Migrate secrets/

secrets/secrets.nix

@@ -1,37 +0,0 @@
-# This file is NOT imported into the NixOS configuration. It is only used for
-# the agenix CLI tool to know which public keys to use for encryption. See the
-# README for more information.
-# https://github.com/ryantm/agenix
-let
-  # Get a system's public key using:
-  # > cat /etc/ssh/ssh_host_ed25519_key.pub
-  # If you change or add a key, all secrets need to be `agenix --rekey`'ed.
-  alpha = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGOpQNEmmEe6jr7Mv37ozokvtTSd1I3SmUU1tpCSNTkc root@alpha";
-  mu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5kEuDiVGeiicxwNUjjrHurWW5EXXxHl8YFRiKzLeX root@mu";
-  omega = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILvFN4vnqPX31+4/ZJxOJ7/bSUEu2xB6ovezPQjLm13H root@omega";
-  sigma = "todo";
-  tor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVPxvqwS2NMqqCGBkMmExzdBY5hGLegiOuqPJAOfdKk root@zeta";
-  zeta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWiyK636Ys+jRX4ZFByfJMyPIvW4ZsYAITW2fo3VQZx root@zeta";
-  # Recovery and management key from Keepass. Used like so:
-  # > set AGE_KEY_FILE (mktemp); read -s > $AGE_KEY_FILE
-  # > agenix -i $AGE_KEY_FILE -e foo.age
-  recovery = "age1rd6hhd724s3r9xe4gfuy38rl0xfu8c7pkuefsrdwqfcknujzecyqz7ldyj";
-
-  all = [alpha mu omega tor zeta];
-in
-  builtins.mapAttrs (name: value: {publicKeys = value ++ [recovery];}) {
-    # Borg backup
-    "borg-passphrase-file-omega.age" = [omega];
-    "borg-passphrase-file-zeta.age" = [zeta];
-
-    # User passwords
-    "users-hashed-password-file.age" = all;
-
-    # Wireguard
-    # The preshared key adds an additional layer of symmetric-key crypto to be
-    # mixed into the already existing public-key crypto, for post-quantum
-    # resistance. Public-keys are generated using `wireguard-vanity-address`.
-    "wireguard-preshared-key-file.age" = [alpha omega];
-    "wireguard-private-key-file-alpha.age" = [alpha];
-    "wireguard-private-key-file-omega.age" = [omega];
-  }

secrets/users-hashed-password-file.age

@@ -1,16 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 KjvmEQ /TcefKl0Y8JK6zyl4vqZljVcfJOzD4eCNGvbYsEKmw0
-qqZYJaxrgtv14koUt0vYvabVxcNlbDhFz801r7P6a9Q
--> ssh-ed25519 z/cefw gvyjcgGTgz6v9SlF2pyCZNR+kXmIWuVHPIBaSfZJxxk
-2l79Mf1A/VpdQBOX3qJXriuMuUdAsrA4DoJYTxzTa6w
--> ssh-ed25519 fY+XUg x2WaSa2nrnrSm1k84G503gIdUhedMGOJEqmPINBOolc
-DYWNBBNHEikzv1TEX6r5yF/wfR7n75wQRsc157KKNDY
--> ssh-ed25519 npms3w SLKlrhJurD/QGHN+C1zN8XMckDdbXWYkBlzGo+1Kxiw
-qQM04A3S2CwPff2epteQPDbkJSpZJ7MJ93gGMBRNIc4
--> ssh-ed25519 8zRjQA THrfv8cKI/GkWbBS1VVa289IJMlJduadXxubuOYXRVc
-oFqQGRkCn+HBlTuY5c1FFkKHCmkrsBdFR1QpzX6oksE
--> X25519 x0+Tx+vNwUdSUpGOc1QRAUF2TDtcNxSj8h8A1HNjC2Y
-YwKgXIl51ioyvzeFvSBIUM4mqgBFrZg3sE6hKIQQabQ
---- gJhJBAoc7OD0YHdcdAeUItimY6k0E4CuLcORrXtIR8A
-ì`êÆ{
•úÌ…<C38C>Ç@1Årèƒ
-h–Ô³mÖ‚‹cüK÷’Sæž ›£A÷¶‘X¸{rë1~)<29>RmHF-ñæ5ÑN¯/ζå!æÿîhL<>èÆœˆå£ÇD8üµ°;¡9M¢;‚<>

secrets/wireguard-preshared-key-file.age

@@ -1,10 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 KjvmEQ iWd1svyPPVu7KIAh2nOpTfWg3z5k7OvOomdy0pc7q0c
-If5DhrB20tF5MCEeE1r75u4ttj3wBxKc6rOTffQei4Q
--> ssh-ed25519 fY+XUg rZ6pcgzocZyxz1zsBPKZGnB0kbLqIJtEqDATIn/mvno
-f4MI725uZf6PyZJ9cf3hwypWe04hYhhi2ljRdirX83E
--> X25519 2ojQ4Y3fJfBs+QoN1PUw8+UJqI0AtMIs7kaS+stj7Fc
-xKN26qdKksxncH+844/pkjK3IAjCXwgzPGLBxdEOi0g
---- tKzJAj37+Ke/a4fNE7HVzGvVLFza8+SQID2VxRqDWEs
-~R•ÔÞ}ÖCFÚ>À²ÄMðÅl€çïÎt»„	ûóÀ—U~¶îiÁMÀ<4D>‰µm‹ «Q
-çRJ…G•@:lšÈ“ïjŽ§G¸Tl%

secrets/wireguard-private-key-file-alpha.age

@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 KjvmEQ 6nyOk17mL+6jNcd3/dohBfi0TiO8N0LoZVRWmH/mokw
-le2vevGkS/wiFLCY4UWDcWA1GjcfOUlGkNjcqGc3sCk
--> X25519 vaYo6bAHImW0xvoO0r90vAtsDV1LrM6OAfGhlouvzg4
-3ynofiRZXXRXXJZjbVZbAbHIy4YQkEBulSHH8lVZLlk
---- E6pxWFfPVD/XmRtipI5RYaPV/ga3n1nn8F+dppVOETA
-”Öv]q6.§ð‹gÎó
âõwlæáF³}$¨(Q+Âh8‘½õ¨OV÷ÁFü}Ðy…f'‡¥¶Å
G¬ŒOê±XÊÝ7öc:¾îU