From 50bd09d1d8f83b6047e060160cc77d89eba5b050 Mon Sep 17 00:00:00 2001 From: Youwen Wu Date: Fri, 27 Dec 2024 19:26:51 -0800 Subject: [PATCH] feat: move user secrets to user dir and add github ssh secret --- reference/hosts/demeter/default.nix | 2 - reference/modules/default.nix | 5 + reference/secrets/nixos/default.nix | 16 +++ .../secrets/nixos/github_ssh_priv_key.age | Bin 0 -> 3955 bytes .../{ => nixos}/nix_config_github_pat.age | 0 reference/secrets/nixos/secrets.nix | 11 ++ reference/users/youwen/hm.nix | 113 +++--------------- reference/users/youwen/neomutt.nix | 102 ++++++++++++++++ .../{ => users/youwen}/secrets/default.nix | 21 +--- .../secrets/github_cli_secret_config.age | Bin .../youwen/secrets/github_ssh_priv_key.age | Bin 0 -> 3955 bytes .../youwen}/secrets/mutt_app_password.age | 0 .../{ => users/youwen}/secrets/secrets.nix | 2 +- .../youwen}/secrets/tincan_app_password.age | 0 .../youwen}/secrets/youwen@ucsb.edu.tokens | Bin .../youwen}/secrets/youwen_ucsb_client_id.age | Bin .../secrets/youwen_ucsb_client_secret.age | 0 .../youwen}/secrets/youwenw_app_password.age | 0 18 files changed, 156 insertions(+), 116 deletions(-) create mode 100644 reference/secrets/nixos/default.nix create mode 100644 reference/secrets/nixos/github_ssh_priv_key.age rename reference/secrets/{ => nixos}/nix_config_github_pat.age (100%) create mode 100644 reference/secrets/nixos/secrets.nix create mode 100644 reference/users/youwen/neomutt.nix rename reference/{ => users/youwen}/secrets/default.nix (55%) rename reference/{ => users/youwen}/secrets/github_cli_secret_config.age (100%) create mode 100644 reference/users/youwen/secrets/github_ssh_priv_key.age rename reference/{ => users/youwen}/secrets/mutt_app_password.age (100%) rename reference/{ => users/youwen}/secrets/secrets.nix (96%) rename reference/{ => users/youwen}/secrets/tincan_app_password.age (100%) rename reference/{ => users/youwen}/secrets/youwen@ucsb.edu.tokens (100%) rename reference/{ => users/youwen}/secrets/youwen_ucsb_client_id.age (100%) rename reference/{ => users/youwen}/secrets/youwen_ucsb_client_secret.age (100%) rename reference/{ => users/youwen}/secrets/youwenw_app_password.age (100%) diff --git a/reference/hosts/demeter/default.nix b/reference/hosts/demeter/default.nix index 50ef0cf..a5686af 100644 --- a/reference/hosts/demeter/default.nix +++ b/reference/hosts/demeter/default.nix @@ -8,8 +8,6 @@ [ ./configuration.nix ../../modules - ../../secrets - ../../users/youwen/nixos.nix self.nixosModules.liminalOS { home-manager.users.youwen = { diff --git a/reference/modules/default.nix b/reference/modules/default.nix index fbe70a8..d245f7e 100644 --- a/reference/modules/default.nix +++ b/reference/modules/default.nix @@ -1,5 +1,10 @@ { config, ... }: { + imports = [ + ../secrets/nixos + ../users/youwen/nixos.nix + ]; + nix.extraOptions = '' !include ${config.age.secrets.nix_config_github_pat.path} ''; diff --git a/reference/secrets/nixos/default.nix b/reference/secrets/nixos/default.nix new file mode 100644 index 0000000..f6e409f --- /dev/null +++ b/reference/secrets/nixos/default.nix @@ -0,0 +1,16 @@ +{ + age.secrets = { + nix_config_github_pat = { + file = ./nix_config_github_pat.age; + owner = "youwen"; + group = "users"; + mode = "0440"; + }; + # github_ssh_priv_key = { + # file = ./github_ssh_priv_key.age; + # mode = "600"; + # owner = "root"; + # # path = "${config.home.homeDirectory}/.ssh/github_ssh_priv_key"; + # }; + }; +} diff --git a/reference/secrets/nixos/github_ssh_priv_key.age b/reference/secrets/nixos/github_ssh_priv_key.age new file mode 100644 index 0000000000000000000000000000000000000000..87a16a1e14466d60b5c22b3a8e54aa43a0effc04 GIT binary patch literal 3955 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!*`Do#`|DKK+M4CD&2Nb~k8%rVjr z$TUw)(>HW64m7OHNH#F7DzeOT&M>p6Dm9NP_s$L7&G+@H&~^zl$_{sr@N}{8_Ad4@b;(K3$SXI@b9IX_N-;GnsmRUp$;nA_ z$<5~~3N&#G&NcE1HgQcg3Jr`XE6wss_sa0i(JzTiDG7JgPPfP~G>@#vt$^svZI%F=dB zsr2xVNDBzh_syv)H;T-$$oI*1)sIT{PfiT*;WBYC^eM?I^2{>LP0Vq0Nlp&UF-ZKh2^p0{0HqFiUcFRc0_9-v4tg0%?^mR*hGYJbVb#YB|bT!X5_25EI8USj)|H6`ue#Rer17){+=0`MkSHOdFAPrVHt_xDTY~T1-ZFqMoA@H zKF(1E8CB_-p1DO%24?=gE^yZ+DUHV5h1Q6QC^{;*=4Q;P9bhi?uFT&L8kd` z5hg`m=7FY$p%oF@T%i>y{y`og`T8b)fo85|LB+6KY#CS@7n{@z(Gfq~w|sTRgX`IU)@ zi8;>6enHyq2HJrY$y^1>ZzD|pZRYaIX02}0HM zTMxebWVuxJg{i`0w^m^u#h1HIxg{7uJ4pn*Cheu~&3k;%2!mTvCc>>m4RIRmCn~ez5LRyvkgi zt}n8%eTi1VmI>AxUdvacw^W#aSh?oxU(TXKZ2aMDi#czy`WxD8C{b1p zzH4*ZXL6p_f_JCI1Fn8osP#VH@;aoi^yK`aOJY;^YK6U#?SFM!;+)R87Vg?ReVOb3 z7Y5AxpqG_O`?OKGFnJXk@o%~#R&TfBf$jrGNiV6F_ zdb;?@I6N|#HD}U;a~w85rn`8%9$Np5ZPVJ@lP49cTo$u0tT~+#5!&x-xV(9jvg*zd z#TM;-rqe}Uy-X5TRn`qHwwri&ChO`yvBm$?o;rTtVr#Q7bnl8#hobZPJCns)_AQ9+ z6smB!ee~|s}IiQ&bXib{McK|zdKjHT_JT%@*WT7Ge`N9|Y{py`dGmy+^QN1wEVI{N_t|ld+xg7jmI-e1M}w}-s5i`QxZ$-n zV82ukOMpat-IAkQTcdu4tS#_Lv)wwA_uZ`D;*%KdN_lk7mNk7ddRL(*dbOwX(4Hsd zcV>4UpUZ!p`%PS>my(Ct0fCo?yIk)$rGGZie7|3}NKo44LHoj{?S`B=r^7AC} zO=R_sZkn_|{K?ji1f5!ahn_bJm9Kit`Fi@z!jgFH)rBGarSE-gQ&fr#HQcXkQ=hVZ z`Hx!@w9BJ2evkSnX0O|jD70(Rl=hbW^N#Ibu)fLrn$Q}Q|(;k2<5hZ(L#%YpOcKSFh*prSIRSv`QyBaJTQ> ztaOQi@0M-&r|MU8g;%^X5AgQdHz7Kwdt#ySfgL~R1{KNdy~DJ)T_I2ShjYTqhBdj1 zw%iDi>p31h$?NEQ?flyH8~vg)6kndX;S;mWdZv%a*K)}=yUmY+Ty}D{Z{oTXow5De ze9iLwYjKM-`+ik;$Xs;k{FPI1-M>X9`2BHF--Y{PFLl4j6#cW+OD}no5yQ7PoIAh7 zSFV?w9@e70_u<6j$+MIjW==eO{Gb1Wzxi2{WE4%)rwbl2y1#kHA+vjv=0+qqKM{?c zQ~5q*-!ZId&H)9@U3%Z7pb3@>$%jW`RY&CWp92imTT=-7F_9c{!I#7_0m17 zD#Ak-^~WnER;vWuRILu80qkteu@7nI_B; ztlUu^xZLFJ-g9A@%74y9NX6XwX?q}h&bRBIq#14g66*JcIrSn+Zm7vrnbR=2+^G>JX?*41v7J=UfCN_!*P zpUvQ73tSqM^)Pb6`naS!zkdm~=9<5-x%9WbuPDCD%v)fw=GEL`W?!;d!_HgGcE)g)#kD`- z1yx7$-tS>L(_Z1rb~!*wG3A5A+T0tR5wV9v&K!E8BwE|L{LkAj58Jan1qG7g`nRr;diYTQ1nn9uRWA=~E2EfC7~NjtW*YR#dOuVg>luMmFl z>~g@qt3SPR_!-XaTVnA}V3FM8y^$-qgZ@`*r0~gwO;M_vQ>r%GxwG4K#T-WG-34`D n#HQTJdYds*=f{nX3-7nwZU{U2h2exw+%=x}Cl@(07AFA!Eo{qG literal 0 HcmV?d00001 diff --git a/reference/secrets/nix_config_github_pat.age b/reference/secrets/nixos/nix_config_github_pat.age similarity index 100% rename from reference/secrets/nix_config_github_pat.age rename to reference/secrets/nixos/nix_config_github_pat.age diff --git a/reference/secrets/nixos/secrets.nix b/reference/secrets/nixos/secrets.nix new file mode 100644 index 0000000..a0f5907 --- /dev/null +++ b/reference/secrets/nixos/secrets.nix @@ -0,0 +1,11 @@ +let + youwen = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCrIRHcvh0fxYNc0sukl8nSGRU8z1RjRmuc20iuk9TUqAxeew+0pSvY9lU4vshhrcGUe2OKIxgKJ76xdfGRw5ofmmd5Fr4If6tzWAWdE6Jr3J/w58YL6/ISOyRwjTserjWFIaO41y9OuLzf3UtzBF/1zexnGwq2lMJ7MAi0JNJ5O+umgrcnF1BDWyw7ymVkiQTruJ3LV2XgJDpOKQlFnVGKgYyMgVGeGYjiZO9Sj8edq1ZFeEH1jN5TnAdnqsiwhFgZpCrBxFFZKohuQLyH+QaOmBsdgSZwsg4Prndtxp5GTrknupPCgEWJ1rgvykEchYajeWQLxyeW/O/4iSST7VLKS7dgzUHZ5Dxf/QP1iCSeJqCIIJssuIslMK1vYmJZYk098ZDlLrFCLepQqy0YGvZe4OVP4BK4UNu5DKKLTpPNwDnyf1NSNTT2q2TsWXKWBDl1eurX9MBR24ZQEoP0gvcnTKr+2rheOTWJ5asDswEWphp5zQxBjztPGe55H0zjnqk= youwen@demeter"; + users = [ youwen ]; + + demeter = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdcVbgUyQb+W3UjmYb3K9l9jkq/NkTSWAGFUJczJ07kEAg9nUUEfU6RGMCzCEbwWsVpNZysRfef6nxerQBcKiRz/bLUocFl/80ZoylQuxkWU8cvGdImFCtP76YKoVNwuHS0R31Qi90zQLnxs1oLmULSACH6Mw7+suYkVtH1prQdUHdx2bcOPqFk8Qpm8WuRNHxEbrFNuHNarHF3XHo/iIgJh8OeMbwE+MtoZCSfPMEnWGg4nKal3fQ3GO21wUyIZIZrSCMiYKzfvWrlLhd8rkKbGp+VRNe3m5q7k5p+pGSJMYHTRaGwOGY92L+GJOjjr/HrloINiEMC82zmUWctXQhK+4ni3ssPmOesEblfr9tXfwU0Xh0zNhqeljw/ptaZrM3k/yMW4h1DgI9BeBwcNcYqaHLwX6IqG5b8XxI+/JQniQmZIZM+kBx6GyZFrPxM84XWxhwjRKnn4oBU8kVn3RBlNwz3AFIjGpOh86Rd343X8Q6JbrMT/z17bL6StKXZfUFqgOWEs/JJEHT/DWKL2zF2ppqa5ZuJhzevrtKfAxomURXnQ77MPCUtbo2PFHmcl3fUD+yS2GD/8a492rUlCG2d5FS7KfW3L9rQwTnNBqQMGUu1Uc6qz5LWLEF7yoBtdKKZ3Y4lyPP3/lAQPs5j0Jx+coBdySca3xrmmvMj4/aIQ== root@nixos"; + systems = [ demeter ]; +in +{ + "nix_config_github_pat.age".publicKeys = users ++ systems; + "github_ssh_priv_key.age".publicKeys = users ++ systems; +} diff --git a/reference/users/youwen/hm.nix b/reference/users/youwen/hm.nix index 804f9fd..2679674 100644 --- a/reference/users/youwen/hm.nix +++ b/reference/users/youwen/hm.nix @@ -1,13 +1,11 @@ -{ osConfig, pkgs, ... }: -let - inherit (osConfig.age) secrets; - gpgSig = "8F5E6C1AF90976CA7102917A865658ED1FE61EC3"; - oauth = pkgs.fetchurl { - url = "https://raw.githubusercontent.com/neomutt/neomutt/a3b70e7edf84048e47e002e34388a4bc896e44ac/contrib/oauth2/mutt_oauth2.py"; - hash = "sha256-5mN+W1q9i9XiEtRTYIH0/qXpvfmkxOs71g9wM5vtfbU="; - }; -in +{ config, osConfig, ... }: { + + imports = [ + ./secrets + ./neomutt.nix + ]; + home = { username = "youwen"; homeDirectory = "/home/youwen"; @@ -22,100 +20,21 @@ in userEmail = "youwenw@gmail.com"; signing = { signByDefault = true; - key = gpgSig; + key = "8F5E6C1AF90976CA7102917A865658ED1FE61EC3"; }; }; - home.packages = [ - # a script to automatically refresh oauth token for gsuite - (pkgs.writeShellScriptBin "activate-neomutt-oauth" '' - ${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens \ - --provider google \ - --verbose \ - --test \ - --authorize \ - --authflow localhostauthcode \ - --client-id "''$(cat ${secrets.youwen_ucsb_client_id.path})" \ - --client-secret "''$(cat ${secrets.youwen_ucsb_client_secret.path})" - '') - ]; - - programs.neomutt = { + programs.ssh = { enable = true; - editor = "nvim"; - sidebar.enable = true; - sort = "reverse-date-received"; - vimKeys = true; - checkStatsInterval = 60; - - # without this, neomutt won't use the cache because the messages directory - # doesn't exist - extraConfig = '' - set my_create_cache_folders = `mkdir -p ~/.cache/neomutt/messages` - - macro index,pager \cs " ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message" - macro attach,compose \cs " ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message" - ''; - }; - - accounts.email.accounts = { - "youwenw" = { - address = "youwenw@gmail.com"; - flavor = "gmail.com"; - userName = "youwenw"; - primary = true; - realName = "Youwen Wu"; - gpg.encryptByDefault = true; - gpg.signByDefault = true; - gpg.key = gpgSig; - folders.drafts = "[Gmail]/Drafts"; - neomutt = { - enable = true; - mailboxType = "imap"; + matchBlocks = { + "code.youwen.dev" = { + host = "code.youwen.dev"; + port = 222; }; - passwordCommand = "cat ${secrets.youwen_app_password.path}"; - }; - - "tincan" = { - address = "tincangto@gmail.com"; - flavor = "gmail.com"; - userName = "tincangto"; - realName = "Youwen Wu"; - folders = { - drafts = "[Gmail]/Drafts"; - trash = "[Gmail]/Trash"; + "github" = { + host = "github.com"; + identityFile = config.age.secrets.github_ssh_priv_key.path; }; - neomutt = { - enable = true; - mailboxType = "imap"; - }; - passwordCommand = "cat ${secrets.tincan_app_password.path}"; - }; - - "youwen_ucsb" = { - address = "youwen@ucsb.edu"; - flavor = "gmail.com"; - userName = "youwen_ucsb"; - realName = "Youwen Wu"; - gpg.encryptByDefault = true; - gpg.signByDefault = true; - gpg.key = "D26A00824013D524BDF11126093F1185C55B84A2"; - folders.drafts = "[Gmail]/Drafts"; - neomutt = { - enable = true; - mailboxType = "imap"; - - extraConfig = '' - unset passwordCommand - set imap_user = "youwen@ucsb.edu" - set imap_authenticators="oauthbearer:xoauth2" - set imap_oauth_refresh_command = "${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens" - - set smtp_authenticators = ''${imap_authenticators} - set smtp_oauth_refresh_command = ''${imap_oauth_refresh_command} - ''; - }; - passwordCommand = ""; }; }; } diff --git a/reference/users/youwen/neomutt.nix b/reference/users/youwen/neomutt.nix new file mode 100644 index 0000000..6f06b10 --- /dev/null +++ b/reference/users/youwen/neomutt.nix @@ -0,0 +1,102 @@ +{ config, pkgs, ... }: +let + inherit (config.age) secrets; + oauth = pkgs.fetchurl { + url = "https://raw.githubusercontent.com/neomutt/neomutt/a3b70e7edf84048e47e002e34388a4bc896e44ac/contrib/oauth2/mutt_oauth2.py"; + hash = "sha256-5mN+W1q9i9XiEtRTYIH0/qXpvfmkxOs71g9wM5vtfbU="; + }; +in +{ + programs.neomutt = { + enable = true; + editor = "nvim"; + sidebar.enable = true; + sort = "reverse-date-received"; + vimKeys = true; + checkStatsInterval = 60; + + # without this, neomutt won't use the cache because the messages directory + # doesn't exist + extraConfig = '' + set my_create_cache_folders = `mkdir -p ~/.cache/neomutt/messages` + + macro index,pager \cs " ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message" + macro attach,compose \cs " ${pkgs.urlscan}/bin/urlscan" "call urlscan to extract URLs out of a message" + ''; + }; + + accounts.email.accounts = { + "youwenw" = { + address = "youwenw@gmail.com"; + flavor = "gmail.com"; + userName = "youwenw"; + primary = true; + realName = "Youwen Wu"; + gpg.encryptByDefault = true; + gpg.signByDefault = true; + gpg.key = "8F5E6C1AF90976CA7102917A865658ED1FE61EC3"; + folders.drafts = "[Gmail]/Drafts"; + neomutt = { + enable = true; + mailboxType = "imap"; + }; + passwordCommand = "cat ${secrets.youwen_app_password.path}"; + }; + + "tincan" = { + address = "tincangto@gmail.com"; + flavor = "gmail.com"; + userName = "tincangto"; + realName = "Youwen Wu"; + folders = { + drafts = "[Gmail]/Drafts"; + trash = "[Gmail]/Trash"; + }; + neomutt = { + enable = true; + mailboxType = "imap"; + }; + passwordCommand = "cat ${secrets.tincan_app_password.path}"; + }; + + "youwen_ucsb" = { + address = "youwen@ucsb.edu"; + flavor = "gmail.com"; + userName = "youwen_ucsb"; + realName = "Youwen Wu"; + gpg.encryptByDefault = true; + gpg.signByDefault = true; + gpg.key = "D26A00824013D524BDF11126093F1185C55B84A2"; + folders.drafts = "[Gmail]/Drafts"; + neomutt = { + enable = true; + mailboxType = "imap"; + + extraConfig = '' + unset passwordCommand + set imap_user = "youwen@ucsb.edu" + set imap_authenticators="oauthbearer:xoauth2" + set imap_oauth_refresh_command = "${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens" + + set smtp_authenticators = ''${imap_authenticators} + set smtp_oauth_refresh_command = ''${imap_oauth_refresh_command} + ''; + }; + passwordCommand = ""; + }; + }; + + home.packages = [ + # a script to automatically refresh oauth token for gsuite + (pkgs.writeShellScriptBin "activate-neomutt-oauth" '' + ${pkgs.python39}/bin/python ${oauth} youwen@ucsb.edu.tokens \ + --provider google \ + --verbose \ + --test \ + --authorize \ + --authflow localhostauthcode \ + --client-id "''$(cat ${secrets.youwen_ucsb_client_id.path})" \ + --client-secret "''$(cat ${secrets.youwen_ucsb_client_secret.path})" + '') + ]; +} diff --git a/reference/secrets/default.nix b/reference/users/youwen/secrets/default.nix similarity index 55% rename from reference/secrets/default.nix rename to reference/users/youwen/secrets/default.nix index f4cdc4f..9cb685e 100644 --- a/reference/secrets/default.nix +++ b/reference/users/youwen/secrets/default.nix @@ -1,41 +1,30 @@ +{ config, ... }: { age.secrets = { youwen_app_password = { file = ./youwenw_app_password.age; - owner = "youwen"; - group = "users"; mode = "600"; }; youwen_ucsb_client_id = { file = ./youwen_ucsb_client_id.age; - owner = "youwen"; - group = "users"; mode = "600"; }; youwen_ucsb_client_secret = { file = ./youwen_ucsb_client_secret.age; - owner = "youwen"; - group = "users"; mode = "600"; }; tincan_app_password = { file = ./tincan_app_password.age; - owner = "youwen"; - group = "users"; mode = "600"; }; github_cli_secret_config = { file = ./github_cli_secret_config.age; - owner = "youwen"; - group = "users"; mode = "600"; - path = "/home/youwen/.config/gh/hosts.yml"; + path = "${config.home.homeDirectory}/.config/gh/hosts.yml"; }; - nix_config_github_pat = { - file = ./nix_config_github_pat.age; - owner = "youwen"; - group = "users"; - mode = "0440"; + github_ssh_priv_key = { + file = ./github_ssh_priv_key.age; + mode = "600"; }; }; } diff --git a/reference/secrets/github_cli_secret_config.age b/reference/users/youwen/secrets/github_cli_secret_config.age similarity index 100% rename from reference/secrets/github_cli_secret_config.age rename to reference/users/youwen/secrets/github_cli_secret_config.age diff --git a/reference/users/youwen/secrets/github_ssh_priv_key.age b/reference/users/youwen/secrets/github_ssh_priv_key.age new file mode 100644 index 0000000000000000000000000000000000000000..87a16a1e14466d60b5c22b3a8e54aa43a0effc04 GIT binary patch literal 3955 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!*`Do#`|DKK+M4CD&2Nb~k8%rVjr z$TUw)(>HW64m7OHNH#F7DzeOT&M>p6Dm9NP_s$L7&G+@H&~^zl$_{sr@N}{8_Ad4@b;(K3$SXI@b9IX_N-;GnsmRUp$;nA_ z$<5~~3N&#G&NcE1HgQcg3Jr`XE6wss_sa0i(JzTiDG7JgPPfP~G>@#vt$^svZI%F=dB zsr2xVNDBzh_syv)H;T-$$oI*1)sIT{PfiT*;WBYC^eM?I^2{>LP0Vq0Nlp&UF-ZKh2^p0{0HqFiUcFRc0_9-v4tg0%?^mR*hGYJbVb#YB|bT!X5_25EI8USj)|H6`ue#Rer17){+=0`MkSHOdFAPrVHt_xDTY~T1-ZFqMoA@H zKF(1E8CB_-p1DO%24?=gE^yZ+DUHV5h1Q6QC^{;*=4Q;P9bhi?uFT&L8kd` z5hg`m=7FY$p%oF@T%i>y{y`og`T8b)fo85|LB+6KY#CS@7n{@z(Gfq~w|sTRgX`IU)@ zi8;>6enHyq2HJrY$y^1>ZzD|pZRYaIX02}0HM zTMxebWVuxJg{i`0w^m^u#h1HIxg{7uJ4pn*Cheu~&3k;%2!mTvCc>>m4RIRmCn~ez5LRyvkgi zt}n8%eTi1VmI>AxUdvacw^W#aSh?oxU(TXKZ2aMDi#czy`WxD8C{b1p zzH4*ZXL6p_f_JCI1Fn8osP#VH@;aoi^yK`aOJY;^YK6U#?SFM!;+)R87Vg?ReVOb3 z7Y5AxpqG_O`?OKGFnJXk@o%~#R&TfBf$jrGNiV6F_ zdb;?@I6N|#HD}U;a~w85rn`8%9$Np5ZPVJ@lP49cTo$u0tT~+#5!&x-xV(9jvg*zd z#TM;-rqe}Uy-X5TRn`qHwwri&ChO`yvBm$?o;rTtVr#Q7bnl8#hobZPJCns)_AQ9+ z6smB!ee~|s}IiQ&bXib{McK|zdKjHT_JT%@*WT7Ge`N9|Y{py`dGmy+^QN1wEVI{N_t|ld+xg7jmI-e1M}w}-s5i`QxZ$-n zV82ukOMpat-IAkQTcdu4tS#_Lv)wwA_uZ`D;*%KdN_lk7mNk7ddRL(*dbOwX(4Hsd zcV>4UpUZ!p`%PS>my(Ct0fCo?yIk)$rGGZie7|3}NKo44LHoj{?S`B=r^7AC} zO=R_sZkn_|{K?ji1f5!ahn_bJm9Kit`Fi@z!jgFH)rBGarSE-gQ&fr#HQcXkQ=hVZ z`Hx!@w9BJ2evkSnX0O|jD70(Rl=hbW^N#Ibu)fLrn$Q}Q|(;k2<5hZ(L#%YpOcKSFh*prSIRSv`QyBaJTQ> ztaOQi@0M-&r|MU8g;%^X5AgQdHz7Kwdt#ySfgL~R1{KNdy~DJ)T_I2ShjYTqhBdj1 zw%iDi>p31h$?NEQ?flyH8~vg)6kndX;S;mWdZv%a*K)}=yUmY+Ty}D{Z{oTXow5De ze9iLwYjKM-`+ik;$Xs;k{FPI1-M>X9`2BHF--Y{PFLl4j6#cW+OD}no5yQ7PoIAh7 zSFV?w9@e70_u<6j$+MIjW==eO{Gb1Wzxi2{WE4%)rwbl2y1#kHA+vjv=0+qqKM{?c zQ~5q*-!ZId&H)9@U3%Z7pb3@>$%jW`RY&CWp92imTT=-7F_9c{!I#7_0m17 zD#Ak-^~WnER;vWuRILu80qkteu@7nI_B; ztlUu^xZLFJ-g9A@%74y9NX6XwX?q}h&bRBIq#14g66*JcIrSn+Zm7vrnbR=2+^G>JX?*41v7J=UfCN_!*P zpUvQ73tSqM^)Pb6`naS!zkdm~=9<5-x%9WbuPDCD%v)fw=GEL`W?!;d!_HgGcE)g)#kD`- z1yx7$-tS>L(_Z1rb~!*wG3A5A+T0tR5wV9v&K!E8BwE|L{LkAj58Jan1qG7g`nRr;diYTQ1nn9uRWA=~E2EfC7~NjtW*YR#dOuVg>luMmFl z>~g@qt3SPR_!-XaTVnA}V3FM8y^$-qgZ@`*r0~gwO;M_vQ>r%GxwG4K#T-WG-34`D n#HQTJdYds*=f{nX3-7nwZU{U2h2exw+%=x}Cl@(07AFA!Eo{qG literal 0 HcmV?d00001 diff --git a/reference/secrets/mutt_app_password.age b/reference/users/youwen/secrets/mutt_app_password.age similarity index 100% rename from reference/secrets/mutt_app_password.age rename to reference/users/youwen/secrets/mutt_app_password.age diff --git a/reference/secrets/secrets.nix b/reference/users/youwen/secrets/secrets.nix similarity index 96% rename from reference/secrets/secrets.nix rename to reference/users/youwen/secrets/secrets.nix index eb4389f..99bb449 100644 --- a/reference/secrets/secrets.nix +++ b/reference/users/youwen/secrets/secrets.nix @@ -11,5 +11,5 @@ in "youwen_ucsb_client_secret.age".publicKeys = users ++ systems; "tincan_app_password.age".publicKeys = users ++ systems; "github_cli_secret_config.age".publicKeys = users ++ systems; - "nix_config_github_pat.age".publicKeys = users ++ systems; + "github_ssh_priv_key.age".publicKeys = users ++ systems; } diff --git a/reference/secrets/tincan_app_password.age b/reference/users/youwen/secrets/tincan_app_password.age similarity index 100% rename from reference/secrets/tincan_app_password.age rename to reference/users/youwen/secrets/tincan_app_password.age diff --git a/reference/secrets/youwen@ucsb.edu.tokens b/reference/users/youwen/secrets/youwen@ucsb.edu.tokens similarity index 100% rename from reference/secrets/youwen@ucsb.edu.tokens rename to reference/users/youwen/secrets/youwen@ucsb.edu.tokens diff --git a/reference/secrets/youwen_ucsb_client_id.age b/reference/users/youwen/secrets/youwen_ucsb_client_id.age similarity index 100% rename from reference/secrets/youwen_ucsb_client_id.age rename to reference/users/youwen/secrets/youwen_ucsb_client_id.age diff --git a/reference/secrets/youwen_ucsb_client_secret.age b/reference/users/youwen/secrets/youwen_ucsb_client_secret.age similarity index 100% rename from reference/secrets/youwen_ucsb_client_secret.age rename to reference/users/youwen/secrets/youwen_ucsb_client_secret.age diff --git a/reference/secrets/youwenw_app_password.age b/reference/users/youwen/secrets/youwenw_app_password.age similarity index 100% rename from reference/secrets/youwenw_app_password.age rename to reference/users/youwen/secrets/youwenw_app_password.age