summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--hosts/atlas/default.nix9
-rw-r--r--hosts/default.nix19
-rw-r--r--hosts/p-body/default.nix9
-rw-r--r--secrets/hosts/atlas/atlasPassword.age (renamed from users/_secrets/atlasPassword.age)0
-rw-r--r--secrets/hosts/atlas/binaryCache.age19
-rw-r--r--secrets/hosts/atlas/clusterToken.age17
-rw-r--r--secrets/hosts/atlas/rootPassword.age15
-rw-r--r--secrets/hosts/atlas/secretsJson.age20
-rw-r--r--secrets/hosts/p-body/binaryCache.age20
-rw-r--r--secrets/hosts/p-body/clusterToken.age17
-rw-r--r--secrets/hosts/p-body/pbodyPassword.age (renamed from users/_secrets/pbodyPassword.age)bin666 -> 666 bytes
-rw-r--r--secrets/hosts/p-body/rootPassword.age14
-rw-r--r--secrets/hosts/p-body/secretsJson.age19
-rw-r--r--secrets/secrets.nix24
-rw-r--r--secrets/shared/rootPassword.age (renamed from users/_secrets/rootPassword.age)0
-rw-r--r--secrets/shared/sethPassword.age (renamed from users/_secrets/sethPassword.age)0
-rw-r--r--users/_secrets/secrets.nix12
17 files changed, 193 insertions, 21 deletions
diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix
index b8133a1..35692bf 100644
--- a/hosts/atlas/default.nix
+++ b/hosts/atlas/default.nix
@@ -42,7 +42,14 @@
};
services = {
- hercules-ci-agent.enable = true;
+ hercules-ci-agent = {
+ enable = true;
+ settings = {
+ binaryCachesPath = config.age.secrets.binaryCache.path;
+ clusterJoinTokenPath = config.age.secrets.clusterToken.path;
+ secretsJsonPath = config.age.secrets.secretsJson.path;
+ };
+ };
};
system.stateVersion = "22.11";
diff --git a/hosts/default.nix b/hosts/default.nix
index 11f0046..0aa47a3 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -16,9 +16,8 @@ with inputs; let
age = {
identityPaths = ["/etc/age/key"];
secrets = {
- rootPassword.file = "${self}/users/_secrets/rootPassword.age";
- sethPassword.file = "${self}/users/_secrets/sethPassword.age";
- pbodyPassword.file = "${self}/users/_secrets/pbodyPassword.age";
+ rootPassword.file = "${self}/secrets/shared/rootPassword.age";
+ sethPassword.file = "${self}/secrets/shared/sethPassword.age";
};
};
@@ -93,8 +92,11 @@ in {
age = {
identityPaths = ["/etc/age/key"];
secrets = {
- rootPassword.file = "${self}/users/_secrets/rootPassword.age";
- atlasPassword.file = "${self}/users/_secrets/atlasPassword.age";
+ rootPassword.file = "${self}/secrets/hosts/atlas/rootPassword.age";
+ atlasPassword.file = "${self}/secrets/hosts/atlas/atlasPassword.age";
+ binaryCache.file = "${self}/secrets/hosts/atlas/binaryCache.age";
+ clusterToken.file = "${self}/secrets/hosts/atlas/clusterToken.age";
+ secretsJson.file = "${self}/secrets/hosts/atlas/secretsJson.age";
};
};
@@ -125,8 +127,11 @@ in {
age = {
identityPaths = ["/etc/age/key"];
secrets = {
- rootPassword.file = "${self}/users/_secrets/rootPassword.age";
- pbodyPassword.file = "${self}/users/_secrets/pbodyPassword.age";
+ rootPassword.file = "${self}/secrets/hosts/p-body/rootPassword.age";
+ pbodyPassword.file = "${self}/secrets/hosts/p-body/pbodyPassword.age";
+ binaryCache.file = "${self}/secrets/hosts/p-body/binaryCache.age";
+ clusterToken.file = "${self}/secrets/hosts/p-body/clusterToken.age";
+ secretsJson.file = "${self}/secrets/hosts/p-body/secretsJson.age";
};
};
diff --git a/hosts/p-body/default.nix b/hosts/p-body/default.nix
index 1f598e8..5b7be66 100644
--- a/hosts/p-body/default.nix
+++ b/hosts/p-body/default.nix
@@ -108,7 +108,14 @@
# };
#};
- hercules-ci-agent.enable = true;
+ hercules-ci-agent = {
+ enable = true;
+ settings = {
+ binaryCachesPath = config.age.secrets.binaryCache.path;
+ clusterJoinTokenPath = config.age.secrets.clusterToken.path;
+ secretsJsonPath = config.age.secrets.secretsJson.path;
+ };
+ };
guzzle-api = {
enable = true;
diff --git a/users/_secrets/atlasPassword.age b/secrets/hosts/atlas/atlasPassword.age
index 18d5bb5..18d5bb5 100644
--- a/users/_secrets/atlasPassword.age
+++ b/secrets/hosts/atlas/atlasPassword.age
diff --git a/secrets/hosts/atlas/binaryCache.age b/secrets/hosts/atlas/binaryCache.age
new file mode 100644
index 0000000..688a845
--- /dev/null
+++ b/secrets/hosts/atlas/binaryCache.age
@@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBkM3FQ
+UXJ0dCtLMFBZWmRRWkdPdG5LVmdJeWs4bk9JcFJvK0FmcW0rOUVZCjA0cXNEUmN5
+cVJhdGJYeVM3cUFSdSsvVTBhempHREQ0c21XOGxQRGJ3M1kKLT4gc3NoLWVkMjU1
+MTkgbFdJVUZRIFBNMVY0QzdlamN0NmZ0SGE3SmIvcU5CRTRTMWs1QytNV0NwaDZO
+OVZwRG8KSlVjL0FiUCtXT2pUV0ZIbnZYcEJ1dVFONjhHdWNOaUhVd2dQTnVrVHhw
+QQotPiBzc2gtZWQyNTUxOSAycm0zd2cgRzNyNzVpWTFMUXB4QVZMc1V3dW1HcDN3
+UXQxU3MzNFg3bWsxRFh3cE53bwo4NlI4ZFY5K3UrMG1vMmpLeGxEREJPWUpSUGxN
+a2pUTjgyblVHUTUvamNnCi0+IDVvLWdyZWFzZSA0ZVEyR21eJwowSDlUMHRPMGVB
+NHNuaWo5VkF5RG90RUZqNWsKLS0tIHJ1SVErK1BVL3pyU2pMWFN4Y01SeUhnaTF0
+eGx4L2JvQTMzeUg1SFllR3cKFtQfIi8hRcQUmWg1JY4EJFkj4PQSsp4TAKKsAwLg
+NkLj6jNk7BuamnzGwJd/KQQDKDG1BX4bEL6k91OqMJFQlky7//gKEh1PjlU5qrUS
+HkFA5T/1RF+unLMAkhCLki2AXNsZr8L9hovEsw4xobFe954SKbvSZ64mn/Tnz/eD
+ehbYhpRT81NTyKWjA5sOGlSxKZuet/BRCXdB3SZRjnif0sTJPXwXw77nYus2ys1A
+L9/PdVCEVNBbuBLpTrkFdhM/iGvn+dIkevizjiFFgprUhNyWGLjr2bviMJQs0dXt
+k7v/z3koGVFJYatsPos0i0dbtZlbWEYJdvKoDv+ZojO9LNOH7vt90Lice2kP8dcE
+tYuGnw16XB60dmyJs4NVXov288LNSfRHAwk74t9FYUzq+UrTwIFQpaTFPedKj7Bm
+Ak2hBE7ZQ2s/sygbqjEgFkIE5t7giSZVPqLCvCc/QXObaik=
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hosts/atlas/clusterToken.age b/secrets/hosts/atlas/clusterToken.age
new file mode 100644
index 0000000..084c6e4
--- /dev/null
+++ b/secrets/hosts/atlas/clusterToken.age
@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBDSGhi
+VW9ETGZucUVWUys2V1B3T0FCcnNCVnMzMUJNVXhRQmhwRTBEbzNFClRzZ1RxUSt3
+ZFp6TmU5VlhjL2R2SkxRTnhxbTh0Mi9PZWlBTWlUUXAwSnMKLT4gc3NoLWVkMjU1
+MTkgbFdJVUZRIDFMbGZNRG15Q3RhMTcxV1BzQ3Nib2ZER0xwWmtoaFlrRnExMTl4
+dmsrU3MKajRuNEpOeUk0aGcrMENRbE5jUVhrQzdmYm9Fb0tkR0NqU3lLeFlWTEtW
+WQotPiBzc2gtZWQyNTUxOSAycm0zd2cgTWtoRVNWeG5BbFpZdFVqRWhtd1VHOWVZ
+d0dEdkhZRStJWUFXY3g2R3hCMAp1REJtblpneENTWEtQRVV6OXF3ZUtDb2VEQm54
+alhhaW5ma00rTm1nL0tvCi0+IC4wXXItZ3JlYXNlIF8tOyBRfCBXQWNwRltjICQo
+a34zWDctCgotLS0gQnZ3WkllM1dzMzJQZmF4WlVBMit1cTBYYVYvdXdwVzZldFlZ
+OUIyNldTMApW6XDdIQruISaX8BTwnqWRbSKtMzKY+LsGJZSqwZbCoKGT8jf6TNG0
++0aHt5mz/HjomPVjNb2dTVUH2eR5pYYo2dKcRgUU6GFzWpUInIG7aaijZlAGkTnR
+UBuCVbbwDyh6D+8zNGmlgyFiWaP/1coF0NHAh/RkbxteN9qySL/nYlHnS8KNW8si
+pPhvZDhYUKzTQRtO+RCimWJuQqYaTkgqMVDd6K95pnyZbvbIDjZf21gB95AXwzVN
+Adrn3eTc3lVxfZo7cuIMM95ckDaW5kCgsI/5QbFlxujqqLn9XMdyiYr0YbsDyQAa
+lb0jIHWH9niuSGdimpcE/fhYvT6nvn/1vhjnGRztn7bziheT
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hosts/atlas/rootPassword.age b/secrets/hosts/atlas/rootPassword.age
new file mode 100644
index 0000000..0509923
--- /dev/null
+++ b/secrets/hosts/atlas/rootPassword.age
@@ -0,0 +1,15 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBaZUpK
+bHU2amZKMzRPNWF6OHRzSGxFdndzMDc1a3U3cUwzWDNNY2IrTFIwCkxNQkRkM1BL
+dk1KZkhncFJEZWg3Smp4bmU0NUI4K2hMSFVybzV2WEo4RDAKLT4gc3NoLWVkMjU1
+MTkgbFdJVUZRIHlNMlp6bnZ2aWMweGEyZitVbUVocW5TS1Vmc3JMTER0K1FCeHM3
+VWdqUlEKZml6MWtlNjRtak5hR1FyZ3d6SmcvWXJzMjZReGtQWTJhNjh1Vm1SSWFD
+WQotPiBzc2gtZWQyNTUxOSAycm0zd2cgbGF4bXh3NlFDQ0NTYTh0Y2F2cXBqRzRS
+ZEU0enpzWXhUcDVVNWt6WG8wMApSWlhsVjF5N3RTd3RxMnpIRnhBMW1HZE1pekpl
+Q0ZwYXo0M0YzamNPUlYwCi0+IDhLT2IzPC1ncmVhc2UKQVZoNnF5UmJlQ0J4Zkdw
+RnYrM2JiQXFSa2VGM214bmlzK1NUaDdxWUVTVGFvaTRUCi0tLSA4ME1FWUZ1K01z
+cnNVMlNMMUR0WXl6VTI1NS82Z0FwM3hBUkxrVUR5b0pBClTcKsQuX5q7SzlE81KK
+pHCO8ZEJgYYums7afVhiw8Ut9QRYa++/tc9UGTcGShz2LF91V190Rv12c7u6szD1
+BEY3/vDplQIb4ZwqQzCCq+zIm4YRm9+VIjrfw+n/fdq6hpuUWlCnAhnf45SSnEio
+rrYRDHQ4OoI4rOxS2xNZjRz7OBqoiL3veCB/Gr0=
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hosts/atlas/secretsJson.age b/secrets/hosts/atlas/secretsJson.age
new file mode 100644
index 0000000..661858a
--- /dev/null
+++ b/secrets/hosts/atlas/secretsJson.age
@@ -0,0 +1,20 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBtVEwv
+WE1XdTBHWnlCWm5mdTlJMnozZUwvWlQ1QXhLRmVMaU1UQ3RZcWpnCjBjRkt6NnhF
+SHUzTmJ0Kzg2aGVhL0hZZlBuRTNYTWZYeVQrZGVYVVgzQ1UKLT4gc3NoLWVkMjU1
+MTkgbFdJVUZRIDFsaFl3Tm1QNGJMbHdqbXRneUxmZFBXWVdkUVJ1TlYrKzcrclVy
+aXBkVFkKRmJZZXQ5NVB5c1NHZlNzU0YrZmUwUWVsdmJFWmdNZ1VBdkdIMlpaYm1M
+UQotPiBzc2gtZWQyNTUxOSAycm0zd2cgaWV2aFNITzJHTlV2dWo0cjhaQU55dHU4
+UVRhUEl6aUdpZlNmL3J6TFlRWQpHUHJhMUpOVTNiSU1nRkNYKy96R2hRSnlObzh3
+S3R0VCtRcXpRckdQVWxJCi0+IGxjO3ctalQtZ3JlYXNlIDJINCBSLk1CWSwzIC43
+LnhbeyBMCmhyZEFsTnk3ajFBR2dMWEl2UlBTMjNLZ3dGN1NHQ0pUTEZNa1o3dFNL
+THJrdm9hU3FZc1NxRjh6VDVzcnJpVQotLS0gR2ptcUNOeFU2cC9mWk81VkR3N0RD
+RDJDdTFSQTlzU29YNU00OTNKT1dVYwqKsKpFxIRRSzXX857VG9KnCK3AtyEv+Pj9
+hlcWScyY1Id4HjdISKExH+ybEqD5lF7tOKNJT4M6rIFHJnip1cYgNBD8WS8joXD3
+99Qmo98SP/x+0LhjJ/A/YPjtu9RcFmvBXP36y/3YCZOGcc6xc6jrzfGI9hTa+9lf
+pPLquxs8eME3Di0/u1l63pgX1Rqr07SU8kPf+D1ByQPQifECJJ39cipnEIg8mJV7
+2HLy0jxFV3FzVEYPCfOoBGfmqF4IUgZU6FDZ1AyS8ZJ12QD639FedgYEIYAH/Zz7
+BLIhXHDkU6JzOE4II7E9bWPAykofPlb1FdqD4WKAFXTSAmed68bLmYfwHfOuO6P3
+iv1zq87YLJaqe8b0ZgeqX0jEbsRdUURf9hFlSnHQXaW4owGVQU/JmlpOMpK47xNS
+yrWmaw==
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hosts/p-body/binaryCache.age b/secrets/hosts/p-body/binaryCache.age
new file mode 100644
index 0000000..19e40d3
--- /dev/null
+++ b/secrets/hosts/p-body/binaryCache.age
@@ -0,0 +1,20 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBQcklp
+cnlycDgyTnR1Sm0ybVBjSkRWRDJ4MFhDbFJCU2xCRmwxK1pYSWlBCmFvbkRHOU16
+MWJIMzVheTJTam9XRSs1d0c2RjcwS0h4L3NzQWl4cUh2anMKLT4gc3NoLWVkMjU1
+MTkgbFdJVUZRIEpLL21ncHdtZlVuSm1pTWJPR0M0OWpUMjlBTVh3NkwyMzhQa3Mz
+bDN0eUEKNWphbjB5dFk3WWpVZFJBRlNXL05KSGVsK3pXdXRMaGUxRk1uNXNib1F0
+WQotPiBzc2gtZWQyNTUxOSAycm0zd2cgQlRhdVV1M2hJNUZCc2pabmFCRVgrZGUy
+YzVUaXNWdHdiN2J2MlpNNnlpbwo0NTNzYWdYVlg5MEtvOE4rM3hJaUl5N2g3a0pR
+emU5SmdUSHhaTk5WZ3BrCi0+IDVsaTRCKzNRLWdyZWFzZSBMXFpLCkFLV0RqdEhV
+WG1QRnQ1VlFBODRYSmV5RU44M3UzQUxsMDhyRU56SFAKLS0tIDg0Vjg0dnJudnNr
+d2N2V2dIQjRYcnlzNS9RZXRleHhiNUZGK05sNHlTd2sKjVbalKa3CSoF71E1G8Km
+n9NcgkB1u2EOegbT+PPM7ik8j8RGu7KvKEHUEMgrTq0r4iy0QKfkrtWcrOA9ofy9
+OoVufNUVWdLEV4X8c4SfNSFvNKE2B/hsWFwG5jO+PQWlGLWB4xjcJ3wpMH/N8smt
+EHJipVuZX0YtXbovtCgtFtWD2+VFfG4P+5LCwH4qJuKpVMgu2efGeSmgLFhodKzd
+objXxM/k1FEYGuwEduXVd3BiE3lPPTHR8BChXgh0XhqhFoFGW0zBBo1o4pgTHL1D
+zgKes/T/MWP7N9V+DGLAky/z9AtDDYEcNiQe7ADIsOrU3zD1bkU5hOGvECUaHlqH
+CI1vywVkZMzpI7X4ulpR3+sCWFL6DY4sg6jG9EWx4+cf9TSLnv+RpAKPPDBgEIA4
+eO5RqlcjTGiOfNgnSf58R7OG6d79wzZVkzl+AQrrkE79Zzwm2DWU4aGmgWO7j2Z8
+ng==
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hosts/p-body/clusterToken.age b/secrets/hosts/p-body/clusterToken.age
new file mode 100644
index 0000000..73d617d
--- /dev/null
+++ b/secrets/hosts/p-body/clusterToken.age
@@ -0,0 +1,17 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSAxQlFo
+MkNwbzhSWmIyVHZiZk1wTnZlaFAyNVBxeDZSR3dwZjdSekxJL3dVCjZDTk1ZUzdY
+RXBpNHRsMVZIb0NxWU16MXQ1VGIwTGZwUmRNdzZ5Y3BCMGMKLT4gc3NoLWVkMjU1
+MTkgbFdJVUZRIE5SeFUyb2FMTDY4a3QzOXFWYWJJenQ3VmlYMERRcU1VV3NJNDR4
+eE40MmcKNEZUTXhkVEl5MkRueWpCUGx3NHNraWhJdFQyRWhvamNVNkxEZUNhL2FB
+dwotPiBzc2gtZWQyNTUxOSAycm0zd2cgcDNaaktLWnVSZitrdCtIZXRRSUE2d21N
+d0FkU3hmRXVxb2k5cWhqOHJHMApwSW5CZG9mSlRBZkNPQ2VTM3cyMmVPNEROUUlR
+cTZvcFUydzVwaGVFa1RZCi0+IFtZLWdyZWFzZSBoUlxQICZ4YC87OFV4CjNDQUY1
+NzlMZUEKLS0tIGFBRHp5dkZ6OUtVczNpaXllTnRBekVrZ3FUbXI3UXJETGVtRTJ3
+L3hocFUK6ywg9Q6adzKoyp/v/USlp35PYuZJwNNyBu5Mjb+npN9eO8s40WqCPwVS
+T9r8uf9S05wmOkZ+fBC0qjY4Y2uMc3GZFSyuGUgBq/0rppwbQiET8OFP68lmSTuC
+vv39gq6nBixqPMir2yo0jw1Qh/FwykFVRbz7KBSWcOmu0iKTqDzcjfTpsiWqNHoH
+rDIHZ1zbXD2g9LM/koSFWZkAHNigsllili8cKD/Tf0O2XrEl7VWgBAANZqUXH6zK
++z8LEfwprXRj5K0+yvo2WI+hid6AR3+C8UdC62OaSrT7CBqyuTWJqeqdGVxC1eM5
+ShxYuV7C2ztKCu/ya6wTy8woPecRAZtCKa07V0Mm4WUy9Q==
+-----END AGE ENCRYPTED FILE-----
diff --git a/users/_secrets/pbodyPassword.age b/secrets/hosts/p-body/pbodyPassword.age
index e11140a..e11140a 100644
--- a/users/_secrets/pbodyPassword.age
+++ b/secrets/hosts/p-body/pbodyPassword.age
Binary files differ
diff --git a/secrets/hosts/p-body/rootPassword.age b/secrets/hosts/p-body/rootPassword.age
new file mode 100644
index 0000000..cae76d6
--- /dev/null
+++ b/secrets/hosts/p-body/rootPassword.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBsQVdE
+MWFhV2t6L1VtTE4xbmtuV3hqVWZkbGVlQ2dYaTNacXV6dzRKN0JzCmQyOWJhenpE
+YTUrOUlwaUk1MjdUaVQ5OHYxaVpYNlBvalI4ckFOb2EzdlkKLT4gc3NoLWVkMjU1
+MTkgbFdJVUZRIE9xOWNBUmN4djBkVXVuK3lnRFRXSWUydXFQdHFraXE5U1l3R3Ji
+Q1Q0eHcKQ05UYVNIZFFiT1lSbUFXWkxhb0NWOE9xWGJ5cm9SaVRQeWdtc2ZXZENm
+bwotPiBzc2gtZWQyNTUxOSAycm0zd2cgNlV2MUQ0d0QydnQ0RFgxR2NOekFXMFg4
+cm92NlBQN2lkMGgzYTljbFJ3RQpLNEZ0bksyTkQzeG9WaWxWbjZXa3BSUW9EQko4
+QVVYVGQ2WkExaER5V0dJCi0+IC0+Ui1ncmVhc2UgbnV6IFEKSTZpTkxaZwotLS0g
+aWVBYUkrY2xlWW9DRFJvY0t1YzB3SSthQVIxZkFuMlovMGpueDJpemhwVQpDgugK
+gdxXmIddTydxuYpQ1ugW6QKrEvZQ3XQJOkcMYMgzv51I6/jxwLP/O6tQv7gyosVC
+d7BIwqG7kmpLt7dUt+YGHg5GAlAusZTRGY4FIU0n3qXMN300EFkqNrjwn4QoA6OH
+yhz4jPMLzk+32vd64Oylu/T59gkY1nxgsm+7LTaPq+B0BrwIdyy2
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/hosts/p-body/secretsJson.age b/secrets/hosts/p-body/secretsJson.age
new file mode 100644
index 0000000..019a3a4
--- /dev/null
+++ b/secrets/hosts/p-body/secretsJson.age
@@ -0,0 +1,19 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBmbENM
+VkRPb2Q1eUdFSjFVeGpNTm9mT0Nab3lpOHRaT3FpdnV5elpPQXhBClpmSjVTMlNW
+OHNYeGhGbEFRRFZSVGRBa1RZd1VnTURsQm5CNXhZUW9hZEEKLT4gc3NoLWVkMjU1
+MTkgbFdJVUZRIFhaWW9FblJ3SFREOUFSR00xZDc0NFNqdkxWNnFReHpKRk9uOUo3
+UWZoQWsKbXA2N0t3VG42MEZBanlHSkRjdFBzZE5YNkdPOS8xRGNvOXJTN1B1L3Fv
+UQotPiBzc2gtZWQyNTUxOSAycm0zd2cgYk13cGQrbi8rZWkzaEk2TzhWQVNNdGlm
+NXFFNWlqdFdTV2ovSkRtMUh6OAorVUlwZ29OYnpER0pRdDZPbzBuRXhiWVplL2RF
+cUJwd1hQaFJEYXFlaHZnCi0+IENIdmN9OHBULWdyZWFzZSAnYmFfVnNGXApTbXYx
+VGhlZFU4bko5YkZ6M2k5eTdzcHZjMVFwV3hHV3NKMkd4dWNDOGdlU3I2OAotLS0g
+VXdkQ2djUUpnNUtGSHlaRWlxWmpQcVpUVjFIOERSbGd1Vyt4ak1tcWl1WQrPIPcR
+RWUyNQeHQxxsp7lc+4N0LTMnnIsW531/hVEy0FRarRkseJoMTIL84OLhqSjlVxoZ
+/XOey4eFfTbJiP0h8r3VjB7ATFyi0w3lBFpH71dULuxqb4Xsz48Rtdu0JE0Qhdle
+Udl5kxHF5+ZRtN/vyaBFfVNRfGuiTj9DXqelmPyb5l8xYqi71Yap5LD/r4WenOBe
+qx53etdTsfOgeLwR4ULC42269PSJHAoMq92K7m3VZwQ0THsBiMyTNOWN3JkBYOIt
+IEkUkVkm6lhQsCbRF1CLQ6G7+tJy1Rt7Ibnx4TPtJ4hJ0878ZL2jTeYDgWJBk8x6
+lkaxEqjYollG7g0RvUxd3m+f0gdh50E68JF4LMmmxb+oP9BiTuCOp9jGXWwCBZXr
+qpIFmauExIjVIpzErG2yCcXze5fN24Caug==
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..0087acc
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,24 @@
+let
+ main = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5K+yLHuz4kyCkJDX2Gd/uGVNEJroIAU/h0f9E2Mapn getchoo-nix"
+ ];
+
+ atlas = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBA861lnShM2ejpzn9arzhpw33I4XdtULfZWhMp/plvL root@atlas"];
+ p-body = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAVieG9wj00Cz0Co7QYNkoTgfO+B8EO5vlZdfMvCHD76 root@p-body"];
+ keys = main ++ atlas ++ p-body;
+in {
+ "shared/rootPassword.age".publicKeys = main;
+ "shared/sethPassword.age".publicKeys = main;
+
+ "hosts/atlas/rootPassword.age".publicKeys = keys;
+ "hosts/atlas/atlasPassword.age".publicKeys = keys;
+ "hosts/atlas/binaryCache.age".publicKeys = keys;
+ "hosts/atlas/clusterToken.age".publicKeys = keys;
+ "hosts/atlas/secretsJson.age".publicKeys = keys;
+
+ "hosts/p-body/rootPassword.age".publicKeys = keys;
+ "hosts/p-body/pbodyPassword.age".publicKeys = keys;
+ "hosts/p-body/binaryCache.age".publicKeys = keys;
+ "hosts/p-body/clusterToken.age".publicKeys = keys;
+ "hosts/p-body/secretsJson.age".publicKeys = keys;
+}
diff --git a/users/_secrets/rootPassword.age b/secrets/shared/rootPassword.age
index a2e14b8..a2e14b8 100644
--- a/users/_secrets/rootPassword.age
+++ b/secrets/shared/rootPassword.age
diff --git a/users/_secrets/sethPassword.age b/secrets/shared/sethPassword.age
index 0fed8de..0fed8de 100644
--- a/users/_secrets/sethPassword.age
+++ b/secrets/shared/sethPassword.age
diff --git a/users/_secrets/secrets.nix b/users/_secrets/secrets.nix
deleted file mode 100644
index a8601cd..0000000
--- a/users/_secrets/secrets.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-let
- keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5K+yLHuz4kyCkJDX2Gd/uGVNEJroIAU/h0f9E2Mapn getchoo-nix"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAVieG9wj00Cz0Co7QYNkoTgfO+B8EO5vlZdfMvCHD76 root@p-body"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBA861lnShM2ejpzn9arzhpw33I4XdtULfZWhMp/plvL root@atlas"
- ];
-in {
- "rootPassword.age".publicKeys = keys;
- "sethPassword.age".publicKeys = keys;
- "pbodyPassword.age".publicKeys = keys;
- "atlasPassword.age".publicKeys = keys;
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-06 14:03:42 +0000