bin", ":secretstore"], +) +