Add bit (CachyOS laptop) to age recipients + re-encrypt secrets

bit-cachyos is the 6th machine in the hive. Generated a per-machine age key on bit, added the pubkey to the recipients list in .chezmoi.yaml.tmpl, and re-encrypted the two .age secrets (dot_omp/agent/encrypted_.env.age and encrypted_zai.key.age) with all 7 recipients (1 recovery + 6 machines). Bit's existing partial setup (pre-existing chezmoi source dir, omp native binary at ~/.local/bin/omp) is backed up during the bootstrap script to ~/.local/share/chezmoi.bak.<timestamp>. See onboard-bit.sh on bit:/tmp/onboard-bit.sh for the no-sudo bootstrap flow.
2026-06-22 15:03:54 -04:00 · 2026-06-22 15:03:54 -04:00 · a2cc669b22
commit a2cc669b22
parent 89881a740d
3 changed files with 18 additions and 18 deletions
--- a/.chezmoi.yaml.tmpl
+++ b/.chezmoi.yaml.tmpl
@ -57,6 +57,7 @@ age:
        - age16pl6ad3r44hf3q70xra7fadmllhmnnpmksetr3hr6a0q55kd3f9slvpsdg  # kaiser (services host)
        - age14yfcz6k3m4q99nuvd22ka8zgtgj6q5jmt0sz3cz0004uhcgddfpq49kxw7  # rye (Debian Pi)
        - age19d0dqm6nzmhlhuns2qa3z64rua294xvf6l2uy5we5dlrq6z4yvwq6g4y4e  # crouton (Debian Pi)
+        - age1jk0xy6ltmd00x36jswxlj9c94pap3yu82usj2lzsxnqqdtngupnsyqjyv4  # bit (CachyOS laptop)

 data:
    os_family: {{ $osFamily | quote }}
--- a/dot_omp/agent/encrypted_.env.age
+++ b/dot_omp/agent/encrypted_.env.age
--- a/dot_omp/agent/encrypted_zai.key.age
+++ b/dot_omp/agent/encrypted_zai.key.age
@ -1,18 +1,17 @@
-----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBja210UjFyaUdtSkw2M25G
-WWJ2N3ptejFCRGdMSFVnVk1IUjdxVkIzUldrClR6MjJraThHOFUzTklxZDFIM09B
-QzdsVVpHNFpaaVpJeUJNNVNtOUlGUlkKLT4gWDI1NTE5IDVWN1JjeGV1ZjFJUXNo
-bFRmdGd4WTFRZDBhaDBXQVliWVVacUUyemIvaXMKRksrOWwzUk8rY2hJcUN0enpW
-NXUvdHEvREVHRjFwQ0lmZkdzY2pDVE1lcwotPiBYMjU1MTkgQm9OYzVSWmpKc08x
-NGdjVWZFcS9GV253Q0k4RzVBK3JzSmRHU1gyWC95WQpsL3M0aEozcGI2RFpmNE50
-SFE0bTJnRnpQOXI0M2pSR2pGWEV4QnJMTTdNCi0+IFgyNTUxOSBBZ1I0TGhqY044
-bndZaVdSaW51c2ljc1l4ckV4N3haNStvaHRsNGpsV2lJCjBJNFhySUwxM2toSXVD
-ZkZEYkZzMXd6Mk0ycEdwRVZDcWg3djY5ZWF1QVEKLT4gWDI1NTE5IDdmQjB3RU05
-cFM0VTBzWUl0dVZwWVlKUmhDbmlwY0ZKbFdpTWIyRnZLbTgKVWFRejdvL1VEeHp0
-SnZ1YWJKQ3lSR1owTjdTUUt5Q0lKQjFEZkI2WW8xVQotPiBYMjU1MTkgUW5ZMWZC
-MTJBNGovTERvZXBXS2dSVVlYSW5heWQ3MTZBbWVYNmpmSWpFRQpoV2xsL3BUL1JK
-cXQvL0s0SGZ1ZzZESUZoZXJ5VzNVazJKWkxYMkJoZWhNCi0tLSBSa3VaNUNIOTgw
-VUFUZE41MWk2NEZrVE5xREc2NUVrd3hsOU15K0xxNm9rCuSszdd/l0WSCvWGiyJe
-w4fB7uhKLWBX1t+OByoNnh/ZImiRkGXOk/BiX3VaCn9tB5KigWzR+n6RhpepNVMf
-4Ouir24gMu+UIYo8NoYjHvxKuzg=
-----END AGE ENCRYPTED FILE-----
+age-encryption.org/v1
+-> X25519 jFg7WY0GaqqXkVmjgSXjmYHY848WWVJRw1KosZQA4gk
+vghl6tNZuzF9IL4idCKYFoQK3ooOOkdClCMO5ZrHqK4
+-> X25519 71X26qWmCkrmzoZVnp2RlWR2OmYvZ+/Rm4dqtZA2lFk
+VmFNOU29SbLOliObTmudIp++V1wurQg3MEs56KdrBNg
+-> X25519 CzcDe+QVFNPTG2Ffia+gXvF5HX1Hi1GsdQ1DXv2sG0s
+cPnMayXeI7+oK1CkPAr0lLL5P6ZrE+VynpAAwjmwL7Y
+-> X25519 3iKs+rDaWy+pM2rZN1bQvSA7HIoKwrDUNKGj5UiWMjw
+RF3iOQl2FPyLm+hC9Xy5/TyfZ2dtfRufuYDAzpqNF3A
+-> X25519 z8hhzS2bpRTyrut9F/IECvWWp2dw2XuhnSbbBGrdLGU
+tYAXzgFLMxm3LjslebVOCBQU3gxNd/UVY7Hv/xUHRE8
+-> X25519 g00jqDVWKEBa+JoBBu95oDPlvQ5YCOluBpxmdphHaFo
+hBmVqzeHds8RRC44KnWscU9aZC6km3g7gyd9nMKE+tM
+-> X25519 qgdvUFlB48K3hfHSkL3pEd5hRqzIoEpKBe9JxRHenRA
+JW59mSK+9rQTK6wTgpD0ohD0NaS75QYkucSgXC9HDZs
+--- 1mQryCtnyoJD5zfvpSyx3Wz0LCr844sDN4hLdxtO5AM
+±B<EFBFBD>K"¢_Ï0µói[.B';„êoJï1ðu´ü×íIq ®õ<C2AE>?Ë0¤¡°¨ÖTé¸Ñ°Z` )›#®7$ÿ/;Í®!«ëýRûþå<ì¾ï