Add bit (CachyOS laptop) to age recipients + re-encrypt secrets
bit-cachyos is the 6th machine in the hive. Generated a per-machine age key on bit, added the pubkey to the recipients list in .chezmoi.yaml.tmpl, and re-encrypted the two .age secrets (dot_omp/agent/encrypted_.env.age and encrypted_zai.key.age) with all 7 recipients (1 recovery + 6 machines). Bit's existing partial setup (pre-existing chezmoi source dir, omp native binary at ~/.local/bin/omp) is backed up during the bootstrap script to ~/.local/share/chezmoi.bak.<timestamp>. See onboard-bit.sh on bit:/tmp/onboard-bit.sh for the no-sudo bootstrap flow.
This commit is contained in:
parent
89881a740d
commit
a2cc669b22
3 changed files with 18 additions and 18 deletions
|
|
@ -57,6 +57,7 @@ age:
|
|||
- age16pl6ad3r44hf3q70xra7fadmllhmnnpmksetr3hr6a0q55kd3f9slvpsdg # kaiser (services host)
|
||||
- age14yfcz6k3m4q99nuvd22ka8zgtgj6q5jmt0sz3cz0004uhcgddfpq49kxw7 # rye (Debian Pi)
|
||||
- age19d0dqm6nzmhlhuns2qa3z64rua294xvf6l2uy5we5dlrq6z4yvwq6g4y4e # crouton (Debian Pi)
|
||||
- age1jk0xy6ltmd00x36jswxlj9c94pap3yu82usj2lzsxnqqdtngupnsyqjyv4 # bit (CachyOS laptop)
|
||||
|
||||
data:
|
||||
os_family: {{ $osFamily | quote }}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue