beginning of sops-setup

2024-06-16 16:04:39 -06:00 · 2024-06-16 16:04:39 -06:00 · befb789e29
commit befb789e29
parent 8096a7cd4c
9 changed files with 139 additions and 66 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,7 +1,11 @@
 keys:
-  - &primary age108r3re0uqhcqvrqsfc5mr2xd36e4drqulzgc7nzy59rkmpa87qgs0zjck0
+  - &users:
    - &devkey age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
  - &hosts:
    - &workstation age17jlsydpgl35qx5ahc3exu44jt8dfa63chymt6xqp9xx0r6dh347qpg55cz
 creation_rules:
  - path_regex: secrets/secrets.yaml$
    key_groups:
      - age:
-          - *primary
+          - *devkey
          - *workstation
--- a/base.nix
+++ b/base.nix
@ -1,7 +1,6 @@
-{ lib, pkgs, config, inputs, outputs, ... }: {
+{ lib, pkgs, inputs, outputs, ... }: {
  imports = [
    inputs.home-manager.nixosModules.home-manager
    inputs.sops-nix.nixosModules.sops
    ./modules/apps.nix
    ./modules/dev.nix
    ./modules/shell.nix
@ -14,8 +13,11 @@
  sops = {
    defaultSopsFormat = "yaml";
    defaultSopsFile = ./secrets/secrets.yaml;
-    age.keyFile =
+    age = {
-      "${config.environment.variables.XDG_CONFIG_HOME}/sops/age/keys.txt";
+      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
      keyFile = "/var/lib/sops-nix/key.txt";
      generateKey = true;
    };
  };
  home-manager = {
    useUserPackages = true;
@ -49,6 +51,10 @@
      value = "8192";
    }];
  };
  users = {
    mutableUsers = false;
    groups.piracy.gid = 985;
  };
  nixpkgs.config.allowUnfree = true;
  nix = let
    featuresList = [
@ -76,11 +82,17 @@
        "https://ai.cachix.org"
        "https://cache.lix.systems"
      ];
-      trusted-public-keys = config.sops.trusted-public-keys;
+      trusted-public-keys = [
        "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
        "nixpkgs-python.cachix.org-1:hxjI7pFxTyuTHn2NkvWCrAUcNZLNS3ZAvfYNuYifcEU="
        "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
        "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
        "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc="
        "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
      ];
    };
  };
  documentation.enable = false;
  users.groups.piracy.gid = 985;
  environment = {
    systemPackages = with pkgs; [ wget ];
    variables = rec {
--- a/flake.lock
+++ b/flake.lock
@ -39,6 +39,22 @@
        "type": "github"
      }
    },
    "master": {
      "locked": {
        "lastModified": 1718509596,
        "narHash": "sha256-TICZsFnndC7Um7T7v1wc5cXReP+tgDfQYnspJvzyNWg=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "c555d2ea4e383fd41e3d41dfd75fa19048207fa9",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "master",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nix-gaming": {
      "inputs": {
        "flake-parts": "flake-parts",
@ -86,34 +102,18 @@
        "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
      }
    },
-    "nixpkgs-master": {
+    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1717264137,
+        "lastModified": 1718478900,
-        "narHash": "sha256-A60ioNR5Y51tgKMVpzs/9QtmJ0r2hz/3ZUPsjVYVPRc=",
+        "narHash": "sha256-v43N1gZLcGkhg3PdcrKUNIZ1L0FBzB2JqhIYEyKAHEs=",
-        "owner": "nixos",
+        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "b5769881ca41f3ddb5b164ff034f4b068970c75a",
+        "rev": "c884223af91820615a6146af1ae1fea25c107005",
        "type": "github"
      },
      "original": {
-        "owner": "nixos",
+        "owner": "NixOS",
-        "ref": "master",
+        "ref": "release-23.11",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1716948383,
        "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "ad57eef4ef0659193044870c731987a6df5cf56b",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
@ -137,10 +137,48 @@
    "root": {
      "inputs": {
        "home-manager": "home-manager",
        "master": "master",
        "nix-gaming": "nix-gaming",
        "nixpkgs": "nixpkgs_2",
-        "nixpkgs-master": "nixpkgs-master",
+        "sops-nix": "sops-nix",
-        "nixpkgs-unstable": "nixpkgs-unstable"
+        "unstable": "unstable"
      }
    },
    "sops-nix": {
      "inputs": {
        "nixpkgs": [
          "nixpkgs"
        ],
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
        "lastModified": 1718506969,
        "narHash": "sha256-Pm9I/BMQHbsucdWf6y9G3xBZh3TMlThGo4KBbeoeczg=",
        "owner": "Mic92",
        "repo": "sops-nix",
        "rev": "797ce4c1f45a85df6dd3d9abdc53f2691bea9251",
        "type": "github"
      },
      "original": {
        "owner": "Mic92",
        "repo": "sops-nix",
        "type": "github"
      }
    },
    "unstable": {
      "locked": {
        "lastModified": 1718318537,
        "narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=",
        "owner": "nixos",
        "repo": "nixpkgs",
        "rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420",
        "type": "github"
      },
      "original": {
        "owner": "nixos",
        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@ -2,8 +2,8 @@
  description = "JawZ NixOS flake setup";
  inputs = {
    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-24.05";
-    nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
+    unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
-    nixpkgs-master.url = "github:nixos/nixpkgs?ref=master";
+    master.url = "github:nixos/nixpkgs?ref=master";
    home-manager = {
      url = "github:nix-community/home-manager/release-24.05";
      inputs.nixpkgs.follows = "nixpkgs";
@ -15,7 +15,8 @@
    };
  };
-  outputs = { self, nixpkgs, unstable, master, home-manager, ... }@inputs:
+  outputs =
    { self, nixpkgs, unstable, master, home-manager, sops-nix, ... }@inputs:
    let
      inherit (self) outputs;
      lib = nixpkgs.lib // home-manager.lib;
@ -37,6 +38,7 @@
          specialArgs = { inherit inputs outputs; };
          modules = [
            ./hosts/workstation/configuration.nix
            sops-nix.nixosModules.sops
            ({ pkgs, ... }: {
              nixpkgs.overlays =
                [ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ];
@ -48,6 +50,7 @@
          specialArgs = { inherit inputs outputs; };
          modules = [
            ./hosts/miniserver/configuration.nix
            sops-nix.nixosModules.sops
            ({ pkgs, ... }: {
              nixpkgs.overlays =
                [ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ];
@ -59,6 +62,7 @@
          specialArgs = { inherit inputs outputs; };
          modules = [
            ./hosts/server/configuration.nix
            sops-nix.nixosModules.sops
            ({ pkgs, ... }: {
              nixpkgs.overlays =
                [ (import ./overlay.nix { inherit pkgs pkgsU pkgsM; }) ];
--- a/hosts/workstation/configuration.nix
+++ b/hosts/workstation/configuration.nix
@ -45,6 +45,8 @@
      ffmpeg4discord.enable = true;
    };
  };
  sops.secrets."private_keys/workstation".path =
    "/home/jawz/.ssh/ed25519_workstation";
  networking = {
    hostName = "workstation";
    firewall = let
--- a/jawz.nix
+++ b/jawz.nix
@ -1,7 +1,18 @@
-{ ... }: {
+{ config, ... }: {
  sops.secrets = {
    jawz-password.neededForUsers = true;
    "private_keys/age".path = "/home/jawz/.ssh/ed25519_age";
    "public_keys/age".path = "/home/jawz/.ssh/ed25519_age.pub";
    # "private_keys/server".path = "/home/jawz/.ssh/ed25519_server";
    # "public_keys/server".path = "/home/jawz/.ssh/ed25519_server.pub";
    # "private_keys/miniserver".path = "/home/jawz/.ssh/ed25519_miniserver";
    # "public_keys/miniserver".path = "/home/jawz/.ssh/ed25519_miniserver.pub";
    # "public_keys/galaxy" = { };
    # "public_keys/deacero" = { };
  };
  users.users.jawz = {
    isNormalUser = true;
-    initialPassword = "password";
+    hashedPasswordFile = config.sops.secrets.jawz-password.path;
    extraGroups = [
      "wheel"
      "networkmanager"
@ -17,7 +28,7 @@
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacerocdreyes@100CDREYES"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMkpeIV9G26W2/e9PsjBx3sNwPGoicJ807ExRGh4KjhW jawz@server"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation"
+      (builtins.readFile ./secrets/ssh/ed25519_workstation.pub)
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILgKVjMLYdE0u+96Y2RjTh5Pf8f4n0h3oMUG6728YGHw jawz@miniserver"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBEblxSDhWPEo33crSjooeUg4W02ruENxHLmmBqCuIo jawz@galaxy"
    ];
--- a/modules/dev/nix.nix
+++ b/modules/dev/nix.nix
@ -2,8 +2,6 @@
  options.my.dev.nix.enable = lib.mkEnableOption "enable";
  config = lib.mkIf config.my.dev.nix.enable {
    users.users.jawz.packages = with pkgs; [
      expect # keep color when nom'ing
      nix-output-monitor # autistic nix builds
      nixfmt-classic # linting
      nixfmt-rfc-style # linting
      cachix # why spend time compiling?
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -1,37 +1,40 @@
-hello: ENC[AES256_GCM,data:iaYMiyeUzmYeYKXpMwKRT28Jp614HKdx7fsQ7QZxzuYc9zHuh00esynLJcd//Q==,iv:pmJxr3zfAgnoL14/0CFFKjMCjjU2EniKhYJovPhI9pY=,tag:Zsbz4uawFKlMcVsG5iSviA==,type:str]
+public_keys:
-example_key: ENC[AES256_GCM,data:a/Xa+wgU0+hckjy/mw==,iv:fVXKaFJAefrx4W5LntLh0zSexICELVgL0GH+u8Nkns4=,tag:3l6eFHpmvMf3mPw0crpsOA==,type:str]
+    age: ENC[AES256_GCM,data:4QBeofS89uLroJ+7pOxfqSF0g4piPADFnTjdKe+M58Hnjhsf+tJmvaKPRri7nNuULpSnVSmNixCFAMwvtSpk5SCMOZwA+wylRjRof2q4XOKb2c4KBJXLeTI/FwkiBy8j,iv:V3T3MiaGGSgIGXRjMzhZ5mTdk3HNLhD79H//R6UnsTQ=,tag:ds2/t8FHC6e56Ky6dfYMkg==,type:str]
-#ENC[AES256_GCM,data:blkRYaXzJbMgAHcbGAT7NA==,iv:RzDaYK34wndqc8tWmMnbb/cijoM+slCFMCbAlIpMU+I=,tag:1+VLaYHikd2qr6HAS+/7hw==,type:comment]
+    workstation: ENC[AES256_GCM,data:PgP+gYBYYMO0cign5VJXzRyEtiBNXjc9R3kRKrKdDZQ0MvX+e4k1t46Ehw5v54Ab7u4ujMvUMaMtXXZPFQBpe/k9Rj/wusrAjHFqFafUiFHN/yt4kzzC3SinPheucbOMbA==,iv:s6ejL6MA4+PHQLqBdeUZKzHpHSFoz7UNTzPDY2x/e6E=,tag:Fv5INBFAQdEmcItpiNT56g==,type:str]
-example_array:
+    server: ENC[AES256_GCM,data:YptgfIUSpgaNPsS1Whxatfa1mWvOAGMHewS8A6ggkFpWurd545RnsCGy9CrdQLAxs4BMrjokFV6bvnsbI8ZzMMkyKcnVpi37BEgEsVz7SBMRd+ecrCrDLIuGeB0=,iv:dNKYCAKh4YvRNHNUnS+dxsZkNthPIpdHYHr9wkHkjtI=,tag:79uuNxxQKzVkTvGKSLp3eA==,type:str]
-    - ENC[AES256_GCM,data:p+8+4nOxubTUa4UdClY=,iv:DiBZKs/ppOtt8ctXJB9XFe1hirl50infq+QdQ1ZFavg=,tag:dqsE5MTsgFWRaox/6n/4dw==,type:str]
+    miniserver: ENC[AES256_GCM,data:3mBmzkjVvzbPDG8oqfi09k7B9UKFClwi5DZyioVNSEZ5ZGQX2N0xjuYp3zrupvQm4uetF3nJQXh/k4INC5ic+XDmgSOH3iqKrP4NMv3tzCeAKAogFyvZALvJkeKVvqzB,iv:W+NwmNzyYo0SBYywxP5eLtjQf9i25eevvfNmOoiOvQI=,tag:Qc3UE7ctwkhH/wAGEHsntQ==,type:str]
-    - ENC[AES256_GCM,data:NK9YAwFx0J/DtGuQ/Nk=,iv:ifrQsMlkdMU5qwec2B5XF3QMuYUB2U2wzeJt/GakIhA=,tag:1cOmYU3/gIk5rBST+h6Uag==,type:str]
+    galaxy: ENC[AES256_GCM,data:Gcc58vkJcyeFEdApgaTKO+ca9LuK1HrT0Q9NjOVcH0OM2mN4nLlJtRor/WDZBOFyQW6jd1GGvaRqO2UJ1kvrc7szPVsDOMMvZyWG7qrrG/FZWo3bTILIaGHBVQE=,iv:qXvMbSZjY1rkF6BIoP1fGw3pl3ZvwdRIkY52M86i1Xo=,tag:U3/jBPHtX5FnpIEWLyOslg==,type:str]
-example_number: ENC[AES256_GCM,data:8cHuCnIF0yIYAg==,iv:hOEsq9SxP8mLEEpqPISKKHomW62dr7aS3COUXRwW9LY=,tag:a7THeOCaocPMtWXhPshPuQ==,type:float]
+    deacero: ENC[AES256_GCM,data:IZv9Gcwr0B6IMMDOwQg6lEpzYu2T+PNTzqW6f01LslJP/6eF0Wj83g4KEel9dJ5wfmB4QGH+kgk/lEV2TxS/pE2GtAqP3kq5SQ8+ben4SN/8PMGmiePi6PKQ97Pl9NJb44GAW/10WdJThoeASQ==,iv:An8yiptzNsuRHPx4olqlSIXioi1ZuxP13NN7s4wpXZ8=,tag:T1VsoZZIygepdJgUo+vTgQ==,type:str]
-example_booleans:
+private_keys:
-    - ENC[AES256_GCM,data:xvwzFA==,iv:r4nQYEKz47MTq8kU04Yh7PDcxBzhdbxvjTTZlFrOEXc=,tag:PPCof/KCBDe1kESsnK9vdA==,type:bool]
+    age: ENC[AES256_GCM,data:0mWdTKWFvAuqt25+POw2eZMFLQNNyFhs4Lh9ZDL1X6KObrK4wDZa31n2Ugug684+jx2cqeWU/luRLz0zBUpbfbf/36cOuXjU/FX2wGpg+WZ8xwUNLSCXUnmufIwZqF4jwLEvU0HYTxMufH20KBqMZVZhWdvsiTL8fLqS5tOtph0+Yxrs7VpyQB7aSlkM4Mgc3IbtQ1CFcYe7BQNBekbR1EnB8qsoPFX/7qeLHoR941d6W11GbPSl0QdLX5UUEMdMbK8E4uMpOvVJUJzi58RcJnJJNc9lSWd7QJdxEgaSSqB28vS6PVC2vVcuL+Oq2/AO12BLIVBZPbcMkyG+EE8H/+TyEs+HoWYuuUB8yNCE87BxgOHoDDqT38wrtfIzeja00qF0/sQSP/w9uJWbnNNrOq6iPatK/+gbSLufzrgo0rw/Rdc02zegk4sLQEYkt7YB9gN5dQp8S21taX7y5tkLU1Mh8O08Pjonhu4tznH/yG06m/WFMB1ucP6YsHFXIze6fG4BG4df+um+qpNdTiykNcpNYwglXyP1kDWS,iv:/trMsiMCfwiV5Oh7xW4MJgCfiWZJkvU8h3KJcxXcABw=,tag:4kMb+DfRJAN5gcodhFCd4Q==,type:str]
-    - ENC[AES256_GCM,data:uPH/zyc=,iv:XN6e4CQtqwbmqw1UswQyrsQFmdgvIn8NXTJ0+b1j1Cs=,tag:NWD3rr0egicjpyu4gc0ZwQ==,type:bool]
+    workstation: ENC[AES256_GCM,data:AHNvGeoYMzUJePOpXlHiaJ/OEpWmadIRvfND+0kipNpHlfsVWM/+mGEhoABIf98vpNlPanRrfDYgkpatEUrw5L28oj214SreGS0S7YJiO383LRqbl5NsnYPwxwY7UdPGH5dSkKWHAlO8JKbDasLaCDO8VyjdzIkXalyha4DM6LcZMGM8UH86keyNImMgwdTDLwJoWiQ0AamYcaMqlWLBxMLMkoB5ug0ynF1FIAX1loBv+Ajd8JLUhHDYwA5jwKlS+4EgkoTk21I/7GbZ9sBpsnWIyvnzMuf2fyB1jjQ7cOzHBRc5mEDecrKKI+IuIlAY4MnQh91uTv+APi2abelurvnwIhsx/KaJW77Qc0i/0G1ucKFMwXE03OSLvNW3K5PHkK0Z+M4G/uoEDwM/0M81jz3yutgWmrxTQ/TAjNbt2Zk6x0a6CnwCdHGdoXGByiE316LIKDKziY29stEiLNWVnptq1yerj2lU1R46sXmqzWzL6b+VbXkaubT9JPifCIXB9V5LyUhwfc4HhSbuz9d5DV529aJq3tZh3kdzjT/PEs3H+XM8jKAGuLZV0tS/q/CLonBlps5DfC2S9/PodakEZDwA3igbM5enpapGv7we7LA=,iv:J4ktWtFHK0XRkg7K88fJJu7/JaSTqip+nIF9HUtMNDc=,tag:jwvttM2bicGBIgX9TmDeXg==,type:str]
-trusted-public-keys:
+jawz-password: ENC[AES256_GCM,data:jLChyJ7xysx3ceNoqS6sRzJ223te9RQFoUSupqSJTsuqcuUc/iR8rKswtFmbeKWBWrpYKEly/hdtlG4BPiYNjuwXB0FG+b34tQ==,iv:5RyglR1c5228FgiLWzdYXbSLk52OzcmYFrnTXL7ofSE=,tag:J1MDLWC1YMYCMwwoYBmhaQ==,type:str]
    - ENC[AES256_GCM,data:9xdBERP8TN2XbWoe21RCZeOKwiLj3dR5+0WZWi/PPq5ae6PZwa1xEroNb7MEvdrTsoXsGmaVZJenhPjr278cva9Lwtg=,iv:mjpt/5n1Yxu3r0Gnisv6LGpEBVEWiw1dvDJx3huk+VM=,tag:Z411S1ZDa800evWn+NofwA==,type:str]
    - ENC[AES256_GCM,data:cx6kiqaE3cya6teZF95W98CL3P6YX9KP+Y0PO2SyJ4dlyuYfReOXgi1Lp3RE0LgXJAuuSpptmdzRzAKHcBJjluoP8d32/iCr,iv:oFW2P0eQKX3/LgN7rrirPo1yS+DSYUJCazmaRiqSU+g=,tag:/098SARlH1Dlrpi/vS7MKA==,type:str]
    - ENC[AES256_GCM,data:bb9ZMY8TSkUBqNsQbO/fiBFYgshIiQRWsUGSSARcjCizSkk7HcgPyIa6cJv+iAH9LAY9IZaSIfsybq58qwk3Hg==,iv:rAtxfQOvpTmkxmUEMgOwrgtVnD7XPpux2gHXoYeiZig=,tag:EsFy6/+2oyDHneUbp3uH1Q==,type:str]
    - ENC[AES256_GCM,data:fA+bUj8qi7S7JtYZXmvfLZ43EFnRNQ+h+an0lZJzKxVZuMjDtX9+cya4L+dyNOkoxkaMVjkWKNHSNLU9KD1zdX2MlkmCMGS3XdU=,iv:fEtdIfAj37FtkF2fOOkbK6R9mdW4bmFvOvUUdKWRp+k=,tag:Ae/3O4oQbGT0HG+vZUzOOg==,type:str]
    - ENC[AES256_GCM,data:z7BwF2kncuzUXCYGPf6zhe0i/tXRBTHZBsIV2kyRRuO7AHLU1fiqES3tUKI8j5WHLB32X5kGa1AGCem1,iv:hVQUBuOqgxUmO7kiCaWabGm1ZwtXUFP3VqZIeHMatxM=,tag:nTWjPr0NyGvgT2reEzAmFA==,type:str]
    - ENC[AES256_GCM,data:iaC+cFrmyrizcqabPQy3DiVeiZokwTYRzXRnSdS0BNrA8lcLAbVzb5MEp0zSiUW4hxH/mL5k+gJ36Lf4M8I=,iv:ndkJ4Q9qRWBOQ0vE9rg3FSTlUwwbC5e8NFWop28PW6M=,tag:ude21JgSneGKMkPWcsNpuw==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
-        - recipient: age108r3re0uqhcqvrqsfc5mr2xd36e4drqulzgc7nzy59rkmpa87qgs0zjck0
+        - recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSEhOcXkyM3FXcEJRbkw1
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOFN6bHNqczB4Tm81WXhU
-            ejZJcjFDNk9ZTmg5M0pTUVlUc2ExV0ZXREZRCndyaGpxRVdHZXhqOUE2ekh3RzRk
+            bG1mSW02ZUtjVlBjOUd2bUZtVm04Z2hSWHlFCnNnMmNhZ1dLd0dqbGZlU3pGN3dT
-            eXlOWUFCeWwxakxGKzZZWFZUaE1id0EKLS0tIGpHdUQ1b2UxWjMybjlyV1NyTnBV
+            M3FraTRJNkZGLzJEbVo0VG8wR2RGdWMKLS0tIFBQNkFqSDBnUjQzTTljZ0hEMnpw
-            Y2ZFdmtweS9UMHNxc1pxSml2NkJ0UVEKJZXvR1tjkYAb82kOzAc4W6zQZY8NY7FN
+            cldxNWJQSzM5LzIwTDR0djVlTGFOcDAK7nBGyn0pUvWV7LKEIHe2g/qKeiybKXFI
-            h1AZx5rL3KoyX+Pu6EZmjctQT8UN96r3mXen8gxbmGEUmTDGtijnhw==
+            vT1/Tdrs3xNfU+aJiULV5ZhuPil7dqvqK7C5MU8BojnmTkIv4OaCFQ==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-06-16T03:08:02Z"
+        - recipient: age17jlsydpgl35qx5ahc3exu44jt8dfa63chymt6xqp9xx0r6dh347qpg55cz
-    mac: ENC[AES256_GCM,data:6tDrf1YDLkSn5Y/juT/E+U2ZBdwWX1qyKlV9xkeUtJ/5UCVP+/NfZEuWgMQmhzMz5dRyw/FI2i4R5XjUmRPPT0Z8gQ4fKkrOD+ck/VCTefGKmTsws3h7tRr/31N40DZDvIWyDnFxuMoIgSWl+hd4h9b4as8YcCXwZp1nbdXuDZ8=,iv:tOxOLAsmurLMBaPY9GI0Aerv2CyMokFj2AKHo9KEv/I=,tag:uCho6pBiv8esAruakujyKA==,type:str]
+          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsbnhNeDNpV2g5QWlkMitq
            ekYyeHUwQll2VG5KdWF6Vm1RcVNiK2UweEQ4CmhteVJoM1A0aDNUTWZWZ0pXa2lQ
            bHY3RkZvbEhFeFhoQlgxTlZnc2VJS00KLS0tIDR2RVUxMXpPSjhUSXB1MzRJU2o1
            NmJ1bytHaHVTMllpaGFPSXp6cTZ3RDQKJiLWu8UysNrYgelnmHmW6LFIciv4l5C0
            4kJ3POqsoSd3B3Hw7QrHxKElCsgZDCPW7nIPp2EXXrdGc4dINDAf0A==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-06-16T20:53:25Z"
    mac: ENC[AES256_GCM,data:lcftXZEgu311TaTt2zgGszQ68ka+dPQSJrGgmoCe3DCfzFQloN+OVHKRorqEaVmw0WrgFW090waQoPsrsc+zu0SwdoPMoDTa4XESFfZOGBCiOmwyePqe9utBdO0jjcbWp9MOwUebW47fK4snXRMs/cFziMQWokMeVAAm+bN5y+s=,iv:QP5AW/X4LnI1Jwm6pk344Uh7QPFCtAOLURqvrElFyTU=,tag:Tnx3s3GgeU3ZIIFT1cbsDA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/secrets/ssh/ed25519_workstation.pub
+++ b/secrets/ssh/ed25519_workstation.pub
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2wtsaMvfEUm//2YnFHyrc16o+TOXXBfIGPJ9nL8RMp jawz@workstation`