feat: Migrate sops-nix to agenix-rekey · trustmeim.gay/nix@885fa4b

+315 -91

flake.lock

··· 1 1 { 2 2 "nodes": { 3 + "agenix": { 4 + "inputs": { 5 + "darwin": "darwin", 6 + "home-manager": "home-manager", 7 + "nixpkgs": "nixpkgs", 8 + "systems": "systems" 9 + }, 10 + "locked": { 11 + "lastModified": 1770165109, 12 + "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", 13 + "owner": "ryantm", 14 + "repo": "agenix", 15 + "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", 16 + "type": "github" 17 + }, 18 + "original": { 19 + "owner": "ryantm", 20 + "repo": "agenix", 21 + "type": "github" 22 + } 23 + }, 24 + "agenix-rekey": { 25 + "inputs": { 26 + "devshell": "devshell", 27 + "flake-parts": "flake-parts", 28 + "nixpkgs": [ 29 + "nixpkgs" 30 + ], 31 + "pre-commit-hooks": "pre-commit-hooks", 32 + "treefmt-nix": "treefmt-nix" 33 + }, 34 + "locked": { 35 + "lastModified": 1759699908, 36 + "narHash": "sha256-kYVGY8sAfqwpNch706Fy2+/b+xbtfidhXSnzvthAhIQ=", 37 + "owner": "oddlama", 38 + "repo": "agenix-rekey", 39 + "rev": "42362b12f59978aabf3ec3334834ce2f3662013d", 40 + "type": "github" 41 + }, 42 + "original": { 43 + "owner": "oddlama", 44 + "repo": "agenix-rekey", 45 + "type": "github" 46 + } 47 + }, 3 48 "aquamarine": { 4 49 "inputs": { 5 50 "hyprutils": [ ··· 162 207 "type": "github" 163 208 } 164 209 }, 210 + "darwin": { 211 + "inputs": { 212 + "nixpkgs": [ 213 + "agenix", 214 + "nixpkgs" 215 + ] 216 + }, 217 + "locked": { 218 + "lastModified": 1744478979, 219 + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", 220 + "owner": "lnl7", 221 + "repo": "nix-darwin", 222 + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", 223 + "type": "github" 224 + }, 225 + "original": { 226 + "owner": "lnl7", 227 + "ref": "master", 228 + "repo": "nix-darwin", 229 + "type": "github" 230 + } 231 + }, 232 + "devshell": { 233 + "inputs": { 234 + "nixpkgs": [ 235 + "agenix-rekey", 236 + "nixpkgs" 237 + ] 238 + }, 239 + "locked": { 240 + "lastModified": 1728330715, 241 + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", 242 + "owner": "numtide", 243 + "repo": "devshell", 244 + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", 245 + "type": "github" 246 + }, 247 + "original": { 248 + "owner": "numtide", 249 + "repo": "devshell", 250 + "type": "github" 251 + } 252 + }, 165 253 "disko": { 166 254 "inputs": { 167 255 "nixpkgs": [ ··· 246 334 "flake-compat": { 247 335 "flake": false, 248 336 "locked": { 249 - "lastModified": 1767039857, 250 - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 251 - "owner": "NixOS", 252 - "repo": "flake-compat", 253 - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 337 + "lastModified": 1696426674, 338 + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", 339 + "owner": "edolstra", 340 + "repo": "flake-compat", 341 + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", 254 342 "type": "github" 255 343 }, 256 344 "original": { 257 - "owner": "NixOS", 345 + "owner": "edolstra", 258 346 "repo": "flake-compat", 259 347 "type": "github" 260 348 } ··· 291 380 } 292 381 }, 293 382 "flake-compat_4": { 383 + "flake": false, 384 + "locked": { 385 + "lastModified": 1767039857, 386 + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 387 + "owner": "NixOS", 388 + "repo": "flake-compat", 389 + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 390 + "type": "github" 391 + }, 392 + "original": { 393 + "owner": "NixOS", 394 + "repo": "flake-compat", 395 + "type": "github" 396 + } 397 + }, 398 + "flake-compat_5": { 294 399 "flake": false, 295 400 "locked": { 296 401 "lastModified": 1696426674, ··· 306 411 "type": "github" 307 412 } 308 413 }, 309 - "flake-compat_5": { 414 + "flake-compat_6": { 310 415 "flake": false, 311 416 "locked": { 312 417 "lastModified": 1733328505, ··· 324 429 }, 325 430 "flake-parts": { 326 431 "inputs": { 327 - "nixpkgs-lib": "nixpkgs-lib" 432 + "nixpkgs-lib": [ 433 + "agenix-rekey", 434 + "nixpkgs" 435 + ] 328 436 }, 329 437 "locked": { 330 438 "lastModified": 1769996383, ··· 342 450 }, 343 451 "flake-parts_2": { 344 452 "inputs": { 345 - "nixpkgs-lib": "nixpkgs-lib_2" 453 + "nixpkgs-lib": "nixpkgs-lib" 346 454 }, 347 455 "locked": { 348 456 "lastModified": 1769996383, ··· 360 468 }, 361 469 "flake-parts_3": { 362 470 "inputs": { 471 + "nixpkgs-lib": "nixpkgs-lib_2" 472 + }, 473 + "locked": { 474 + "lastModified": 1769996383, 475 + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", 476 + "owner": "hercules-ci", 477 + "repo": "flake-parts", 478 + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", 479 + "type": "github" 480 + }, 481 + "original": { 482 + "owner": "hercules-ci", 483 + "repo": "flake-parts", 484 + "type": "github" 485 + } 486 + }, 487 + "flake-parts_4": { 488 + "inputs": { 363 489 "nixpkgs-lib": [ 364 490 "nixpkgs-schemas", 365 491 "nixpkgs" ··· 379 505 "type": "github" 380 506 } 381 507 }, 382 - "flake-parts_4": { 508 + "flake-parts_5": { 383 509 "inputs": { 384 510 "nixpkgs-lib": [ 385 511 "nixvim", ··· 400 526 "type": "github" 401 527 } 402 528 }, 403 - "flake-parts_5": { 529 + "flake-parts_6": { 404 530 "inputs": { 405 531 "nixpkgs-lib": [ 406 532 "nur", ··· 421 547 "type": "github" 422 548 } 423 549 }, 424 - "flake-parts_6": { 550 + "flake-parts_7": { 425 551 "inputs": { 426 552 "nixpkgs-lib": [ 427 553 "stylix", ··· 442 568 "type": "github" 443 569 } 444 570 }, 445 - "flake-parts_7": { 571 + "flake-parts_8": { 446 572 "inputs": { 447 573 "nixpkgs-lib": [ 448 574 "wayland-pipewire-idle-inhibit", ··· 480 606 }, 481 607 "flake-utils": { 482 608 "inputs": { 483 - "systems": "systems_3" 609 + "systems": "systems_4" 484 610 }, 485 611 "locked": { 486 612 "lastModified": 1689068808, ··· 514 640 }, 515 641 "git-hooks-nix": { 516 642 "inputs": { 517 - "flake-compat": "flake-compat", 518 - "gitignore": "gitignore", 519 - "nixpkgs": "nixpkgs" 643 + "flake-compat": "flake-compat_2", 644 + "gitignore": "gitignore_2", 645 + "nixpkgs": "nixpkgs_2" 520 646 }, 521 647 "locked": { 522 648 "lastModified": 1770726378, ··· 566 692 "gitignore": { 567 693 "inputs": { 568 694 "nixpkgs": [ 695 + "agenix-rekey", 696 + "pre-commit-hooks", 697 + "nixpkgs" 698 + ] 699 + }, 700 + "locked": { 701 + "lastModified": 1709087332, 702 + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", 703 + "owner": "hercules-ci", 704 + "repo": "gitignore.nix", 705 + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", 706 + "type": "github" 707 + }, 708 + "original": { 709 + "owner": "hercules-ci", 710 + "repo": "gitignore.nix", 711 + "type": "github" 712 + } 713 + }, 714 + "gitignore_2": { 715 + "inputs": { 716 + "nixpkgs": [ 569 717 "git-hooks-nix", 570 718 "nixpkgs" 571 719 ] ··· 584 732 "type": "github" 585 733 } 586 734 }, 587 - "gitignore_2": { 735 + "gitignore_3": { 588 736 "inputs": { 589 737 "nixpkgs": [ 590 738 "hyprland", ··· 606 754 "type": "github" 607 755 } 608 756 }, 609 - "gitignore_3": { 757 + "gitignore_4": { 610 758 "inputs": { 611 759 "nixpkgs": [ 612 760 "lanzaboote", ··· 671 819 "home-manager": { 672 820 "inputs": { 673 821 "nixpkgs": [ 822 + "agenix", 823 + "nixpkgs" 824 + ] 825 + }, 826 + "locked": { 827 + "lastModified": 1771037579, 828 + "narHash": "sha256-NX5XuhGcsmk0oEII2PEtMRgvh2KaAv3/WWQsOpxAgR4=", 829 + "owner": "nix-community", 830 + "repo": "home-manager", 831 + "rev": "05e6dc0f6ed936f918cb6f0f21f1dad1e4c53150", 832 + "type": "github" 833 + }, 834 + "original": { 835 + "owner": "nix-community", 836 + "repo": "home-manager", 837 + "type": "github" 838 + } 839 + }, 840 + "home-manager_2": { 841 + "inputs": { 842 + "nixpkgs": [ 674 843 "nixpkgs" 675 844 ] 676 845 }, ··· 757 926 "hyprutils": "hyprutils", 758 927 "hyprwayland-scanner": "hyprwayland-scanner", 759 928 "hyprwire": "hyprwire", 760 - "nixpkgs": "nixpkgs_2", 761 - "pre-commit-hooks": "pre-commit-hooks", 762 - "systems": "systems", 929 + "nixpkgs": "nixpkgs_3", 930 + "pre-commit-hooks": "pre-commit-hooks_2", 931 + "systems": "systems_2", 763 932 "xdph": "xdph" 764 933 }, 765 934 "locked": { ··· 829 998 "hyprland": [ 830 999 "hyprland" 831 1000 ], 832 - "systems": "systems_2" 1001 + "systems": "systems_3" 833 1002 }, 834 1003 "locked": { 835 1004 "lastModified": 1767871242, ··· 1063 1232 "jovian": { 1064 1233 "inputs": { 1065 1234 "nix-github-actions": "nix-github-actions", 1066 - "nixpkgs": "nixpkgs_3" 1235 + "nixpkgs": "nixpkgs_4" 1067 1236 }, 1068 1237 "locked": { 1069 1238 "lastModified": 1770915266, ··· 1104 1273 }, 1105 1274 "make-shell": { 1106 1275 "inputs": { 1107 - "flake-compat": "flake-compat_4" 1276 + "flake-compat": "flake-compat_5" 1108 1277 }, 1109 1278 "locked": { 1110 1279 "lastModified": 1733933815, ··· 1137 1306 }, 1138 1307 "nix-gaming": { 1139 1308 "inputs": { 1140 - "flake-parts": "flake-parts_2", 1141 - "nixpkgs": "nixpkgs_4" 1309 + "flake-parts": "flake-parts_3", 1310 + "nixpkgs": "nixpkgs_5" 1142 1311 }, 1143 1312 "locked": { 1144 1313 "lastModified": 1771036369, ··· 1257 1426 }, 1258 1427 "nixpkgs": { 1259 1428 "locked": { 1260 - "lastModified": 1770073757, 1261 - "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", 1429 + "lastModified": 1767313136, 1430 + "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", 1262 1431 "owner": "NixOS", 1263 1432 "repo": "nixpkgs", 1264 - "rev": "47472570b1e607482890801aeaf29bfb749884f6", 1433 + "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", 1265 1434 "type": "github" 1266 1435 }, 1267 1436 "original": { 1268 1437 "owner": "NixOS", 1269 - "ref": "nixpkgs-unstable", 1438 + "ref": "nixos-25.05", 1270 1439 "repo": "nixpkgs", 1271 1440 "type": "github" 1272 1441 } ··· 1351 1520 }, 1352 1521 "nixpkgs-schemas": { 1353 1522 "inputs": { 1354 - "flake-compat": "flake-compat_5", 1355 - "flake-parts": "flake-parts_3", 1523 + "flake-compat": "flake-compat_6", 1524 + "flake-parts": "flake-parts_4", 1356 1525 "git-hooks-nix": "git-hooks-nix_2", 1357 - "nixpkgs": "nixpkgs_5", 1526 + "nixpkgs": "nixpkgs_6", 1358 1527 "nixpkgs-23-11": "nixpkgs-23-11", 1359 1528 "nixpkgs-regression": "nixpkgs-regression" 1360 1529 }, ··· 1375 1544 }, 1376 1545 "nixpkgs_2": { 1377 1546 "locked": { 1547 + "lastModified": 1770073757, 1548 + "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", 1549 + "owner": "NixOS", 1550 + "repo": "nixpkgs", 1551 + "rev": "47472570b1e607482890801aeaf29bfb749884f6", 1552 + "type": "github" 1553 + }, 1554 + "original": { 1555 + "owner": "NixOS", 1556 + "ref": "nixpkgs-unstable", 1557 + "repo": "nixpkgs", 1558 + "type": "github" 1559 + } 1560 + }, 1561 + "nixpkgs_3": { 1562 + "locked": { 1378 1563 "lastModified": 1770841267, 1379 1564 "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", 1380 1565 "owner": "NixOS", ··· 1389 1574 "type": "github" 1390 1575 } 1391 1576 }, 1392 - "nixpkgs_3": { 1577 + "nixpkgs_4": { 1393 1578 "locked": { 1394 1579 "lastModified": 1770562336, 1395 1580 "narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=", ··· 1405 1590 "type": "github" 1406 1591 } 1407 1592 }, 1408 - "nixpkgs_4": { 1593 + "nixpkgs_5": { 1409 1594 "locked": { 1410 1595 "lastModified": 1770537093, 1411 1596 "narHash": "sha256-pF1quXG5wsgtyuPOHcLfYg/ft/QMr8NnX0i6tW2187s=", ··· 1421 1606 "type": "github" 1422 1607 } 1423 1608 }, 1424 - "nixpkgs_5": { 1609 + "nixpkgs_6": { 1425 1610 "locked": { 1426 1611 "lastModified": 1734359947, 1427 1612 "narHash": "sha256-1Noao/H+N8nFB4Beoy8fgwrcOQLVm9o4zKW1ODaqK9E=", ··· 1437 1622 "type": "github" 1438 1623 } 1439 1624 }, 1440 - "nixpkgs_6": { 1625 + "nixpkgs_7": { 1441 1626 "locked": { 1442 1627 "lastModified": 1770841267, 1443 1628 "narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=", ··· 1455 1640 }, 1456 1641 "nixvim": { 1457 1642 "inputs": { 1458 - "flake-parts": "flake-parts_4", 1643 + "flake-parts": "flake-parts_5", 1459 1644 "nixpkgs": [ 1460 1645 "nixpkgs" 1461 1646 ], 1462 - "systems": "systems_4" 1647 + "systems": "systems_5" 1463 1648 }, 1464 1649 "locked": { 1465 1650 "lastModified": 1771023756, ··· 1477 1662 }, 1478 1663 "nur": { 1479 1664 "inputs": { 1480 - "flake-parts": "flake-parts_5", 1481 - "nixpkgs": "nixpkgs_6" 1665 + "flake-parts": "flake-parts_6", 1666 + "nixpkgs": "nixpkgs_7" 1482 1667 }, 1483 1668 "locked": { 1484 1669 "lastModified": 1771051892, ··· 1547 1732 }, 1548 1733 "pre-commit": { 1549 1734 "inputs": { 1550 - "flake-compat": "flake-compat_3", 1551 - "gitignore": "gitignore_3", 1735 + "flake-compat": "flake-compat_4", 1736 + "gitignore": "gitignore_4", 1552 1737 "nixpkgs": [ 1553 1738 "lanzaboote", 1554 1739 "nixpkgs" ··· 1570 1755 }, 1571 1756 "pre-commit-hooks": { 1572 1757 "inputs": { 1573 - "flake-compat": "flake-compat_2", 1574 - "gitignore": "gitignore_2", 1758 + "flake-compat": "flake-compat", 1759 + "gitignore": "gitignore", 1760 + "nixpkgs": [ 1761 + "agenix-rekey", 1762 + "nixpkgs" 1763 + ] 1764 + }, 1765 + "locked": { 1766 + "lastModified": 1735882644, 1767 + "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", 1768 + "owner": "cachix", 1769 + "repo": "pre-commit-hooks.nix", 1770 + "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", 1771 + "type": "github" 1772 + }, 1773 + "original": { 1774 + "owner": "cachix", 1775 + "repo": "pre-commit-hooks.nix", 1776 + "type": "github" 1777 + } 1778 + }, 1779 + "pre-commit-hooks_2": { 1780 + "inputs": { 1781 + "flake-compat": "flake-compat_3", 1782 + "gitignore": "gitignore_3", 1575 1783 "nixpkgs": [ 1576 1784 "hyprland", 1577 1785 "nixpkgs" ··· 1636 1844 }, 1637 1845 "root": { 1638 1846 "inputs": { 1847 + "agenix": "agenix", 1848 + "agenix-rekey": "agenix-rekey", 1639 1849 "caelestia": "caelestia", 1640 1850 "disko": "disko", 1641 1851 "dms": "dms", 1642 1852 "ez-configs": "ez-configs", 1643 - "flake-parts": "flake-parts", 1853 + "flake-parts": "flake-parts_2", 1644 1854 "flake-schemas": "flake-schemas", 1645 1855 "git-hooks-nix": "git-hooks-nix", 1646 1856 "haumea": "haumea", 1647 - "home-manager": "home-manager", 1857 + "home-manager": "home-manager_2", 1648 1858 "hyprland": "hyprland", 1649 1859 "hyprland-hyprspace": "hyprland-hyprspace", 1650 1860 "hyprland-plugins": "hyprland-plugins", ··· 1663 1873 "nixpkgs-schemas": "nixpkgs-schemas", 1664 1874 "nixvim": "nixvim", 1665 1875 "nur": "nur", 1666 - "sops-nix": "sops-nix", 1667 1876 "spicetify-nix": "spicetify-nix", 1668 1877 "stable": "stable", 1669 1878 "stylix": "stylix", ··· 1692 1901 "type": "github" 1693 1902 } 1694 1903 }, 1695 - "sops-nix": { 1696 - "inputs": { 1697 - "nixpkgs": [ 1698 - "nixpkgs" 1699 - ] 1700 - }, 1701 - "locked": { 1702 - "lastModified": 1770683991, 1703 - "narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=", 1704 - "owner": "Mic92", 1705 - "repo": "sops-nix", 1706 - "rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033", 1707 - "type": "github" 1708 - }, 1709 - "original": { 1710 - "owner": "Mic92", 1711 - "repo": "sops-nix", 1712 - "type": "github" 1713 - } 1714 - }, 1715 1904 "spicetify-nix": { 1716 1905 "inputs": { 1717 1906 "nixpkgs": [ 1718 1907 "nixpkgs" 1719 1908 ], 1720 - "systems": "systems_5" 1909 + "systems": "systems_6" 1721 1910 }, 1722 1911 "locked": { 1723 1912 "lastModified": 1770846656, ··· 1756 1945 "base16-helix": "base16-helix", 1757 1946 "base16-vim": "base16-vim", 1758 1947 "firefox-gnome-theme": "firefox-gnome-theme", 1759 - "flake-parts": "flake-parts_6", 1948 + "flake-parts": "flake-parts_7", 1760 1949 "gnome-shell": "gnome-shell", 1761 1950 "nixpkgs": [ 1762 1951 "nixpkgs" 1763 1952 ], 1764 1953 "nur": "nur_2", 1765 - "systems": "systems_6", 1954 + "systems": "systems_7", 1766 1955 "tinted-foot": "tinted-foot", 1767 1956 "tinted-kitty": "tinted-kitty", 1768 1957 "tinted-schemes": "tinted-schemes", ··· 1785 1974 }, 1786 1975 "systems": { 1787 1976 "locked": { 1788 - "lastModified": 1689347949, 1789 - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", 1790 - "owner": "nix-systems", 1791 - "repo": "default-linux", 1792 - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", 1977 + "lastModified": 1681028828, 1978 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 1979 + "owner": "nix-systems", 1980 + "repo": "default", 1981 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 1793 1982 "type": "github" 1794 1983 }, 1795 1984 "original": { 1796 1985 "owner": "nix-systems", 1797 - "repo": "default-linux", 1986 + "repo": "default", 1798 1987 "type": "github" 1799 1988 } 1800 1989 }, ··· 1815 2004 }, 1816 2005 "systems_3": { 1817 2006 "locked": { 1818 - "lastModified": 1681028828, 1819 - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 1820 - "owner": "nix-systems", 1821 - "repo": "default", 1822 - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 1823 - "type": "github" 1824 - }, 1825 - "original": { 1826 - "owner": "nix-systems", 1827 - "repo": "default", 2007 + "lastModified": 1689347949, 2008 + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", 2009 + "owner": "nix-systems", 2010 + "repo": "default-linux", 2011 + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", 2012 + "type": "github" 2013 + }, 2014 + "original": { 2015 + "owner": "nix-systems", 2016 + "repo": "default-linux", 1828 2017 "type": "github" 1829 2018 } 1830 2019 }, ··· 1874 2063 } 1875 2064 }, 1876 2065 "systems_7": { 2066 + "locked": { 2067 + "lastModified": 1681028828, 2068 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 2069 + "owner": "nix-systems", 2070 + "repo": "default", 2071 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 2072 + "type": "github" 2073 + }, 2074 + "original": { 2075 + "owner": "nix-systems", 2076 + "repo": "default", 2077 + "type": "github" 2078 + } 2079 + }, 2080 + "systems_8": { 1877 2081 "locked": { 1878 2082 "lastModified": 1689347949, 1879 2083 "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", ··· 1972 2176 "treefmt-nix": { 1973 2177 "inputs": { 1974 2178 "nixpkgs": [ 2179 + "agenix-rekey", 2180 + "nixpkgs" 2181 + ] 2182 + }, 2183 + "locked": { 2184 + "lastModified": 1735135567, 2185 + "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=", 2186 + "owner": "numtide", 2187 + "repo": "treefmt-nix", 2188 + "rev": "9e09d30a644c57257715902efbb3adc56c79cf28", 2189 + "type": "github" 2190 + }, 2191 + "original": { 2192 + "owner": "numtide", 2193 + "repo": "treefmt-nix", 2194 + "type": "github" 2195 + } 2196 + }, 2197 + "treefmt-nix_2": { 2198 + "inputs": { 2199 + "nixpkgs": [ 1975 2200 "wayland-pipewire-idle-inhibit", 1976 2201 "nixpkgs" 1977 2202 ] ··· 2008 2233 }, 2009 2234 "wayland-pipewire-idle-inhibit": { 2010 2235 "inputs": { 2011 - "flake-parts": "flake-parts_7", 2236 + "flake-parts": "flake-parts_8", 2012 2237 "nixpkgs": [ 2013 2238 "nixpkgs" 2014 2239 ], 2015 - "systems": "systems_7", 2016 - "treefmt-nix": "treefmt-nix" 2240 + "systems": "systems_8", 2241 + "treefmt-nix": "treefmt-nix_2" 2017 2242 }, 2018 2243 "locked": { 2019 2244 "lastModified": 1770348283,

+5 -4

flake.nix

··· 82 82 }; 83 83 84 84 # Misc 85 + agenix.url = "github:ryantm/agenix"; 86 + agenix-rekey = { 87 + url = "github:oddlama/agenix-rekey"; 88 + inputs.nixpkgs.follows = "nixpkgs"; 89 + }; 85 90 disko = { 86 91 url = "github:nix-community/disko"; 87 92 inputs.nixpkgs.follows = "nixpkgs"; ··· 112 117 }; 113 118 nix-std.url = "github:chessai/nix-std"; 114 119 nur.url = "github:nix-community/NUR"; 115 - sops-nix = { 116 - url = "github:Mic92/sops-nix"; 117 - inputs.nixpkgs.follows = "nixpkgs"; 118 - }; 119 120 spicetify-nix = { 120 121 url = "github:Gerg-L/spicetify-nix"; 121 122 inputs.nixpkgs.follows = "nixpkgs";

-9

just/secrets.just

··· 1 - # Updates secret files, run after adding new keys 2 - update: 3 - #!/usr/bin/env zsh 4 - sops updatekeys secrets/**/* 5 - 6 - # Opens a secrets file for editing 7 - @edit file='secrets/default.yaml': 8 - sops {{ file }} 9 - 10 1 # Grabs a host's SSH key and generates the corresponding age key 11 2 @get-host-key host: 12 3 nix shell nixpkgs#ssh-to-age nixpkgs#openssh \

+12

nix/flakeModules/agenixRekey.nix

··· 1 + {inputs, ...}: { 2 + imports = [ 3 + inputs.agenix-rekey.flakeModule 4 + ]; 5 + 6 + perSystem = {pkgs, ...}: { 7 + agenix-rekey = { 8 + inherit (inputs.self) homeConfigurations nixosConfigurations; 9 + agePackage = pkgs.rage; 10 + }; 11 + }; 12 + }

+1

nix/flakeModules/default.nix

··· 1 1 {...}: { 2 2 imports = [ 3 + ./agenixRekey.nix 3 4 ./ezConfigs.nix 4 5 ./gitHooks.nix 5 6 ];

+9 -1

nix/home/configs/cheina@pc082.nix

··· 1 1 { 2 2 config, 3 + inputs, 3 4 lib, 4 5 pkgs, 5 6 ... 6 - }: { 7 + }: let 8 + inherit (inputs.self.lib.secrets.paths) root; 9 + in { 7 10 home = { 8 11 username = "cheina"; 9 12 homeDirectory = "/home/cheina"; ··· 20 23 profiles = { 21 24 standalone = true; 22 25 }; 26 + }; 27 + 28 + age.rekey = { 29 + hostPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsmGjx90M2NbHLmhVYvvYtvRy0h1mr1JLZA7fTP/lo8hMmecIToyMpaNeZDXIVdMCwp5LdUltXDmhqs/AicWQZml+oBgkPzdy8DduLxQRKGwrckglVzhESzijfblbgeP8jEa1n8cxz/TAdOF5mc9QI08QdwrkeNTK0UkYQPFmkMRDPeDyFkscmSWqsxmCKDNX6Q/z9n9KAr8OHxfJomVjsR+BxG6pLXYTg4S85BbzWCE5s6idtLZmt9M5mdrQurUc/xiLwW4JIYH+4XpGvrpWyuUwkgrjYVqqJyMy+Nryl97oD1sfdl5yzrgIHmtQ1baj188cOcsDHQdHZUh115teudAKWIpqaM+veaXrvbYSX8QYXamy0V7KuXfUzw8JiSPSiFs4s7vVGTgIEFmA776zeL0SpXtJxSX8ox3WEW8bqxBt4Ab5xxiOWL+GqWwnbpYbqt6RMFFYmm/lQVVqP0O3NLn4R2IRVUAZmfKX+J4AGvRGJSLyKMM0xvL+wKzlY5TU="; 30 + localStorageDir = root + "/rekeyed/pc082-cheina"; 23 31 }; 24 32 25 33 home.sessionVariables.XDEBUG_MODE = "off";

+22 -11

nix/home/modules/cli/atuin/default.nix

··· 1 1 { 2 2 config, 3 + inputs, 3 4 lib, 4 5 osConfig ? {}, 5 6 pkgs, 6 7 ... 7 8 }: let 9 + inherit (inputs.self.lib.secrets.helpers) mkSecret; 8 10 cfg = config.my.cli.atuin; 11 + atuinLogin = pkgs.writeShellScriptBin "atuin-login" '' 12 + if atuin status | grep -q "not logged in"; then 13 + atuin login \ 14 + --username '${config.home.username}' \ 15 + --password "$(cat ${config.my.secrets."atuin-password".path})" \ 16 + --key "$(cat ${config.my.secrets."atuin-key".path})" 17 + fi 18 + ''; 9 19 in { 10 20 options.my.cli.atuin.enable = lib.mkEnableOption "atuin"; 21 + 11 22 config = lib.mkIf cfg.enable { 23 + my.secretDefinitions = { 24 + "atuin-password" = mkSecret "atuin-password" {}; 25 + "atuin-key" = mkSecret "atuin-key" {}; 26 + }; 27 + 28 + home.packages = [ 29 + atuinLogin 30 + ]; 31 + 12 32 programs.mcfly.enable = lib.mkForce false; 13 33 programs.atuin = { 14 34 enable = true; ··· 31 51 workspaces = true; 32 52 }; 33 53 }; 54 + 34 55 systemd.user.services.atuin-login = lib.mkIf (osConfig != {}) { 35 56 Install.WantedBy = ["network-online.target"]; 36 57 Service = { 37 58 Type = "oneshot"; 38 - ExecStart = let 39 - inherit (osConfig.sops) secrets; 40 - in 41 - pkgs.writeShellScriptBin "atuin-login" '' 42 - if atuin status | grep -q "not logged in"; then 43 - atuin login \ 44 - --username "$(cat ${secrets."atuin/username".path})" \ 45 - --password "$(cat ${secrets."atuin/password".path})" \ 46 - --key "$(cat ${secrets."atuin/key".path})" 47 - fi 48 - ''; 59 + ExecStart = atuinLogin; 49 60 }; 50 61 Unit = { 51 62 Description = "atuin login";

+3 -1

nix/home/modules/default.nix

··· 7 7 in { 8 8 imports = 9 9 (with inputs; [ 10 + agenix.homeManagerModules.default 11 + (agenix-rekey.homeManagerModules.default // {_class = "homeManager";}) # Don't ask 10 12 caelestia.homeManagerModules.default 11 13 dms.homeModules.dank-material-shell 12 14 nix-index-database.homeModules.nix-index 13 15 nix-flatpak.homeManagerModules.nix-flatpak 14 16 nixvim.homeModules.nixvim 15 - sops-nix.homeManagerModules.sops 16 17 spicetify-nix.homeManagerModules.default 17 18 stylix.homeModules.stylix 18 19 wayland-pipewire-idle-inhibit.homeModules.default ··· 29 30 ./nix 30 31 ./scripts 31 32 ./security 33 + ./secrets 32 34 ./ssh 33 35 ./syncthing 34 36 ./theming

+1

nix/home/modules/gui/default.nix

··· 27 27 ]; 28 28 29 29 home.packages = with pkgs; [ 30 + element-desktop 30 31 libreoffice-qt6-fresh 31 32 obsidian 32 33 pavucontrol

+19 -13

nix/home/modules/nix/default.nix

··· 7 7 ... 8 8 }: let 9 9 inherit (config.my.config) nix; 10 + inherit (inputs.self.lib.secrets.helpers) mkSecret; 10 11 cfg = config.my.nix; 11 12 in { 12 13 options.my.nix.enable = lib.mkEnableOption "nix"; 14 + 13 15 config = lib.mkIf (cfg.enable) { 14 - nix = 15 - { 16 - inherit (nix) settings; 17 - gc = { 18 - automatic = osConfig == {}; 19 - dates = "daily"; 20 - options = "--delete-older-than 7d"; 21 - }; 22 - package = lib.mkForce (osConfig.nix.package or pkgs.lixPackageSets.stable.lix); 23 - } 24 - // (lib.optionalAttrs (osConfig != {}) { 25 - inherit (osConfig.nix) extraOptions; 26 - }); 16 + my.secretDefinitions = { 17 + "nix-extra-access-tokens" = mkSecret "nix-extra-access-tokens" {}; 18 + }; 19 + 20 + nix = { 21 + inherit (nix) settings; 22 + extraOptions = '' 23 + !include ${config.my.secrets."nix-extra-access-tokens".path} 24 + ''; 25 + gc = { 26 + automatic = osConfig == {}; 27 + dates = "daily"; 28 + options = "--delete-older-than 7d"; 29 + }; 30 + package = lib.mkForce (osConfig.nix.package or pkgs.lixPackageSets.stable.lix); 31 + }; 32 + 27 33 nixpkgs = lib.mkIf (osConfig == {}) { 28 34 inherit (nix.pkgs) config; 29 35 overlays = builtins.attrValues inputs.self.overlays;

+24

nix/home/modules/secrets/default.nix

··· 1 + { 2 + config, 3 + inputs, 4 + lib, 5 + osConfig ? {}, 6 + ... 7 + }: let 8 + inherit (inputs.self.lib.secrets.paths) root; 9 + in { 10 + config = let 11 + osSecrets = osConfig.age.secrets or {}; 12 + homeSecrets = config.my.secretDefinitions; 13 + standaloneHomeSecrets = lib.removeAttrs homeSecrets (builtins.attrNames osSecrets); 14 + in { 15 + my.secrets = osSecrets // standaloneHomeSecrets; 16 + age = { 17 + secrets = standaloneHomeSecrets; 18 + rekey = lib.mkIf (osConfig != {}) { 19 + inherit (osConfig.age.rekey) hostPubkey; 20 + localStorageDir = root + "/rekeyed/${osConfig.networking.hostName}-${config.home.username}"; 21 + }; 22 + }; 23 + }; 24 + }

+14 -5

nix/home/modules/syncthing/default.nix

··· 5 5 osConfig ? {}, 6 6 ... 7 7 }: let 8 - syncthing = osConfig.services.syncthing.package; 8 + syncthing = osConfig.services.syncthing.package or config.services.syncthing.package; 9 9 syncthingtray = config.services.syncthing.tray.package; 10 - in 11 - lib.mkIf (osConfig.services.syncthing.enable or false) { 10 + cfg = config.my.syncthing; 11 + in { 12 + options.my.syncthing.enable = 13 + lib.mkEnableOption "syncthing" 14 + // {default = osConfig.my.syncthing.enable or false;}; 15 + 16 + config = lib.mkIf cfg.enable { 12 17 home.packages = [syncthingtray]; 13 - services.syncthing.tray.enable = true; 18 + services.syncthing = { 19 + enable = osConfig == {}; 20 + tray.enable = true; 21 + }; 14 22 systemd.user.services.syncthingtray = { 15 23 Service.ExecStart = lib.mkForce (pkgs.writeShellScript "syncthingtray-wait" '' 16 24 ${syncthingtray}/bin/syncthingtray --wait ··· 113 121 ]; 114 122 Unit.X-SwitchMethod = "restart"; 115 123 }; 116 - } 124 + }; 125 + }

+1

nix/lib/default.nix

··· 5 5 in { 6 6 config = import ./config.nix args; 7 7 loaders = import ./loaders.nix args; 8 + secrets = import ./secrets.nix; 8 9 storage = import ./storage args; 9 10 strings = import ./strings.nix args; 10 11

+41

nix/lib/secrets.nix

··· 1 + rec { 2 + paths = rec { 3 + root = ../../secrets; 4 + identities = root + /identities; 5 + perHost = root + /perHost; 6 + perUser = root + /perUser; 7 + }; 8 + identities = { 9 + primaryYubikey = { 10 + identity = paths.identities + /age-yubikey-identity-25388788.pub; 11 + pubkey = "age1yubikey1qd4evthtmz779wrj5j92j46jgxu87are20rxagx609vs3z3g5535j2jtsrt"; 12 + }; 13 + secondaryYubikey = { 14 + identity = paths.identities + /age-yubikey-identity-26583315.pub; 15 + pubkey = "age1yubikey1qvsexaz0mrwzd6eadgmnupexs0csw6esdzmfzs3eehmn4w4hdlch5j7xrxs"; 16 + }; 17 + }; 18 + helpers = { 19 + mkSecret = name: args: 20 + args 21 + // { 22 + rekeyFile = paths.root + /${name}.age; 23 + }; 24 + mkHostSecret = configOrHost: name: args: 25 + args 26 + // { 27 + rekeyFile = let 28 + host = configOrHost.networking.hostName or configOrHost; 29 + in 30 + paths.perHost + /${host}/${name}.age; 31 + }; 32 + mkUserSecret = configOrUser: name: args: 33 + args 34 + // { 35 + rekeyFile = let 36 + user = configOrUser.home.username or configOrUser; 37 + in 38 + paths.perUser + /${user}/${name}.age; 39 + }; 40 + }; 41 + }

+1

nix/nixos/configs/desktop/default.nix

··· 22 22 23 23 networking.interfaces.enp6s0.wakeOnLan.enable = true; 24 24 25 + age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNf+oynlWr+Xq3UYKpCy8ih/w9sT6IuIKAtYjo6sfJr"; 25 26 system.stateVersion = "23.11"; 26 27 home-manager.users.${name.user}.home.stateVersion = "24.11"; 27 28 }

+1

nix/nixos/configs/laptop/default.nix

··· 19 19 }; 20 20 }; 21 21 22 + age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHh5IZnZipti8mCt0NPCVrJ5XTU2z+nb7d2hgMG4/B3C"; 22 23 system.stateVersion = "23.11"; 23 24 home-manager.users.${name.user}.home.stateVersion = "23.05"; 24 25 }

+2

nix/nixos/configs/raspberrypi/default.nix

··· 13 13 my = { 14 14 ci.build = true; 15 15 security.u2f.relaxed = true; 16 + syncthing.enable = false; 16 17 }; 17 18 18 19 boot.kernelPackages = pkgs.linuxPackages_latest; 19 20 nixpkgs.hostPlatform = "aarch64-linux"; 20 21 22 + age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILr9pl4qaL/+DV//lhE5y6V7xJ2eh1BSlwNYD9L9a2sQ"; 21 23 system.stateVersion = "24.05"; 22 24 home-manager.users.${name.user}.home.stateVersion = "24.05"; 23 25 }

+3 -2

nix/nixos/modules/default.nix

··· 1 1 { 2 - config, 3 2 inputs, 4 3 lib, 5 4 pkgs, ··· 10 9 in { 11 10 imports = 12 11 (with inputs; [ 12 + agenix.nixosModules.default 13 + agenix-rekey.nixosModules.default 13 14 disko.nixosModules.disko 14 15 home-manager.nixosModules.home-manager 15 16 lanzaboote.nixosModules.lanzaboote 16 17 nix-gaming.nixosModules.pipewireLowLatency 17 18 nix-gaming.nixosModules.platformOptimizations 18 19 nur.modules.nixos.default 19 - sops-nix.nixosModules.sops 20 20 stylix.nixosModules.stylix 21 21 ]) 22 22 ++ [ ··· 55 55 pipewire.enable = mkDefault true; 56 56 security.enable = mkDefault true; 57 57 ssh.enable = mkDefault true; 58 + syncthing.enable = mkDefault true; 58 59 theming.enable = mkDefault true; 59 60 users.enable = mkDefault true; 60 61 zram.enable = mkDefault true;

-27

nix/nixos/modules/secrets/atuin.nix

··· 1 - { 2 - config, 3 - inputs, 4 - lib, 5 - pkgs, 6 - ... 7 - }: let 8 - inherit (config.my.config) name; 9 - in { 10 - sops.secrets = 11 - lib.genAttrs 12 - [ 13 - "atuin/key" 14 - "atuin/password" 15 - "atuin/username" 16 - ] 17 - (_: {owner = name.user;}); 18 - environment = { 19 - systemPackages = [ 20 - (pkgs.writeShellScriptBin "atuin-init" '' 21 - atuin login --username "$(cat ${config.sops.secrets."atuin/username".path})" \ 22 - --password "$(cat ${config.sops.secrets."atuin/password".path})" \ 23 - --key "$(cat ${config.sops.secrets."atuin/key".path})" 24 - '') 25 - ]; 26 - }; 27 - }

+23 -13

nix/nixos/modules/secrets/default.nix

··· 1 - {inputs, ...}: { 2 - imports = [ 3 - ./atuin.nix 4 - ./extraNixOptions.nix 5 - ]; 6 - 7 - sops = { 8 - defaultSopsFile = inputs.self + /secrets/default.yaml; 9 - age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; 10 - secrets = { 11 - "tailscale/oauth/secret" = {}; 12 - "user/emily/password".neededForUsers = true; 13 - "user/lpchaim/password".neededForUsers = true; 1 + { 2 + config, 3 + inputs, 4 + lib, 5 + ... 6 + }: let 7 + inherit (inputs.self.lib.secrets.paths) root; 8 + in { 9 + my.secrets = config.age.secrets; 10 + age = { 11 + secrets = let 12 + osSecrets = config.my.secretDefinitions; 13 + homeConfigs = config.home-manager.users; 14 + homeSecrets = 15 + homeConfigs 16 + |> lib.mapAttrs (_: val: val.my.secretDefinitions) 17 + |> builtins.attrValues 18 + |> lib.mergeAttrsList; 19 + in 20 + osSecrets // homeSecrets; 21 + rekey = { 22 + localStorageDir = root + /rekeyed/${config.networking.hostName}; 23 + forceRekeyOnSystem = "x86_64-linux"; 14 24 }; 15 25 }; 16 26 }

-15

nix/nixos/modules/secrets/extraNixOptions.nix

··· 1 - { 2 - config, 3 - inputs, 4 - ... 5 - }: let 6 - inherit (config.my.config) name; 7 - in { 8 - sops.secrets."nix/extraAccessTokens" = { 9 - mode = "0400"; 10 - owner = name.user; 11 - }; 12 - nix.extraOptions = '' 13 - !include ${config.sops.secrets."nix/extraAccessTokens".path} 14 - ''; 15 - }

+9 -5

nix/nixos/modules/security/default.nix

··· 1 1 { 2 2 config, 3 + inputs, 3 4 lib, 4 5 options, 5 6 pkgs, 6 7 ... 7 8 }: let 9 + inherit (inputs.self.lib.secrets.helpers) mkSecret; 8 10 cfg = config.my.security; 9 11 in { 10 12 options.my.security = { ··· 27 29 }; 28 30 }; 29 31 config = lib.mkIf cfg.enable { 32 + my.secretDefinitions = { 33 + "u2f-mappings" = mkSecret "u2f-mappings" { 34 + group = "wheel"; 35 + mode = "0440"; 36 + }; 37 + }; 30 38 environment.etc = let 31 39 patch = svc: 32 40 lib.replaceStrings ··· 50 58 u2f = { 51 59 inherit (cfg.u2f) control; 52 60 enable = true; 53 - settings.authfile = "${config.sops.secrets."u2f-mappings".path}"; 61 + settings.authfile = "${config.my.secrets."u2f-mappings".path}"; 54 62 settings = { 55 63 cue = true; 56 64 appid = "pam://auth"; ··· 77 85 pam_u2f 78 86 pamtester 79 87 ]; 80 - sops.secrets.u2f-mappings = { 81 - group = "wheel"; 82 - mode = "0440"; 83 - }; 84 88 }; 85 89 }

+18 -16

nix/nixos/modules/syncthing/default.nix

··· 5 5 ... 6 6 }: let 7 7 inherit (config.my.config) name; 8 - home = "/home/${name.user}"; 9 - sopsFile = "${inputs.self}/secrets/hosts/${config.networking.hostName}.yaml"; 10 - in 11 - lib.mkIf (lib.pathExists sopsFile) { 12 - sops.secrets = 13 - lib.genAttrs 14 - [ 15 - "syncthing/cert" 16 - "syncthing/key" 17 - ] 18 - (_: { 19 - inherit sopsFile; 8 + inherit (inputs.self.lib.secrets.helpers) mkHostSecret; 9 + cfg = config.my.syncthing; 10 + home = config.home-manager.users.lpchaim.home.homeDirectory; 11 + in { 12 + options.my.syncthing.enable = lib.mkEnableOption "syncthing"; 13 + 14 + config = lib.mkIf cfg.enable { 15 + my.secretDefinitions = { 16 + "host.syncthing-cert" = mkHostSecret config "syncthing-cert" { 17 + mode = "0440"; 18 + }; 19 + "host.syncthing-key" = mkHostSecret config "syncthing-key" { 20 20 mode = "0440"; 21 - }); 21 + }; 22 + }; 22 23 23 24 systemd.services.syncthing.preStart = let 24 25 paths = builtins.attrNames config.services.syncthing.settings.folders; ··· 33 34 openDefaultPorts = true; 34 35 user = name.user; 35 36 group = name.user; 36 - cert = config.sops.secrets."syncthing/cert".path; 37 - key = config.sops.secrets."syncthing/key".path; 37 + cert = config.my.secrets."host.syncthing-cert".path; 38 + key = config.my.secrets."host.syncthing-key".path; 38 39 dataDir = "${home}/Syncthing"; 39 40 configDir = "${home}/.config/syncthing"; 40 41 settings = { ··· 97 98 }; 98 99 }; 99 100 }; 100 - } 101 + }; 102 + }

+6 -1

nix/nixos/modules/tailscale/default.nix

··· 6 6 ... 7 7 }: let 8 8 inherit (config.my.config) name; 9 + inherit (inputs.self.lib.secrets.helpers) mkSecret; 9 10 cfg = config.my.networking.tailscale; 10 11 in { 11 12 options.my.networking.tailscale = { ··· 33 34 }; 34 35 }; 35 36 config = lib.mkIf cfg.enable { 37 + my.secretDefinitions = { 38 + "tailscale-oauth-secret" = mkSecret "tailscale-oauth-secret" {}; 39 + }; 40 + 36 41 services.tailscale = let 37 42 tags = 38 43 cfg.advertise.tags ··· 44 49 in { 45 50 inherit (cfg) authKeyParameters; 46 51 enable = true; 47 - authKeyFile = config.sops.secrets."tailscale/oauth/secret".path; 52 + authKeyFile = config.my.secrets."tailscale-oauth-secret".path; 48 53 extraUpFlags = 49 54 [ 50 55 "--accept-dns"

+9 -2

nix/nixos/modules/users/default.nix

··· 1 1 { 2 2 config, 3 + inputs, 3 4 lib, 4 5 pkgs, 5 6 ... 6 7 }: let 7 8 inherit (config.my.config) name shell; 9 + inherit (inputs.self.lib.secrets.helpers) mkUserSecret; 8 10 userName = name.user; 9 11 cfg = config.my.users; 10 12 in { 11 13 options.my.users.enable = lib.mkEnableOption "user tweaks"; 12 14 config = lib.mkIf cfg.enable { 15 + my.secretDefinitions = { 16 + "user.emily.password" = mkUserSecret "emily" "password" {}; 17 + "user.lpchaim.password" = mkUserSecret "lpchaim" "password" {}; 18 + }; 19 + 13 20 users = let 14 21 defaults = { 15 22 isNormalUser = true; ··· 28 35 description = name.full; 29 36 group = userName; 30 37 shell = pkgs.${shell}; 31 - hashedPasswordFile = "${config.sops.secrets."user/lpchaim/password".path}"; 38 + hashedPasswordFile = "${config.my.secrets."user.lpchaim.password".path}"; 32 39 }; 33 40 emily = 34 41 defaults ··· 38 45 description = "emily"; 39 46 group = "emily"; 40 47 shell = pkgs.fish; 41 - hashedPasswordFile = "${config.sops.secrets."user/emily/password".path}"; 48 + hashedPasswordFile = "${config.my.secrets."user.emily.password".path}"; 42 49 }; 43 50 root.hashedPassword = null; 44 51 };

+1

nix/overlays/default.nix

··· 6 6 (loadNonDefault ./. args) 7 7 // { 8 8 external = lib.composeManyExtensions [ 9 + inputs.agenix-rekey.overlays.default 9 10 inputs.nix-gaming.overlays.default 10 11 inputs.nixneovimplugins.overlays.default 11 12 ];

+1

nix/shared/default.nix

··· 7 7 inherit (self.lib.config.nix) settings; 8 8 in { 9 9 imports = [ 10 + ./secrets.nix 10 11 ./theming.nix 11 12 ]; 12 13

+26

nix/shared/secrets.nix

··· 1 + { 2 + inputs, 3 + lib, 4 + ... 5 + }: let 6 + inherit (inputs.self.lib.secrets) identities; 7 + in { 8 + options.my = { 9 + secretDefinitions = lib.mkOption { 10 + description = "Secret definitions"; 11 + default = []; 12 + }; 13 + secrets = lib.mkOption { 14 + description = "Rendered secrets"; 15 + default = []; 16 + }; 17 + }; 18 + 19 + config.age.rekey = { 20 + masterIdentities = [ 21 + identities.primaryYubikey 22 + identities.secondaryYubikey 23 + ]; 24 + storageMode = "local"; 25 + }; 26 + }

+22 -4

nix/shells/default.nix

··· 1 - {inputs, ...}: { 1 + {inputs, ...}: let 2 + inherit (inputs.self.lib.secrets.identities) primaryYubikey secondaryYubikey; 3 + in { 2 4 imports = [ 3 5 inputs.make-shell.flakeModules.default 4 6 ./deploy.nix ··· 21 23 }: { 22 24 env = { 23 25 EDITOR = "hx"; 26 + AGENIX_PUBKEY_PRIMARY = primaryYubikey.pubkey; 27 + AGENIX_PUBKEY_SECONDARY = secondaryYubikey.pubkey; 24 28 }; 25 29 packages = 26 30 (with pkgs; [ 31 + agenix-rekey 27 32 bat 28 33 fish 29 34 git 30 35 helix 31 36 just 37 + rage 32 38 ]) 33 39 ++ config.pre-commit.settings.enabledPackages 34 - ++ (lib.optionals (config.pre-commit.settings.package != null) [ 40 + ++ lib.optionals (config.agenix-rekey.package != null) [ 41 + config.agenix-rekey.package 42 + ] 43 + ++ lib.optionals (config.pre-commit.settings.package != null) [ 35 44 config.pre-commit.settings.package 36 - ]); 37 - shellHook = config.pre-commit.installationScript; 45 + ]; 46 + shellHook = 47 + config.pre-commit.installationScript 48 + + '' 49 + if [[ "$HOSTNAME" == "desktop" ]]; then 50 + export AGENIX_REKEY_PRIMARY_IDENTITY="$AGENIX_PUBKEY_PRIMARY" 51 + 52 + else 53 + export AGENIX_REKEY_PRIMARY_IDENTITY="$AGENIX_PUBKEY_SECONDARY" 54 + fi 55 + ''; 38 56 }) 39 57 ]; 40 58 };

-2

nix/shells/nix.nix

··· 9 9 nil 10 10 nixd 11 11 nixpkgs-fmt 12 - sops 13 - ssh-to-age 14 12 ]; 15 13 }; 16 14 };

+10

secrets/atuin-key.age

··· 1 + age-encryption.org/v1 2 + -> piv-p256 0D9K1g AgfQzuK8zTSAmT6w9FFj2NdvlhzB51Ji7GtuX4J0CG8I 3 + vDUTAGVLkU64Vv7VOSRhR+rkUKgToUbPpoMn0df7c80 4 + -> piv-p256 4lCx1w AiifLJqWEV/tgNQ0SfeDBlIdNLrvnOpBuDbiiB0I8hTv 5 + +Vgej94UsvIDGttpRvzCvPmo7QE6+ELd9mKKeXoMX8s 6 + -> /-grease uSox(G`H uO 7 + xlZXv1i5Q2yH1KVSjQqXPQwoDfHUi96mvbqxNIs18744B5ldfqBrn84mpkdbN6tP 8 + tie0KgCvAgOnyVLD3Ac5HDT8dTI+/cl/l/4IvBUi 9 + --- eNKI5Gl6vJVkGrcpXIXS4WKku70O/K+xvy63BOq1OUU 10 + ��u�7t|k7�0��Z��N<�� "3��s�C�_�H��O�}�C�jyZ6�|��=K��Pg^��l*�W�%�N_X�՚B=A�עbh:��]�^$u�2ՂCҒ=d!�0''��-�I�G��) ��I��j��z��պ��h��pi�gL

secrets/atuin-password.age

This is a binary file and will not be displayed.

+10

secrets/atuin-username.age

··· 1 + age-encryption.org/v1 2 + -> piv-p256 0D9K1g A+iPyQjYjgQe9/AqnaibB8277yU3LiKxg4rKRT92wu7U 3 + ODsm9yPaeF+4YW0sJXbTwJHbK7tDVi3Bf1LgkHq4M7s 4 + -> piv-p256 4lCx1w AzeUxwfPqRQ4WsaBYGWs55ZhFci8bvZp+cUfJ2I2aPUV 5 + 8LwzolJ+HjOPjOyCe9X9iDZiK28D1iIAH2k3xCGP8es 6 + -> &{-grease 7 + 4lmPvJXO5DJP7cbVjE9c7BlGYrf3NI23o0S5ZxmHOCsaIhCpRUnzSilES5e+C6ii 8 + nzvvKo4tz6zLJJ7HM0/+xIYdlI5GBzBI 9 + --- bH717Zt05yqytuKpUffqTS3evTjS4Ro9bX7x3uUWauA 10 + �v� �2��-d��^^�}��Y��L�P6��B�}X

-93

secrets/default.yaml

··· 1 - atuin: 2 - username: ENC[AES256_GCM,data:9cA9z/hkgA==,iv:V+lQ5cSrlbdcdWNbUELopnsFDdWxjvBV6EBvqFqZB/o=,tag:rT4VUx5iO5xL5wp8jYzjng==,type:str] 3 - password: ENC[AES256_GCM,data:4edw5Isf0XCLtyfyzyQ19aqTouePgVasQxoX84OMqD8vl6pYA/hK6LmCbRXWnZDvVmgKvfvSYaOfjzZpud4a21mEhTa32/24CGpjvn7oJujmiNQUxQHc8iz1/GxnTLYVWVay+wXK,iv:097d5cjMwb+xOvaAzMnWfUQWIR35M+MAmJZvyZii070=,tag:k2bCA5U4pJhLB3co8jI/Pg==,type:str] 4 - key: ENC[AES256_GCM,data:oPo5e02Dn0RR1jbfJXXivVK8X+FmxjZgItqJk3XaKFRUWS/CBvCAJE7Hiwz0F79MW48kIPQCXPV15yAtnfIddnowKPfSDkx+8JH6AeXGKohUpRMyN0SqGiLJneWVCz/YDPa/eKhs19zPsWZo/IC+ab1Y0W3CjAt+cxnsZpNQsDa3mdVFtrBF32bROvVuKrI=,iv:wnif68ePe/oQ2KXbhgxpoB4YRjR7pXVG/vqswY5RO8I=,tag:lr+EThqiBFVgPprKgZG1qw==,type:str] 5 - nix: 6 - extraAccessTokens: ENC[AES256_GCM,data:4y9B/wV5YiRHdHKCoRdVUxuRipe2VSBllisWUd0c1NPHak8dOOcYjemr01rIhlu2L2/gO30MCGm3lAAnd/jIca8DRAIq43vt+gE=,iv:fh6lOK1dbaCU2vvVxW5DtiDqJhXZ78RhwlC53vqUr6E=,tag:/KAlYhJKVsBSWdhL/EJ6pg==,type:str] 7 - tailscale: 8 - oauth: 9 - secret: ENC[AES256_GCM,data:NnGm2EdkgWERgWNNoJ6cWRyuMiF4tyDb1S8jrhzVo57OB+KHCyUfWTya6AMuYjy8wspCxTgxlAarMJMJlUld,iv:4SkacHAC6m4sVnwT2PjSBuQvjy+EsrnZkpaJetUcMuw=,tag:UMfXu2eN4R0+37YQvyq1/A==,type:str] 10 - u2f-mappings: ENC[AES256_GCM,data:NdeT8S8chO/b4zbcb1Jxqj2/W0jMvp3W0cXVasV2gp7j/dogIoDQ7YfDqiiGuUs5EeoevNm7AR94tYo5bHhzGQ4yBzE2OgCzHl3XQct4fTaf+FROktZg9aI98teFbuaTMZQQrwgrlU8oqMurH+HM4BJVHuBSClrLM8DFaBR5w81+sk13E/xVgrdldtdhV9KxIxGNTk1+IQL6eoHkZotHJRH9BVhsSjrdUTpy8e4ItG1EgWKtI1x3p1/g7eA4SWHzqYXUR21/AUcp4zXPDieMvLRpokEIFRNuASqOj0hGDOwzUFRdVGnH/yiWBgNQYH9dp4IrrwP9Glk9K7J3ReH5IL/0btChnEVAV+abPfr4noVXo7KQQ5EV4doPzQO7/WaVN2W0qDep462FkT8FX9Q8Y2CeG/a8cShIpLmSNiOf1UIXHB3dpjTr5H4DC36lUKRJ2cur2BJ/Vmq+DA8JE/OERtaeFggMnFlTsu3SYaAx9GO9GjHUWNQsCTTFFyKIM0sHmZ06AJiNx+XgJtE=,iv:n9CNS8O+nW3Pl4yfCzGcKBW6e/IdPNDcFSY5PjblO4s=,tag:N/micx7CYZYNGa7JW7mONw==,type:str] 11 - user: 12 - lpchaim: 13 - password: ENC[AES256_GCM,data:429T+RBs0N7sjh5flaBteU/NYzEaZiBhElsSTGpa5pTkkCR09/h6I81O8PgImnsw3DRwiXVRBSWEyBZ2DdDiExSITJj+KbdJOQ==,iv:xL2gnxGNH0L6wBzBHYk58AoKZnOZhHe7q/ns17NGElo=,tag:WAyN9NcDlLNcYTXK3EWL+w==,type:str] 14 - emily: 15 - password: ENC[AES256_GCM,data:67se12C/IuhLhe7iY+AuXcGhQaCNEUx3D4OzV5GKqU2MfMUuFQFkWDt2MFF8lM0BkevORd2AwCbRjuovEhpT5ARd6RgDlMjFUg==,iv:uLfFC4tIK+kejVffgKmk7Yqz+d4GLnRRX/L8aJOOYi4=,tag:169agLpBuFLU9fHB859fcQ==,type:str] 16 - yubikey: 17 - "25388788": 18 - ssh: 19 - public: ENC[AES256_GCM,data:QeC74Wc5YD1xQzTnpeZT3rsUXe/VaZYf27DI5SSvOXETk6AlIOSM0KYYSRtWUhbAIkMGM7zjnQAo92aQPMAIQi0XJR85BZctxWuZoQVGLwrUdEvnIGGr8bQPqUrNtF7OLhHMf8q030bhX1MNi/OsXSX6HsgHaYv7MVpM0p78xrSPh2uj8Apl4WQ/K8+pXE0loohr,iv:sGAR12/lLS4udyAMJUCk3zCmi99twqInDNaFvWWYhuM=,tag:IgDtnEGtRnkpWgmVB9dN9w==,type:str] 20 - private: ENC[AES256_GCM,data:RlX1k5dIjC6sNwDhPVgxk2klW1w94I1MNkeeErA33xOsTemTKxVHUazsXMLtU72tNR17SQUlyXUqzSSoWPaFf145E5JYIdxzMxAeW1dwh6nOK3hcGZuQ5jV+d9jTSBqwx+sfOt9oJAFWEJZQMnnV07wc3ILqdCknHCIcH7y2UE1eBfqdV/+kGslRIMhaUzF8Fs0GArukAJcCOQv0co0+d9C5J/B0SeVYcrrwAHbCseGmqHFQMky7w1BL7x5h9pyZZI6SPsq2lyd6sPq6KQ76sUfJHErv/KEdxFEtu2GnmTcMGzlKY+V7bmVO/wjvD9dIjfyuY5vwqCWd/1UzWF8/fosw6EgE74AKp1wbr0O6SwIjPr21mfOpndN0UVnvEZe6f/bhTEG69EQtLRsKzbJgPmcsQEO4td2x33wZ8cPeUOKiEPrObJlMuLJa8bNZRvbw61Dx3F0HCBGUA1E73sbcSmolVI13StB9zYG2JZX4huFk0QoUjp2YO/6RDyKR0AinMD2d/N2VdPTS9T3W7+3Vz30f1uOY02F+UT7dBpsSx65wkAPfwSM9fe/inlAYqUf/g9t7zkrtpcKInENBZLJwsSd2fMUdrx3RN+E/uw==,iv:ld5tyR46Q5iRMZhtbOb/NKWok+lNwiYXvg1pUeuc8iQ=,tag:hYNoyrOfaXtxfoHDRgRxJA==,type:str] 21 - "26583315": 22 - ssh: 23 - public: ENC[AES256_GCM,data:pWaWlDp586TAZsaPGCytIIQRTs8t20azvOKFBtkba9zsuNJZO2rLjlHPHU5GSw/FSdLyXzn0RN+4/+zhfJh5qKOb/I9QYGuJFVcmXQP/NMWIbiBCYODeeCNu5xKuwBa09TKbp5PewXWJUlwri+vQf1i+ioE6YjrJD9HH4viQz4jnJnc9y+vCPur4J8PhRkOiHuQm,iv:CcaMR5vS+Xn+fLnL5AGE4bIMNoDimgmnjhwqf1osqcA=,tag:dZvQR7etapNzPycPwUGGlQ==,type:str] 24 - private: ENC[AES256_GCM,data:B+nr04woe2bgEf8a6I65+KsGiuU6uCLeYKmU/VNh3OhVQXszI3HD8BBnHjMQExJor3VBjaCGIMkI+sTBqdxHs/iITSmMCXXkW5QAPGtiA5vo9YKUXXnr/bntk+FpYASY1LK4OXLCcycY7hI3VnyDEm+Lttubd3SeqPYdcI1CP5NKXdJF+v7JXGAc6auEaAqdI3Yi58Bpt3r+pRJqXHAgp6DlzeL5m4h9IN9gZPHrN6WpCjapiYLmN+qrQF3sSOUeSegDrJ6dCZNcMwsVRoKwc9STX4DGBMhRUgcmhR+FmWrszcEGpba2J/xMY1KsitkjKVTwu5VrA3hM5i5kanVh1cjr96ZsEhbkc/mOsPQNT1tnOIp30qE097Uh4D4swR8LrT4w49z11yziQ8zo/ReOwsP0eZZHpIgajCFbqxsduFQotw3fcmCxAuxvJnHh0BTh8XkhQaMMbFrhEfxM750qkEurPFGvnEv7bjo2N3bs4vexdiQhHn4+qnMRu/Tqo6/RnxD0wI/fYVcr5lM9bUhRDJsk5PUavmVvMTcQNHn6MLyAPb38ejcF5FDFt83Am1ahKb4Oz/66l68OcktxedYFZeQK8D39GDWqgFA1aQ==,iv:H0DFPh8JtARGyNZbUlGEng7tJ57jMtBN9ZJLnhvnQ9Y=,tag:2sgvJyrHmahh5HxmrmJNUQ==,type:str] 25 - sops: 26 - age: 27 - - recipient: age1tq2gcmu4hd4sd89hl7szhd0z8vg6tx9hk3xsvuljm9gsj7n0l4nsl6ad4u 28 - enc: | 29 - -----BEGIN AGE ENCRYPTED FILE----- 30 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhdWtKWXdmeHJNUUxrNkhT 31 - dS8rUWxBdWdpaXJxNlN6am8xT2poME1JMUQ4Cjg0YnJvQ20zekFUZ2h4alBVL0hI 32 - bHU3ZFlVTW5Zc2xiMmhyYzRlNTZndnMKLS0tIG1PakpaU2Z2M3pLQUhtdDI0Ry91 33 - WVc5RXpraE9iQTRIYlBsV29DOFhWMkEKkfZPtpEnkjQxUl2M+LRw8zvkj708mneQ 34 - YsIJZlhCYxsCb360XSX8V3g0cmY+mL0PIbSlutI2XCS4+8EBytf83g== 35 - -----END AGE ENCRYPTED FILE----- 36 - - recipient: age10fa7ce7w6q0ppk5l2gvg6d02g9cmj26rpt00ct54d4latqsnwajs90a43h 37 - enc: | 38 - -----BEGIN AGE ENCRYPTED FILE----- 39 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbTJBT2s5NmxiblRqdFk4 40 - dmNTME1QeitmNEU1Mzk2MmRiTHR2bmRQaERBClNoY0wvL2dMYUo2WlBUSWhIZVdH 41 - enFlVlVrY0xvdVE5YzNTMytiU0dpRFkKLS0tIHRIRHYwZTJDYjVsWHgwKzl5SXhu 42 - UURxL3hQbEhFOFB0NXJhd1ZJU0FyVzAKzec25rG/rSxzzq1MlPJNzQKBl5yPdvNk 43 - Y7lD0YDiSeZeBAVxueY+SAtn3sECq6WqvYfO+pfvoE2Li+skh3Ef8g== 44 - -----END AGE ENCRYPTED FILE----- 45 - - recipient: age1a90s9rr2t82vlx4q757pvqm88nh572567hssycczv2t5rjhzudmsvqdjuv 46 - enc: | 47 - -----BEGIN AGE ENCRYPTED FILE----- 48 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZmJ4UFc4T0h6SkFaRVRD 49 - alhyWEtrTGJJRjU2NWdobWVISkQ5V2tpUEg0CmpxelFtMU1DOXpJeFNSVTYrLzhF 50 - UmhaMDAxNFV6R0pyU1BIeFlZMS9sYlUKLS0tIDJBYUV1QlNFY1FZeGp5MWVXNzEw 51 - QTcxREtPbDZ2dWRTNnUyOU84bUI0SXcKoHIdaQdQXjw2JlDrCKKlyAp0tT6W2Fof 52 - bg/nFZJerTIGc1Od9qYYTShZGmUM8zUPWXomI18z5vL6yQaI1Op0Aw== 53 - -----END AGE ENCRYPTED FILE----- 54 - - recipient: age1ke3gya92cy465lp9yxwygckgtg8tcsh366vgh4ywu6edl7a7ca0sgjxrjg 55 - enc: | 56 - -----BEGIN AGE ENCRYPTED FILE----- 57 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQQkp3RzBPOHhpZFN3ZTNQ 58 - Zk11SkpxMmg2UWgrdU5xcnk3a1N0SFZ4ZnhnCk0vdGRQQkI3V0NnSE9CTjdua0FY 59 - L0JHSklveDVXaytKaElianR3SmJvVWcKLS0tIE9WdCtXNnJtY3dHcEZBSCtsMTJH 60 - Z0FFTGd2NUo4Slk3MVViWkErVVBVNlEK2hvRHcZFltNY9I8Qutn8CncWFBFahKi1 61 - ozZ+MOYxCtYnAuNCWib1QZNesWR72EFqpboTQ1VoXj6sSFCMtONg2g== 62 - -----END AGE ENCRYPTED FILE----- 63 - - recipient: age174ngzkzt0czudr4pu69mps5t77nzelgprl2htcwd62n7h740hayqd0zh48 64 - enc: | 65 - -----BEGIN AGE ENCRYPTED FILE----- 66 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWRGxDVkpLc2hlQVJndXcr 67 - SU45OW9EVWpBUFV3bWtzdE10SDZRNVBKdFg0CkZOQ1pOaitVWmNQdXgxWVJoZ3JP 68 - R0FiczNndWwxSEFwUVhqZ2ZyMkVOR0UKLS0tIGdVOUwxMUc4U1ZMbTlVSXdhYnRw 69 - V3kxaVA5RjBTSW1OakJnaWJaVE9HK3cK85bFaACe/UAQPR/xagBJz11bQnzgvcVo 70 - sMD9q+PRUVBAO7hy9d+vFf754Ac73JQ9PZEvYM7Y25w6Ak1WM4xByg== 71 - -----END AGE ENCRYPTED FILE----- 72 - - recipient: age1rsz0jrlkqs2z2p3r4a6qhwnsmyhwgh72mtxvvfwm00qtn8lq9arqa29vum 73 - enc: | 74 - -----BEGIN AGE ENCRYPTED FILE----- 75 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTytQMWIyR0xWeU1LNklL 76 - WXRTZnNFbXB3L2s0aEZkSHJCckNiTVYxMWd3Cmt5WUVJaU41T0lBRjV6Mm05MEdQ 77 - M0xRemxFS3g2NldNS28vY2lRcDBWSE0KLS0tIG93dktNQStjeUhDeHZsbG5tV01H 78 - ZjU3WHZiSmFIQ1dscHVjZ25jcEcwMTAKuZ0AnlGJMfO91UgFsuYGMjPa29ndUu1/ 79 - vQB5nJ7Hc9WvIr6SiqhX74cwj4dCtShUQnwSPRYfrE1uKrAiTZ4juw== 80 - -----END AGE ENCRYPTED FILE----- 81 - - recipient: age1cfshc5yzepc92mga9pclg6rcj084esq9a8tfe38m9c6mgzy5p5sqgc68u6 82 - enc: | 83 - -----BEGIN AGE ENCRYPTED FILE----- 84 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbHhDK2Y4N2R4ZXpBQWRj 85 - dDJrTTJTZFFHS2YyeEc2Szgway83eHVWMld3ClR6dTBVQ3ZxeTFRckg2SmF5bGhY 86 - Y2MyNjhONnpSNnRDc3N0cEJMNEM1VDAKLS0tIHkrSlNhQkd1am44WHprRDgvUHBs 87 - d0tBMXZkQnpCenZHdW9SMUs0dUlsTWcKEgypYl2f9UteYvnNlyS30OG3wZXPUEt0 88 - 9rwMktnBaYvS8aekWw+zUy+WJZ3YtRDFm4fqykG12mvV1eAqq/Tq9Q== 89 - -----END AGE ENCRYPTED FILE----- 90 - lastmodified: "2025-11-19T17:22:10Z" 91 - mac: ENC[AES256_GCM,data:4eFOQZYosaCTEgWTz2O/+k0NgGHS6Uk4qcNAYZDia4qMUkWipnpueoNG1r9qoDNWpdleTDodYlQ/9lTr6FnA3t7yR9o7KlqAtFB6Z7988IW7mqMmtuaO/ctsKMFrbvYPsQpXkn7+zuYFvWEj7nK27j8TBrPCsnyn2gnCNvEXWMs=,iv:ndiSrNvTL4V9TLX/EqiBHRUQhiDtwrz87HioLelr9mU=,tag:JmFqYRySAK2434Sj1PfUqg==,type:str] 92 - unencrypted_suffix: _unencrypted 93 - version: 3.11.0

-41

secrets/hosts/desktop.yaml

··· 1 - syncthing: 2 - cert: ENC[AES256_GCM,data:0WeUAZidnJXEDumpWQ+h/UsW6ae3kCPLtJKKbqK3IktVrkklE/3RPli+1q4IRZq0wvXwLIGFKYkynCZhxgM286ITo9rbCKv+Jg7Nz/1gNeExZ+dWgAlHwy5PTYBwp0TTBjwUxjxsIvpphvJwWil7LPbabBaeTY3sHmYvIcAD1hycQDwsLQL0h6Lj6dEZrzQYOg+NsdT9eL28xA1x4Ij/U3qAMHZViY2INpo1ZK+QBEQ3eIIF4/wyPFqHZxk6JqNYTiHr1K0d1HWFHrCWRI/Vke3nKFifnQ3OWAFGhr6edfFTQj9y8wZwZHUEBaNhmUwYdTOWoByL6uCzSiwOUwAz69Bfxt1yrPPEwmpZYwZ6ULmfFKTCtVJX1dIwna6xbVfDZiHrI6lWpKDfrTecDb28tXoKQHG9FauQwf/9XTc4Ny/LaHM0Pu/ovSE3R3aEF2rtELnMWRizrdzNNMq7E58OEvrRSDVLWWZiRLtHmCsmWdaY741EtQQ0tz+bZXEVKwIdxvrglq5eafQBKeW/VGbkYa8VZJkM60tMxJktkhj/OzF9AJEJhTZfmcVNAdugufcsxBd10kMdmtIJoSX17+TOAT3mA4w5E/w8Cz0Kre8JfYYhA7TI4knHdzc6h63XYLvwt+ObbpAH0gzaoHXxw9nnZXAkK0ggprqFeLwgGMbfFqttDWdPeyvx0SesrG9tlQCz+Sx7iYmVXYDAWKRtRLfwOEtOVaCvfw1wN4j4Yra4BfZKUK47MLE4Q36Bhi054hMuh9RoOSmcLZkFCux8PJV64DNNZqE4n0Eed7s/u00QmBzqsqgarXZZXxYntwtT2H0KFBD/5Ma1a7bXnsxs1ln+m3oT2qlabCgz1b7jPQhb+tXMY3+HZcqRlt6Py5Zqh2LYLMYVYvY7vDObSynluEQU+fEpk5WXI9HbYyCibEl+nbqico+4+X61+27p+EBmNlkwpWGeIZJ9uP/Sr7FlhflUdL7JfBUp7MZ8qlQwlNH6SGIbWrK+35+9yybHkqqcg8Rm0xfRHnhsit2tFnfy0VJpTiSSOqUHMQ==,iv:O5gDY8jB2hkv5iqVL3yQ3v0la7J6kBFJFIX58JLmsYQ=,tag:rpnIgU3FXrN1d2n+SBj4Hw==,type:str] 3 - key: ENC[AES256_GCM,data:pt9C2XgLsybsOeqYHuLbrGltndZ22bN8kdtVtBoMRiqo2olnswiEnOmGU01ljS/wtPRWpK2SZR6a4SjkCHoK3lpoVSHDUb12lOKqOXQMD9DLtCUg7644Z6C+PTgtkfxd7wD/kAKW2PJKeHDjtH5eDaOI3VOK+SFmFmzdlJas1o6fkbnyFGEnqqkVqMHq4bNSAxk55R9kbAAiHKmIcohHGDF6IBMxrNXekA6YW2e9kmnvxzlnqUNXX9ky6LYUWoZjRCxi5/u5/9+LImmhGAjJyqovKtwQWqS2Bk5xRGoVELgBhEiEGUljdw5DWXxRBbwVveh4xOb+BHh59Wpyzqpo/CLQDbJ+kmg3X3Y6yPXD4LvFELCpE44/AwqiMWGygBBM,iv:ez/v3hepUx5WcxUfYhSFHn6qdz1i9v+bVSgC/GFKYLE=,tag:MS8TPXwRzQ8JgmZVQicfWQ==,type:str] 4 - sops: 5 - kms: [] 6 - gcp_kms: [] 7 - azure_kv: [] 8 - hc_vault: [] 9 - age: 10 - - recipient: age1tq2gcmu4hd4sd89hl7szhd0z8vg6tx9hk3xsvuljm9gsj7n0l4nsl6ad4u 11 - enc: | 12 - -----BEGIN AGE ENCRYPTED FILE----- 13 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdXc3R1NzOExVVTZhY0xJ 14 - OUhXNkZiN2pEdDFRUEJwMWM5cmYzSGFNVTFJCmlIQ1M0cEVJV0MySTM2amVhczJI 15 - YTFyR0ZyQ0dXV2xYUXJncHROTzBIWHcKLS0tIGpaM1A4TkllQTFFSEgrUFpVTWZC 16 - ZkZBSFRGSjBjZUlseXNpeGlDVzdRcE0KPs1GIdC02sW1+xw7dfx0ruXcR5VMhnxy 17 - 86ioofd+eTyDXr7qAPZ/NBbwN5G/IMT0xxCzsX3oZ1PjM4VKre7eqQ== 18 - -----END AGE ENCRYPTED FILE----- 19 - - recipient: age10fa7ce7w6q0ppk5l2gvg6d02g9cmj26rpt00ct54d4latqsnwajs90a43h 20 - enc: | 21 - -----BEGIN AGE ENCRYPTED FILE----- 22 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpbElDNG9VNkhiUzF4VXJB 23 - K1JMb2ZHSCtsTHdjeFJzMEpiRmxGQUl6NVhVCnZNS3AwWTNITERueGpGZEFjckF2 24 - aStwcUs3QTk4YTY5Q08wWm1IeG1aZUUKLS0tIDdITEdUamZIM0N4bk10Vk92V0lJ 25 - bTY5dnczdTdkRVBVT0t1ZklyUDd6YWsKwwuYi45ibAA0WEXBYupTeeo2DUy2ZhGW 26 - XUglq1UB4Jynps8D7BlFrCnvdJ/d2rfQXkfYZ5MV6MSqtpbChNCCHA== 27 - -----END AGE ENCRYPTED FILE----- 28 - - recipient: age1a90s9rr2t82vlx4q757pvqm88nh572567hssycczv2t5rjhzudmsvqdjuv 29 - enc: | 30 - -----BEGIN AGE ENCRYPTED FILE----- 31 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3aEpjdmxqbTAxbDAzWUxH 32 - RzhCZVl2Z2FtRmtxQkRvbkpJNkxIQnJjR0QwCldPSUVTM3NNVS9iS2g0bm12Zkxj 33 - WGZLalJKeUZVL0dGeDZZR3Fob092UlUKLS0tIDJkL1dwYVRDbThFb3JnbkRqbmlN 34 - cWRIeElnNWZqSzRZQWI3eEUvRVd5UjQKcN7ne7wQXcvKhqrNS1xe4wISn2Ykb5Yx 35 - EITcdR6FSX/v4TvTGxFiq5SJkxbssVzadoIzyPIxGiYaoeMY/hdCjw== 36 - -----END AGE ENCRYPTED FILE----- 37 - lastmodified: "2024-10-06T00:19:47Z" 38 - mac: ENC[AES256_GCM,data:T6EAlyxfQHNvEvqPo9RjHLkyTpSDo3w85MNnTjJoKH9MCcshb1UjbNacQ2NZa95562BTndKB+LU4U6iUf0P9q4nBif3M7GxXyFyObmflqOTpZvxKelsYawqF5aNRnQmAT2voen0EoQ9VYp7XLYKaeZgP5tk4qGqKfcvwmYzPI2c=,iv:XtyEWIwto7kQD1ba21YxWdzQaF3XPTrhvSLuzmvxWnc=,tag:yQvcEp/20xj1coTsg0nHuw==,type:str] 39 - pgp: [] 40 - unencrypted_suffix: _unencrypted 41 - version: 3.9.0

-41

secrets/hosts/laptop.yaml

··· 1 - syncthing: 2 - cert: ENC[AES256_GCM,data:B9xpRnRVkSv9o9jUrFsW4xFeCNqLYonfftRJ93zgiBXGllkg1H2AJHIbXEwX1R2knRPXcMwobu2mdiRZ4cbE4ov8U1WDL6ADm2SY7r4U1NeZej46PFbDjsRtf8PyvAC52wQc3xRCsM2/ZVx+zILiBnPrCk5PORgPsh3uVBq0IFkMXyAoT30/4jk8Apk6XRViQe8tjWqDPtalsJYxW5ax4HR5anTsmomwxeMOhqdCiTWTzmh/QuIBMRkoCx6Q/b583vkjfho4+7MHa5zj6Nqvf3l4g8yhUJgv65lbDCNsOuDzYvSikNFZnrj9JUf34j26lmDNndU9EzBQdEjd0hv6/pygdzUdeRJ0ngylwsy3TZ4xY7YorFtsSli+l5hy6watIvklwkn3VOLRj+1HUlQtfSl6BMloGxjrwAbmW3n0hMk2tH6AKgBSMmRnblfuolnOnS5Ak++/gMQe7vwqV7rdBFRH1TTky6dWhElhA1dnlC1p5Ztn8Q5G8fa3CVF9H2EjaG3HIa0c9ySwx3JsFHK0Aqx62d1CYyFUaYWiDmHitklVOiQ33tm3Nk1jlhNHJhnK4CptyUbOYvQebSA+MWffXK772JM23xZHAV24B4dmbBf3PrKnMG7w7dcONAEPAHTA0JlwjrP04oNFM3XNdXr+BQbQ8NDf1Lqp4OVX78a7vMsDZUAUxRsMvQ5XWcavsCLkIvVoK5kei6bPmRguOeCvqO0QpWnaiOxxwG0TXO06WOWr9muVuP/45vyB2h/XuJu+dOHOvi1P72VEOlks9yX+NNmHWLJWnIkdMBe9SxayI06mQAzVOdDwF5HeHabUkzNZuOB1xRdNz/wcJa3w3nQ7/XxzYptpx16swcJtdfuo7jVRNztpk7AhnWlTyQJ/KbrHvxOL7w/NrWdbUgzqBu0yNU4PrxTXyupdTSTHxGTSB/TLkMxsONGSAueguKqY0bhJodi4aumd4Sl7X3fHrmEjYDvtnqCW3RlHBLi1jY4m1VmMkMs780q9chmttlsP8Nd9qDi+xuz1rh1IJWeS8+Xxz0IZAQB5oBRf3uA=,iv:TlZjBUqK07OqVv2QvHkjnDkJ3YiAv0z5lC+9BPZ+8UE=,tag:oywNslbLySpKvvLaZrE8fw==,type:str] 3 - key: ENC[AES256_GCM,data:mThL6ORqr46srmHZ3aDkyfd+AqkL0JM6X2WsdkfXnHq3OdcC0zFLnYpffQDRIRWMX8UNk4+cRQvEp525x8NXGIK0vin/szADdtRKYXh/UsnvUHkJjVU+E7XoXsPOLB5QQQ8GlfFRToCV9u+ZO6eQix4e4V4VgnGcu+IiNMdm2K/RgFZBD4Tx7MBW4IuiM/Vy7Z3hczJVmuTk5KqCx0SDeSHw8Z4/zhe8YLBGvghMjbwJr3yLZpmXiTMQhmYv/HI+Omh6y/bHaEPgepsP1nk1kdsrBnYIPs6phxvklVLLdJ7zUrmDVOpDY46hFSvIXHM33a/BUBj8AKQwIpqcp+rDpSsWbVModOy/mJnqu/8lKMwvxA+k4Fs6oI8yG4L/gR4f,iv:HaVkg7jRbNKdS0qXPNnON8gmT8rS+y7MdzeCvwCPRq8=,tag:7rgwfA58pGtyz7hGjLi+Yg==,type:str] 4 - sops: 5 - kms: [] 6 - gcp_kms: [] 7 - azure_kv: [] 8 - hc_vault: [] 9 - age: 10 - - recipient: age1tq2gcmu4hd4sd89hl7szhd0z8vg6tx9hk3xsvuljm9gsj7n0l4nsl6ad4u 11 - enc: | 12 - -----BEGIN AGE ENCRYPTED FILE----- 13 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0M2JFc2IvQlRvNWFQY3R2 14 - YjQ3ejFjZEtTNHBIdzkvMURhRDl0WVhtdUE0ClBwTjE3Z3QzMVp6MWozZXBidUVh 15 - ZUxBbHFFRDdhVWRNajloeHRqSDYwdHMKLS0tIDdGRlFPRm0vSTJVdnVFam5jY1FX 16 - M0cyWEhZUzdHZEtaMzJza3VUbzRvdWcK77RKdJlexwrDXURM330/9ELVB5bheQNH 17 - fKE4ZXKdbe4GJH9N5g4BIYBbvjHbzdBoju+/pGo0//qAts8ljRMRZg== 18 - -----END AGE ENCRYPTED FILE----- 19 - - recipient: age10fa7ce7w6q0ppk5l2gvg6d02g9cmj26rpt00ct54d4latqsnwajs90a43h 20 - enc: | 21 - -----BEGIN AGE ENCRYPTED FILE----- 22 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERzBad1JHWXl6M2lkY1ZT 23 - b0dLSjVSd0pGNExCSEFkdW90eVVoNWNZV1VNCmdLajllUE9UQ013bldZTHV6WlFL 24 - MGtrNXJOWWc2ZWpIeFVDMUg3bjJpUVkKLS0tIFd0SW5pNFZrS3lOODR1NmJOY0dL 25 - aEtnWXpBdGZDb3F1N0FPbDBBUlpDUVEK9v/TI4HAgPZDnTzCmxfVqsmfvoNbX6do 26 - wn56ZTwkn52YweFRTQ0zB2xfTD/kgSHrJ+Rc+oDX1NPs9uKsJpVpbQ== 27 - -----END AGE ENCRYPTED FILE----- 28 - - recipient: age1ke3gya92cy465lp9yxwygckgtg8tcsh366vgh4ywu6edl7a7ca0sgjxrjg 29 - enc: | 30 - -----BEGIN AGE ENCRYPTED FILE----- 31 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MG1SOXZaTHROcXlXMmJI 32 - bGRHQjQxcnQwZnRtY0s3TGx6TDJFeTFVbkNzCmRrbzdOSDdVZWJMRWIyekQ4bHdP 33 - NWtzc0h3d1RzanMvMHVYcW5VZ3Q4cTgKLS0tIGpyTExBTk9XM25JNGdWK05qL2R3 34 - a3JNMVBzTUJXbWQ1QXEvOWcyRHpQdjQKZUESMU0pVBWlVBZR9tMJ7Q+S1bvcIlha 35 - 5VS+W8aANb7L8kJQ6SSD5x87Ay15eimwQyvhvPx5Iq6NnEbxEa0Mlg== 36 - -----END AGE ENCRYPTED FILE----- 37 - lastmodified: "2024-10-06T12:27:44Z" 38 - mac: ENC[AES256_GCM,data:bkQ8/hYQI+oCW30leILWUef50JSdevJtDA2SmHgVMtefI1G1sSfHIOke29FNl1wGexkj8OFLoQlm4zegnt6WJDqN4Q2GoTAHTki2tdf7YNq+ocMs8HCqcsAikQtjoRTRmO2bhU+9JYnAA1M18upbfi+gUGxNCgyGaF7uRbNp4wE=,iv:yGgALEOO//qR3mXVKJP3y3TfxLtkiXkOiU4tGT0V4OI=,tag:IdirrNVQFJ8AQNP1ozCQVA==,type:str] 39 - pgp: [] 40 - unencrypted_suffix: _unencrypted 41 - version: 3.9.0

-41

secrets/hosts/steamdeck.yaml

··· 1 - syncthing: 2 - cert: ENC[AES256_GCM,data:MTVLUjGNEzZjZ8q3rBxBOQ2BeXdQuiqfPh40eh+/lNOf7eeKh2q8ZNKGR0ZI8TxhyKiK1oO0mq65KlvrVDhsTuNpXUVBSrQ5nvVuETJJNn9FVi0UIUOqELfGtaKq6xw+RbKv3TBnKDyz5P9co1rfoVa5hvWF7rBkXNrkiH1FFXxtvpgEeYy8j5vMfKkW0YhTUth+4mhQiMUu2QJtv4efXeEceY+SCihPc/fOC20Fq/fkXCoNg4OblRJmrrQWyZzZeIV5uCfg2c13t76IyINpC2XX1SL3+I4/ugsF+jerKe9p6B/Zk6PSxaDR+IwGmP2UcwRClheL/XS0B9z8rWXlgS0tIhH5whod27pTkPePyeGH7XqMQsfP75u0bdtfyCKws4LQ8RrU8BjmS60g0VRcSu4Ren/E1+mwZPGtVJfkjwMxVt/OsVR2936069PElKrZmFsTEM8SmLHwD6fRwPHHSDrVu7w3QsrhZbu5Qn+QramGRqkKKJYvr4Pd2PrP8pHwxRVRN2VgUg1LhSiL+2Xk2eA+g+HUk1N5BM+V/6KZ7lXCOrphURZr+F7T6UDJQjkAI4jkeff/ynKFlkOwffvUfuOvtkfwdGvYaxRvydfiy8HuGqnHX0JgnXUSZ609zzs47x5uREquVURjKw+slmfUviXRMCBP0FbtUmYqHYB+xoMnhhdEZqDTueRQo6ULVJFMSvrY28FydR79doQ3CPhnuB+yGr2ymKwezWFhiZk8yXJv05Zc0iDAfjeWTY6YxyM7bGkjFXXC5vegZaswvWtmpjEF5kiTIUEhM1cIdzcj4uyzJq2Vc7drFdgo0RCpYgK5G6PBAVr2LOZ0+e0VKp2O8nWbhR+1mlxwBDsAvKysqtBRw9wRrptHIXs7FYF+eIEpmvQD7wZnMecole8AEz0vbSwXR7gOUcqaoZF1qv7tVeSWnDjbsPG16RwsEJHDOfc+IRr0WXnHyrS6D5Nwyf90UvHsf7qnNTHsIWV4AHefzgSpMEaMtLjJmM9wi73KmFSGtk69Ez/OjKpShsRCTPcJlujWBfPJtb/8e88=,iv:BglGigx6p50q4Nuhis5KDkzipdqXgjIcvrvGDmhA+5I=,tag:fNZRZy9EWPDDQWiuBfdNVA==,type:str] 3 - key: ENC[AES256_GCM,data:zKrD3G4mGAG6RUjI/9c8toT1uuSoAm1jsv/7g0t97wGolIkzKUCo7NgSQzgo5X8p2qXU2RBG4nuATVkdPjf9lyQX1V2IWv4mO1w2SYww9ChqY/vw1PKfVaf9GVfIi03Ckj835f7BUBjpNm6CaTIIOjlxgiIHKscEggPF9fwDrpSJsykaoH1ypKjs0OtuRIVK//v8VQw5W6U83asqQlyS9S5yQMsDBR+AW+HXn84yWT1rY5U97bwZaTUvYcdZY4Z6tVanNnx68bL9Rx45ytkrelO0tdc2rLafg7rMF5b4YrUBz+638T4ZJeSXUoYrmSTReOk8LWf68MOdmoePdkSzXdts4xNGmbYeu1XiPDhLMT6F4480Zy1jwhQtjC8Kry4R,iv:+7pmMjoIHQX8JPB188xCASG1JwXDS6KT4NooASuLkF8=,tag:d9Gh+v5RYwoI6v6sYl8/zw==,type:str] 4 - sops: 5 - kms: [] 6 - gcp_kms: [] 7 - azure_kv: [] 8 - hc_vault: [] 9 - age: 10 - - recipient: age1tq2gcmu4hd4sd89hl7szhd0z8vg6tx9hk3xsvuljm9gsj7n0l4nsl6ad4u 11 - enc: | 12 - -----BEGIN AGE ENCRYPTED FILE----- 13 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1VXpXMzVqTVFOdzFDZGVU 14 - OTFtajBzK1NodTUrekNnWDNPd2gwZXAzU0Y4CnN4bkM3ampHdjF0OWNsRkY2SDMz 15 - TmpWbHJyYTIybEFybXU1Skp3cmNsZWcKLS0tIHloMXh0STVJaWkza1krSzNTRElV 16 - ckNKbVVKdGlhSXdzeStzZFRPb2hDODQKptZyFl1fSo6S8Hdf3U/CQ/a7ALSuZx0c 17 - 3V0+y/pqwE5ok0BJ48ktc7zmpvDLxc1sD3vkqY6oSj79pIhHVQNSYQ== 18 - -----END AGE ENCRYPTED FILE----- 19 - - recipient: age10fa7ce7w6q0ppk5l2gvg6d02g9cmj26rpt00ct54d4latqsnwajs90a43h 20 - enc: | 21 - -----BEGIN AGE ENCRYPTED FILE----- 22 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxZ1UxNGhkOHlkSGlQV2dF 23 - azdSeXVXWXhsME5nSFRXa2lNQ1BXOG9uSGprCkQrcW9TZnZmajBTTVd5VFV0SFBn 24 - Y3hpWmttSWxpNitHbWxvQ0lHOUdsajgKLS0tICtmKzhPTFhLNVU5UDFURHc2U3Nu 25 - UCtzZTAwOU4wU1RmcXRXcG15OTNGTFkKPbbfEN4oaoSn3JoMMkXY4q/kObEkAvrL 26 - QuOc+Mkl73qFYNvDL76NH5wqkHKmC+wIPSAaPujC3DK96sO3jLkW2g== 27 - -----END AGE ENCRYPTED FILE----- 28 - - recipient: age1rsz0jrlkqs2z2p3r4a6qhwnsmyhwgh72mtxvvfwm00qtn8lq9arqa29vum 29 - enc: | 30 - -----BEGIN AGE ENCRYPTED FILE----- 31 - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxVkNGb0I1bkRMb3IxOWxX 32 - eDlqWmxlYTI1YmhZNldkSXVrajRId240MzFZCjJ5U0EwYTBwaDF1SVUrRUdWWTBW 33 - TzFqQ0hRS1NxanZuTWpMZFB4eFRLWUEKLS0tIEc2S1VSL0k0R202aUkvbHNHNHR1 34 - NnVDaEVqc2NFZDhFQUtXSUQxWWxram8KjPoPNp7eLhHXzTDQDB/LzK3S7pYPNmvs 35 - rndU+MpNz9OSDh+z/wa79U4eFIPHt4LSzYr8k1+8wQo3ZKaVCLn1CA== 36 - -----END AGE ENCRYPTED FILE----- 37 - lastmodified: "2024-10-06T23:10:32Z" 38 - mac: ENC[AES256_GCM,data:jWxddYdQuhu5qmPMbSAT3ELS137PSbWei/L0X2JEZIcZ8/n2YK09Qpr8EIzu51kWMIbwSM958kBvBiShL+DaHqnaEdx47xWP9FYvh5APk4VRlSZa3aLpG+WkYUkRHPZBo/9wNCRyMtbZs0Pq/gs184LxoSIC04dfs0WhdPJNXiU=,iv:BZPGcgq2PoU+OdPVRazP4vnnzCXVgjmrxN7GFZgMd7U=,tag:3RGKNJvt2a/30iJUqZ25xg==,type:str] 39 - pgp: [] 40 - unencrypted_suffix: _unencrypted 41 - version: 3.9.0

+7

secrets/identities/age-yubikey-identity-25388788.pub

··· 1 + # Serial: 25388788, Slot: 20 2 + # Name: age 3 + # Created: Sat, 14 Feb 2026 22:08:52 +0000 4 + # PIN policy: Once (A PIN is required once per session, if set) 5 + # Touch policy: Never (A physical touch is NOT required to decrypt) 6 + # Recipient: age1yubikey1qd4evthtmz779wrj5j92j46jgxu87are20rxagx609vs3z3g5535j2jtsrt 7 + AGE-PLUGIN-YUBIKEY-173NGXQV46QL544S4ADJM6

+7

secrets/identities/age-yubikey-identity-26583315.pub

··· 1 + # Serial: 26583315, Slot: 20 2 + # Name: age 3 + # Created: Sat, 14 Feb 2026 22:09:37 +0000 4 + # PIN policy: Once (A PIN is required once per session, if set) 5 + # Touch policy: Never (A physical touch is NOT required to decrypt) 6 + # Recipient: age1yubikey1qvsexaz0mrwzd6eadgmnupexs0csw6esdzmfzs3eehmn4w4hdlch5j7xrxs 7 + AGE-PLUGIN-YUBIKEY-1ZWSE2QV4UFGTR4CPNAGWZ

+9

secrets/nix-extra-access-tokens.age

··· 1 + age-encryption.org/v1 2 + -> piv-p256 0D9K1g A1rzJIhLG8nNJmThsQVMSKrjoi1qx4hHOTydXP9fnTLq 3 + 6E9gF6Wtx62hsCJDEVhZKcGwGyRwUVlLGZxYcRvpYx0 4 + -> piv-p256 4lCx1w AkKvO+uOWtL90s/MV/9una66nZaeVDvcfMqFYl8IWYlR 5 + K9778FQfKienpuxssr9TRPOEu4fX6awf8hiaR/8o+Nw 6 + -> )k>e<-grease K ^)TN;40i ; 7 + rHA 8 + --- MOVKbVgwjZu+sMZ5z7da4cqyQP96K2r/DECZKgXMBtg 9 + _w|��k�d�a2��y,��յ0J��ڙ��L`��-��j��KO�Y��~�d�/�ӉJ��lzﵲ�܁_K��6(��*q��!

secrets/perHost/desktop/syncthing-cert.age

This is a binary file and will not be displayed.

secrets/perHost/desktop/syncthing-key.age

This is a binary file and will not be displayed.

secrets/perHost/laptop/syncthing-cert.age

This is a binary file and will not be displayed.

secrets/perHost/laptop/syncthing-key.age

This is a binary file and will not be displayed.

secrets/perHost/steamdeck/syncthing-cert.age

This is a binary file and will not be displayed.

secrets/perHost/steamdeck/syncthing-key.age

This is a binary file and will not be displayed.

+9

secrets/perUser/emily/password.age

··· 1 + age-encryption.org/v1 2 + -> piv-p256 0D9K1g A2MM3fc8jjxgYnOGuexvk4BvC3g01LWDED3yjAcQ8+ll 3 + jM+L15RVScXduhape4lga6PSY6WrTwWv9o86L/qYdI4 4 + -> piv-p256 4lCx1w AhqVivIIw5tvU0fdulTiaheDg45XcyFb3arD6HHhch8Q 5 + bt9gd4C4dYO87r7e1CvIMJ3r5jS0qdgLg23CfApw5Do 6 + -> G"%R|6lK-grease $jrj~(U s| I_nz Z>gjF8MJ 7 + RN1dq8wA4FaoQlnMbzS/um4CQ6U9kgDn3p6a2OvWKnb2CoL8GLJ7BUepYn65yw 8 + --- pneQxoaynVRUvRcOMkKy4ihaA8XFE4HL7Gz4orRrD14 9 + ��_l`�� 5�l�hQk�+��0s�_'h�t��Ztlz�gK��ct��R�M3e?b�z��GW9SĜ��N%�+.�lR�><��L$孺��;�

secrets/perUser/lpchaim/password.age

This is a binary file and will not be displayed.

secrets/rekeyed/.gitkeep

This is a binary file and will not be displayed.

secrets/rekeyed/desktop/022fbda9b7a6fe324d5439baad56d4db-atuin-key.age

This is a binary file and will not be displayed.

+8

secrets/rekeyed/desktop/1e2511d7b48b8cf010cd3fbad0797c94-user.emily.password.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 RuV4dQ Ifr0eg9PQp6RvDk6FvpS0WGjJ9GAWBgucnutsNpbhEA 3 + DUZmaqNKVgGF6iDRQULBizEsXEXnAF1ZcQ/xfYSm7D0 4 + -> !-grease o {g&O 5 + 0PVLNr40M2Uo9UEYSDQE35t/eN9QXuQKWSrsfUdq2AQrAw5xbmswPl4G4oMcVdK0 6 + zZm3amUPt8/n4a/kIEMBvpXrRqFYJX/MXWC9jySVrs9gkfdp0BwDZA 7 + --- L28uQDHmjI3SbTWMOXm8+2oiuEyDyDO45xhrgrujQ6A 8 + ��F�mک*~# a?�.��[Z�I��Ǳq��_��Q~3�S<��u8X�]��cF�Ϛ�� V)W��˅)z�q*3Bg��ϵ ݻ3�?�A��

secrets/rekeyed/desktop/253812df1777d3e6b3c9eb79068ad6e4-host.syncthing-cert.age

This is a binary file and will not be displayed.

secrets/rekeyed/desktop/3de6f93d67eced91f4cfe2c09faf04d6-u2f-mappings.age

This is a binary file and will not be displayed.

secrets/rekeyed/desktop/7110400b00825a3032f877aafd4f0d3d-user.lpchaim.password.age

This is a binary file and will not be displayed.

secrets/rekeyed/desktop/9b9e75a1cfecce50ef3df20e2c47f339-atuin-password.age

This is a binary file and will not be displayed.

secrets/rekeyed/desktop/9f35beec5db9fd76b1ffb3a8c6eb9e88-tailscale-oauth-secret.age

This is a binary file and will not be displayed.

+7

secrets/rekeyed/desktop/b431478dc5dd243430445b51a3d6c1ce-nix-extra-access-tokens.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 RuV4dQ LtzsMZ9Hp+ZsgtKTQ5H0ZIYD4apvj1PR4GjYAfH5jXs 3 + wjvylqUMUYkjp3e//L4+Md07l4e3dIc23d1qlepSIc8 4 + -> R-grease 5 + yuWbR4AR75fY+LoQqJ+5kZQlqW0mPawZ8ddVLs5oH1H5P/YH+If0albZ 6 + --- XAaooPquUG7MaT5MYKSY+A7udEbsEILM/M6+fge/3Kk 7 + �m��ɸ�VzQ�A\�&�_�@��Zji��!�n�<�ݱV�t�и��Ӻ^�@]�U�\5bB��m�8�.��}ļ<�a"��?��>�ӈ��a�J��u

+10

secrets/rekeyed/desktop/bdece0a54bdc381440fdaeaa33276a18-host.syncthing-key.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 RuV4dQ ocIEnm40lW0GS6A010vBNZD2GQquw40CSNDXwY1uOx8 3 + kcqvZn90mKW3n9Kd+SCmbi5fTYaH2e8UbgcnGjaBBaU 4 + -> Z;Qk-grease F*<|C( 5 + iWNtHsahhZrUYaG/BvZ2dLQ9rPV8ynaqb4bTq07kKjzAg8SoY9tBQBFZ4Q 6 + --- XTSwXeIQ21gPXKmyI0igT6Fj7yTMbfn084X2OqIgmlg 7 + Di6]x�Za"��-��f�`�T��$�c��^�c�n�E�XX+dzmn9hf��C��R1G?�#`]uW��-�̾��R��ש7��R�Z�}�b%�[v��g�k^�7�R�[�f�0^f,��#^A�C�� 8 + 9 + �2ƳBŲ(A�M��[v�0��9:B�)MecDR 10 + ��C ��+��E�[��2��yF��G�iρ�}��|&�T��LF�pj�_AW��|�$��K�~P��"T��{�I��߃+��=�h�W|Ϸ��$8k�v��K��W��L;�cFjL�)��#�

+9

secrets/rekeyed/laptop/032041edaffdc743c79c0ae7fae9e22b-user.lpchaim.password.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 9M20hg kFqVPYvudixlbpfZsHHsJQ5ZZbTFavk5gex65RBqBk4 3 + wNgVCK0eGwT1d3rJnogGAsLZQ2dBQnuKuhpnzRjO/TQ 4 + -> 'mBW-grease 3 }M9tb$re 5 + dvZJi8nSGBP5ICrE0hagfmfUj95Dq+IVy6ejLNfji3kzpeKz/HHzs/aW8oPMVkfw 6 + l9XtMaE/6CF0l1p1o7ykXGWTMQPfOmQwuQ 7 + --- i0w4Z4vy+7BPL9WI23Rt21cO0O89wcbSB/Need5OIto 8 + ��-��r��֦��l�,��f��)�4��;9B��$*��}L�-�>�(��JJ 9 + u3P!3�kT�tcL�}��h�1?�C��:��|Z��r9�^��1

secrets/rekeyed/laptop/0a2654ce82949ab68784f9891f20c5a1-u2f-mappings.age

This is a binary file and will not be displayed.

+7

secrets/rekeyed/laptop/172f7636c66c8d21322e1700fb12222f-nix-extra-access-tokens.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 9M20hg moRHAC3tKBTR42GATGMd+bDGcTJu/+uJ0YfBHnfcdTg 3 + Wyy+tDMLLTpTqfOCAsfxBXZp4ybjTsyG45JbS0wuQTM 4 + -> ?m[Q@J-grease 5 + ClAEOekjeS7ED+5jYSg7gFlqE8KMWk/qg2wvxsEgku2NsC5iYDWZaiY0fw 6 + --- 9f7NP8TnOF2+PAL08RvM8ybekQ+AaPDaSXrWD6bqMRw 7 + AL�1�~K>�ȴVt��<Z��Nn��n><K�Q�zCd�Z��b#|[�)1��jcǃP�&�@J��[_�˟��!��l��t\*��D�|�a��

secrets/rekeyed/laptop/317f983cb1f84c2b53cfd6b6d10938ac-tailscale-oauth-secret.age

This is a binary file and will not be displayed.

secrets/rekeyed/laptop/436ec0f4a8351cc704f0e9341a61bcf9-user.emily.password.age

This is a binary file and will not be displayed.

+11

secrets/rekeyed/laptop/4e668d1464851bf35f50089c076c4c95-atuin-password.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 9M20hg bK5yt1xFLgALpcR+R8D9R1ORZV9zO3SS80aR8HIogXo 3 + K+OTS7G/UOJSZZqN2K2V6sesDfDYvGt/PmKDMqxlC3I 4 + -> fhtS2-grease ~x5jv \1*<;A MH2HVf e9\ 5 + 1T9dQFRrCl+UBThgW7K26EuFWQhWUHif6x2jyVZBOxw0ckC7T3XNkfGuKj4obwaZ 6 + 3kUcqFCPqfAudgPcr17p6s1DVrI 7 + --- bxU5Rj+72nPciPdaYe2zxVfiv2wAhhP3wO3uJBImlac 8 + I�ڄ 9 + i��Զj�sC!7�(8N��`��/w�$�6 10 + 11 + ��_�(DL�>�n��n:��EEz��[*oe�1�g� �z�8�XJah��m�~:�tT50��T�E\�Q�W4+��@��F��(A9�

secrets/rekeyed/laptop/69a31001645c8b6c8a697a43d180cea7-host.syncthing-cert.age

This is a binary file and will not be displayed.

secrets/rekeyed/laptop/97cfd008557ea6c347300727429cc32f-atuin-key.age

This is a binary file and will not be displayed.

secrets/rekeyed/laptop/e982e750ad2f9276e3eb51c29c3e0f5f-host.syncthing-key.age

This is a binary file and will not be displayed.

+16

secrets/rekeyed/pc082-cheina/1e2d70ea3ce9583a3e598ffe413c7206-nix-extra-access-tokens.age

··· 1 + age-encryption.org/v1 2 + -> ssh-rsa EE65jg 3 + lz5+8w+jdDGsAcS2npo8jJYUTyCOypArq9PUWH8SWNJbFikReFBSkxs6E6v4fLzf 4 + 6rgnWr+lpN6F9nq0FRfIEYSElcfVj5PhfFBLCIBAXq37R6jFdvHBv6BFN6wPvkBi 5 + YwkWDdw1CZPGg/adhSN51QuBDGstwAMX/QFBx4gIQgxmFETpXKNvC8/akuHFcrqh 6 + tawJHIBFbB/PrlFs1A93AZOsh7/bzHDGdG8HaSGH9jIgPxmrxVl9IRGsAqPCLLxl 7 + ACE06YYJP/CPobZpWMnPZn/T1b4m/YUAFXnA5i53iVTF1yVl63SYrkATARReJYkd 8 + Ty11lLKeoZz8o/eqSPRFVNclCkIT0T2d8mgFboldUgcpD2+V0SWs36KrAV+CRYwm 9 + Srkp4bbG4kOSTWuJdbpcoRJuJQwZ9sL8ILNwP8E9xsOtXCIB2MUT7QIJ22yuy2q0 10 + +5Sp3NcqQWPmk23O98sqQeSei+Sk7EE8Gnba5E0hqtB2JBnuqfdxyBO5lqDevL3a 11 + 12 + -> QSKsS(h-grease 13 + +ity495A4ejza66OAH3zvIFSWZh+59JFIzq9EztAeSP5H+sYucy56O106rhb6eIP 14 + /H81ZjeJOZjz2zj2zWvhy0FPe3NVDEPMqRKr6JJBFOwt0qc9VA 15 + --- D7T90tboraTMpEN/jAE1Bu+j+afdCHptWmJRjVTEz2k 16 + "�3WBv@��n)42�j��|�Bp��!7M�+ʋ��F�f�C�D&��]�!��O��x^�F��rB��||�73h��L��X5wI

secrets/rekeyed/pc082-cheina/3a4950c9424dcdb01f7a9300984d0154-atuin-key.age

This is a binary file and will not be displayed.

+15

secrets/rekeyed/pc082-cheina/d3a5e341a3b2e26748a0853ea1587fd0-atuin-password.age

··· 1 + age-encryption.org/v1 2 + -> ssh-rsa EE65jg 3 + SEUEsKulxuOMviFskL29iVTr1KW6GXTMLFZQhGGDmO4SliqaXwfBRUh3ltHGEEuA 4 + C9l0dgjnFS7iH0JoQZmOlbA3IJ8J+1Y0k6lnWLfSKB4V8hh94HNDklAnonWZJ+Ul 5 + C8iNiILlhZNYar16t6l2trqvIA8lhwEqWWu/z6UNjwRtgmGa+lxk6zQvnshBzv+m 6 + R16SbSjDBvnPAwMWPmU89jFvnkhsm2+q8kgDsrBX2m+7EpqK/7WKCvWE0XvVgs+2 7 + zdBP0dSEWD3Na6kTHxT7UM8o0Xsdbt2DzzkRI2R9HsbwMv1Ry4U+hRMXo9y+krr3 8 + Sdfp4rYq5t4+sjjlzT09/aPdC9crN/aL7nwPmZYNWHVr2L6zcD0/QdH0WyV4PtXq 9 + w5ZrvLallYpNB0Rq+V/WbE2/nAPxH97N4jtgjglqyLVIOMSCHxI204FVrx1QyX7r 10 + Di5Hh5xuAPV7M10kYuQgyuHZ59NV3cYQlHAYzuvGgiiEHgJwFQAHY/V5fHu8UPdo 11 + 12 + -> I-grease yE4Y;S h)'w wq 13 + Qpvv2Py3j766s81Ewb/1wxiFVPvBjlRqHU79Grv8k0AK+u9ld6I 14 + --- GdFBe5oeQRursjEbrqm/3Ma6Vfam2sLwnOgMO0Lr7zg 15 + ��_��]��g��z�:u�cp��v�l�;�0��a�o��'��gnx ��#�8�Ї-��N �j��>�s��|:<�m��ܿ��<MW ��ڈ/ך�J�#B��_�RZ��S

+9

secrets/rekeyed/raspberrypi/112f3b76f728ad9c47ebbe0b0454823c-user.lpchaim.password.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 7Q9N6w Gl+tUPC2cAE7WHZ9vcJ1v5HFr5asjB46NzFkgc6VbUc 3 + /KoIZ2HgdeTem65oU0r3jEwkhfl8LqUQ1gtBJ/rhMQo 4 + -> D8qK-grease ~J^ 5 + 8znWPj0rhD46wr+2lsk9EfqFFu4eBCPUyRpjoPJ1ZaE8oSRT5SUlutnp7bUrEeuZ 6 + N9wf14ffGeQh/3SayVSV9mvwoVInTLT16N1q9WyCo3WaUUlbOQQ 7 + --- Cts48uwAud8aUmwvk1WfOHYNkWRPUfR9J3upRVCluCg 8 + Q�8��1��r-��pZ��[ɼ'^�g9y��$�D��z��P@�c�V2e �K�9�[��{��%�,{9?� 9 + f�X��P��m@

+8

secrets/rekeyed/raspberrypi/2b0fef94f833700897a85aea61f2b7ff-atuin-key.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 7Q9N6w 3SMy/L4HwR+UAnb806dOMEZZdsV9rFRDLNBI47IsfCM 3 + x3iUOXK3i8KobLTHPwC7lqun349k91bgFWOJt1sTjyU 4 + -> /GK=.Ot-grease =X glI6 ?** e$[UHWNP 5 + /TswQ+LqjbF6qg/S4+dq7FNLndQrIo7pEZ57dkmc9zHOJNMYphfO3qoC8FuVMn3x 6 + 3eVYrv6Ij82y9MWIDbrWdoh5198UZFvPy9ogWFNtjxtU6Cm9pl9OVrOdqA 7 + --- zVIVUAvBQTX7AHBzSUH9Z6B00hasFM4xvGPBmQJ0/So 8 + �E��ϞxS`�`B��J��e��9��Hh�vV�Y;TokR�F��qJe{�(;B`��V��Z�Cy��t)�4�D�z9e��1�H�}fRN�3�Q�(�m9�>��#��a~��q&s�s3�?ʫ��ۿC�l�5�9h�.� F�}��

+8

secrets/rekeyed/raspberrypi/7232a8f6a2fc258876fa4d2e1ec1d8e8-atuin-password.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 7Q9N6w 2/ePx4S284SB1gT5OJM0AA8J5pGycOD27Da40zGRaAU 3 + hyE6lTLOtG5D/HHo0B24SsfrF8rPip6tkJEW4V19KsU 4 + -> 7sn-`.-grease S >= MI\TM^ 5 + qmx0n7QbGdl8WODZvKUi4tAJx9dloaRVGJToTCJ0umJLAOHE2vxe 6 + --- jxNAx5w+CrYlNQGp4jVmymfxVliMT7+dIi4j9fLd6+M 7 + ��NL|�q.0��ҵ�C/�1.��X]9��c_��p��o� s�]c�m��㛊��:w])mo�}�x��Mڝ� 8 + oS�?�!(�Eq7��(��d�y�=j�e`�'� M��o� �o

secrets/rekeyed/raspberrypi/9a5085ce424755d2a3048a8e43f8b403-nix-extra-access-tokens.age

This is a binary file and will not be displayed.

+9

secrets/rekeyed/raspberrypi/aec123d2d994452a929f46a9f3328ad8-tailscale-oauth-secret.age

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 7Q9N6w NXgfB328+a9nMohLNItW/yF3MQWEx8nQrJj6vGOydhY 3 + uyfBgb7pmygptL/1qpZOuvPwQ8WqjK0gWI5uYj84j0g 4 + -> IXbg~o8'-grease 5 + pBlPftSQDw/3SXNQyMBZAfvJF4Y151TQZMKiDryH4+WHu0G2uRLrye5DqGhbeNNO 6 + w+bURiSKXg 7 + --- Edv9UQJzFK8DBVE0SJkeotu3qieCrXW56WD9VfxFsAI 8 + ��?��w:�=ǚ<�Ĳ��k3Rf�Q��Y=zx��YGA�d�$��rc24z�B�V��4�b��y�~�� G�{�I�W�T� 9 + ^(�p��m=wй

secrets/rekeyed/raspberrypi/df6b34c90fcbdf12dccd55c27804ca79-user.emily.password.age

This is a binary file and will not be displayed.

secrets/rekeyed/raspberrypi/f042f14639e0c43ecfe76cf43e72f600-u2f-mappings.age

This is a binary file and will not be displayed.

+9

secrets/tailscale-oauth-secret.age

··· 1 + age-encryption.org/v1 2 + -> piv-p256 0D9K1g A4iPqYikWrbYFNvVzW2gs2GfhoQIpEfc9DilhCiCctjr 3 + q0um7wfdAWFrd0QVSIL+gisBMZS1wbyV4W4ZDSZlQlQ 4 + -> piv-p256 4lCx1w At8o398WWqIoKdZQN50CjmW3naIjvNSjn9H80e6Q43y1 5 + VPz3s9+ZwdAOYA06iRmyWYeQ7/qfx1S/b3egVBRigAw 6 + -> zw4[q-grease 7 + k7YR8Hxmq5pTcBexkqS5mjiZ4DpVdp+ixaU9HCYdQYAXRtqvrQ 8 + --- caOeKMw+a4Vw6C/a+0DfVBrZ1W0XeX4wu1pfKNZSqC4 9 + g��}2�+��J*`�^�\ႺKnҊ�9�QiI$��3((��lf��4ܽ�mp�k�R��OX�vU��fP{A��݌@��d��۪E˖

secrets/u2f-mappings.age

This is a binary file and will not be displayed.

Configure Feed

Configure Feed