From 3f002d298d240a22d9294155f72b5ada9014ca56 Mon Sep 17 00:00:00 2001
From: Seth Flynn <getchoo@tuta.io>
Date: Fri, 7 Feb 2025 01:58:22 -0500
Subject: secrets: rekey

---
 secrets/agenix-configuration.nix      |  28 +++++++++++++++++++++-------
 secrets/atlas/cloudflaredCreds.age    | Bin 460 -> 460 bytes
 secrets/atlas/miniflux.age            | Bin 354 -> 354 bytes
 secrets/atlas/nixpkgs-tracker-bot.age | Bin 598 -> 598 bytes
 secrets/atlas/tailscaleAuthKey.age    |  12 ++++++------
 secrets/atlas/teawieBot.age           |  14 ++++++++------
 secrets/atlas/userPassword.age        | Bin 405 -> 405 bytes
 secrets/glados-wsl/macstadium.age     | Bin 709 -> 0 bytes
 secrets/glados-wsl/sethPassword.age   |   7 -------
 secrets/glados/macstadium.age         | Bin 709 -> 0 bytes
 secrets/glados/sethPassword.age       |   7 -------
 secrets/personal/macstadium.age       | Bin 0 -> 807 bytes
 secrets/personal/sethPassword.age     | Bin 0 -> 470 bytes
 13 files changed, 35 insertions(+), 33 deletions(-)
 delete mode 100644 secrets/glados-wsl/macstadium.age
 delete mode 100644 secrets/glados-wsl/sethPassword.age
 delete mode 100644 secrets/glados/macstadium.age
 delete mode 100644 secrets/glados/sethPassword.age
 create mode 100644 secrets/personal/macstadium.age
 create mode 100644 secrets/personal/sethPassword.age

diff --git a/secrets/agenix-configuration.nix b/secrets/agenix-configuration.nix
index d093d4e..e77bd29 100644
--- a/secrets/agenix-configuration.nix
+++ b/secrets/agenix-configuration.nix
@@ -1,5 +1,16 @@
 { config, lib, ... }:
 
+let
+  toAgeRegex = directory: "^${directory}\/.*\.age$";
+
+  secretsForSystemRecipient = hostname: pubkey: {
+    regex = toAgeRegex hostname;
+    recipients = {
+      ${hostname} = pubkey;
+    };
+  };
+in
+
 {
   rootDirectory = ./.;
 
@@ -10,16 +21,19 @@
     # Users
     getchoo = "age1zyqu6zkvl0rmlejhm5auzmtflfy4pa0fzwm0nzy737fqrymr7crsqrvnhs";
 
-    # Machines
+    # Systems
     atlas = "age18eu3ya4ucd2yzdrpkpg7wrymrxewt8j3zj2p2rqgcjeruacp0dgqryp39z";
     glados = "age1n7tyxx63wpgnmwkzn7dmkm62jxel840rk3ye3vsultrszsfrwuzsawdzhq";
     glados-wsl = "age1ffqfq3azqfwxwtxnfuzzs0y566a7ydgxce4sqxjqzw8yexc2v4yqfr55vr";
   };
 
-  secrets = lib.mapAttrsToList (hostname: pubkey: {
-    regex = "^${hostname}\/.*\.age$";
-    recipients = {
-      ${hostname} = pubkey;
-    };
-  }) { inherit (config.recipients) atlas glados glados-wsl; };
+  secrets =
+    [
+      {
+        regex = toAgeRegex "personal";
+        recipients = { inherit (config.recipients) glados glados-wsl; };
+      }
+    ]
+    # Map system recipients to secrets in their subdirectory (i.e., `atlas` imports `atlas/*.age`)
+    ++ lib.mapAttrsToList secretsForSystemRecipient { inherit (config.recipients) atlas; };
 }
diff --git a/secrets/atlas/cloudflaredCreds.age b/secrets/atlas/cloudflaredCreds.age
index f32edd7..668ff28 100644
Binary files a/secrets/atlas/cloudflaredCreds.age and b/secrets/atlas/cloudflaredCreds.age differ
diff --git a/secrets/atlas/miniflux.age b/secrets/atlas/miniflux.age
index cce2f80..a31f4ff 100644
Binary files a/secrets/atlas/miniflux.age and b/secrets/atlas/miniflux.age differ
diff --git a/secrets/atlas/nixpkgs-tracker-bot.age b/secrets/atlas/nixpkgs-tracker-bot.age
index d2d6014..e6e6c93 100644
Binary files a/secrets/atlas/nixpkgs-tracker-bot.age and b/secrets/atlas/nixpkgs-tracker-bot.age differ
diff --git a/secrets/atlas/tailscaleAuthKey.age b/secrets/atlas/tailscaleAuthKey.age
index b503be5..989cfba 100644
--- a/secrets/atlas/tailscaleAuthKey.age
+++ b/secrets/atlas/tailscaleAuthKey.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> X25519 rDjubkMrtgsenIbZWnBo6LPteH/5VgJRrMO3fDEv/U4
-7k/4HNphR3lff8W4NGFXqr36ukoncqkUAMT0MZ0SwcE
--> X25519 MPfJhkWNmLwlZUmbO/HaY6JpeJGYs4QUSzrgGmOPlF8
-6wNf7Lhe4Ye1T9EoHjmXNJ6ppehGrOdgPGp8ef//STE
---- ORUP0/In8Nzb8GMqQfCr4uX/k0Y+A1553ZhIoCelX2w
-‘á‘t¸É ‘:¨8¹0$‘Û÷¿û€”Š§	xËX¢u‘§(‡×ÒýŒ4Æ±0ˆÁ4%À×Ë`y?lÊ¯?ë±Ã’×HÇUF†Ï[ˆ¿Æýš¯üMIP
\ No newline at end of file
+-> X25519 xWKrUV5DsieV1vbwuEd3qP3dAsV/Cg+KXSPFX3ebIU8
+5gE9XJNByg0QUhuY/7k8OJ7MIOnl52meID1rA00MuA8
+-> X25519 wCMPvH96pfyxDUUv5Va4yWSj89/JZpNvJ7/yRcdn7Ek
+H5FsTQCJ/Yz+99a7brbiBYBc8MW2B0NFFClrH62Am/A
+--- 7ub7VxnFELGmODAwwjXQBZ6tzJRpD+82BCCBCIM4qeY
+jˆ­KÖØ¹QîŸ¹öìì©GøêF¨³Kþè·™¤]]¸å(¾²¡d\zQy\™ÓùùL^5¯·Â¨w§Sâ¹*'Kõ&oJ]_ŽÓâ;g¹4Ã¶jËRÇ§ß5Ú
\ No newline at end of file
diff --git a/secrets/atlas/teawieBot.age b/secrets/atlas/teawieBot.age
index e3a5993..b1268c9 100644
--- a/secrets/atlas/teawieBot.age
+++ b/secrets/atlas/teawieBot.age
@@ -1,7 +1,9 @@
 age-encryption.org/v1
--> X25519 7SjAgUFSP6j/wDZcE1UhOBUM8HIRVJqrl85InF4Tnyw
-6KjH2+D3fmThTlbrPwXykrsJCYDxt4GJwsiA6wu2hsU
--> X25519 156TFCfRmhwJhGQF7yuMpfluz2Ek13lxlRvU6s02f1I
-JySlxoSTd3U8s5UCLXFd7g+nBaFqfOtMgu/LP8kMQug
---- rWpBHn47XO1ZdGecMBHLSoKVEb/17stpmZmpVtvLP98
-l-j5C—›»Ý„ä?”§6%…ðëªˆ¯3H%¬eÍQòÂ.±N<Þù] …Î²”™g¢Âœšúg¶ìï(<Ã6ñS[a³1Q;+™@œ\Î£Qd™wK¯wå‹'¤{ecU÷'tD^%‚°ÙÕ7ˆ80Ç¨`ù²’«ÝWCnÚ¶žúÌÜ¿§¯aZÃàÑiánç™¬;^Ž²¨ño
\ No newline at end of file
+-> X25519 /hpB+FTAppwqqkqo0g2IsKh5++Rk3CRTZ6Qkdir5E20
+XquWPnH888hPs9nrqCNkNC+Hngyr88FAi4mh7aRpA4E
+-> X25519 hM6QZVgrEoKw/dhM0mmdiYdXymgE8l1YqP4DljJlaQs
+4ZCWLkXt2gjbDMP7VnUpvu/hrc81w6hzFpSIv6YsN7M
+--- H7BDKrz8o6tIe3iV7cMsXgNaMdy8I+Qvkvs1KnguzKw
+i3½šÞÌ¶@±ÈnåE7¹Þ.¥Y¬›‰û‘ö8æ:WÕÎ[+ŸXU:øÎølÄ?
+ð·G²ÄŒh~Çñ¨xd;ÎQ×­áˆ/Ç¹CCÂ‘{þ”;»7àY¯[Î"Ý$\ö<£»uLaÄ
+,=®A;*±öwALìë«Ñs¯$ÉŽ~È ÚïsÄ}ípp	ýŠx@Cý˜S±-çŒJO
\ No newline at end of file
diff --git a/secrets/atlas/userPassword.age b/secrets/atlas/userPassword.age
index c92168c..35b1526 100644
Binary files a/secrets/atlas/userPassword.age and b/secrets/atlas/userPassword.age differ
diff --git a/secrets/glados-wsl/macstadium.age b/secrets/glados-wsl/macstadium.age
deleted file mode 100644
index 326c901..0000000
Binary files a/secrets/glados-wsl/macstadium.age and /dev/null differ
diff --git a/secrets/glados-wsl/sethPassword.age b/secrets/glados-wsl/sethPassword.age
deleted file mode 100644
index 41ea2b3..0000000
--- a/secrets/glados-wsl/sethPassword.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> X25519 y6N+Uor4yjeiMFUIcjPB5e5XJQMxVWtajJTN6kL470M
-YxmZXuAZVdGE6v4LwDpf0+6CeswEGOpYKopmLXY/Fhk
--> X25519 Uv1KQ6CgPPke79T5krYLEmnBpHck2OOa1f+/Qr4bHQM
-Hq0WZ+BHdBW64zrp5L4DFQVZ3FU2Hsxozu1TXv+HyKs
---- CmCP2yUfxlo/RcgOoi2/vAQoXhBWanXsGXS6ZM0Jl6Y
-f[½ÂžÎŒ¹QKõgRï¼	U[­°—+ìvÚVç5ò¯³¼ tH©3¹Év1ÊLãNŽâ47‘í³5î9¢‡ò¬¹¨wœt8‚T4Ë$ÃŸÉvÛ½‹‰çž-.ž˜áž–Š³Õp>„q
\ No newline at end of file
diff --git a/secrets/glados/macstadium.age b/secrets/glados/macstadium.age
deleted file mode 100644
index daf1f98..0000000
Binary files a/secrets/glados/macstadium.age and /dev/null differ
diff --git a/secrets/glados/sethPassword.age b/secrets/glados/sethPassword.age
deleted file mode 100644
index 6a63753..0000000
--- a/secrets/glados/sethPassword.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> X25519 En7HJgEt2xD6tcUFuWy116ZxYcI2iNUrPh66Bht4Ph4
-I7MJ8NaS4mQ58oKLVzk8ZOo6xNG+icT9RxpfHopptMw
--> X25519 pkT2neg6e+UQwVXAjk6FHXe6YYVDOmfoLiCoPZeehnY
-iaDdTOlHdueiHvvTXv1HgWyi+L7ui22HMC94OKRv/AA
---- nRyzSaGnSyPNvoMR2d/BFECS7tHD89gWKA3GBCfmcvc
-ÚK¤Ó˜}YÚw-Lšç­+F·Ac`•‰%>fÁ7Ë—|ÑÏdêuBÔ¬‡·¦<õVãæ¹9KÏÚÿÌ”Èô`3Ü}+™fRUú˜À¹2oL„šæ¾—[¼Õ
\ No newline at end of file
diff --git a/secrets/personal/macstadium.age b/secrets/personal/macstadium.age
new file mode 100644
index 0000000..7d628a3
Binary files /dev/null and b/secrets/personal/macstadium.age differ
diff --git a/secrets/personal/sethPassword.age b/secrets/personal/sethPassword.age
new file mode 100644
index 0000000..0cff41b
Binary files /dev/null and b/secrets/personal/sethPassword.age differ
-- 
cgit v1.2.3