Migrate away from SOPS under home manager for root@ginaz

5 files changed, 5 insertions, 49 deletions

diff --git a/.sops.yaml b/.sops.yaml
index 6726fdc..3402464 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -35,11 +35,6 @@ creation_rules:
     - age:
       - *arrakis
       - *nipsy
-  - path_regex: ^home/root/secrets/ginaz.yaml$
-    key_groups:
-    - age:
-      - *ginaz
-      - *nipsy
   - path_regex: ^hosts/secrets/arrakis.yaml$
     key_groups:
     - age:
diff --git a/home/root/ginaz.nix b/home/root/ginaz.nix
index 2887c6d..8370818 100644
--- a/home/root/ginaz.nix
+++ b/home/root/ginaz.nix
@@ -14,15 +14,4 @@
   nix.extraOptions = ''
     !include /run/secrets/nix-access-token-github
   '';
-
-  sops = {
-    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-    defaultSopsFile = ./secrets/ginaz.yaml;
-
-    secrets = {
-      "ssh_config" = {
-        path = "/root/.ssh/config";
-      };
-    };
-  };
 }
diff --git a/home/root/secrets/ginaz.yaml b/home/root/secrets/ginaz.yaml
deleted file mode 100644
index 34d4d03..0000000
--- a/home/root/secrets/ginaz.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-ssh_config: ENC[AES256_GCM,data:guy6byi4DR1knoTe+/tDxP3HdSEJI+R1Io2O7LpgVffgo6Xc2hCz6ehZY1AD2F36OpDRdRz8midFoMDwKieY/LcQ5tZWVaEKDNk4Xy+v0Ac4AJGYyJyWh9J7CWydC4kc1R2ZUkA8Vclx5WcxG91Sg7M+xVEgzLip7Pa3BIESP0Zpd8iAMrafurQLBIU5i3TB0qt3OjSG+6nrST0zB7anmoDZ4bOHtiM+ymgULv9A40TAVpL1V2xqPTOZiwIUsUXb7NpVSSrFHTWJQhv3/czmTa7supOm1aEWrbdJUlTJ+ET0+RimzlPExduoEnLpcc4qaTjTXE2wiMrsiUB5SrlLQ0lN5LL4/G6CLPi4/+GYnxytnh+Rg9cYLRY6TiFf/3k88Ra/eaQTEEXHafNbJ230PKNXMDepx0H+494f03y9ZMOljmLM7FYjRslfPTD2+Hr4z8Lixw30UZRullot2/Dxjy0DpXnBXZ1d4zp/xKwaOA==,iv:zlvCTpmVtUlBDNgpTgxizAEH8CBTDxGqWBpDI1nqEqA=,tag:IBK6THL0lsJo35HZ0m4ipw==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age1900zc5caephklavvjxp0g4qqvyqlzg3sux69y9p092g3d3qck3kqz62reh
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBISkRGZ3BnYWRYT2wyWUl5
-            ZGRQaHkxeE9mZnhJVEErbEFSNEpNV0g0ZkRVCjMwQUpmdW41TGM5d0VhSStQV1lL
-            Z0hGNzF5RHBuNE5KRTB1Z2RDYjJ5dFkKLS0tIFFtckdaaWRKbVcyYXZKYTduRGk0
-            bDhMWTlPamF3L3hOWXZ4VnIycElNT1UKFN/prKIBGlCt5FWcwgGZ7SbjlxNzqtuL
-            N/ZxxojVpkQYhjfSQ3escw5CfuCaFshneycuxFwlIKYPNfVj3/PJbg==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1a9gp70y8576pkvklz2arz6h9ecnrjeue2vvh9mvvk92z4ymqrg4qdqm9va
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeTlIK3dEQXBZRWhtMDNy
-            Kzl4cE9USFBqR2llaDdKNGRaZHY0eDVSL21JCm1NeTZPSVVkNmNDdDVlRy9kQ3JC
-            L2kvbmFidzJQZHNTeFFUN3BLdEJxYXMKLS0tIFJQcFBCYzFvcFhoK1RiNzczcFNS
-            OGNEN3NNSHMxd2JBUDZGNnBON1FNYUkKhdDRVtSp1hJLHJEptwbZHIN6WGFjLkMx
-            SPC0i32atDGFK/IkBdwfhx1t5pecGw19EU+QDOJqe90nQ/mJcjW4zg==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-18T19:32:02Z"
-    mac: ENC[AES256_GCM,data:T+4VQgtnIkX2ZnzeM8mZfSn5ioUdtgvwaC8Xf4mXNi0A0UD0AkXBpQlhnhE8xLj3I2bka/Y007JsTr1d4M5ysEm2FHLfyGDGw91ME9voXGrekOY1sYsZisCXfFFbyL/7/ReRcLOgOHMZwxzcfMoEzg6f132bMhApBQZn+hvwpmw=,iv:HCpS8t3Vqx9ITBUElAIKBh/c5VjPK6Yrh6XrgJJvBrY=,tag:UBjKoWoibm5yb5NkmaLdHg==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.9.4
diff --git a/hosts/ginaz/default.nix b/hosts/ginaz/default.nix
index c811498..209a02e 100644
--- a/hosts/ginaz/default.nix
+++ b/hosts/ginaz/default.nix
@@ -68,6 +68,7 @@
     secrets = {
       "nftables/ssh" = {};
       "nix-access-token-github" = {};
+      "ssh_config".path = "/root/.ssh/config";
     };
   };
 
diff --git a/hosts/secrets/ginaz.yaml b/hosts/secrets/ginaz.yaml
index 38a9950..5c59d9d 100644
--- a/hosts/secrets/ginaz.yaml
+++ b/hosts/secrets/ginaz.yaml
@@ -1,6 +1,7 @@
 nftables:
     ssh: ENC[AES256_GCM,data:mGh0TM88dWZfymF7+Xt896POHOqoDrcsicncILYFRA5DBw3AjnaaG28Da+qcJ7/VrXGFVIRm4b8L+QeTJ9Uk/h1VEYUpmaPdqY4yaK9CPTDqKmLSLsTgrIvzbUjxJ062+KOx1ovGlLqpZnkiSgHyY2h7uYbxPnq+fvrboPRoxwZiIc8UQTs7KFsQolZPka5It5kXsa6mYdaCKYp36ypTCmD1dCnkneveiYxDg/58O9UJLSbMV7vbB2020B6ga8PsG/5UbFGMzOlktejgqgfr3ZQlU+A8E8Oh4S9uweDEBsg8W+XIDH3pV7qYflkUqCctunzUNdn94RtasAiBkLd5RIV23hiII4NbPnxke3jOtO/OElmU9WxXcIHX/obZ8pPnTZYNeeNxeubkph0KJJE0DKnEKFwetF0J4wnxj90R1hxAFYLXBOYEzVANuC8bVuVw0M0GB6yRzKbxA1uxeUAbq1njBurDfVAZwUh4y551YYTJJxRq+4VPDikkE7X35smRYgRzckxhWnNvg1mggcI+ZUuGkp9XYjHOwifumib1i95xeXAD5aIiS3GTTTFPLajOlbJhdU9RHA/6WY98PEJmU4sybWS1REMkI3LfxjibLACds9B3NQYpbwIrYu4WdLrio5eQp8ifAUv1nMQAfJDYX+Vd1TEAqcv01kWiad2FVrNSy1CVphGfTHHgOfk+P/UpLMnC/OmbvTrc74wgmBVdvnMkOca4JvT94d8VtiriJ8vr8l2xOqA8A0sjph8ucInZ7GXIV91fePwFH50kYHQE7a0sSTtGMvzKjRg2/7VtgubY8tNSUO/u5FNXKbPYBwhYKB8DXI5G1m9otPa9PeobeLsLcovRyqfVhqzAIw0htQYvHHC6RZwkHptAa3RcxeB0+dj4IxB7yzayWCcNVcQHdJ+bSB897hgo5c/k26+TnYhz97STlS+/pf4h0To4JnS/+67nFqHMoRUTlmL70JAxkkwvjg+5T76+pFQFB3cPRZF48fiBo2NhpF0PWiSUB9uEIKjfyq5mwQ9tEHDTjv25V8qxcpQitu4W8ydO7L+5ovln68oPaZC5vSe21m4p7msDtg27Y6GLHTVCdFFSi9CmXgb3JCawLWDXkVMpMch1bFYcsOOumYZjBsmosK0Yi4zCZAreSJ6O8pakyjfG/T81a8wPySEjin6NGLj5rEo04YqXqIEoG5hCNQz1WIIsqfeeVZYMhQ2e5jlxqATbvnq8y4dVfP9riuUA1YAYmmwrwTw3OEnhShxtyl49s5FctmPxCPEoskzpQ1rvv45xDyvKN1QrlInu1O/TXPddpbs1eFRiyPBV+rzAwW5ULlsxy5letfqkQZiKMZ0bVIdpgJaTeKeCrZeg5khsRpxf7CIWhCRftzrVaesZKM3YGYGmlOO4FALQbg0vXQlJQBCidNVgtG8v0n/b0TCiLl+pmaItlp8GGYUHrKWLg/iNXQ4EDiXwfxF2TdSRtqkOIQQxo8Odz7fxccGGQNOeD/xCAVZuZgwOtcGGtzBaBIz18pttLRLIfzPr4WnCqlycApux1g8UhyK9zPo9kjeFnwHAseMi7sZb5iQwzSPpT6osZF127g9rgi/ck+1AB8EEsB8AOYw4DmKFCHQ8S7OuWMpAgqtphsy2sW0QOBHdp62bqZBlFofYokw1c72+SoW4ZsTwqX5ECc2pcwdDsdse9jyTHSppap/NguvgLtgfv7uz9tVw6T/Mw5Sq5MlwxFY3J0PFIJU1KjxXGmoTowor+QJVds5PxnWFBX5u6jsHs9ifcub7ddaNXuQHPGcqbyNp/T6pH51/NyymnWRq8/RcHE3DFFFYDl2J9/WY9+y1Q35o8fMo7XWJ5FqArogtAyDE42EjxCvujUos3JJKqcSUueKBimO0oJ1TzgpTCrYi4OoP54dVNRFSGVq5dFAkJ9Dmpeh4a/v1Gxuk9ujvxbRZso8GfM7gnr2FIK3hinipT7F8RHVx07YnJehM93Ul9m237OwJl5hpBBsFRy+yIuBoxd5DEeN3nPuztEOovW5lR+Sj0RB6ipJc5kaHTVx0bZm2SwPVr9RaWeHBq4j2b3HP5+frgR/vnPo3q6RQJLKamLh30mAxtzTV4F77N6LEXp9JFhs9ytv5y9MYwotHIjO6sN6pop1vcIpm/b4tKeYyUDJ6JDVuy/oroS8uAtf378gTRlT/P/ekDLRymyySvwWQ/TVtm5iF0vjt3lUdpwNOoY3J5TJZejCLbDOcShE7PDfKtf0QKGNBmxNh3gqtqDQ5YWoQirTLUv9B2Q7JkRpYZ+gLnkXMe0eu7QFcrjUMGeJwe7F4EOjBd7Xy6Wh72BVi54sYuuWWIgCOAFCjMDqMiLGdu2itnMJN33epOnnj3Dn2liqTDubSRpRaYE5/thVeRXKs+myuiU70R8mKtxol5/0i1HGrolT1Sq5k4O3t4Ibj/rhjqpmQU036T/211YS3DH9MMsP2YlOOv4NXBfptwJ+hKY3R2IoXI/FVHF1q0/8b24+kVefCZ4tOlKViPVLnYlYuxw72ztzhheKsSLMJy/UzMJMV4p250IsPAO8locfPIw==,iv:zHwrBGfdoz2j/5Qko5QNDkh/kkJ/bD/aHvEL5DACmKI=,tag:9YELKHujgP4p5yO5vAwZog==,type:str]
 nix-access-token-github: ENC[AES256_GCM,data:D0VIVA6O4vTDkg//+NgV0pptpSGFkSi8YtbcjjXTQyYLK6j6QJ1Zxhz1SaHZadWNjJgilMjoOHZOg742fdusxwzJTQ0=,iv:pjdlfeRW9v4q4+S/6voEFPOvwQMQYd2ehQS2k0MNAuI=,tag:HG3+7EfbD1XTjxE2UjTV3g==,type:str]
+ssh_config: ENC[AES256_GCM,data:WY7WwOu+ev0+Js8xNjRQYHzAy3arKdQY5IfXHFPLwY1Yz/Z+nXIMfL4vg9kjnjteNqVVfzzk9cjaMBxHvU4cqhznipFUjhV6LuIqVcRUersyVgquluQHEUt6WRbOY0QVbI2jUzPPrgjGlW2KDS62rxKhviC+JSULi3oJEZcB2Ko9I2Lyll6jW+ESUiiYB647bdQz5+638iY3M/2FgijLawr9a7qHP4J7h2U+9LfFj+L3ilVqz+u8YJenspKEMg/n0Oi+EMQfY/wq7zzhhxt+TCVa6Tlh7HEgdRrrjLaRLJZx1nsX5+nzdSthJ+lWYKodVlw3XeexJ7kRBp0/a6tKzsDcJvGIbOnAtgCfneS62CATgawcjTn+VzMC9esOuGsbeEu74I0fZgGNVxvd4PhcONe45Gho5S2ztaGLQdxC15y6e8Yv/fjw+lSN5ngvngDBBt3FAneYzvhwup8D5gUGS3xr2audXCka77Oqb6bGjg==,iv:bUG0wSgImCIQ80vfQs95FhreM557uzBi6FFn6VQAFG8=,tag:lmLVb35Oi5HXv6DPkaXAWA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -25,8 +26,8 @@ sops:
             Nmp5TTVkNFNqd29PRVlRZ2lZWDhaQVEKQ5dnzV8gqd21v6AlUfpOrBTyzvpEC2kr
             VF7UR0f3VOvnaJ5fDB4nrcHthYbQtxuzhV2wuvZFh+fBle5xRgGRIg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-10-14T10:19:24Z"
-    mac: ENC[AES256_GCM,data:XfGP9Yv5sDlMCXBjy/E1I1sqKhNqniDTCTxVpW498tok7gnuMo0rU3Gi+AZQZhNery3dRrZDfCRj2Fvv1O9eF75HrfIlbS6HwZd+XiZXRDeMC4W0jYy/egXevMsajwEmSPM4jnqeKsC1qs3iTqPBnRWCSS1WZoVXB8JSpDW84cU=,iv:TXmKXaNBNXluYF9WMUiXfzqcz9uGzEOFETbR5PvtSog=,tag:SvQuJrdaUeQPYQbXdpzc4w==,type:str]
+    lastmodified: "2025-03-18T20:30:06Z"
+    mac: ENC[AES256_GCM,data:GznKrPan9U7A9+98Ey+P4xWpRwrsTQ/E5rkypXGBH5nyLXuimyNIrb/p5d5pws/gtdOGMmDIAuOvzzo8BcfFljgIaBK557E1E5Oq6pskmNnIv4gZNjHSncmsA87NGEZYF+gkQijQB6lDL6uZmAz4g5IcWsQltMYlnRv3wM+rYhk=,iv:3IKa5siOFxsLXkBECpx3wimt/s99RtmETmB80mpnU2E=,tag:yhT85gINaoFqKBLTdrEXbw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.4