From 6c2b4889e29527354f9b2c8169243a688d46f9a8 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Fri, 10 Jun 2022 16:29:06 +0200
Subject: [PATCH] secrets: rekey secrets to make them editable from my key

---
 modules/secrets/gandi/api-key.age              |  17 ++++++++++-------
 modules/secrets/lohr/shared-secret.age         |  16 +++++++++-------
 .../secrets/matrix-synapse/secret-config.age   | Bin 545 -> 699 bytes
 modules/secrets/miniflux/admin-credentials.age |  17 +++++++++--------
 modules/secrets/nextcloud/admin-pass.age       | Bin 396 -> 527 bytes
 modules/secrets/paperless/admin-password.age   | Bin 368 -> 466 bytes
 modules/secrets/paperless/secret-key.age       | Bin 418 -> 556 bytes
 modules/secrets/secrets.nix                    |  14 +++++++-------
 8 files changed, 35 insertions(+), 29 deletions(-)

diff --git a/modules/secrets/gandi/api-key.age b/modules/secrets/gandi/api-key.age
index cf9f9c9..2c80cf9 100644
--- a/modules/secrets/gandi/api-key.age
+++ b/modules/secrets/gandi/api-key.age
@@ -1,8 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 z6Eu8Q Z6nxu/Aj6YiouSwaHKO9o/VjDwkFeg1aUpxWDH0zYUc
-nN/e7E4mRe0u6r845FlT9QPYTAAoG7YQZY+igYNNd7Y
--> LZ-grease 7/44AQ]n H&}_^ hIg#2Ic :cyUJma
-cyKzugByeYVVqVRXfi/a7RkreaM9vVNw8z1Jn+MaLZs1paE44QEe2Y2bsXA9tmai
-GSfOFlOBv82/Jhlc7xUK5w6RxgIBdmxtpEfRaUw
---- jnsdwFTZU4wzsxo0piNFBchQtCuFQohGALt42YukeVA
-˜7wO˜ƒp8Òˆeu!¡CbìBRïî·­zI×Nìô•?C	éýW›õ[kG½ƒslãöÀZGÿØì™üÝ9nðL
\ No newline at end of file
+-> ssh-ed25519 k2gHjw cPZECs2fo+sOznfaXiZjieBB6nwe4D7s5shh6YE/VWY
+Oi/B1v/9NkPORSllIxrFltkXVFUwFZcgJlcxUdGWjT0
+-> ssh-ed25519 z6Eu8Q G3/FgigyszNLmNCXiAxeWgsALohxZ+ZLLvhRg38CBxk
+Z/OiV82zpOJhewVWvJSZUOCNzixFHvWl53cT/MIcZjo
+-> -%^%:-grease
+CkySRq28PocmIYUy7teSU9JkV8/tq/JIR83vFkuRSIYascFHgQrUhEbjy05uLMAe
+Sw
+--- LvigUOnTKMr+/oIUFVCWXM59d0Q9qePiZ1zqm8s/4lI
+¡ø·ëuœß>ŠÜ­‚¸Èƒ¦u€ÜIé—úÍœjX§„åN÷?ªI‡•¸SGYìÊ7S®m›æÎ¡†ú‰f
+A¾©ê–pWøoòñ
\ No newline at end of file
diff --git a/modules/secrets/lohr/shared-secret.age b/modules/secrets/lohr/shared-secret.age
index e3fa903..a9dc0f2 100644
--- a/modules/secrets/lohr/shared-secret.age
+++ b/modules/secrets/lohr/shared-secret.age
@@ -1,8 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 z6Eu8Q TbYGLV7JbzW40Eo9aNDfirmKXntiJnT60mbbzRLQJX4
-KHbJtr2hsfe7lsZ2VRTo7mWAgi33f8OJiuBDNfnCijE
--> U}J&0*-grease 0~7egWZ( bN0gqO I[r[CN15
-xL86runL
---- WrvrFFp0ZtCc0dXhfzaHOiFckW5u6qpm7SLEwgi8cyg
-Æqä¯QèI‹‘²º±à[¸E>¤0ÒÀÅ ôë©ƒŒKE
-›ÏÝUüéA'[Kpa–Žy8fëžÉŠ¾Z©Ã`¤Èö‰q¾7qÁ"„Îz‹C	íI{I!æ\é%€E²qÂ¦y¢ãÒ”3
\ No newline at end of file
+-> ssh-ed25519 k2gHjw RKzmvlLJzkvoFfPW17H0oSnPk1SZziQxcMCqVQfyQ1A
+0R5bcUYcqzJaUHWW0j3EgWnzlOvKmLOA7rIwEjEs+UI
+-> ssh-ed25519 z6Eu8Q dg3GZIAzPsuXVaV2uRtYNDN+RMBgKaYw4eux13IjQ00
+VJeVMuNxJHiJkwNY/8N9HQ+DTUzmOGPdDUoInlV+ScA
+-> cq?k-grease >>)4[\ _:DBA*P
+LUtE0e0sxIay8ngpt5Y7jD9zNtZbiBTJGvVrzXE/vXOAPwu1e6sUigclYJ3H/wax
+Hwnx5zPDSu1BG07dUZeaNQdUpS4l
+--- xY+ulUElyTv6MG3VLtkPyrLxav+0C6ifdWfRO14YGl4
+ud®›ßëŠ‡Lr.iá•Óª9”­‹°Û‡³XÐÙgÞúâ9•»}ŒTNŒq-¼E…¾ŸÃýÎ	˜³»¦voõ¾uÜÖ›Îøi£Ìc¡E]ª´"Ð®†A1ÍjZ€É­@,wTÂÛ¯
\ No newline at end of file
diff --git a/modules/secrets/matrix-synapse/secret-config.age b/modules/secrets/matrix-synapse/secret-config.age
index 6268e887723a2bdcb549ce685297d89d27e9d00a..8ec58e864c8e26d1843c179c3f19c542f53e6cdc 100644
GIT binary patch
delta 674
zcmV;T0$u%~1iJ;0C4Xx&XGm&yAV_&eNm^QHD_CVxMtWm0I9E(#Qb;*DbWTG`cX4hq
zQD<XFaAtZoR%}B}3OF!!H!pNkQ&?{^XKOe)I5|}?W@l!4dTM!TVN*|GdM`#yXn1yL
zQ8Q&p3N1b$b8~1dWn?lnH8D9LdNxIMI8h*HX?A5oa(PH?a(`@PFfu|-STJxiPIh%r
zSVc*CLTPSdaClE|D=TYGGg4~`MrC0ybXiJKZ)0^=XLCtYSYtP7c1JdFK}2&zHY+bO
zNOnhIX;))LG*mbWEj}PiEjcY`a%Ew2WguK3QdJ;dR(*I}AVoP(Abmw{E>ufWRti*i
zWO`Faa8`6;R)04{MK)$RIC4f|XG3sjP;4?(Oj<W{dRIzuOj1WNIBi;KSye)4FEDXA
zQFC`WOJg)RD@soaZ)j~oZFyE>cr#CKaCZtVEiE7`Yhg)BFimnva#nOtS~4q0GFMD$
zRaiAgLveL#Ls&LXb}vCmK}~X3a$^b=02e!L7R->wx_>_yBw5nOKf%VKB()AtjHcmV
z=$4OoV>mJO;QP{gPU0tV?6pS-fFegd32P6)&d&8zRFU4mBpJ=wbmRCA#)Y_~=zhdH
z8Yujtdii?cHpXz0AIGldD%Vu48q}T9OGMB-CMb~H=hP(a_H6A5UJC&SF-2Jh?L<pm
zFvD?HS$|LY9qg3Rp3t$m4*l36_kKqz_mu;c;UUN18to%R(3%;)_~+LWN|TV#$nnAb
zOWg2fR8Vu`p=Q|z-Dw|S^K%B>^iAjQPEbG=Cdtg(kBP=7{{{}CI7JP8njU}4kU}(M
zgHL!q;Tw*MNeteV0q^ZruI*=d%;wW^wHu0tTN{K<<im~TrNZX`AN@|Y+~V&C)E#GK
IfYy$q>P6-f;s5{u

delta 518
zcmV+h0{Q*B1)&6xC4YK0MRhn)AZu+mL}Ex}ZD?v|VQynlD`hoRcWyXQbTDIhK{HHB
zH%DSmI6-AfL3uN83UO;!Lt`^9Fk&`OD@$>6H#lT*cXo6~RB1{=dPs9Za(Y=)Qf*mv
zQF>7{3N1b$enL!KG)P?{EoX9NVRL05B~A)iV^M5wH%4`4Qh#w%YAZ}~LSZ>>LTXo2
zNK|=ZT0u-!L`Zr$dO2umGjdL9R%=9cV^A~-EiEk|Q&uxZF)}nca%5sRadu}-O>Q|#
zbX84OD{5{rYk5ysSaD%lZDe#WO>I>QMpbxSva$`yI|$*B$lIF$L{*Pzr_l6GN)w97
z5XnjwD?-o5)_=BnLgz;8uA{d~tutF8El*ZMZ~tgAWEVZKpY#(gXMoVQ-h7ze6PdVu
zTze2%0_r*|euwP|O$85HL}pwY;Nohei>C&EMVC0YlqK@tW>Z3Ou4o>5^Iu{G;^7+1
zVfeSBcARB6<o+ug$y(h$Bp5^iO5lHJr8dDCJuUsB2Y<^c+f-sZeILLRNblQ}SbwAn
z9K1`h`W-)A%n+M?=?;&yhq_FgFRd;3L);k|k#D1!*}A9)Fbd6Kj$N8O3%{80>Q-0P
zwi9=FEa7dye7Kd|3^h$@v;~kE24CXv)Z&d^l&TeUc8ayEF8y8_u$tPc45@X<nTD45
I7kzv(_Fur&h5!Hn

diff --git a/modules/secrets/miniflux/admin-credentials.age b/modules/secrets/miniflux/admin-credentials.age
index d25f5d9..ee534fb 100644
--- a/modules/secrets/miniflux/admin-credentials.age
+++ b/modules/secrets/miniflux/admin-credentials.age
@@ -1,9 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 z6Eu8Q rtGozbVk8om9Y0HKwgMEdphYF8XPaivfvKeseSue0Eg
-WhKe6jqNByj/+gRLA/QKHnHTrRKndVUq47/BzK2uU8w
--> \)kCW_wR-grease @l
-QSDpyBcE6WRuOU6IpZ1mN+zboFtzw9THQ78ZV2eStjU1rCyuZhXgU2QD2p/PO4ns
-JEntxUv/vw
---- ZsG0UUiIW92EsmHOvohl07MzjtzJlBuAm8A7sS5PfUU
->tíÕ
-_{i7$"pÍçîbú^^21ùž&|‰—P’=½Ê_aÊ¾ãWè£`T<Ÿ9X|q[gâÞ)¡`æ8Ñ†Íyÿ•0ÁêJP%éHMñÐ:ãðú^¤ŸÌKí{-BÂ@è§Òâne½åóI‰†¢¯ôéîŽ
\ No newline at end of file
+-> ssh-ed25519 k2gHjw umRb1g5kQ/Po2R/zhowom5ljJ/q7SlV5splxWhhrLAY
+J1KanwTv45zm4w6VgCHlR8W5R0/sgGopu9Tpf8oaAfw
+-> ssh-ed25519 z6Eu8Q IbEJS+0HaPjGwyEXfHs4xyWTg2G/CCK52eRsccBmKE0
+9qnTazbu5kEsSvQpTidZDHyWba/s2bm21QAlFj5P5rA
+-> crn+o$-grease r:p72m h8=b)mD~ [_D Xr$ZF~4x
+GK7R58b57oUi5tRTV4LcgAGbZ8qEI6W1QAWEG3DmDFGQBDmypo0Cq25ep4hpB/MO
+co50CY6zOo9i7Lxc4YXDI9+YJd7HQ7a0Q5t66Wca6+T7y6Y3sMX2bcgqb3wQpg
+--- QFYckrszPLUOS3lio/9OVQ5JVl5/NSyPa7d1Me1cU6Y
+l+i–žK§1 }–>ÎtyzÆÖP¹†MÁ£1^Úx8 –£×¾ —§ÐýÍÌÞîëé€ïvv^–xÕÙš!B)m*˜€ƒI‹µJü±D0Já¢N6`Ém•Ìí‰½ƒ©æÝmüwÝœõVæIx¥V+_ŒX¡yÒ‰•Ìæ½D¾ž`
\ No newline at end of file
diff --git a/modules/secrets/nextcloud/admin-pass.age b/modules/secrets/nextcloud/admin-pass.age
index e2c436e9048d506378309e018bd207be1dd97ec3..07d68b24e266e306487acfbd5348fd4135fa02f8 100644
GIT binary patch
delta 500
zcmWm7%WKnM008iVLq?PxM5ia|Wgv!-E@{(7L1@xP%-Szanl`as%=1f=B~A17m0k+s
z^dd}9!HXcsz?*pWVnIPXOc)GgJ`s1(gCO1nLHzv#zuQN)m+q|10}2ZMBtu4N3cM@>
zOjU~&S0$6WT+(Y<yaqyDwq26BV&=NIIh6ZYYVbXW0(6%JP1hr{-BQGFR^rHMiUO&)
z25NU)FPTsQEn~!`3_>2^*i=5h&SqvzWmJ?isDNfUtqDDUt}9|K-}W8P0*oigkZXk^
z@4=Zzhtd#S<|dc{r;1e746{6J1IX8HN?Z>Ecf`4|0t7tlz@|O!Y_>Qm_}`shyM_pu
zI0kYsvPVW>SXZraIm-$XmrnUUuF{Z=*-FFoRo|W)3d>5RX{F`YDS#|7?)E0BM75Ja
z%qS4+X^0A|afhkWx}PH}2E?tvP;eA0cr|AxHm~u}%`<S2NNSU%%+?^+5IEH|Ax02H
zCTn$SabmNYX$5LakE%gIsxi{6jA9OlBPwj@g|Sv_h|xwLdw2ZPJz@XznOE2E)1^m?
zV_U^jU(ce`ySJ{Ue_ro?d2@5Ia^Yfs>2P)UaqD+uWwH7Lc@JOi*uM^LnCR*I?Z*$E
jY`i@L-%map{MDDwao?8reinBQPJEE=?(H9a@tpey+bOk9

delta 368
zcmV-$0gwKV1dIcaC4YK0MRhn)AVfxYGj>yYM@VIELo#hzW=%9$F-vi8H&Sm_S8z~e
zVl*>MZ9+&)GF4P-3TG=TPE&PeZcH_9OmtOtcW`hxLt|+(XIWxcdN?mKL@_aPD?&t0
zNOWm;3N1b$RwP|5XL4m>b7deQbP8flG)ym4RdiS@V^L&7b$>-=bT(5tLUwFKbu?i(
zW=&&6Wl=;nL{d?5S4vSYM>B3SQCCMeZ#GbBdO1uoX*NU(PDXfPD``VROn6RrRCrlb
zW;J71Vr5xjOEfccc}_KNSY&ut3N0-yAWl(sOh|QYctbE@GBQI#XDe<<cU3qrP<mEc
zQbQ|8MR{m4V`*7#V=_f^RSL6iZyj6A)r}_iePf-*9RLO6%b7O2AbZXERMucJ5JnoV
zB?=XcrAa*|RT5F^@yUK|*df6W)5?mV`@EwEPGF|EYF(7<F05%!04Mm|^y2A#8>O|N
OLM}Q8tZEw^gTb#8hlEZ5

diff --git a/modules/secrets/paperless/admin-password.age b/modules/secrets/paperless/admin-password.age
index 9974501047c47e9dc52e5c8aec8a3e3d2ba73942..4735d2984922d78ade41ec17d0f52a2ec3c9da7d 100644
GIT binary patch
delta 439
zcmWm7J&V&|003a|oHCua+#o^*&!vVYZ<?f$Lrl51HvPDKHBEBha7|(^O_L@~>zhQR
zv-n9jotzZWNjH%bZuf*+MNq2HN#*1aH}Uxc&#%)*D~~p20q`0FghxmOIn}SWSl^bU
ziqY&qU2v4FRb@tX;51B@D{(`$r9cbQ)4jTNbIa+0HqQn*SthB0Hjz!543a3(Yx&SF
zqPSa3tqw+9!P9h)a2>!f6pt4yoK_WlXAs(w2z@`A0VrET5LYx$K{cW2%Frn3e5$fF
zA)*{#@vw&1%yp<ssS!@=)GmPS;Y8E@407#)RTU-<#B1H{QXE9q|4#Ohgvx|Bc6U=3
zH_O6BtZ#Ep7HNse3v{n035ZE{LX`FG#G6gGRRz&S!i{+(bA_T+E8>m779dT>DMk<k
z-k};Ml>(|+9jmP_W03B+N9SOIJgGlYMx=}kkaZH@nLsSQ{*5}fHk+S44y||3gqPHp
z&ED$WAD{ij>rW@|(}#!O@2#w_!sFk!mXFup+}TIu=1=Y^`4?M$+}}7QK5z~$zqqsv
f-_GxUxNsDIeRYOB;46oVCs)1mxBon!FJSr)KP{kg

delta 340
zcmV-a0jvJf1MmWnC4YK0MRhn)AY)5*Z!36sP-R(ULvTu3XJbw`S#LOaG<tY(OH3;;
zI816$X>c$wPEs*V3T{kAa$#C$ZB=YdYEEWGG*enLL{d~zMNUIAFEvasGD}8HYD`yA
zV?=9f3N1b$LP0HOa%Ew2WgsF{RCx+aR#!@7K`&BhbTMdpcz-ozdRZ_lG)j0#L{M~j
zc4b0BZE{*Kb4gA%Qbt2LSvOc>I5#y~D^q1JSy^LAIdyJk3Q}5QQ*u^S3N0-yAXHQ<
zNH{NHO;2KKW_M3#VKP=_L~?0nP;GQ{RAg*rIX6&7T1+oUHexV$3Oq6sm=oD%y#$gW
zznJiz!TpiU5KXj=beUKyx2zCRmA;IRugwhaObbvMg4yx=JNO;fcaf3yS-jPFEr^*k
mm(z*)=?6FtrXcT3xdr9WgxA*Qzw*@*I)!ZY#we?~k(Dk`)qzI<

diff --git a/modules/secrets/paperless/secret-key.age b/modules/secrets/paperless/secret-key.age
index 0529df8bcf8381dcb0df2fd5430b5373244b0140..63e99fc70da20108031c9e1cec8bd41629af7a4e 100644
GIT binary patch
delta 530
zcmV+t0`2{x1FQs)C4Xx&XGm&yAZS!qNoaE~FHl26F?MrGa&9YCOf)h^ba7I8NlQU`
zW>H~QMmT3xIcY&}3PLMFZgW_0HcBr}Ojc<_O;ltyc5!MeN@7%NYhh?=abaRsc2G%G
zHE}s-3N1b$b8~1dWn?lnH8D9LdNxIMI8h*3O;a;SbTcnGH-AZER7x{3SaWS|NN7t*
zZ!|GwcY1Y4L1J!bS4u%IaaU&wIB#iHWOY(!Vq<E0Geu!gFjhrXWp`F-a%W_3V>eh<
zZ)bC3WMgGTG(~p`Ej}PEEoX9NVRL05dTVtcYe85tHeNU&PB02uFGF@^Zc1`wNP2c_
zFIie~Fg9jVGJiFAZf-JgY<FT+S2I^wI5v4#b}?l)NkUmuac)a(Idg7gHC9qmOD|G0
z3Nb}jb~QC|aCJ~ZatbXiEg(WtOKxj4ReEt%YfUt8Z#QvwRx@vHO?EO%Q$=hwQhIf2
zcU4nKQD;$4X9~9>LKLUZWeM?|w0t4E+k?uaS4f5#HGg+ZD0W>zu`B{?p-%fTxAPFG
zx30_vko}xAifaV^0RzNYG2-L9e+;vm2cX_a;aa7eP&#fEn=5eriYb~|=W#DxX*DO*
z-PY$l*oIH9=a@#$+~C>xAiE0QMGCpY;s?&2INj&<o$n%@=M}|04wIp?&ToUvhP!hp
UzwevrSPPjB_;M4_3EP0G;a5A$h5!Hn

delta 390
zcmV;10eSwc1fm0wC4YK0MRhn)AXsQ?T6tATLS<8QQ(;+TQ%5;VPeVC(aAienWOza~
zQZ`3RD`QG$N^N;C3N~s-WmsfmSTt}sO;I*DOhPtKZAC+8SZhOAIay_NO<HA5D|C8o
zOhQC+3N1b$Nii`yKP_i+Wnpt=3NJ=4VtGbOLMv)wXKpikIDd9oZ81$sFL-TEQ&M<z
zW-n4vVlhTlR5D6<VQW)IL2N}iOEpP0L1|EISXBxwEiE8eD@QbFabrt)LrXMyLr*nC
zN>)U8N=#NlML9JvOD`~YWn*u0ad$*)Rd)&wg1Ha(*G)#BHuFbO9nZ7YR%?{b(%UZN
z@bjXv0SpPi6Mr_($2kJsU)dzo@?jt&h=i|C>&1RCv4ywQE(hNv)0jCR5@g*p?f4k)
zu1`(X^#I~}(q%|sG0d){2Px_&ingVR@6v&VdDHyq?#^AJG<7S;mn$kBq&LJf8ft)d
k1yP`Na++&<TZR>pcPByE$PeaCEi?cWOdyKo_1+=?rg}e@yZ`_I

diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index 09abfd4..7e1ce4b 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -10,18 +10,18 @@ let
 
   all = users ++ machines;
 in {
-  "gandi/api-key.age".publicKeys = [poseidon];
+  "gandi/api-key.age".publicKeys = [alarsyo poseidon];
 
-  "lohr/shared-secret.age".publicKeys = [poseidon];
+  "lohr/shared-secret.age".publicKeys = [alarsyo poseidon];
 
-  "matrix-synapse/secret-config.age".publicKeys = [poseidon];
+  "matrix-synapse/secret-config.age".publicKeys = [alarsyo poseidon];
 
-  "miniflux/admin-credentials.age".publicKeys = [poseidon];
+  "miniflux/admin-credentials.age".publicKeys = [alarsyo poseidon];
 
-  "nextcloud/admin-pass.age".publicKeys = [poseidon];
+  "nextcloud/admin-pass.age".publicKeys = [alarsyo poseidon];
 
-  "paperless/admin-password.age".publicKeys = [poseidon];
-  "paperless/secret-key.age".publicKeys = [poseidon];
+  "paperless/admin-password.age".publicKeys = [alarsyo poseidon];
+  "paperless/secret-key.age".publicKeys = [alarsyo poseidon];
 
   "restic-backup/boreal-password.age".publicKeys = [alarsyo boreal];
   "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];