From a2cc669b2271c852964eb1bde91e08143ae25fa9 Mon Sep 17 00:00:00 2001 From: rain Date: Mon, 22 Jun 2026 15:03:54 -0400 Subject: [PATCH] Add bit (CachyOS laptop) to age recipients + re-encrypt secrets bit-cachyos is the 6th machine in the hive. Generated a per-machine age key on bit, added the pubkey to the recipients list in .chezmoi.yaml.tmpl, and re-encrypted the two .age secrets (dot_omp/agent/encrypted_.env.age and encrypted_zai.key.age) with all 7 recipients (1 recovery + 6 machines). Bit's existing partial setup (pre-existing chezmoi source dir, omp native binary at ~/.local/bin/omp) is backed up during the bootstrap script to ~/.local/share/chezmoi.bak.. See onboard-bit.sh on bit:/tmp/onboard-bit.sh for the no-sudo bootstrap flow. --- .chezmoi.yaml.tmpl | 1 + dot_omp/agent/encrypted_.env.age | Bin 2400 -> 1819 bytes dot_omp/agent/encrypted_zai.key.age | 35 ++++++++++++++-------------- 3 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.chezmoi.yaml.tmpl b/.chezmoi.yaml.tmpl index 94ae392..842c57f 100644 --- a/.chezmoi.yaml.tmpl +++ b/.chezmoi.yaml.tmpl @@ -57,6 +57,7 @@ age: - age16pl6ad3r44hf3q70xra7fadmllhmnnpmksetr3hr6a0q55kd3f9slvpsdg # kaiser (services host) - age14yfcz6k3m4q99nuvd22ka8zgtgj6q5jmt0sz3cz0004uhcgddfpq49kxw7 # rye (Debian Pi) - age19d0dqm6nzmhlhuns2qa3z64rua294xvf6l2uy5we5dlrq6z4yvwq6g4y4e # crouton (Debian Pi) + - age1jk0xy6ltmd00x36jswxlj9c94pap3yu82usj2lzsxnqqdtngupnsyqjyv4 # bit (CachyOS laptop) data: os_family: {{ $osFamily | quote }} diff --git a/dot_omp/agent/encrypted_.env.age b/dot_omp/agent/encrypted_.env.age index cd9eb9f60623c5eca350f6153ac31e49f9ce7831..e05c8bdae86a89a40aab6de4bd01c2a10d3b35f2 100644 GIT binary patch literal 1819 zcmYk)`9o8O0l;x6C~c5KgNoQ$91O4-w04uE4 zQlZZfdnqhgf7HN{dCbtI+mG{({dB-!G!qW@>GyE8y@L?Y1nt zOON*wF`1i_l_Uy<2qgbzEl8^e%53NZk3Y-*zbcG7a_kS7Sc4LTBAWMc>| z5_S$vh_^TlQUqKi09=@_BzT2P8C|7y5=A;c%nJ%wDmyR8v;!Y-9?xHy9d<{pXR)8i@ zg(&>Fs1C3Z$SjLYMQ5XOBZ*1C5DoY|z+4c>r}BAvx|JJrBRn=&i{RumU7pWRF4k!H z4sRYxlo1vQfE-c?AuzXCETrbJwSGMn$QL0J6dNJS6@~{IEi@y5 z5PmxnHt5lO0Y@VR+v7O^3q(31nj8ZizL zXtivY+^BQ`44d7MPf@(-%XZL%Es={*{ zynmiJH|0EYKKfsyt7Fyw7{9Z73FkX(c0g6chyp%Hx-!}x-aK=YR=+7wnz$pUF)_R| zBYu5#f`PDY1E0?6gLb5yly#_HtQ_n7W76Q0%1<{eTs%~Dd9Y!7-OadD5UprQYw4rD zoyKkF7v?3^SFEOlg?5;lzzV}fBaOrIZ_c&O)zru1#$9!^3;mN5GHvsfXT8+#P z&rR=YOWPKVRz5F*WD-Nma#DO#5C;cCo5YrP3exBM3WTpZwmiLy=D$LS9}BKB*TzMl z{_{&)BKw*$u;E4Bg-57gwZzplp2kg_y#1lK|2j=89}A(!aHab_Jq;fmEIV5@eS2g5 z@0u$jhu6PV*Z98vz2$!$s)9yUY4X9T?&gBnYW~BQ`gB^s%h(286_lxWKJbSB9COxS z*cTh~_NC19Yz*-jW}w;&xZ5^a+B54DYWdh7xefj!Jxlei8H zACrW-8=~%#9wMyJ(RJ-3_OJWsOFkJC>@#Ngj*oB6%Kg(F%#7yf_5Ny1M8uxK6>(og z-=C&cKw&XhInRjcwd3Zawwx_76g~_`N(_5@|B_Z)+EqsV|H-b~**9Na@3=<(#B4g_ z({;k;ibGvc+|O@@kpF;@sRP)zx0B}MLLGNIbUy#?rOrQaq@jY>j1z%`>CIc;i$1$_ zoN@dpHoSY8BdO%TD!i*gy43Vp88|nSThcX~)I3?a%RFxT=PZebHh;e*y}6$>K6wxO z(T$hf^miXcUH(xXQqB&w4}6(aey|B`P3@CfA7)Im{#~?u^TZkTf0HOh8PDQAFTQu9 z+~uwh%}ru>R|>5Cb1$ym@(r0Ho01#67tzj@t)Eg=?1AZ3*`ECkoe$b<+LlAL?ykRi z!+>G!sZ+z1ve1=hzyU>^`iHjUzb{$)#^V)ZQU7CbXP0fnKO3o2#;7+WHodmSzoLAt zcg>|ROls=EJ^XzUkfHGO^V+Nw38D1{In$V`mADTd%Uer!2c;evmqHdTKT+ L?577CFPHubqSfhs literal 2400 zcmZ{mw+`z{4u*R@#qEs)D_FKvY@wX2G@4QBlx$hq%F@%X?{=qHRs={81izmI|NQwG zFDaV!52r}~NR|L12TI~Uvi6kzjs3x*Aa9<5zeJQyXDS#{^0uUu-aV;k7e4q!li!C0 z(QbR(;ZZ(eiRJ1dn)D&)TuM4H6uxg6^b^?0gRho@iGUeHd5Q6T%xd?{WgQ3|zh+`= zB4z%jVYH_;yTu|9^3IyERQ0F)%r*IOTl{L=R$GDo`+lcr%RU@1D?j?XeQ zq5Mo*ODO_y!=6+*yJ#XaB7S;QZb!{;P_^~(pnN9KpP}2&&WDf83K1r(-v&M(v9GVT zFeAUK2@JLQ4n1bKA+IE@Y(+lbBPqM3#GrYBe9!P`Gdo#=?jZVYDZxM<!u zTqqBA*hpB>fqQf|C`Gapgn6BK%<47rnc)KtL@=XfSUn18nOgo!V}5#kmxO~55d)qC zd5w8z-XdNHGrr(u|F(wiO$@yB<~4>| zXMb=l_UNLn3%?}w@;N{?_X5Z@FWR`<9(u)>pBWb@%E*&UPEB zK`$ZZqIg$5bcw|dZ;!>ZZ&x|7Mk|fDnya{JB&0}{ntmT9}nX;Xg@1Ie)+^yJ= z$#HEnntDYk4imJAKFy~J(@BikAyKK~T{wfXMa7i-pD7XUO*h@&U;N}?E?f#+^Q@n$tN0TsG7q643YTEJ+Pwe5` zK1QZgc6zTV+If;-mV=NJ`+4g*A6!%Og>|LNLu36AMB%6;n{ILU$bU_DF1hPp=Df15 zC~NZN5c0W-uOeH8)Lo{K)J0D7m|W}$PH?;agc3*ce!?IRU#GbQDkTfNld#XJ)P=}c z3;jaYzhVw^Cjy!yPh>~sxTHMBR@c%VBvu~;$64Qx&pEzZviVe- zSLq>tvdhP=UgR}+Uat&R^yvdi>RVH9-z9@C?&<;ubN))Q!aHo15bmFn8B#B9ReGs} z^F&255FvFXT)6@<_HiHl`J`@4OfW?r>Y{a{jdz&NC!<)5sMgoi-L-o=q(5=pxI+t1 zumbwwQKOLo6JdF6(vbarm#31tL{)NP)dc!LnOB|(^8NdIAVS%tFDLXMAYactD#T&dDheL6c_ggXiZNA}*qLGH`~u8yKL#obeMn8F4{v}yKdya$byMfKZ?J*q=B zHa%6Pf>O1nxd-|C@LG}1l*F`%$oaaD+HzE)6vs%VFM^S9_8~B(qRSq&Rf!Pt2vg?r zL-+a9mBltg0(bUJqr36WPcK!n_u<0tl)5NC#rG-oG0fK%HLrNfSb3fTq6o1{`&|m| zVRqw&y8T7nJ-m-~wr075K{&&;#BQ`WISP*9^*10f2wtbr{15iO4@t7b|NA`s7d){M Ae*gdg diff --git a/dot_omp/agent/encrypted_zai.key.age b/dot_omp/agent/encrypted_zai.key.age index a502dda..36be2bd 100644 --- a/dot_omp/agent/encrypted_zai.key.age +++ b/dot_omp/agent/encrypted_zai.key.age @@ -1,18 +1,17 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBja210UjFyaUdtSkw2M25G -WWJ2N3ptejFCRGdMSFVnVk1IUjdxVkIzUldrClR6MjJraThHOFUzTklxZDFIM09B -QzdsVVpHNFpaaVpJeUJNNVNtOUlGUlkKLT4gWDI1NTE5IDVWN1JjeGV1ZjFJUXNo -bFRmdGd4WTFRZDBhaDBXQVliWVVacUUyemIvaXMKRksrOWwzUk8rY2hJcUN0enpW -NXUvdHEvREVHRjFwQ0lmZkdzY2pDVE1lcwotPiBYMjU1MTkgQm9OYzVSWmpKc08x -NGdjVWZFcS9GV253Q0k4RzVBK3JzSmRHU1gyWC95WQpsL3M0aEozcGI2RFpmNE50 -SFE0bTJnRnpQOXI0M2pSR2pGWEV4QnJMTTdNCi0+IFgyNTUxOSBBZ1I0TGhqY044 -bndZaVdSaW51c2ljc1l4ckV4N3haNStvaHRsNGpsV2lJCjBJNFhySUwxM2toSXVD -ZkZEYkZzMXd6Mk0ycEdwRVZDcWg3djY5ZWF1QVEKLT4gWDI1NTE5IDdmQjB3RU05 -cFM0VTBzWUl0dVZwWVlKUmhDbmlwY0ZKbFdpTWIyRnZLbTgKVWFRejdvL1VEeHp0 -SnZ1YWJKQ3lSR1owTjdTUUt5Q0lKQjFEZkI2WW8xVQotPiBYMjU1MTkgUW5ZMWZC -MTJBNGovTERvZXBXS2dSVVlYSW5heWQ3MTZBbWVYNmpmSWpFRQpoV2xsL3BUL1JK -cXQvL0s0SGZ1ZzZESUZoZXJ5VzNVazJKWkxYMkJoZWhNCi0tLSBSa3VaNUNIOTgw -VUFUZE41MWk2NEZrVE5xREc2NUVrd3hsOU15K0xxNm9rCuSszdd/l0WSCvWGiyJe -w4fB7uhKLWBX1t+OByoNnh/ZImiRkGXOk/BiX3VaCn9tB5KigWzR+n6RhpepNVMf -4Ouir24gMu+UIYo8NoYjHvxKuzg= ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> X25519 jFg7WY0GaqqXkVmjgSXjmYHY848WWVJRw1KosZQA4gk +vghl6tNZuzF9IL4idCKYFoQK3ooOOkdClCMO5ZrHqK4 +-> X25519 71X26qWmCkrmzoZVnp2RlWR2OmYvZ+/Rm4dqtZA2lFk +VmFNOU29SbLOliObTmudIp++V1wurQg3MEs56KdrBNg +-> X25519 CzcDe+QVFNPTG2Ffia+gXvF5HX1Hi1GsdQ1DXv2sG0s +cPnMayXeI7+oK1CkPAr0lLL5P6ZrE+VynpAAwjmwL7Y +-> X25519 3iKs+rDaWy+pM2rZN1bQvSA7HIoKwrDUNKGj5UiWMjw +RF3iOQl2FPyLm+hC9Xy5/TyfZ2dtfRufuYDAzpqNF3A +-> X25519 z8hhzS2bpRTyrut9F/IECvWWp2dw2XuhnSbbBGrdLGU +tYAXzgFLMxm3LjslebVOCBQU3gxNd/UVY7Hv/xUHRE8 +-> X25519 g00jqDVWKEBa+JoBBu95oDPlvQ5YCOluBpxmdphHaFo +hBmVqzeHds8RRC44KnWscU9aZC6km3g7gyd9nMKE+tM +-> X25519 qgdvUFlB48K3hfHSkL3pEd5hRqzIoEpKBe9JxRHenRA +JW59mSK+9rQTK6wTgpD0ohD0NaS75QYkucSgXC9HDZs +--- 1mQryCtnyoJD5zfvpSyx3Wz0LCr844sDN4hLdxtO5AM +BK"_0i[.B';oJ1uIq?0TZ`)#7$/;ͮ!R< \ No newline at end of file