secrets: rekey

13 files changed, 35 insertions, 33 deletions

diff --git a/secrets/agenix-configuration.nix b/secrets/agenix-configuration.nix
index d093d4e..e77bd29 100644
--- a/secrets/agenix-configuration.nix
+++ b/secrets/agenix-configuration.nix
@@ -1,5 +1,16 @@
 { config, lib, ... }:
 
+let
+  toAgeRegex = directory: "^${directory}\/.*\.age$";
+
+  secretsForSystemRecipient = hostname: pubkey: {
+    regex = toAgeRegex hostname;
+    recipients = {
+      ${hostname} = pubkey;
+    };
+  };
+in
+
 {
   rootDirectory = ./.;
 
@@ -10,16 +21,19 @@
     # Users
     getchoo = "age1zyqu6zkvl0rmlejhm5auzmtflfy4pa0fzwm0nzy737fqrymr7crsqrvnhs";
 
-    # Machines
+    # Systems
     atlas = "age18eu3ya4ucd2yzdrpkpg7wrymrxewt8j3zj2p2rqgcjeruacp0dgqryp39z";
     glados = "age1n7tyxx63wpgnmwkzn7dmkm62jxel840rk3ye3vsultrszsfrwuzsawdzhq";
     glados-wsl = "age1ffqfq3azqfwxwtxnfuzzs0y566a7ydgxce4sqxjqzw8yexc2v4yqfr55vr";
   };
 
-  secrets = lib.mapAttrsToList (hostname: pubkey: {
-    regex = "^${hostname}\/.*\.age$";
-    recipients = {
-      ${hostname} = pubkey;
-    };
-  }) { inherit (config.recipients) atlas glados glados-wsl; };
+  secrets =
+    [
+      {
+        regex = toAgeRegex "personal";
+        recipients = { inherit (config.recipients) glados glados-wsl; };
+      }
+    ]
+    # Map system recipients to secrets in their subdirectory (i.e., `atlas` imports `atlas/*.age`)
+    ++ lib.mapAttrsToList secretsForSystemRecipient { inherit (config.recipients) atlas; };
 }
diff --git a/secrets/atlas/cloudflaredCreds.age b/secrets/atlas/cloudflaredCreds.age
index f32edd7..668ff28 100644
--- a/secrets/atlas/cloudflaredCreds.age
+++ b/secrets/atlas/cloudflaredCreds.age
diff --git a/secrets/atlas/miniflux.age b/secrets/atlas/miniflux.age
index cce2f80..a31f4ff 100644
--- a/secrets/atlas/miniflux.age
+++ b/secrets/atlas/miniflux.age
diff --git a/secrets/atlas/nixpkgs-tracker-bot.age b/secrets/atlas/nixpkgs-tracker-bot.age
index d2d6014..e6e6c93 100644
--- a/secrets/atlas/nixpkgs-tracker-bot.age
+++ b/secrets/atlas/nixpkgs-tracker-bot.age
diff --git a/secrets/atlas/tailscaleAuthKey.age b/secrets/atlas/tailscaleAuthKey.age
index b503be5..989cfba 100644
--- a/secrets/atlas/tailscaleAuthKey.age
+++ b/secrets/atlas/tailscaleAuthKey.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> X25519 rDjubkMrtgsenIbZWnBo6LPteH/5VgJRrMO3fDEv/U4
-7k/4HNphR3lff8W4NGFXqr36ukoncqkUAMT0MZ0SwcE
--> X25519 MPfJhkWNmLwlZUmbO/HaY6JpeJGYs4QUSzrgGmOPlF8
-6wNf7Lhe4Ye1T9EoHjmXNJ6ppehGrOdgPGp8ef//STE
---- ORUP0/In8Nzb8GMqQfCr4uX/k0Y+A1553ZhIoCelX2w
-��t�ɠ�:�8�0$��������
�	x�X�u��(�����4Ʊ0��4%���`y?lʯ?����H�U�F��[�������MIP
\ No newline at end of file
+-> X25519 xWKrUV5DsieV1vbwuEd3qP3dAsV/Cg+KXSPFX3ebIU8
+5gE9XJNByg0QUhuY/7k8OJ7MIOnl52meID1rA00MuA8
+-> X25519 wCMPvH96pfyxDUUv5Va4yWSj89/JZpNvJ7/yRcdn7Ek
+H5FsTQCJ/Yz+99a7brbiBYBc8MW2B0NFFClrH62Am/A
+--- 7ub7VxnFELGmODAwwjXQBZ6tzJRpD+82BCCBCIM4qeY
+j��K�عQ���G��F��K�����]]��(���d\zQy\����L^5��¨w�S�*'K�&oJ]_���;g�4öj�Rǧ�ߏ5�
\ No newline at end of file
diff --git a/secrets/atlas/teawieBot.age b/secrets/atlas/teawieBot.age
index e3a5993..b1268c9 100644
--- a/secrets/atlas/teawieBot.age
+++ b/secrets/atlas/teawieBot.age
@@ -1,7 +1,9 @@
 age-encryption.org/v1
--> X25519 7SjAgUFSP6j/wDZcE1UhOBUM8HIRVJqrl85InF4Tnyw
-6KjH2+D3fmThTlbrPwXykrsJCYDxt4GJwsiA6wu2hsU
--> X25519 156TFCfRmhwJhGQF7yuMpfluz2Ek13lxlRvU6s02f1I
-JySlxoSTd3U8s5UCLXFd7g+nBaFqfOtMgu/LP8kMQug
---- rWpBHn47XO1ZdGecMBHLSoKVEb/17stpmZmpVtvLP98
-l-j5C���݄�?��6%��몈�3H%�e
�Q��.��N<��] �β��g�œ���g���(<�6�S[a�1Q;+�@��\ΣQd�wK�w�'�{ecU�'tD^%����7�80Ǩ`�����WCnڶ���ܿ��aZ���i�n珙�;^����o
\ No newline at end of file
+-> X25519 /hpB+FTAppwqqkqo0g2IsKh5++Rk3CRTZ6Qkdir5E20
+XquWPnH888hPs9nrqCNkNC+Hngyr88FAi4mh7aRpA4E
+-> X25519 hM6QZVgrEoKw/dhM0mmdiYdXymgE8l1YqP4DljJlaQs
+4ZCWLkXt2gjbDMP7VnUpvu/hrc81w6hzFpSIv6YsN7M
+--- H7BDKrz8o6tIe3iV7cMsXgNaMdy8I+Qvkvs1KnguzKw
+i3���̶@��n�E7��.�Y������8�:
W��[+�XU:���l�?

+�G�Čh~��xd;�Q׍��/ǹCC‘{��;�7�Y�[�"�$�\�<��uLa�
+,=�A;*��wAL��
��s��$Ɏ~Ƞ��s�}�pp	��
x@C��S�-�JO
\ No newline at end of file
diff --git a/secrets/atlas/userPassword.age b/secrets/atlas/userPassword.age
index c92168c..35b1526 100644
--- a/secrets/atlas/userPassword.age
+++ b/secrets/atlas/userPassword.age
diff --git a/secrets/glados-wsl/macstadium.age b/secrets/glados-wsl/macstadium.age
deleted file mode 100644
index 326c901..0000000
--- a/secrets/glados-wsl/macstadium.age
+++ /dev/null
diff --git a/secrets/glados-wsl/sethPassword.age b/secrets/glados-wsl/sethPassword.age
deleted file mode 100644
index 41ea2b3..0000000
--- a/secrets/glados-wsl/sethPassword.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> X25519 y6N+Uor4yjeiMFUIcjPB5e5XJQMxVWtajJTN6kL470M
-YxmZXuAZVdGE6v4LwDpf0+6CeswEGOpYKopmLXY/Fhk
--> X25519 Uv1KQ6CgPPke79T5krYLEmnBpHck2OOa1f+/Qr4bHQM
-Hq0WZ+BHdBW64zrp5L4DFQVZ3FU2Hsxozu1TXv+HyKs
---- CmCP2yUfxlo/RcgOoi2/vAQoXhBWanXsGXS6ZM0Jl6Y
-f[�žΌ�QK�gR�	U[���
�+�v�V�5򯳼 tH�3���v1�L�N��47���
5�9��򬹨w�t8�T4�$ß�v۽���-.��ព���p>
�q
\ No newline at end of file
diff --git a/secrets/glados/macstadium.age b/secrets/glados/macstadium.age
deleted file mode 100644
index daf1f98..0000000
--- a/secrets/glados/macstadium.age
+++ /dev/null
diff --git a/secrets/glados/sethPassword.age b/secrets/glados/sethPassword.age
deleted file mode 100644
index 6a63753..0000000
--- a/secrets/glados/sethPassword.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> X25519 En7HJgEt2xD6tcUFuWy116ZxYcI2iNUrPh66Bht4Ph4
-I7MJ8NaS4mQ58oKLVzk8ZOo6xNG+icT9RxpfHopptMw
--> X25519 pkT2neg6e+UQwVXAjk6FHXe6YYVDOmfoLiCoPZeehnY
-iaDdTOlHdueiHvvTXv1HgWyi+L7ui22HMC94OKRv/AA
---- nRyzSaGnSyPNvoMR2d/BFECS7tHD89gWKA3GBCfmcvc
-�K�Ә}Y�w-L���+F�Ac`��%�>f�7˗|я��d�uBԬ���<�V���9K���̔��`3��}+�fRU����2oL��澗[��
\ No newline at end of file
diff --git a/secrets/personal/macstadium.age b/secrets/personal/macstadium.age
new file mode 100644
index 0000000..7d628a3
--- /dev/null
+++ b/secrets/personal/macstadium.age
diff --git a/secrets/personal/sethPassword.age b/secrets/personal/sethPassword.age
new file mode 100644
index 0000000..0cff41b
--- /dev/null
+++ b/secrets/personal/sethPassword.age