From 72307e4dca688a5f2b88cef26273aaa6a5e189db Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Fri, 9 Jan 2026 19:11:37 -0800
Subject: don't use agenix from home manager

Install the key with the host's configuration and rekey the secrets.
---
 secrets/acme-cloudflare-env.age           | Bin 380 -> 380 bytes
 secrets/anthropic-api-key.age             |   7 +++++++
 secrets/argonath/wireguard.age            | Bin 367 -> 367 bytes
 secrets/authelia-jwks.age                 | Bin 2026 -> 2026 bytes
 secrets/authelia-jwt-key.age              | Bin 409 -> 409 bytes
 secrets/authelia-storage-key.age          | Bin 409 -> 409 bytes
 secrets/authelia-users.yaml.age           | Bin 581 -> 581 bytes
 secrets/bree/disk-passphrase.age          |  13 ++++++-------
 secrets/bree/disk-unlock-key.age          | Bin 721 -> 721 bytes
 secrets/bree/wireguard.age                |  14 ++++++++------
 secrets/grafana-oidc.age                  |  12 ++++++------
 secrets/miniflux-oidc.age                 | Bin 395 -> 395 bytes
 secrets/restic-nas-smb-config.age         | Bin 431 -> 431 bytes
 secrets/restic-pw.age                     |  12 ++++++------
 secrets/rivendell/wireguard.age           | Bin 367 -> 367 bytes
 secrets/rsync-ssh-nas.age                 | Bin 721 -> 721 bytes
 secrets/secrets.nix                       |   3 ++-
 secrets/ssh-remote-builder.age            | Bin 721 -> 721 bytes
 secrets/users/fcuny/anthropic-api-key.age | Bin 321 -> 0 bytes
 secrets/users/fcuny/llm.age               | Bin 413 -> 0 bytes
 20 files changed, 35 insertions(+), 26 deletions(-)
 create mode 100644 secrets/anthropic-api-key.age
 delete mode 100644 secrets/users/fcuny/anthropic-api-key.age
 delete mode 100644 secrets/users/fcuny/llm.age

(limited to 'secrets')

diff --git a/secrets/acme-cloudflare-env.age b/secrets/acme-cloudflare-env.age
index db0a29e..7d538bc 100644
Binary files a/secrets/acme-cloudflare-env.age and b/secrets/acme-cloudflare-env.age differ
diff --git a/secrets/anthropic-api-key.age b/secrets/anthropic-api-key.age
new file mode 100644
index 0000000..1f985b7
--- /dev/null
+++ b/secrets/anthropic-api-key.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 pFjJaA yI+KEvnDxw4YJOCs5rf3CF+rgYxAIukvnvJyi8Mgkig
+YVc6u5MQJscBYjeXGNgIf1Zlg5U/I7ipAqgvVmOEV6g
+-> ssh-ed25519 E2Yu8Q PBIOCRrQeVxmWdZAuMB5f0FPCGKYvebHBS33vZ1hFHg
+xb9t9EDGIjhbgr/y76PYXHx28JQdjIv4V5a/TzBnSQQ
+--- ttindQRKMzXBKuIY2aPx5HIuf73gk2q5jQNKb3MPyoo
+1^ÆªŠ(ý$ÚÜ „†Ûéê±qÇyvÃJž—{¢´/*uXç›Ã©¸ˆõs ’ci¬Á{Î¦+¿CP”3¡'joƒ¨?ÛóŸÜàl}Ï¿E¬@“eÁÊ~FÆùCyFh¹ŽN¯ö°¿Üý®•s¡¼Ém·yEŒ€S9q\%qæìü‰‹Ù4¿¹ˆ¿
\ No newline at end of file
diff --git a/secrets/argonath/wireguard.age b/secrets/argonath/wireguard.age
index 5ae3a5b..411dde8 100644
Binary files a/secrets/argonath/wireguard.age and b/secrets/argonath/wireguard.age differ
diff --git a/secrets/authelia-jwks.age b/secrets/authelia-jwks.age
index 4f4d52b..cd10015 100644
Binary files a/secrets/authelia-jwks.age and b/secrets/authelia-jwks.age differ
diff --git a/secrets/authelia-jwt-key.age b/secrets/authelia-jwt-key.age
index ac2058f..d7a5570 100644
Binary files a/secrets/authelia-jwt-key.age and b/secrets/authelia-jwt-key.age differ
diff --git a/secrets/authelia-storage-key.age b/secrets/authelia-storage-key.age
index f315afe..e4d38dd 100644
Binary files a/secrets/authelia-storage-key.age and b/secrets/authelia-storage-key.age differ
diff --git a/secrets/authelia-users.yaml.age b/secrets/authelia-users.yaml.age
index d21f4e0..9bc44eb 100644
Binary files a/secrets/authelia-users.yaml.age and b/secrets/authelia-users.yaml.age differ
diff --git a/secrets/bree/disk-passphrase.age b/secrets/bree/disk-passphrase.age
index 3811173..95c3c40 100644
--- a/secrets/bree/disk-passphrase.age
+++ b/secrets/bree/disk-passphrase.age
@@ -1,8 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 pFjJaA r/Q4nB/VcKaVXoJjDuIgnMVUr5K0rhrsVVq2lvQgQRQ
-ZmwHs0sWxVKjS9njqPQR4rEV1aXxS80wWJQrAuf47vM
--> ssh-ed25519 OxmK1A /9e7fHg/Nh929cY7+0EagkxwME4jo0RxzBwdh8tuZnM
-9UPI8Vnwebjick9WPlcT8lvNub687qchX4D4ntbanos
---- bwBCnL9gJhzuygCddmh0h0OXh/C6ysAgMfH9QBrQUMY
-
-ÔI«‰á4Úä•Å:;ºêX3µ»Tã.n{Aæ0¬ö^ç¬†4FâŠ]”âPž.uÎ•–Þ¬
\ No newline at end of file
+-> ssh-ed25519 pFjJaA amjhPadNRYlNHV8VnR2l/p31tUXDeAeeq0wdOLfa61w
+a8ja6ZNQecw/32i4REXdjEn7VxD74PXfjbPYMq0q6XI
+-> ssh-ed25519 OxmK1A 1kpfibZx+8BnID8GcKYrRdB0D0hZSNxmzS7SEIutSn8
+xh5UvhD6nxoKZn1iq7CCZKRIUpnfnccGsZmkfw3EYlc
+--- ltJag28NYz/qET0O3UdDLrn8Uw1XNzK/yKlGyWGngnA
+V<ã×O©/(ÁgFpÞ#Ø>¡s¶ÝH»]©bMÞ9X!I^	—M¿	Òb3ÚêÀwA
\ No newline at end of file
diff --git a/secrets/bree/disk-unlock-key.age b/secrets/bree/disk-unlock-key.age
index 6d9a549..a67976f 100644
Binary files a/secrets/bree/disk-unlock-key.age and b/secrets/bree/disk-unlock-key.age differ
diff --git a/secrets/bree/wireguard.age b/secrets/bree/wireguard.age
index de570fa..33ff5fe 100644
--- a/secrets/bree/wireguard.age
+++ b/secrets/bree/wireguard.age
@@ -1,7 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 pFjJaA 0gvJUmVKqpTedh5fWA1vMslSIUXGfVFS9bArPGEiZko
-NuKvkX+sCZE59zqkbF+ecDsqqvGxJd7Fjyc/wZfTtMM
--> ssh-ed25519 OxmK1A 1NL6Ai4P/bB9un6eQqDacBcs7gbUI2wEaXLqO5EujQk
-xdpVqWKmAi2pofuDnp3U4y8gUnib8/LK4LsD9ATTdy4
---- cq7KLv/+tx4zisjpe+cny29DcmKhOhee1SWxaR80KlU
-¾ÿx6QÁ‰è½4Þ2Ûf¸àtÝúDédŸÐµQQGdÆLz°=3d1ƒP®fUÃéMÃ›9×ú‡ñÑ~O³öcùÛP›*yP
\ No newline at end of file
+-> ssh-ed25519 pFjJaA y5EPSfL02alDpNQhDF7cC4hEfqw8nlC6lt9A4dw+Xyc
+Kkz1lBQ0x5esAz7lzE8TRKwB7MBZIkDfzYQ9aOA/ctU
+-> ssh-ed25519 OxmK1A 8GV691zYXFVjzYSkb/uvDAKXHHiDQVBiACF0eVc3an4
+vPp5DwhbcdrcpjUQWYMr/HObpihC8yAT5rC7JkalIN0
+--- O4riBfvot65rkI4y8t1tzCyw7g5kAwsD4F6AsrMKuCw
+,Ë€
+z½	c‚wì4²å Kü›b³´P“wø"É1W%Û*“èX÷oÁ–EV±c´
+8HÊçð²S³FÿBT»û½û/ß@œ‹&æ‚
\ No newline at end of file
diff --git a/secrets/grafana-oidc.age b/secrets/grafana-oidc.age
index deaf0c4..3f96b88 100644
--- a/secrets/grafana-oidc.age
+++ b/secrets/grafana-oidc.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 pFjJaA nXdpTOxE+KOi+hkTl8WrFzsXTLlX6JQhY/6+w6ZcZ0k
-6TZjec0mdP37hXGXEev7dN27BqGhvO0EVEJi7XPJsrc
--> ssh-ed25519 Y5h84Q 1um4Z+C9sRiHVMEJszpc4ygNhONX0tNvAsABlvDmwHA
-IN3pQyGFCRWphTHLAaxrCVci0OaRViHUaZYqZPEA14A
---- ABsJxwFEMn+GNkH+BqcrSIFfeZJaqSvRTNid1yEDJaA
-Éæ–óF›ê§’®bà±Rê÷MâwžÉ¨ôqoÞ¶;Â\1ƒåänÍD4 XÅø¶Q†LU*ôoIÉM:ÊYyžIÏtªƒÆ–JüEÖ@ ô½iË¸\a%È
\ No newline at end of file
+-> ssh-ed25519 pFjJaA HdsOVYuL1Wrr551YuIUYMEhd0KA/SJEYvyIlsW6wbQw
+hbQVHyLr23NMuHR+l0fgMS/1wHPK39aQayb8QNK7xe0
+-> ssh-ed25519 Y5h84Q ADIdN9tU4YwPoLPDcUZ4Z1zprmI1ykkXogQg1EgtxVY
+ThkxeGFVVpRJQSTQddClQwbJSxeY3jl+4M4O8vadBo8
+--- rNXcnjt5DbSSgiiPcNBlKeGhArFVff5aCtGm78z1sUo
+˜ñT*‰üL2nIð°ÎpäcîóþHXËáÆ§ÝBW¾bÉ±u·ßG‰¤àÛývõEþî9ÓÌNì¼Ñ»‹}gçÒeí¤$ðhÍì7=1»ñ‡L<UÛƒ:”É
\ No newline at end of file
diff --git a/secrets/miniflux-oidc.age b/secrets/miniflux-oidc.age
index ba2457f..77dc7fc 100644
Binary files a/secrets/miniflux-oidc.age and b/secrets/miniflux-oidc.age differ
diff --git a/secrets/restic-nas-smb-config.age b/secrets/restic-nas-smb-config.age
index 74047f0..acb515a 100644
Binary files a/secrets/restic-nas-smb-config.age and b/secrets/restic-nas-smb-config.age differ
diff --git a/secrets/restic-pw.age b/secrets/restic-pw.age
index e31115e..3c6e3d6 100644
--- a/secrets/restic-pw.age
+++ b/secrets/restic-pw.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 pFjJaA 93OdFK5vyi9aXKsbdBv+IXPEwZv10t+BTHCBC2EyoXo
-WouHs78MciA5/sk85pMl0lpWqeCe0cTjMohvuKeBawE
--> ssh-ed25519 Y5h84Q ciIyqDWsGxojjG8cSY57HXs7Fqu7zExnpDN4SxavmmY
-w+7oNXkXpOaOLnUUIJBG6wHZyORWxZXyokNmoc8O7GM
---- GTA4ZcvzcN6lHSCAqz8RWWJnLu2StkAys/Rt6WWWrnY
-÷ÕÍD2hNÑ!¶Iˆßþ¨¹¼6–å“—Ã^˜™óm*GåI)¬ýwÀ+ñ÷ñÉ/ðì¥
\ No newline at end of file
+-> ssh-ed25519 pFjJaA BDxbdGKOHMfWwakq8+CYHWvVSIMXOcgDqri1RQrjyxc
+dtNirwH4Sds82/iysIgOQf7sjbkTI4yc08VfKTxIsG4
+-> ssh-ed25519 Y5h84Q nzkqXhFSH2cH9VRubGuEJyOA6F+614F8jHhuK8twNXY
+1b88Yeku4ref6kq8UvRokofXf6OyMzQFeSAsKQYdeNI
+--- d6YVTAvCyB9p/wbcQkSNSF92QsTFVnQTRZUgkbFBF60
+sjéÒ£@8Q‹Ôt–O)pMÒ~Yÿ]Ú§×™çßá)&6˜ð[¼‰ØÊèAd6X=é+È
\ No newline at end of file
diff --git a/secrets/rivendell/wireguard.age b/secrets/rivendell/wireguard.age
index edc808d..2612e9e 100644
Binary files a/secrets/rivendell/wireguard.age and b/secrets/rivendell/wireguard.age differ
diff --git a/secrets/rsync-ssh-nas.age b/secrets/rsync-ssh-nas.age
index b71e4ca..cb798c2 100644
Binary files a/secrets/rsync-ssh-nas.age and b/secrets/rsync-ssh-nas.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 2930859..78d2b0a 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -98,7 +98,8 @@ in
     hosts.argonath
   ];
 
-  "users/fcuny/anthropic-api-key.age".publicKeys = [
+  "anthropic-api-key.age".publicKeys = [
     users.fcuny
+    hosts.mba
   ];
 }
diff --git a/secrets/ssh-remote-builder.age b/secrets/ssh-remote-builder.age
index 374b72e..0c8b5b3 100644
Binary files a/secrets/ssh-remote-builder.age and b/secrets/ssh-remote-builder.age differ
diff --git a/secrets/users/fcuny/anthropic-api-key.age b/secrets/users/fcuny/anthropic-api-key.age
deleted file mode 100644
index 650e54e..0000000
Binary files a/secrets/users/fcuny/anthropic-api-key.age and /dev/null differ
diff --git a/secrets/users/fcuny/llm.age b/secrets/users/fcuny/llm.age
deleted file mode 100644
index 4d623d8..0000000
Binary files a/secrets/users/fcuny/llm.age and /dev/null differ
-- 
cgit v1.2.3