From 310eb896184182dd595eefb8f8e7cd5ced89ed90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laure=CE=B7t?= <laurent@fainsin.bzh>
Date: Sun, 19 Mar 2023 15:21:36 +0100
Subject: [PATCH] feat: gitea age secret + rekey borgbackup secret

---
 secrets/borgbackup.age | 20 ++++++++++++--------
 secrets/gitea.age      | 13 +++++++++++++
 secrets/secrets.nix    |  7 ++++++-
 3 files changed, 31 insertions(+), 9 deletions(-)
 create mode 100644 secrets/gitea.age

diff --git a/secrets/borgbackup.age b/secrets/borgbackup.age
index a9f97a1..1d68b46 100644
--- a/secrets/borgbackup.age
+++ b/secrets/borgbackup.age
@@ -1,8 +1,12 @@
-age-encryption.org/v1
--> ssh-ed25519 kZEpWw OQ8zlnVzqIh3FSryVBmqKzPDOatKrzDSR1Zm3BGL60E
-FtbNNvnoskcgLO4XIREMmV+HY1YNgmavSKCKiVpLtUw
--> ;MI-grease
-ArHYI+eu0R2GQyabN2Mr8nHC4LBU0xNZSl0hljMagNBtUGlwsTHvRBzTSVm6kcak
-c2Rbqz9/Zg
---- t1Xtn3Wg7yC30usQ+dSbwBlBcd0mMiWUeraj2HTZ9PQ
-„±BÌq«¤Kr‡Ž¤D±1ZßË6‘½x:IèáVàÿêúø÷¯ÀÃÕ˜)Ê\YÝtI(=ù˜†bÍ1JŸ¡QÀR”eVó}êÖv˜›fn(°U½|ÔiB>ýºAXÈ€v\X,²†¹&3OnleÞ4›îpá"ä-{ÁÞ;þ°®
\ No newline at end of file
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtaRXBXdyBCSFps
+YjhJT3l2NVMwUlc1L3laWmRoaHRjZUpzbFZyMXA2K3diZ1VuZWdzCktYa0V5Ujk5
+M2JndmxSMkZpZFZCN25uaVFDMk1aNDJhbmo4YlU1MVVMTkkKLT4gTGo+Ti1ncmVh
+c2UgWFVaL0cKTTJ6ZGpRNzVkQTdBL00rd1NIVFpwQkV5WmVPWWJLMWNlaE51cDVy
+ajVJd3VOL1pUSkxJVGJiejFQR3UwWFdQQwpqN2tTZzhWem85TGhEYmtRM3lKNHpz
+azlreEFvbFgwYWxJK0JxMGV1MUFlUHQ4dVppYUtScjZ5Vjl2N1VQa21hCgotLS0g
+bXA2YUxBNEc4NThjKzNKSXlNcEE5TE1DbWxoVUcxZTRLYXZrY1Rrb2cyTQqFtX6u
+I6xKT4GsVsZONMHURFyBrwC6f9nyDcZv7w7i+0WjpalP3k26D3pLbB4I3g5p3X8U
+A60vagUy20vBPYYh9P2dGsLDieGq6GRxQfwIXHkxZ+d7akAi3n+p5ltfJ2h9Zuti
+RRBKtnxVIaHp6TZjausCKVfvIXW540gQogiUjadPm7xt
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/gitea.age b/secrets/gitea.age
new file mode 100644
index 0000000..366aa36
--- /dev/null
+++ b/secrets/gitea.age
@@ -0,0 +1,13 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGtaRXBXdyBaTENK
+NGt2K1pRRll2cStROFJDT0hMVzVSWEJQRmErUHpVVndyQzBDUmlvCnhlREd3YWc5
+c09LdldNeXZwMmg2SlNLRXhrelVwNnRua3BHN2JLYWlyZE0KLT4gc3NoLWVkMjU1
+MTkgdjhFOVV3IE1acEhiTElpTzVQc3ExdkNVaG41SlQ2TXUrcTZJVE9Oc1hqRVNt
+clhMMGsKZ1Z1THRhZzZ3MkNHODV3RWllbzJUSk4xTk1DcGl2MzV3UFlGZXdZRldz
+VQotPiA8ODZhZjAtZ3JlYXNlCjJidUIrVmZ3MHdYVUlzdDl2VHIzK3BUWUQxOGVG
+OXFGMDNuY3VDTnNldEZjdlFQV2N2SUk1dkc2SnJ4b1ZXb3YKVzIrTVFxb1d0SE1X
+Z3hSK0x2MWMKLS0tIHFwemhyYmxDSEhCUk90TW1nSmMxYVE2ajJYOUpNVG54SHBS
+MWk2L01qMWcKhPYyts5zbaAtGuGVJpwReTxAj0iCR9Fqa3TwMzogeSEEZhyp3j3w
+Vc+RiCM/ykf4DqFg/Xiulb2H+3TN0lT40UF2VEHbSnZFvJDDR9ltVwubI7fq8C5r
+feA1+W0uQ7FDY4a+q1yjHcf47oirK6Q1+95hAn+Iq+koiEDP6TquTAWCaOIpMg==
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 193fa70..401d8c5 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,4 +1,9 @@
 let
   neodymium =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTvwXCT99s1EwOCeGQ28jyCAH/RBoLZza9k5I7wWdEu laurent@neodymium";
-in { "borgbackup.age".publicKeys = [ neodymium ]; }
+  hydrogen =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxh42mMYqftTU7WtfktZbkdMI07VuH7mhUv3m2Ca3fV root@hydrogen";
+in {
+  "borgbackup.age".publicKeys = [ neodymium ];
+  "gitea.age".publicKeys = [ neodymium hydrogen ];
+}