From 87a9d94d0a0c2710ba84a54e014f812b73c5a75b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
Date: Sat, 23 Oct 2021 13:24:22 +0200
Subject: [PATCH] secrets via agenix

---
 hosts/chocolatebar/base.nix      |   2 +-
 modules/devops/default.nix       |   1 +
 modules/x-os/boot.nix            |   5 +++--
 secrets/keyfile-biolimo.bin      | Bin 0 -> 4832 bytes
 secrets/keyfile-chocolatebar.bin | Bin 0 -> 4810 bytes
 secrets/secrets.nix              |  37 +++++++++++++++++++++++++++----
 6 files changed, 38 insertions(+), 7 deletions(-)
 create mode 100644 secrets/keyfile-biolimo.bin
 create mode 100644 secrets/keyfile-chocolatebar.bin

diff --git a/hosts/chocolatebar/base.nix b/hosts/chocolatebar/base.nix
index 76175878..10de4abb 100644
--- a/hosts/chocolatebar/base.nix
+++ b/hosts/chocolatebar/base.nix
@@ -11,7 +11,7 @@ in
   ];
 
   config = {
-    pub-solar.x-os.keyfile = "/etc/nixos/hosts/chocolatebar/secrets/keyfile.bin";
+    pub-solar.x-os.keyfile = "keyfile-chocolatebar.bin";
 
     pub-solar.virtualisation.isolateGPU = "rx550x";
 
diff --git a/modules/devops/default.nix b/modules/devops/default.nix
index eadac960..ab81c57f 100644
--- a/modules/devops/default.nix
+++ b/modules/devops/default.nix
@@ -12,6 +12,7 @@ in
   config = mkIf cfg.enable {
     home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
       home.packages = [
+        croc
         drone-cli
         nmap
         python38Packages.ansible
diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix
index 5068590e..176d9d4f 100644
--- a/modules/x-os/boot.nix
+++ b/modules/x-os/boot.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, lib, self, ... }:
 
 let
   cfg = config.pub-solar.x-os;
@@ -17,8 +17,9 @@ with lib; {
 
     # Use Keyfile to unlock the root partition to avoid keying in twice.
     # Allow fstrim to work on it.
+    age.secrets.luksKeyFile.file = "${self}/secrets/${cfg.keyfile}";
     boot.initrd = {
-      secrets = { "/keyfile.bin" = cfg.keyfile; };
+      secrets = { "/keyfile.bin" = "/run/secrets/${cfg.keyfile}"; };
       luks.devices."cryptroot" = {
         keyFile = "/keyfile.bin";
         allowDiscards = true;
diff --git a/secrets/keyfile-biolimo.bin b/secrets/keyfile-biolimo.bin
new file mode 100644
index 0000000000000000000000000000000000000000..4fb697238b1b796b4386e0ea4081854a8fb03868
GIT binary patch
literal 4832
zcmXxkg;$gbpapQSkU<3t#aO{LkP)WKK&SJYo?&K?nC>2?#8^dS5d=Ze1uR4m!B_)j
zRX|X|E>sk-15sE6YmMdYd*{5r;GT2O?_Rl99jmq|9X^{&Z?(i(9a@MR28xZ3bUJmh
z4yQcQNFfQJco0BWqv32D1xeD;eIy>kDF=K6of<9FsaQ4xo@Am>P*RD&D+1fGfW~FV
zIN<^Tg<#cs5d<0AO#)dJE|bEENsu%AXeXHHfhI`7ZYB<(!hJfG1gB8TjRrPZXvOF`
zP@#rt@oOwLDOn)~C~yadNQQw7bTB#r(9pnGgN6#Hd3<;w-cO^7=>P-|OYmBFGBsSw
zkXcZ672Hk2`v5BmWwDvrUb2nia53Q^1K{<GnNSEp<g@yv8ZDkf6Q)7LY&lHH)tbqE
zg~bk4VwplMQK!U{v|@%3!E$iG2^_Bg%>Y;skOoVj%k)$=(+~KFIG7zFaj;|xp2DE^
z8r=ks!EE;7z(kZUfeZ-9OpjcJBNByfoLmX<!<|-y9%S^;!FmXez|q^ucn@8Il^CrC
zs8I>Gh$uuIo}-XRU1+*WfhL>OOtwlTVymeT4~0h8^G#_A3mT-f@yG^+5g^l?LNeD%
zCx|6hE`f{nlF3BB-Api(AWo^*r17%d8X6sfWn)B0GSnvo99+K2nuZ18xneSeYo$;D
z1rMusfE9oZ<5Su!IKEPc^)e`Ui9p0~hzWdx1mPD#Sd=s}LBvp{fh{5=-a?{*h%hAs
ztmcv^IFC4uP0@JqHaXE`bL;I?mWz+3X^}Jn&dl?o)g)?~n1-N>9WEu7>ac2bt^|Zu
z2f~w#COtt!l;foinS}45Kov{`(n8ZJ30!!Z(@#_D_*e#u!PQGtRy~eDqbOZ8C>oGs
z=uDZ@i3Ty4G_zbtVky8*4Z?wetF?4GUaVl_WMn#1V<3|JST`8UMC-7||97lb!BHp}
zE>dU_BrtiAK0E?$VXH-A5{hMk<Ml$7N^f?MIX<ljW?)FznE#yMgfN`hs08WgRG-wL
za#|B~R;Jvhq;nA#xzz^|s$gQa)q<Ajz$~W=hXQou|4;kh)nHX}y+RA3+dMdn+6G0j
zaSXc*Z*rwE03qIFph6`E6kUPA`MnH08jW|t5d;Zfg;9`B1%>OC7!eE%AC9Df_(U0s
z<MVn%K0E}hQF28P9T;mtpddmaSj#b^_&z^bhNsf(Dz*?sfzquA1R3eGP^>z<7N@3T
zKu|eUhG2U9Y}kK<%{UX;!^A=e2DeFwg<***rWDUaI~;l#m#qM}T!4fl8No)3QSKs0
zp;9$Q1wy(N1{OKNKqQl>Ca8u=fYOO9w9k$eTFojbBLPBEdwf)bOKtJUtO*Q=8KaWJ
zB^IHYXjc(65G07B6JcRE8V)QKKrnVTHjT-bn2ap81?whYkw}e~BU2bH2BuEV_3*HA
zl9~X8%lv4Mm+H5peSjTgNT2~}b|nIXgVB@{o=z@>8a!^7oaU48EIg-ytd?qh4!4j(
zh6%V{H=0W}tHo?DK?CPlZF(pUWMSC|L@opE<5J0HrNWrzbu;K%Bb2Tbn;3Snn@!Y%
zdGa(a51b&9TGE^rtVpO68-!Q}5>LYD^&prFA=FXbZXMS~A|?m`0p4x38mUr*iEA~n
zNCaU5oB=5C8i>T<GQg2;t566NK}a?=l)|)$tpbqG?ly5uP#jCIa)Xg*w%+9ylh|r~
znpyyZFl7m8N;;0~p@M}NDu-b<DXl0m!h{uAC^os)3MP9%DvM0(^?E!IoC>93sntBc
z!bQ=mjd-?R1m;n6b}yD|HhZufEf@v1xDap|k4+Qc5?CB76%XhIAST`*MB#K23JU;Z
z{I&$RkioYY{ALQ;kVbI0@ItqiuVsV5QX%&L9H+%<9csB#9f^>+c_0~>4CuI26%Pi(
zqNN-Go2Ky@DJ+Nw!&X>HW-=aZ@#1lMuNbPb3bZ_pK<5((xK^wIgLK%HFf52DWyo|Q
z;J;IF8O=UPf|#Qgz-j+gXkic}9uFusHZ~Hk6d2t&5)6>&^jMFT<mZu?b`71c5l8_i
z!OT>m>1M4IiDN0DphX45q(euxCFW38t*w@u4jKGOmiPs0zc1j(>Y<nYSCaO{t<NbI
zhO>5cgp_uy>ytMfy`Qh#o=F>MhZV-zTfXG~4NbcI+Q2V3;oljd-dtzxDHj#e9f9PB
ztCB;em>4ftjjHemcd9Q}-W>AZ*(wWwR#Ru>C9@y&XT;Qxtyi8}Gv&`cA(h9m;Xl41
z);&vpOEXkWdh^T9JV6IMlQ2JH;0=d*HtYSWEu-m;drR-VKPj4*C%tm{!SU>fm^I6z
zz8O0En>SMmw?@_4_s=yQ`U-q~HuKHz&W_D@ZU!u1foDBAysJp_f`)E7EUBxPeaekK
zcz5@j^tPJ$wT-ACdlne1&igg{TGQYWA0^4v#$*jQ<%(ZrPHr9wtQ^~r^&-vic+KlX
zmG6e=1$S~l!Lcyk@cy4$pY9uHe$|AhUvEt$&AexwaFKhSHsNwn$78Im_nCWV%>3?4
zUAG=)#9e&%asAODbm{Rw`aNss1Jw)Xw=4Qfv3hb`7CZj#_vZb(qn5?j_X@|RN#->k
zbnf~5^5p5ueaR)!EynlMKHp?X(kFc028VG`V76&V;PsfXoek6cAKlBJt|IJ-yYOS_
z7!>?(I&KoPyx@jOd#R*+={&9K2TotHVBAIl<=e7jwCRHA&fM&k`z!vIH#$T^6vDpf
z+XscepA+o;IIvcD=w<7)Qx63Pz+YXrB2%vxeQJ><>|9+p-#gg<X)0@L($Bp3n$pnU
zFD{j!-|b<i-|oUYXM;MR&(01et&94zRDQJQ+1AvY2xwK7yJw?w%B5Emu~8-88!wdH
zDnWzCw!J=VOg%J(^_ObN(g%8Ya`in@ts<|Mj{Ca(5bQ@!@6ixZ`+?cxcCB$R3f3>!
zA1WT~9QSp~s^>XRR^N&#k(YsrN4*FP>nvxiL!E*aM7PatsHhl5yfjJ>F=PGckvjqi
z*Cq4EL2AC-1#<8}WS@5ZqMAST?lYaC>rLQS<Ds>Zfg5q3K)-b(S1wc^E8vWw+`V?G
z=oV13XZ-fSa{8wU)FqgeU9E9fKOWi6-LYEpKCtTg9(~6rRaWwb)+{k@)k^D*pqbro
zXLW>{jD=Aj)vX25egEL$A(R?fXm`dfx^n5HZ8sObo%8jtnbY+BvGB0#XCB0#DYqIE
zg9Jr@y;Kq)ytr>aQ2TAij!I76-D?o7r*<Qvp1+j;e%=*p{Dh(=QFU7mW5R{u!+TQt
zKHqwK=qMMRb)j$s>GbRwsc%4!s}bB|6wNNg?efKGgJ?!<clG<=D>sTxk2@25;|=As
zFyqF@<3N4Icfq!av%!<{>3Et#xV(k2_~)q}|B8eoia$}$U!0_ERc)HufXt)s|J+ad
z;O*Z^s)^u#-YI^pf(C*2RnYdj&j!EoEi~i*TfC~N^zN=BP)+(k^w^+NiywEuvOaVC
zn`SoUzC`8kUOa}oZ(lxRPRqPW$_>^Oy&gIuhw%7GSXb@vjds%P<81$*FNwE#i`r);
z#vZ7?z8unX`T7X}8tV<tx6Ip%_;{l)yX4%b*OUC$@Szuubw@v+JSFUS@N`M}t5ND}
zH-p2BoWYyL#3i@Sr4Owx?n;CF@yiQC=@!KK-+!U!t|~7qOJ7iQXYPu`_-nnLnJLrU
zUooTPV1bVGBLuCVy+Vo)dD-_O4wF7~{+GM^VwyKipE9)HmXf%4c&tt>c-e`%JWHXf
z8Gjbv7E#i%iFRohyiFcF*HvFL68_OsGsF+Af2wGlHq!KPLzzV?j89p%=g6K4%cZP7
z6Ql=U^@IBS?*q>}$ImBk-jsax;pN7N#{uE<dZtfJ-_#{PE2D^OyIY1mDx)4K!Ax2k
zaV+dI#N7Bx#JJSMzG2~Ab+pt!4n$vD);{OmotoSn<%Q^@D-jaOM9v#Naj4<9P2A_A
z%2}7=XZbAaK3CQ^&pzzhbo%bJD6I5X+MBN95x1JBtywnj^_5YDp|rFse|&s?PYfF;
zJFq5Z_-OjDc`YyY*Nza6NyJNfU2RP=2o`bn%Coq~1DhqDcLLAUoM*NPwck5=^;?RQ
zU!G2TG?T{m9HhO*hK0T&4>o+}zy7#-t-N`}@LSgclHvk~8<Fn*DsjNk@w|%GpLGw)
zl=6_P1Nnu<nrAxsni)s?<D&n0wEW|;k+&B<P=nU8M?bn9u>1ZA|6oIZM3{I~&y4hu
z<@G^+Vv*`W%_V<+Y6UjAE4=ZWa)S(bUdH_qf8^YR@{}r&;(Et}c_WLS2Y#(n9=v<y
zuRiY4F%LNl%=WnQjq#Q>OBYsF^1HVI>)PVWTIV-sj@g$uD|q7pGWY~HW%JZd28z7z
z2KqpTq7r>3A~O^kx~UUg7{lksE(ZADO(zYA>a2ff?w@+PrfSpDp6)w6j>Nj@-(OQc
z+02vTo|haf7rbvsi?g?1`LuWPex-cwj@v7y(oRf`yOQ~39Qs-+Iv}*&+(0N4ga<eN
z8+&^HYj<kwys+qm+e;};b*EBS+c(&c|9teIYZ0_K{ps!5<)w3eR`jlXKWqKHedNTR
zs;n{degfM959Ms^=Y|*pc^`@7Amh496Vw#6E5Brf4wdpt;a^v?%QwudfXuzr&B!}O
zIo~=o2eo0{#OL<_)4H0T**a6~mKV`C+jo?Wj8C54v&V0_cJSARzh~|kwx>MxzO3n{
zl1XW2_k372DpmZWf)O}S$Yx7q50sCX-?y)ynYhOhr1|xE74?PIbnXfJ`~t!We<5G|
zwymnVW1wLBsl7l(z^3W*|5)s1j(sq3=}|MxeYP~bEBC|bmaX8%N@w{Sa?LGK7C`ik
zlh>~CwmcZT#?I)y`t)H_I8X6M&CDq&nS;m;6c>8bJGbPomu;z=<EqYCP9|P$h#l&=
z^>9l^U6`Wr+lsi+Ey*LEFuOZ8F8dc~#wDTZDx%V7MO3XANwAhpy}dX3^ejIy|Kd4m
z^~mCp;qhPK*Rq~nPaig*KDk?7#?U+4?nyFAo_GR1q1p1SZ~u)7e}Dhp$kH-0KI7zJ
z$s(e(9WYiwEsmF8I(tJtWJD#2zibZ5`aGh9USHDKNW`5ESRH)S|JkVwF_mu$bE^`9
z5+~<iVhigXot8TPyGx_X>W=yfFyT4u-DNSyH0jCPx%8mAn7#{?g5%p<kJhJQ5G7|e
zsqV2Ey9qxQ&&^isX3;L}JlO9wr9XN6Y+Gwpgd?)?0RE@{<wk|$$=k6=psgq;Gw)#0
zwVR;aKi^lL$Sb3W$;<1!D~Qz@K6P)1QT-b)=C{j1zs%Z!MJ65t3UX_V>m$bqe`~Lh
zooZe>9b;PZDqjqEB8Q5Y2Q@eE^zb7^QRXAa@m@m1wAEie9ca~s`9rUNST%9h+6jyC
zjf|eGt%9+d#;z|ZUj|#h{GK8`f>{+9u72`(;6qaN<&=b>r^?AN@Y<K7YlZjP3PR(u
zbxXsnsll%s9ma$0LDaqLIWaJk1bq6cU{QW#GRZe#-TB`$?=;>W4a_L3xYtt~wc>1K
zz#7@<q}~~sAyXE$Y1U;Q%ii#%d(5To3y7x=e}LJ|zg2@yWE&6PX+N|oIB?;xE1w7R
zvkL~nlg=$W98zC5uwo9d&NEfBeH1)vW2AUj*=lfZ^Hw->$)0oF$M0|o#!q}eTV*me
z+r?uSJv>i&@6CL-sMs0XxbN`UCG?f#d%aO96eM!e>Oo;fu6$YXKN8VDGEry@;-M#=
zw>``;_Tmle({HWw_l+AHQQT`>8g}bs_4xbH?Ky9iE577^oi5587|JcgK3(%+g8b}V
z@$`!<1x?t{4(spJ%!HT8Ea#sL<t%jQsg>0O)bm%1kB-L-1WH;K?#y-UKc2MVukggf
zt`)CXk3%yOrni)CXs$Mig!P8=O?6$TmPNl`(6aH;>T$Ujw(z*Ad8yj5J5|$*i$8><
z4=hIiyw#jZd%5;bzpdYP(te>2bocDEj%h!<$rRD>rdhEiSI;jz7q{0u@OoJ*Y=rDX
zDEx2YDC_n&{rrHZb;VIdlh9F<9TVgFw)C$3=g#R9nis#a*s83C+3j=Gud*})3umAg
z8E=gKcu`P?iQ652A4#Veo({|Hm~GF#6dC?HT;bP0+_rH|OW#~Rxix)onxeaM_$bfX
zt{FYxhTygt{{}x1_ii3uRG#s$^b9)&d}#ftoteiX70UV}DZ%CA5$4w?M?W?$U!>2w
WFTEHJNcBzgrgI5X-uCe2W&Z<#qcpex

literal 0
HcmV?d00001

diff --git a/secrets/keyfile-chocolatebar.bin b/secrets/keyfile-chocolatebar.bin
new file mode 100644
index 0000000000000000000000000000000000000000..53bbbf036a0427793c1cd9728fdd5f0b5cb5e052
GIT binary patch
literal 4810
zcmXw(_g@W+<HaK>mqa3&DM@a1_d>Y)-tJ!Ak#%=>@7aTl5{j~^H0{hnJ!L!*Nf~K~
zJQ5xvBH7{V^TYQqIInZg`y8oS8K*SLtsb*oV=~5@tZI-G0*G4_ZnLGtS#8pA9f`mL
zV*v)9+^u#Rc}ZLW3=C9|7<z>mim?(kUKWdtg<72{dOVbfz=;i@#6%L14#OmI85q1$
z=uzr{M2-fK;>8#+2pdi;bP!E+G|KD(%QZ-fjbsympiZwv!A`Ou+(avq&*C5{BAkOn
z(b!EEGe$=<swEBsfNC<@sSLav<Me7E7BmbZmw04wla5P=yA4!)3QbBSGWbX)&P<{3
zZ6vbDMwKW96q6icx1z0X2S5pxTi{F*UnZc*U2c;Li@>C?$VjZjgb=%7a+4lH=i_Zk
zI@qg_YRp_H9wY^#AYyEimkNiu=@@{7MY6jTIG0RC(eZgatinLxS=b&n&0^H3m@>0m
zYoUXPR2<92rf>*oEX&Qs;UNZ=i|3Lm&}<OEfupjRa)?=$;&z(UiEtwVCS%AfLaK`(
z)k<X$D?~1m$n_XJ49#%6tVlQkg+Lgb7O+EVSBOCx0AGzzfO%FM%mlZZ>~a^@L00I*
zE+UD+605){B}1E(WN<QEN*jUzhjSbpy40y4ViY#AkfcX)i~u=Hga_deU>c51VNg{t
z9Gy&)6QNKp8V0k2!D5tNq%b4Ra*s$)cCy?lGPX{}CCR*OCD6)*Xhi@jn+tX@r3i?V
zAf^+YEE@!a)`>YNok^ynprLd#T&?$-R73>J%asV(ER7SU1af#tfrdokVRd!@OG=lU
zO-2G(M-pf$8k|Mt<Rc_BkCTekfdwf{8IMj^XdoPip2?$X;RFQSN)bwxTq}(rQJ@e|
zfJGuh8I5WLTa2M<`Bt|?Acb1(I;hKzR5`FNnH=gt@*xz5mnr^#j+F{10s+B<^Nl<q
zjT5e*(gaF~9S+m;-DV&N%a(Ip7?H-NNaV<n3^ZLWW(e6rG7OA20Z4khO+}Xp#D56l
zN<~yC)oq5ep=tt{V>R(@8gvp~0upoF0z2pb)&92{^dE#|Y5-R(<3bd42g_(N;I&C?
z7f;V(pd>IU9E;?_VHPTguVE$HQ?Mqj$AFP3k$5!^14g=GDlCEuBB=m&8Qx`dm|zx=
zTth&5l3ZA)Amxu5lBpC5WEzHuOLgnX613fGf*Y(N7@De8Af*VPP(@IiR00mbVoFN%
zYOE@z#zIoSjh;jvpR31m5MU2prvkAk6fBSI=Ftr{JynA-nmtqtL_<-l2`;GCCZwB^
z0B`}(>wyq}G7cYaAv!!fw-ry-D`^O(mSZq^33Q?frc`l_S~Lcw#gMQl2uUq4aok7?
zf?=VORRAqT!2qGe8p)r6m}GjA1Bg<ZSZ<ZjLxC7kHlUb6<w{5}16(JT$UJhXSk5F_
z%pez3<udS9G(Ertv-1c*h6O6YQ5<rsNeZ>O%w`-CsM1MEI6hS*U}#`?oxq4wbMSmT
z0q!O;q?{CwNMR!q*mea#r_s3W0+^R4r&<+CD*{Jkcr|#t8wiInEKYc$1H<;vv<QQh
zqk@y{2sMT*5$TgySc@EjNK~1403O9H@mg(40mNoU!*oC~(M_Y_6l%6zPmp2o0wlvE
zrRfNQKXxn%4u~oN6J2_VRG~o`RcwS<2;f;#3}7UY55k)yc!8B`RXg1xp^#-zlk`S5
zk)+U=i43}sPtudrc$FBIf<T)r2&{&gVq~P4j7|WYDB(fW3_COtf+ZkbJibh6kdgj8
zFqDhaA+Zdtzy#AXgdl>OlE^~RbVd?7#iNBnBp4M=08`iiD7;t6GwG~k9^H(mu`E!y
zQfXtDnGl$e;pLFrc7t9mH1IWQ1pI#-qZgWZi(})|R;ARY44);WgwOU+qi0*=0RMA}
zaEsxDB#=-A6_CAp4qAfoP*_YdPKvZjv}%<}iIN)hTo?{acSs}%zSBlW$w*oeSk2bb
z0B|)RE-o%Sg+eqUIYe!eMyYk!wQji>ic(nwCMd)z{F90aNU@2KO0kn;5d%`z_<6#5
zcklg6SVdMg?<SAmdZ9?yT2X7G-d%I`cKY{%*~PuDif%!RVn?>l{53B7^}fh2h-b05
zTL1a?%Bm(>Y4&59m~@lxiw8hhv^NTI5Vh1(bh^8`YIsNOi`17_PPgZtmMpHDF>0Kt
zU}@SdnxOT>1!WY!>sxH}`kk1gX@+i}xx?mN4BpezNu07<D%d4Rx)QVmoiZY-l2%(*
z&>qd=J@}lnI-Ysw8e$pW{AyT5Ys+rS{5hg+{oNmD_e&oi8SkI?x^!*Z`(-U(6@mEn
z2tWDdRzK0oN!P178jmS6S8Ds#D)L5GU5?y3S^5CX92Zd+2VB34J+|Uf%Z2-&doqUd
zw{JNcl+Rcjo=sXGRGIO*REi(@F6;IkZj5bZ{WYTxv0+(z^|(=0vLDdO)(%=-Eb&3(
zO#RCZv7_#^*Puoy@=Rnf&+lny=$CTyD|kjJJa2aF=%_gvORJ9;=w5$PE|?OIqL2j1
z>4#x#)%m~?Cr54ac?WH2KeH{RUbi@86N&1xY}?lQ6-)2shh4iaJ@;b@yUv~ya6e<y
zx*C7~8-_D)#_X+L{;0nrDC9GASNi_oBV#`FOxp|FDFxQ|nlu5Z12;BzzYvZoTJ!zE
zjkuBfp+7!uti3&j(6Bv(H~iq&$iK_ZAMKJd5A^0tuC2T`FzeaSffboYrKdyQPm0VH
zM#^XTb6Xz!mX!3?%`?0`?~9xC-3LS|dr(m+-<$R+;#cZW^VOZ1>N|@PGdfo<sX3I%
z$XVx``nbxcV*K6{get#^pwaHaqpO>8luaM1Kkt}-BaR|k*O6|R&q|N_Egc)Y>u85!
z>g!{9{xR!_Tb~cr=O)I^`T)&Tr#=0*O$53%W)rZTziK%Me|{tF+L+kpLLbbBhAY(M
zg};wD*<U)m-gyxB`P1-%73A(pXK2^YCt2$vwFvB^Y{v_5Va>Wti*1j79Q`_e$+?|+
ztgquL3Es}kaV>q<5Lz3WZB5)VI6P95?~gsfU)FuLc=IsKuv2Ac#IAw$9kA7Jx@LR|
zxEX(km?wU6=F+&Q%DcZn{`D>KhlP=0o8dLLcI4$RP1vHCMTS3S;`yEnCk7io{Wtl=
zu&NpJU*=2x5yoKWXb<2Q00Q6EJo&q3KG3i)?$W7u&?A1Q>M|P-`2S2jG%NHRc&!`1
zp!lz`Wz#DC5BAl%;M;?4?X^C^{>VItlf`e@o$uFHUe^!+S2WJd603EO!9V9Gt{l12
zXDBu;^B-ec6Kz)#(wIIEn7Blo+YmM7*Gk9pXO>O3KfAx5=U3c4n$VUzU=29@bpRCL
zJ*i0ooUGoaU){d%){GGsUeD&8nY`p4TK#Q7kv?%xjh`=a{Fy^LeOsQtLpnzGOR<}?
zex)5B_#Cbd!)=0}8P*$cyZaaZLP=wu_rR6HE5T2`pBRbyoxFIkkefPV{hEFE@5ior
zD4e}*RPpp_hr0=FLnjub1`N=d$Wf{tp^&6;!ygCB;zIuehX!wP---%atE|pDwRxrG
z!^Cyil{eY|wV{9AT$~bC5wFx+%+CiyeUIJ=!T9Q52BzNJ-{0DKmO3@ZT{E@~Ie!~?
zXAU%K#~}pf)QT=m(78zekW2{l(~K2oMy?p6s=CrWj9Wb<Y7O*4hymqi%PBo7-jbO<
z18uL??Ax_`%?aQX^uA7)1&cU3v?Y7ow~8)be9GCsD>7Y^i`UD&*@JoH{V#fc&dj?1
zG{1W4`$s7|?w)UuWZar^XH5JrG802-O5U?LdG~a;yRVNi)K`*o;rH3e1sg_p<w2+P
z&3$v45Y4cC-@f(8nQrduWwV9zU}J-s6C*djc$;aS)E1GdkHxqrHZ4Bf{^jSq*nsJo
zu8xu+YT1USiqDp3ZS9%nImX8&|CW))@7ISfsPJh`_sCJdQiq2iQITiXwEV4E@?UcJ
zl#}(+p@w0BRh&)N3a3q;_WeyXq37E1o8_}il^RD?Vdl`muhFhM6MMsBHy?XGdCRw-
zsWF3VJD=y2bd19-uvNW((emnPTgk@g_ddL1X5Kr(rO>(4vBf3%`$OMN{79w}LHXA+
zQg3!EMmSqOPTg0Wec@?j?_2c6<hS%XbMpbq?Zvrm)4u=rFEJ70YIwjPfy1Uem4;*l
zeHp*V^_OfNGO=V>@m}1CjxayM)!$vE{8GV%u~!Lc2ZP^so{I{@?rBUT&}R1pog4@(
z>Wr;Fg`tB^eXR+(j>x?kUwNuJO0%CBP#Yy-R}Rc%G(B5h`IWf}QbhJ&v0&B1qQ{D^
zg!=MK&z;u=Un+?sYYtZQJWJMo4@wwmAHB=AJIk=LC86)s78pLS_Q{tMX~~%lOKZ>0
z`|H>t9GQaGX09wY1*4k-r+3x)S;`~Rn=boCKTKL0w4v0rX^G!J((7=TKKah~H+x>r
z@ND2Ecn9`=F|GZ&leXMo3Qs&PvrN5_^f{ok{hI5)kk$54^EUimmpV)~w#yt--9zn?
zo4fZ5KNqHM5cK}q*!S*pf|L6q=NV~YZwoV|EP?sT4H)tz?EEn;va=I@W8u>|Gcq@8
zqpqmtzCHFN`^l#oBt#c|E<H}UkNd5>gH`c!()iKdpBhrKhWEI*%(i3#-|6>q(QlXf
z!IP=D$Zg3Z*2G_*^N?{NY5oJ(g0SWL5C5WsoIF0JHobuoI;NsMZQQkwvj*iC4lPNS
z_ltzc>j977mSMp8vW@J_ZTbVP;YH83t)vwRV}@N`o79mjV;2tk_EEa;E5D5%xq9Z2
zi9s8KY;!r|Kg{K<h+b#7as5bO<Dvz0`n-$Z-lTE|ywl_q?_6C3{^K#cr}>!f?AZ-B
zQ2!eGSMBH-`iK2a(?9skFyc$?+U`TQj;0^qy7V3T>7HEt4(ijzE>mWD!B)TAQM17J
zYj}dmU!SSB@2Gpy+K%q{9DO!0;lV;`-D4!AbIfyqEB7}q=*E<_%`cw3!el*94a(0!
zwv^o)Xo?V{d(K82kd;QH<z{sNQ_G8Qh2><&2nObjSM}TEDC=qT#a-W(Z7-LL5~@n7
zOe3CmmhN`MSv|_ZPH$iB>4e_f;E1J2UCC_Uuh{+hZMS>D0ryruobto`X_e`0z{lL6
zfbARP2c{NvBd_f>JiL0)l_fgZ|E%}*=0Mi8^8@c?qphXgr!u_naqu4&V*WY&y@I+&
z&B?3p{Vsy&y1#82{9dNb8P6KwjvpEwcWL_dqP7e|>i88`N1sX)U~pNi>&@iOtY=1m
zp*|$yl>1q6(Tp!$fk!V5J23~wvaPC6)vIz3-qHw83}4@L_vnFI9rkK*&a%~8uD<Aj
zkNa3~_i=R(xJh07qyF0Sy=ThI`g>#f^Cul)FZ!*nfMMsUD)GTpq{xh17uwPIb8_3n
z40&FiA!2vv#JIpYfxAMdW|#x(in7}vl?`2m)bfCPqAlfj@-owQx4t|VmvHH?tgfYv
z-s5X7?AqIR=BxFxsKhU6;eP*wC(~A~xNSJz_-aS$3hkBP;Dsj%2fJ)1FOnz0uT{4`
zE$ayU5q)iJ^1q8F*6@5Z-w)1d^qJjA2}zi+oEBiNzcis~cPiL1kFes>+H701Z;x~O
z{73%`yd_7h>%#$Vot0emiwSFeI*Q)wj*UG`FDw~O2F3q^loh5$PVEjO#xD(D8n&mq
zA`cNWD5|(}`9@zs9_C_Ldu?rw@$?i&r7~t=yyV!{<_25NtO>(E4vue(yua|+kqqYj
zNBGsU(JoU?O#bV&(d&kf8VbCh-VNMzBC3dH(N=@lb!i3s=){8CO5^znTb|CA7aUvC
zaDx(Ax-<9HiNyPh3O~kPzBr?^rIOm(HmPR$K4@R%i>#s8M}|k25~%;WXkFIQVBgyq
zSQ--?uw_%k_ABde&Y0&K5`U=6)=n5TYq3vg%<F)U@778xzmDo7#Fq*ZG--g>llFn`
zm6zmc`T;rhwoMy4dv4|jzqhLI0(VunM69C>Y#UWc{t>Z0KKC93ad&r<zwk$4dRD8Q
zV(k31jemV6!x@x%cK~z~oSf7dUl94V{qR`bB0**Uo5F0Ln1H5XzPamXp3mMoGj&p5
zGkwI{*1CUaFWToaX|<m}=UC7OmQ8-h7cq~05Wn2dxl=0c|B~T_Ui~6?v~|OpW^8Q8
z;Eu^%z`Tq@tMemND(XhcmIdXzoB7Shg;#DzX%0`AbooKdzShZQ_V$of-f8{k)|5j^
JHE-zG{txH$KBE8t

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index bac30e03..38042bb2 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,9 +1,38 @@
 let
   # set ssh public keys here for your system and user
-  system = "";
-  user = "";
-  allKeys = [ system user ];
+  bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com";
+
+  biolimo-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZzg8pfVtFonx/IvO2MKG5uVF/sMJAOt1Ifm9Vds2eA root@biolimo";
+  biolimo-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDoYNvXWunQYFORRjcYH1F98+zr20U79ROh+gmaC7AY/x3yf4y8uyMayF56VgQLVNwgEchT5t4dNb9qo2+1oUnjiKrKAVfQMN6WMMMEr4F4WT784uvBx5Uo6vmhgAa+xoo62c4TV2Uf49ZiPd+zAApBHW1F/whPtunPF28Wfr9g+ozSidhnAr+3nkfJh331tz9s+wgQ39AFzFWftQ60Guulpfj8SaVyxyv/yZZAuFpXNzN0Cz4fWBIWFOsib6Z8y+SlUCzSzOguZ7FygHjwlvOxoISsASAuf0OfUKHxVshiL5F5AX1ddmUgXbUKUTp/3Iunr74pfOQC8TXzZHqhrlFzYDmK5J9E6eADSpgx++bCCaHycl73BWeertCBZSHBXeb3Db9HX+mxwpfP3alVAt4ZqQb3YD/VB7XGDvHbmLn+wSfecO2qA9PxiA0yX7e2BZLN9r3G3bRNSk0GpnYM0i84FE9IipiKKnWVjj7J0UPQmz7rzAn2Lki1CnX9PDdxZneqTxgpBomHJt4H+vXMw13scA4xxEDBvfS5KkjbEJqWLbfklCoER6nV3NPLZ6CBl0Xe/VQBSkqEuUEIXih/oa8emDOGUODNF75ck5NJmKiGg6AFZoeiDa7PZMIxhhOq4vsR2Ty43rztUJ0CMX7iSIk3Eql7kqNdvrJaJ7z0GBsiw== ben@biolimo";
+
+  chocolatebar-host = "";
+  chocolatebar-user = "";
+
+  allKeys = [
+    bbcom
+
+    biolimo-host
+    biolimo-user
+
+    chocolatebar-host
+    chocolatebar-user
+  ];
+
+  biolimoKeys = [
+    bbcom
+
+    biolimo-host
+    biolimo-user
+  ];
+
+  chocolatebarKeys = [
+    bbcom
+
+    chocolatebar-host
+    chocolatebar-user
+  ];
 in
 {
-  "secret.age".publicKeys = allKeys;
+  "keyfile-biolimo.bin".publicKeys = biolimoKeys;
+  "keyfile-chocolatebar.bin".publicKeys = biolimoKeys;
 }