Add secrets @{kaitain,richese}

9 files changed, 49 insertions, 43 deletions

diff --git a/.sops.yaml b/.sops.yaml
index 0e35530..5e8c148 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -69,5 +69,5 @@ creation_rules:
   - path_regex: ^hosts/secrets/richese.yaml$
     key_groups:
     - age:
-      - *richese
       - *nipsy
+      - *richese
diff --git a/home/nipsy/kaitain.nix b/home/nipsy/kaitain.nix
index 11813e7..0cc9556 100644
--- a/home/nipsy/kaitain.nix
+++ b/home/nipsy/kaitain.nix
@@ -6,20 +6,22 @@
     common/optional/secrets.nix
   ];
 
-  home.file.".ansible.cfg".text = ''
-    [defaults]
-    forks=5
-    timeout=600
+  home.file = {
+    ".ansible.cfg".text = ''
+      [defaults]
+      forks=5
+      timeout=600
+  
+      [ssh_connection]
+      ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes
+      control_path=/dev/shm/%%C
+      control_path_dir=/dev/shm
+      pipelining=True
+    '';
 
-    [ssh_connection]
-    ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes
-    control_path=/dev/shm/%%C
-    control_path_dir=/dev/shm
-    pipelining=True
-  '';
-
-  home.file.".mailcap".text = ''
-    text/html; elinks -dump %s; copiousoutput
-    application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format
-  '';
+    ".mailcap".text = ''
+      text/html; elinks -dump %s; copiousoutput
+      application/pdf; pdftotext '%s' -; copiousoutput; description=Adobe Portable Document Format
+    '';
+  };
 }
diff --git a/home/nipsy/richese.nix b/home/nipsy/richese.nix
index 7f698d1..386b9aa 100644
--- a/home/nipsy/richese.nix
+++ b/home/nipsy/richese.nix
@@ -6,15 +6,17 @@
     common/optional/secrets.nix
   ];
 
-  home.file.".ansible.cfg".text = ''
-    [defaults]
-    forks=5
-    timeout=600
-
-    [ssh_connection]
-    ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes -o StrictHostKeyChecking=no
-    control_path=/dev/shm/%%C
-    control_path_dir=/dev/shm
-    pipelining=True
-  '';
+  home.file = {
+    ".ansible.cfg".text = ''
+      [defaults]
+      forks=5
+      timeout=600
+  
+      [ssh_connection]
+      ssh_args=-o BatchMode=yes -o ControlMaster=auto -o ControlPersist=8h -o Compression=yes -o StrictHostKeyChecking=no
+      control_path=/dev/shm/%%C
+      control_path_dir=/dev/shm
+      pipelining=True
+    '';
+  };
 }
diff --git a/home/root/kaitain.nix b/home/root/kaitain.nix
index 72dbda0..cb4ed48 100644
--- a/home/root/kaitain.nix
+++ b/home/root/kaitain.nix
@@ -4,6 +4,10 @@
     common/core
   ];
 
+  home.file = {
+    "bin/knock".source = ../common/scripts/knock;
+  };
+
   nix.extraOptions = ''
     !include /run/secrets/nix-access-token-github
   '';
diff --git a/home/root/richese.nix b/home/root/richese.nix
index 72dbda0..cb4ed48 100644
--- a/home/root/richese.nix
+++ b/home/root/richese.nix
@@ -4,6 +4,10 @@
     common/core
   ];
 
+  home.file = {
+    "bin/knock".source = ../common/scripts/knock;
+  };
+
   nix.extraOptions = ''
     !include /run/secrets/nix-access-token-github
   '';
diff --git a/hosts/kaitain/default.nix b/hosts/kaitain/default.nix
index bb71d7a..76a7424 100644
--- a/hosts/kaitain/default.nix
+++ b/hosts/kaitain/default.nix
@@ -60,6 +60,7 @@
 
     secrets = {
       "nix-access-token-github" = {};
+      "ssh_config".path = "/root/.ssh/config";
     };
   };
 
diff --git a/hosts/richese/default.nix b/hosts/richese/default.nix
index a5648d6..cf42235 100644
--- a/hosts/richese/default.nix
+++ b/hosts/richese/default.nix
@@ -57,6 +57,7 @@
 
     secrets = {
       "nix-access-token-github" = {};
+      "ssh_config".path = "/root/.ssh/config";
     };
   };
 
diff --git a/hosts/secrets/kaitain.yaml b/hosts/secrets/kaitain.yaml
index 255695a..951aa75 100644
--- a/hosts/secrets/kaitain.yaml
+++ b/hosts/secrets/kaitain.yaml
@@ -1,9 +1,6 @@
 nix-access-token-github: ENC[AES256_GCM,data:OcAY30aGdCEHyl6DW6mYOLI166w/bGBeTKQ645EG3lL0k1IHvu/ox/PG28AjlcCj4pZHeYxEVIYut6a9VoPNjRT3ohA=,iv:8kRcGkGm+6hWAQ0/0FwqDeS7i0GE8cyd0YsC9J6kl54=,tag:G1J/5pK9dQ2N29oz5byVuA==,type:str]
+ssh_config: ENC[AES256_GCM,data:pm2kOAyplRTTlQdIGOrX0/T+dGWUH0XdoVdibWY8qGUzgQ80NYGWgM6bHm272OeMKrCLE+0Rtgjzt90HF7cj00V7ER1CK2hJaLmQypsGEBel3PkdhO9oPmSJk9TtydtAldMA/OQEAtZkVm2+1AGiGdvuwNF2PMyJUXSGxqU/uCLpGhQoQY3QGFytsrnsNbsmZplwg5+tT/JI+d56ol2Gm2hvYtEWX/2PunQR2nim0HHDuCLojxXIR1oLbz8l1MU6PsZMHIKvBMbn27OIC4AHFENWbvsKzxK5YZk6DOX+ZnRiyYQ36+ykzAaNXXXuvGufPbKMOySJ4GBKKvxtGd95HeDH8fknVUly5/MraVnjymTmVAQfUm3/eQPxAkA6Lno5UOmxeYUVjFC/fNlx9HDNLwSNze8Kvz/ugdAqfmxWo7wbmlDkFW+HJT2IzxbMDdEUmErBho0s8gYO,iv:8Vwujh30g9GYps+J8hkFHpL+viC088AGLdPCMzL2/LU=,tag:ES2GoIJYk7n0b8MV1tnn6g==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1fptscuj4qa39238xfvc7envgxr4cf29z3zaejp2v3q703tq45dasf8vadl
           enc: |
@@ -23,8 +20,7 @@ sops:
             RUQzdEkrQTU1cC9OU1B3L1cva0JQTTQKzAuNy/7h5XyOIiQh/8fXfgri90dTW/qt
             wn/snTnrukwPaeQXsAHQDvzueYxSEtHqk0WYT8sOAfuzOQP7wGoGFg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-18T18:32:59Z"
-    mac: ENC[AES256_GCM,data:YHZ+rkkVX2CX1XgLKFvSEf1Hg6i6wJwNV2IdMx8kjyWSVjAx2PQjKvy/dLFsqspo1FF4Bo++jyaEn0yxuouVful12Q/6RAhf1HRDXK0TjPTWf/vsCw0Mlv/zcPOKMEPG4ltP6bSDG6WtTtFx3Ck6stQwepF2omoVT2E4kj1KONM=,iv:uHs5N9sMfPn4+ZEaU6BlioESWy/BijUfYHu/5UrA4H8=,tag:b/lwx7ex21Jw0knpuy1TPw==,type:str]
-    pgp: []
+    lastmodified: "2025-06-24T17:03:24Z"
+    mac: ENC[AES256_GCM,data:rbADZdFAqxx6oONZaw8u9BF9ZMBHaCIUCysOa7qucuPnC4N50PbmxhpYZR3Nd0NOqDbkT0+8Ox1XxF6Aty+kxvd46V70WR9oibGJkxuWxyAohXAETv4XjZl8JOkQV8JvEDAzKNjEXbOUKiLRkU8PWfQ13ogshuCE4FYLzrQcNjo=,iv:/79wztsyRzv+g14KeuM/68ne9cKenVB4WX5DYxIGvnM=,tag:626pO+4jISMP5Z/PWcPuxQ==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.10.2
diff --git a/hosts/secrets/richese.yaml b/hosts/secrets/richese.yaml
index 45bb5e0..a7aa1fc 100644
--- a/hosts/secrets/richese.yaml
+++ b/hosts/secrets/richese.yaml
@@ -1,9 +1,6 @@
 nix-access-token-github: ENC[AES256_GCM,data:g+9Vi3SOLWFkZGb6KzlYdYmv9JSIoYd4OaOhAYZLrxlJKWqsa66Tc2z5dFWr/wyPbitxRAzQB1xRZI3CUbMWOWb06L8=,iv:kjdbr2KLLWfIsSNTCespLXdQ4BKm4caiRASaCYWKFHA=,tag:DBqjdPHnMCSa6obeSy0WzA==,type:str]
+ssh_config: ENC[AES256_GCM,data:lNXNkmr0nWohTX+Zf4OpVCnFFaIafxqtz0a1p/mWHV+52W0pwS34vga4Xt1zd7tgaZChXPdU/QLVouIhoR/6o+cHlX/N7UIw5S5tg7uZfsMdxam1hs+VQzSunEYMpVTn9TmsrjUx/4ETKZLXQuA+cq3M/9sBsQYk6acJKstNKdyguG+QJJBddmaQOxp7+VUOELUWwOy3nJxldI1Asg95BXQImi4FLeRw9/iZKkgn0xUrCfljiXn5rC4Fpphebw/JkQMsbd7x/9fpK9wjNtUs/8MPXAIRYU6Ty912rYda5ALUpl4U8L2iRHwSmxriW42IdeRKXcmDtCAJMMN5LyWewqAc36RUwzd7G8ihEweZgRTibRIwYOPuYC10IihX5ccojjDakbMPDx/fhOHRlp6qjRHzB/4qonRbyr+f9CR9of8l6l+VAO9k69BeYjlbfvZOlDMWELGTmdKE,iv:JNcvLKSZ6xhrERXixIIOGlyQMrvT7D9W2zneNSTTjfw=,tag:iMHQNJVEShgUA1L5/3dm4g==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age1wv08vfv7mlwkhkn2pkq0gd94a3wz0gc3x3eq0szxem05xg05nfhq2glvv9
           enc: |
@@ -23,8 +20,7 @@ sops:
             MGt6VkNzc3hGU2FDVWxsM1Rqdk9qTkEKA5viW8YGBdqvLVLYEdzLWWggxQ2BrDOa
             atzlSR0WjUsK316X4HtVMyllk0FvLy4QdUP40/XLgd5DpxZZds3OiQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-18T18:32:48Z"
-    mac: ENC[AES256_GCM,data:VvcWlUPFgdQ/YAioKnZzK69PYulZanKNQOan3cHLF8BRehkw1VvVFAmPW0cPLY66cMXFma9rFxaP5XAdRojs2J4ViOgzbhrCHYTVCSA3VTcgBZRTPAfTggztwoPKic0EhE2HxfykhQCrPVxqa23Z25x4q1LuWskE+BMbGubPSP0=,iv:bJnO2oE3ogvpXjCUFKd/+5RXO2udL5a2UXdBdb5Wfec=,tag:dbZR0/BQpPAL996Siyta/A==,type:str]
-    pgp: []
+    lastmodified: "2025-06-24T17:04:43Z"
+    mac: ENC[AES256_GCM,data:JdElb6C5lvdOXouz10CLgYkmYnqlY0swPivTETGG631MKq08bzkc5zusmkBnHdQ8m/tO7R9JXYzOqoMIrrfgWQ+W2Du6m60BLOcRxGJVsFhcf1yb6GrM47NT/HAyyKUgJloDKJUQL10rrD8mPzCa475OBjebkJ7ycqKiyQV1cr4=,iv:raIutEF8Kv9lxkcboZ/8LzCA7JkfO4pXRRYRJJDz8KQ=,tag:7eTo1a6Kt+ac1Nz+2xfmZg==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.10.2