From a850dad99672223cb453d4185921ced36235771f Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kj@orbekk.com>
Date: Tue, 25 Jan 2022 08:01:38 -0500
Subject: Add agenix dependency and start working on borg backups

---
 secrets/README.md                |   3 +++
 secrets/pincer-borg-repo-key.age |  19 +++++++++++++++++++
 secrets/pincer-borg-ssh-key.age  | Bin 0 -> 1356 bytes
 secrets/pincer-borg-ssh-key.pub  |   1 +
 secrets/secrets.nix              |   8 ++++++++
 secrets/test-secret.age          |  21 +++++++++++++++++++++
 6 files changed, 52 insertions(+)
 create mode 100644 secrets/README.md
 create mode 100644 secrets/pincer-borg-repo-key.age
 create mode 100644 secrets/pincer-borg-ssh-key.age
 create mode 100644 secrets/pincer-borg-ssh-key.pub
 create mode 100644 secrets/secrets.nix
 create mode 100644 secrets/test-secret.age

(limited to 'secrets')

diff --git a/secrets/README.md b/secrets/README.md
new file mode 100644
index 0000000..812f206
--- /dev/null
+++ b/secrets/README.md
@@ -0,0 +1,3 @@
+# Encrypted secrets
+
+Add new keys to `secrets.nix`, then use agenix -e to write the actual key.
diff --git a/secrets/pincer-borg-repo-key.age b/secrets/pincer-borg-repo-key.age
new file mode 100644
index 0000000..5ae1ab8
--- /dev/null
+++ b/secrets/pincer-borg-repo-key.age
@@ -0,0 +1,19 @@
+age-encryption.org/v1
+-> ssh-ed25519 Yx9stw t1Oc7D3qbeobY+yggKoaMmU8tT1ShFdniNplpDyFCwI
+nCAHD6S5FSAdIYr3KoVaDc1UPQA+OhSX89iLu77qzdQ
+-> ssh-rsa xgQQbQ
+Ox6Ye5y7nmmYv2FWmhBT0SgzNsp7L3ft5ZAhzK6S12Mx9TOZstKx5ZkimPjAxJLp
+KWJHyXs5abrsaC386ux6h/d8OZcBrPGxHLULxDG23JEGBfnLkhV++j98y3Tt2jsq
+ptwF011h2+mMvxm+ZePQqhtZMJCi+Bb/zdN+ixqSXnTY+LyUJtyhQUFn0Grkulh/
+KX5PtaFG7EBoFox48ul/ImrO3scSHc1pqZnw4Dqi/Z/RyJ+kWynlUVbhWAFpzbuF
+zO0Xl+y4B0lQ7XD0mNW+lGYM1UhZDfjZ9ZHeeF5tEd11yRNYgghdK3zYOr6tsMrk
+7pupTbo6hqMHnv/hZe+PwM9U46aQ7JDI3dT7gZDDed1Wgnq148Va6iqIGm7A4Ngu
+XR1GhWaOo9zvF0AW23rPiLaLlBxztSH9Q64iIoTDPYmAPpodrkOU23hlceWkBwcD
+XWILOaPqHqh5+ibx2jTDFE5p4nO0Xg7UKYU2vD2Shc1ZszSIXvovbYl8KOIG89G6
+kCGJdwBDrE95tp5SJejcmOCSsO/keLr81F3+z0Fo0HUHRaUG5UH8Fzi8UbH79l1s
+MPJ6k5gGI63FskxkWyfN/NRogDUo6DzsfqCHu7A2dMWwv0OygBnwRU2TYmFKl2fa
+KiMsxm86CV99ZaAvGVJJA1gz6bgtWzCfAaWgJaPz3+o
+-> ,Gj5rN-grease krGDTh `!#Lp<
+Fg+PdtWhVgQCnYCxI0jGy04TRA
+--- rAP3GU3p0KdGOt5zctfl/3XqVWaKv5m1JkqTFNTuJNs
+”‘X»R/ñÓ'ŽÚ¢s.<ë™ûû‰O’‰\0ºÜçæ&Ûè£yXY‡[šb#€Â¯ (h™°§±>R^º¾H«)™Ø?ÒßÛÆ:-Æ‘‡qÛâèz¯š'ˆË0Àæ
\ No newline at end of file
diff --git a/secrets/pincer-borg-ssh-key.age b/secrets/pincer-borg-ssh-key.age
new file mode 100644
index 0000000..fd48aa3
Binary files /dev/null and b/secrets/pincer-borg-ssh-key.age differ
diff --git a/secrets/pincer-borg-ssh-key.pub b/secrets/pincer-borg-ssh-key.pub
new file mode 100644
index 0000000..951aaca
--- /dev/null
+++ b/secrets/pincer-borg-ssh-key.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF8z/TLGajs/1ibY9qaafx5wl9BTZXdBnv0YuGP3G7OB orbekk@pincer
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
new file mode 100644
index 0000000..186b44c
--- /dev/null
+++ b/secrets/secrets.nix
@@ -0,0 +1,8 @@
+let
+  orbekk = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCgvHMjYQ5Ty7Em2Seji6dvYhgQUIbyhiHdzRINYpiOUMuVA8wgJOV0ZggmFFTO5zfJ83m7E5nc/zMuBVHwkx1gJz5ic8YdO9eLIhymQn9R+9fyLA+g+h8uwTi7UlFmQp+My7MYYxdA2tet1wwgm39Yu49mxi8lARUgi4awXn5K/ZFy08GyjGia2E/YKx2gXPKhHsWFKWPO5u8ik0v8AFCliY2wXiG4jkZE2zI0gI5FUp66tpxkaOSZqreH+lVJw+S+GAJIqzGI99zqZsAdpr7m4WALZEYwj9D7/lattSG14CAjXxjqcMSsfi6fV0ZsF1O40eoZ9mNQpIvatXtL6HBSN3kuUfraQMeB8o5kbxwyXt2Fr5hMKtEGYlMv5uPqdn+yHcC51F3RkUxFJplOFwZ3Rh/AjLLMKo+vEtL9UjhTuYiSQ0ySunY5JbBVkJY4z3pLT9MOPnq+KIfBMFBI/eYE6yeMNTHxIFMDaNMFOxWc0SoBDhgZJX5eblYidt/YWMOEPbqJNCrWIzQwtDsiYsF9JS/3D5civwTP/oaASaiJWTAvluwbibMFAC1OSBFb20xM5gD0C1q05pxVMN3Ioy1P0CIvJMLWfQR1yrNbnmoGUGHeSA/gwaxqMg7G+P/SBIheDAYEu5fzXXgFgO3sI8JvIdc1NTJMmHktahb/ecG1MQ== cardno:000605483607";
+  pincer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5z3Ht/CjNxMfzjRjW35SlwZgwAOUkV3Cr5J0kwehpH root@pincer";
+in {
+  "test-secret.age".publicKeys = [ orbekk pincer ];
+  "pincer-borg-ssh-key.age".publicKeys = [ orbekk pincer ];
+  "pincer-borg-repo-key.age".publicKeys = [ orbekk pincer ];
+}
diff --git a/secrets/test-secret.age b/secrets/test-secret.age
new file mode 100644
index 0000000..bc2d920
--- /dev/null
+++ b/secrets/test-secret.age
@@ -0,0 +1,21 @@
+age-encryption.org/v1
+-> ssh-ed25519 Yx9stw NQ894qBMEbMfn+Iqh6oZZYp2Ul8Gh7oovVSekuCa5S0
+xmpoNUcstscI2v91ahRZzQCeY8VKsT3ZKmn/p9NmD1k
+-> ssh-rsa xgQQbQ
+chqe0rwVbHYsEHpzC7RDeQDUYGV6poI6FvXkWNOdmtLrsZ+DWBgDX8tkufcdsHYn
+t9D2kQ1F135ucifxXcHCT4rUypDIngzu5LXNy0TqdUAnU15fUFXvb5C36EUbS8Ft
+nNEIqh9SctXCkNEg30FupmfHfTmxVhjPpdBO1ai7tPCqLGnIhfMVBqdAeNA57Nmo
+vxGdqXuCsV6gP47H/eGRcTBzycBqHFJ+tpi7U8LPOs0RB8V3ivYvJguC8PkHmm6O
+bsP8tFqyw5FW9Xl2ZKymAH8m9hMG94MsCBX7Ly27ADewPM8kMK2DQAWohNt1T4uO
+7B+SyHCZx1u1e1FCKvRjBnucMWM8koqMO6SDJgwHazOX/VwJvTFpUWdfsG52MjBA
+QL4O4gdCSLI1KnKiJfJEBeiV98kddM5WUbqWyMcFGVPDDVzz4kQmUvwESUoAgNHl
+yLw2K/8D5xud/vSSMUGjM/igpwhH/UVApLZ1keZakIXrGvnen5ErBWb4DIfLLRHF
+IAuZucTpTeBBuqN6VmO0uWOeKYVlGys8xBdxwKTzTr66/s08pKetd0Xk/AQuQO89
+uAjvoPMkmJsh+vv2uFqtI3bjpk4jePc9QbkIS5OAYzMSx7CVUpeMd3E/7k+kW2Ek
+LWPgkZ29BWFR6bLyPqB9RCsxUxrhC/Ln6deVBj4SzOk
+-> k4-grease . r
+bryo+3JU9atXp5HZ7M/FWRWXD6kgw6yV08SR9iRb/QbQ7MT1JbYv0PhRRpnT4MMR
+zaWMOJjw1g
+--- SGG1/hxUHo+zpuNsbwsMrLTtuQin9xgD9fAoEhi1F7g
+]²ú†Ú	
+üt‘§9BƒO­$úúsxo_@9'v|¾£ÕÒ?ÝS'<»¤­…¢¢¾¡1?*Äqß¼š
\ No newline at end of file
-- 
cgit v1.2.3