From 207920afaf3a11e5d2a0aa2671579ca1073b06cc Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Sat, 1 Apr 2023 16:24:11 +0200
Subject: [PATCH] Secrets refactored and added `cachix-auth-token` secret

---
 hmModules/shell/default.nix                  |   2 +
 hosts/default.nix                            |   4 +-
 lib/default.nix                              |  12 ++++
 modules/ccr/default.nix                      |   6 +-
 modules/mara/default.nix                     |   5 +-
 mothership-wireguard-private-key.age         |  31 ----------
 secrets/cachix-personal-token.age            | Bin 1973 -> 2058 bytes
 secrets/default.nix                          |  17 ++---
 secrets/git-workspace-tokens.age             | Bin 1915 -> 1839 bytes
 secrets/magit-forge-github-token.age         |  62 +++++++++----------
 secrets/mothership-wireguard-private-key.age |  32 ++++++++++
 secrets/thinkpad-wireguard-private-key.age   |  32 ++++++++++
 thinkpad-wireguard-private-key.age           |  31 ----------
 13 files changed, 120 insertions(+), 114 deletions(-)
 create mode 100644 lib/default.nix
 delete mode 100644 mothership-wireguard-private-key.age
 create mode 100644 secrets/mothership-wireguard-private-key.age
 create mode 100644 secrets/thinkpad-wireguard-private-key.age
 delete mode 100644 thinkpad-wireguard-private-key.age

diff --git a/hmModules/shell/default.nix b/hmModules/shell/default.nix
index 903038c..500d864 100644
--- a/hmModules/shell/default.nix
+++ b/hmModules/shell/default.nix
@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  age,
   ...
 }: {
   programs.bat.enable = true;
@@ -129,6 +130,7 @@
     loginExtra = "[[ -z $DISPLAY && $TTY = /dev/tty1 ]] && exec sway";
     envExtra = ''
       [ $TERM = "dumb" ] && unsetopt zle && PS1='$ ' # for Emacs TRAMP mode
+      export CACHIX_AUTH_TOKEN=$(cat ${age.secrets.cachix-personal-token.path})
     '';
     initExtra = ''
       # Don't enable VIM emulation when in Emacs
diff --git a/hosts/default.nix b/hosts/default.nix
index 91f8681..8665a39 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -144,7 +144,6 @@
 
   config = {
     fleet.hosts = {
-      # TODO add `hs` and `pbp`
       thinkpad = {
         extraModules = [inputs.nixosHardware.nixosModules.lenovo-thinkpad-x1-7th-gen];
         extraHmModules = [
@@ -152,6 +151,7 @@
         ];
         secrets = {
           "thinkpad-wireguard-private-key" = {};
+          "cachix-personal-token".owner = "ccr";
         };
       };
       rock5b = {
@@ -184,8 +184,8 @@
           }
         ];
         secrets = {
-          "cachix" = {};
           "mothership-wireguard-private-key" = {};
+          "cachix-personal-token".owner = "ccr";
           "git-workspace-tokens".owner = "ccr";
           "magit-forge-github-token".owner = "ccr";
         };
diff --git a/lib/default.nix b/lib/default.nix
new file mode 100644
index 0000000..4d32a5f
--- /dev/null
+++ b/lib/default.nix
@@ -0,0 +1,12 @@
+{
+  keys = {
+    users = {
+      ccr-gpg = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5cEUx25pnZiH3eBrE2xNbJ92gJiKSznDUNRzcEL4ti6FlJm+75p4q0hgdqHwStR8+uCWBL6viVFCGutOVMFE5MX1Oc3A8fJdR6H9Rrwvk/1UQzqzc9tWxw1qPLKz+fnPDomjOvNofghCWQRwX3Xf1HnIqvRwELpNbR9i+/cHkDGzLJxkstbt4gol8ywMPkw02QdKk8s5MEd1vawxc+7Chs0JPW57RDqDYFErYys52JLeAViCBB9bofF+KT42LuRXKSjWlvCV9kR5TL49vUeBgzMQWMh++WQdN4m9lpqFqYyc75I49/E0HGf8LChDSS+hvRnb5MbtnVGjEA4WDHyldmJCvUNob5CUo4FjoSPRi+S/J3Ads8D4JVwaJOJEVqmMKEhiQ0Hzk4hwe3eV/VumlZj4U/QjaCrqqi4TW/iP0gNRfzcfiM+G/z5R7w1NMUpTX7oilyKjMQmGnXB857D3SSptS7dwh5OiKhVmrQMRCduooUsj236abqLU28K//RnxhOgh8kDGgoUHApnTiMZNKhgLiR42lKrubNcW1tAAqoNyFLMwwXeMLjh0iP1b5y8ntfNPNIcGb7vcwpS24z/aIjW7rQ4J7x5EBphHGhys6ne+irdhOM8c7kFr+c8+Q2oU0YAtFuMYztAFOHm1e20X00Zvys2nuee+hT9F1NungAQ== andrea.ciceri@autistici.org";
+      ccr-ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzCmDCtlGscpesHuoiruVWD2IjYEFtaIl9Y2JZGiOAyf3V17KPx0MikcknfmxSHi399SxppiaXQHxo/1wjGxXkXNTTv6h1fBuqwhJE6C8+ZSV+gal81vEnXX+/9w2FQqtVgnG2/mO7oJ0e3FY+6kFpOsGEhYexoGt/UxIpAZoqIN+CWNhJIASUkneaZWtgwiL8Afb59kJQ2E7WbBu+PjYZ/s5lhPobhlkz6s8rkhItvYdiSHT0DPDKvp1oEbxsxd4E4cjJFbahyS8b089NJd9gF5gs0b74H/2lUUymnl63cV37Mp4iXB4rtE69MbjqsGEBKTPumLualmc8pOGBHqWIdhAqGdZQeBajcb6VK0E3hcU0wBB+GJgm7KUzlAHGdC3azY0KlHMrLaZN0pBrgCVR6zBNWtZz2B2qMBZ8Cw+K4vut8GuspdXZscID10U578GxQvJAB9CdxNUtrzSmKX2UtZPB1udWjjIAlejzba4MG73uXgQEdv0NcuHNwaLuCWxTUT5QQF18IwlJ23Mg8aPK8ojUW5A+kGHAu9wtgZVcX1nS5cmYKSgLzcP1LA1l9fTJ1vqBSuy38GTdUzfzz7AbnkRfGPj2ALDgyx17Rc5ommjc1k0gFoeIqiLaxEs5FzDcRyo7YvZXPsGeIqNCYwQWw3+U+yUEJby8bxGb2d/6YQ== andrea.ciceri@autistici.org";
+    };
+    hosts = {
+      thinkpad = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZMyLFfuBeDfPLn8WL6JazYpYq3oVvCdD4ktyt915TL";
+      mothership = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlepPWHE9GvQIBcAQBQPd80oiePSPxGDnMdqpdEqx6I";
+    };
+  };
+}
diff --git a/modules/ccr/default.nix b/modules/ccr/default.nix
index 31871e1..18c32d0 100644
--- a/modules/ccr/default.nix
+++ b/modules/ccr/default.nix
@@ -3,6 +3,7 @@
   lib,
   pkgs,
   fleetHmModules,
+  fleetFlake,
   ...
 }: {
   options.ccr = {
@@ -28,10 +29,7 @@
 
     authorizedKeys = lib.mkOption {
       type = with lib.types; listOf str;
-      default = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJmn7H6wxrxCHypvY74Z6pBr5G6v564NaUZb9xIILV92JEdpZzuTLLlP+JkMx/8MLRy+pC7prMwR+FhH+LaTm/9x3T6FYP/q9UIAL3cFwBAwj5XQXQKzx9f6pX/7iJrMfAUQ+ZrRUNJHt5Gl+8UypmDgnQLuv5vmQSMRzKnUPuu4lCJtWOpSPhXffz3Ec1tm5nAMuxIMRPY91PYu1fMLlFrjB1FX1goVHKB1uWx16GjJszYCVbN6xcPac0sgUg+qNGBhWkUh0F073rhepQJeWp5FtwIxe2zRsZBxxTy5qxNLmHzBeNDxlOkcy2/Lr+BxVy+mhF/2fJziX80/bWSEA1"
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDynKeHTnXOTCi+MH2agM4k5uBkTL+W5xkL/ep3DKuTIb9MbKjHkRIquSdVRAit4ZQVQN+S3yoCXCRdLLurM3/a6C7vc/a3UfGPyV/oDYDCdHNsOwimqIQg8Pc0WtnevLpZTC2VR4UU8zzaD/mmEWqxNszaNNUve+Fy0lwg6jn6vTnQCupbyMnghherozPJu94H/JLuDEcPT0wZUmBjhjT+yHp65Yk8hKVb1jRqEdjAHM4yZf6ceIxI9NMGeSnAKf/b8IsO6y7A93NZ75CnD6AW9Rclemi+nOqZo9zQ2m2LRtMTHSoNOLLkNQCCD+l2G4w1wPMONw4mz1vR917iJdd+5BXDtEVwScDfOmqVewynxkfztSvB+qTDzdqde3NO8fFA8jMk3rUXXfIl/Yb0G87wVT/Jcl7+ZBch8s+ljPsmyy5RY+uXLgKgE1tne0KJuzeJtxSAzTrPUhILB/A8PuJUzVGVWAdGRcusOc/0SdsluFsa11E0D946JcgNo72bWm0="
-      ];
+      default = builtins.attrValues (import "${fleetFlake}/lib").keys.users;
     };
 
     hashedPassword = lib.mkOption {
diff --git a/modules/mara/default.nix b/modules/mara/default.nix
index 773de1e..79dcc0e 100644
--- a/modules/mara/default.nix
+++ b/modules/mara/default.nix
@@ -3,6 +3,7 @@
   lib,
   pkgs,
   fleetHmModules,
+  fleetFlake,
   ...
 }: {
   options.mara = {
@@ -28,9 +29,7 @@
 
     authorizedKeys = lib.mkOption {
       type = with lib.types; listOf str;
-      default = [
-        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJmn7H6wxrxCHypvY74Z6pBr5G6v564NaUZb9xIILV92JEdpZzuTLLlP+JkMx/8MLRy+pC7prMwR+FhH+LaTm/9x3T6FYP/q9UIAL3cFwBAwj5XQXQKzx9f6pX/7iJrMfAUQ+ZrRUNJHt5Gl+8UypmDgnQLuv5vmQSMRzKnUPuu4lCJtWOpSPhXffz3Ec1tm5nAMuxIMRPY91PYu1fMLlFrjB1FX1goVHKB1uWx16GjJszYCVbN6xcPac0sgUg+qNGBhWkUh0F073rhepQJeWp5FtwIxe2zRsZBxxTy5qxNLmHzBeNDxlOkcy2/Lr+BxVy+mhF/2fJziX80/bWSEA1"
-      ];
+      default = builtins.attrValues (import "${fleetFlake}/lib").keys.users;
     };
 
     hashedPassword = lib.mkOption {
diff --git a/mothership-wireguard-private-key.age b/mothership-wireguard-private-key.age
deleted file mode 100644
index ea056d9..0000000
--- a/mothership-wireguard-private-key.age
+++ /dev/null
@@ -1,31 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa /AagBw
-eGPjVFkaQOpBCVhqe5gbtRg9e1BddGt6qPQDYuJlSEx5HCQRthRTBXhTNvHFWPJ0
-ueOzeLWkIVWUs3GDUFZoi9ycaXHj4n0kdGlrtBgEUI9CVj64KwM2+0MNVC2RXd+v
-iD0wIX38CXdY01LY+8Vgv+A6CCuMbFt/U/uPExtI6DtaujeboR4sm8NQjmV7KC8A
-2FatBpVWucBfH0/m6yGSIf1tujdSkbLLJ1PxVzyI4DRPXOBraCpu6LUpAyVFH/U1
-m2Asx8SLTp7gzon4JvC41I5gy87Nsrb0z6TrEjXRaxERcoeDyx4JM8J3NmOz5jXA
-LTHklKeC7BCWH9UeC6yny2RvHUTijbvVPQAAnHeZEttyNFX5ff7s2083j2pN55PR
-hV8kp2SFW7OeeinYcyPzQ2z+sNrKUWL+9o3yBPwMcBVzOnjN3dFYm/q2MhBDkUr6
-4Cis/791KY/mwjHj5KLrk3S91UKh64tKxrdsTCz4cKF2oMeLd1spxsDGKMNt/Yzz
-wNkX31FhvTMB1Nfgd8eWHG5R9EcJUz2pQGiel9Z36OC0Z0FrpqNyuXcftIB2wn9A
-O341y8rd01svS8UF9mAB+6oeHPG9K0cXpyxI+6CXg/lJwS6y+rdLfG4slkVsBlpI
-gJkruoKxclJ2gxEszZABrZIhLF1qVxI4XeunC+FufDM
--> ssh-rsa QHr3/A
-ORbNfLPqmoVVj+yeHHqDfzHxIx7xcRzUOdgargj88BkJelFHd6l0rd45Me387KdM
-NzlLeSEviwpEikI14rze5c4jU3oFV3Dt9lbss2ZLHfpHcOX3zn7SMbovG3h7ec/e
-ETS4eHnXZWknSpbKnrsVRlhc4wOqsTRgFzgNe4Fv7SaTuDHTu/nOdYTZEyRA/mKf
-S1V2qtRTZj0LyYhmET8p6kVAmARYXLE5rYu6PH7RmQM5nbha0WunWOBfHN2SP6sX
-a5czIfbmgLKvUNjP9fUJKK512yBP/EyOZh23w7UdSZFmf6m7mc0WTjqWlqvxr/BD
-DCU86xdUCS0wVQng2tAV/C62Seue7Xqf8fzHNa1PabRw0byw207r34sr/loITXVS
-43RGcmPuGUE70zbj/iKTf1d6WzzwNYlUTEYezy88OC44QEaU0+ijeX5HOp9bD5IL
-9mRlEDTGyaNPhnl1HTEu+V2aPhVKKA74GU+/WVbzGDthv7WgWK1lvKH6LoDcL3Ge
-LkTIDA1yGryXrrZ463HagxNDRJci2FN0ZQNVNFdtRIPTYJ1AMncAhQk3q3h5Yz5+
-zGaL0/iC8WWKlAPGqs7pK9NyE/WmXSgOs6zWlWCJD0a6sYbQeLQbEZTU6MU5eAwO
-ErWAyVREogiCc7KY87t1Y0mN+xb6v35gc3+uNUI4cB8
--> ssh-ed25519 q+UPnA WxqBB9PEyqaS7ZVK8P8o+/jpBYI9xICc8HxpkvGsGXE
-l95qDOiGPBciK2v45KdvWIoRIKxaQohX8KzMclCleP4
--> k-grease 44@` Qpn S)[jm' njF
-1THD02uVq23/Va4VkHY3Vmuj+/FqXpY
---- QcwYGR7q5NGmKzysPPGrv5Lsdsjmj27v9XkR9v1mxj8
-��/�4��w�������R̶g�r��*)	X`��6,&�7Z�^�����6j�yF��3�L����sEٮ��M
	5J
\ No newline at end of file
diff --git a/secrets/cachix-personal-token.age b/secrets/cachix-personal-token.age
index 642f2305cb29b081c26217efbcc651a57dd880f2..47cfc3680886f8e8df9738369a6ba0d3f3ec970e 100644
GIT binary patch
literal 2058
zcmZ9KNyzjD0YHUf(O7!$WTC<bEh3FyvrJYh{>@~a?3rXTNrXz4$ucw9Gf5^`Hxv;M
zRjUZagNI@((u;@opk6%aLAziTEaE}5`ir6m5k)9i1VOyM%R9UmW{2BD6?fNWDC+9b
zy33#u0d7BX)A#vp*M~O{6K3lPuursSx1bpwcrmZrEJq@Bqo^&`M5B;Vf^KKsU}jQp
z;RL*FG-7>@ZMi7uYI~YN-2@^&1ReLtKy~6nnPeHr2>SGxu<|sfkjf({v5FFZz?~s0
zBZ9Vzwe4%CfYf}xM^q5l)M18j8DE=>biU4<bm%uBMePv7hzY3brZsa&8Jcp^gQ<zo
z-aI=6hFfCUkXgs_dw^c(aB4}6*=$en<TDUH7daPT@v0-TP$sw45%Fk*Jvc(?pbH@$
z+S#b~9B;V^RBt$-8k0TZ`e-qw61_XH^1|@6TM(IngCTiZ9eElw+~bV(!M5C7OB8g#
z3kI^85`;Py%mBP@$7G3XDh@(rU&+vAN>gv+DW^rR_Yqg%Y9C&vcFRXhxg)#%bZzJ?
zG1(Z+2BhNvYZI6Kx+vH@&qdmd3UC$HP)o$i$`{lm%<ZX>-LzYWwSGXwO;ng<By>hl
z$-}ISA+T0p7wq+!?p<>`cdnKluK^}hHl`$KR)YP?>cXKSBn=fWV-?9K4GPL0K`%_7
zfPo4`sB3_1=%?okX?bQxpfoH%$H_n?ftYcP31MvR+eC!N5b;@Pz3TgE6~W>(#U+_F
z0CBp~W`*ZVC15b3%MDCHr@ekU(y$GlV7X=kbSGU>#zO*^-Jqe7OGMizQ?XQ(zgB?Z
za)c0NX|>`A3e=91%`pvwE=eRV9bm7q-p)1%YsK-V|NYpKx)sC#9yHRfcbF#fR801n
zY&_o139DT$gp<_Jo@spTC~2VJgOpxZHoB-o0p?}ui9@$Kjev6KK^4o3GUm=@sS`*D
zNz4JBuF;i8mm^9Qf@Hw<rJXclqB9Cvz)l#9SWv-ncVQHu*`~1W*3g-X{Ds|7Sgam#
z(Z*S>*D^^k&9Z{??M#`3%KL_%76j^ShUVlJZF8QLHGs_l>hYOX9@5xzK{LzqqZM59
zP_4QU<w0yw*T$xuB|gKX0o`dym!(`K#p=qo-53RyP9hkbx|;NfVV$CMe9vRfbv29;
zo+eJkwA_iS&198vSEoI@&N?CY@T^z7*kjec1F|sImNc015()7Y>X9`rWl`3^12^gC
zqje_OGYU<s1kA_F7Ie3DQW$dV1wnmE&uj-M=aK4jxD>EbJY|M#yISDuad?3&NS^VP
z5Uk3}fn@iNaUrRqHDM}&D}h+UXD@d)GLXZA#9hp27ag6qbM85X!SP;A@c@h}q&|YS
z1Fn2*M$oBa(J3-^TAT43WUFy|n9O0IJFT%p!)~VNs#}hPrnpUmt-I%#s1Tc4F+$by
z6;z7iU|MgBK=aR9ZO&^`jzgwPbimh=N&~aq0d2_fvc#2CHM(}zXUrs#MIl_jIBg{l
zZ8iZjE-{Mtmn5fXIUQR5+;buTwsvHBE2jyQ6NeHDzOcBWXI78Xs*2!|qEoY0F(i-g
z{`>JEL2(?RZ(49?R?H1q9S`lYWo#A>R#(jLI(IAW=H)Uci82VYxEcimcK8_4fPzOx
zjT+0Q-8eY8znXG@VH>hi$Z~*pic2kY`!<3U=k)(J(bZHdyHUNvre5XfoQIU2M3s%N
zja9(x?UYw*e#+eZdR=&<-7!1BbGNzfZ`bvj^*z&qJlumAU-SE9>uOFJixcGdc1f&@
z|Jb^u?QXN~5cY?g@CoV3JLg;K=8guj<c;~^b%+8iB^ZR572_f!9O|lA4YI1-NZKA*
zdtTDaHpwscbt5xEPh**A71zQXWcgaRkf4kZ;F2^*QT^1EphQ>x<imZf4ZGT)T1SMf
zI%RuUzuFZJ=8cwGiVel>R!H-D<&2^+s{n9&dwa8W*ky-XvT-VEj-$GH;1dDuFmZPj
zQNH5NXzR-mfoq!`Fn#yF*Z-;f@Rc7u@UO=n;qKmjw))1mvfZPP5bbN<zx&W@5B%W?
z?5FpnKYruSzlDou-bKChrLX_uz6T%tT4TTPu^&8HzVy_4UVkI0et*yB-}~mh@B6^t
zAM<~cyrcZt%isLMw}1KKtKWIPe(KkcKXm7<_kR+*pImgmefrY8dA{!xe?y+T^RRO7
zqwoIfGe7zCvw!^g@4olkpS)L%FMsi~pZiPu!au%r|EIdAA1?Up`Omx}_a6#A$bS6s
Q+pm1}S08=rm6z}S8$b@asQ>@~

literal 1973
zcmZ9~&Fka_0mgB}7ck(ZD7q-J=*1F#O)`1cMacWhWF|9t&ve0NCa*Jjf1Lz$PZiW6
zJ+u@pLJ!(YZ9$ac;wxUN6$L%_P(7?H>_rd+vFLgb#DC!V9G-8GL^n}+YUjGos`9C-
zO`s70ZoYWC>(ZOH3vNS9kgyZL@0HZb_bIH4y{+Lq5lb1(tka#>iD)e<!UDB|KUgVP
z$s40BVQlXaC(}ej0%k_C0KfxpQ1jKQiBM~y##RRr3Odq~I6NG$-P+Lt!5^<U2JiIH
zMXva{?3c{|9gqS&;-U-;gb-TYxG4(fxIfmc16${dU+MW;N@vbbcP_%ytIbYZcB#37
zw@Kd5xMmzG7<08whJc!!xLMNFg4wH(vEQ-XS+#rwDII)r{jG3PB4G}NM1j+GGv~%G
zmvt!O$E$66j=7NlFe=(OH>on#eXdQYZsBC75OUG&u3E-A1>*1BqG2e)ru73SBbvaY
zS?)GbfzVV~0xCSIZlz>L(qQG}z<G&(RJ_GMRs~$j3e%i79?EkXzgqBe5vX;nPiNvx
zYnxToL(LZ0@<)3+a?%Ae5os{|;UpEd0;`YVNWEHFTZ55h+DX$!)VS7dVn?GkF*oX9
zlfCSSfG^UCZGrlr9^J}WPvppinVEaS$rwVGCVgmN1*xGx!POxoNH*0dbo;6$cn;3F
zWd?f6J)?c2oZ4Q@OUKK)YN-xRlp<S`x+dl}&y1C%Db#6gS<*pRI+~2=Eo@|IeD=Kr
zsNh`Fz!VAje7IN+y;x*HP#gP%cyP-1JhtmrR6s1Dr<bH0@45-vJ43{{-q{=L%i{q8
zQq+ur?b4l6Z<Z#$Vn+u&Vr_Gs2<^DtU_Lc#xgRqB+wop*QHTL{`?Ey1p=}<hV|0z6
zLu9Zke_m+^1qU&ASVOH^1X13imF5Ja)O-EqI9L|E-3<p35dchwV_k|D`=GjH4qpR^
zc8`TNDdfgl$KVxZI^3)eOy_m2j1BgAl4`$LA}gJl3nxv$0wP=5%a0W6`GkWbq-9hD
zBL*|$oY5}pJKH_VlVCw?95``@2T3%5oA?l<U>2%^42X5wld{rL>})XUddF@vTRl}5
zZg0@1NfXHg^T?{IrlXO`8$4`qZ=Q6Yngr7_YS{%0cam837$Z{47x-B+VI?>!>@qu?
zS@s(*TSw6uLJ%{~NYGF9P+|2(3E~T^rEXvm0GjcJ7)7Zyb9+KTT7^SaNiYtUhHVFT
zS#WnV`}La3FW1Kpb2~+V%CQzN+pec5Pl|z9XJ}-QS*1)|<ywFN!HRgt=Xjx-4nuEF
zD-<&6b%Q%S%9vwckSq=^0$g$o2R4ifK*t8WdYOPvWdMm>>V%2L=VR@}?I<=idy=eX
zW+jcrIaW<E+Bld3vZ<1Dxx@JAk^uy7`xhnGLw<1#6<MzCDQu|`x~NKy?oh$CQN1m;
zYjwTs8_><<;nEJ}nHJ)R>Q3<)uqNg#_rw6kaEQ`*5wv+D5bmj*iPbr0#SU8zM7JZ)
zvXD`SgI4J^*@y+5xsjMu9s{7-jM`Br;{2*GoD@I7{&vWNLnd8it2S5)nq$^>uW&K_
zx8o>W;W$FyZa{liGPix=GW8wC)SSw!Vt=78j%M;Op08_cZ}mm0FOiw|%@*wd8|)gm
z;G&5bN#PtjK?}wBjPI_yZn+ev+9YtJr)Ug3`v0#<&PLlOw=u>)^&>uT*@;vUPvcNa
zuMWXJ_DMWq>Tv=uI(spM-eCX_lSu`xk-FGj&$LPvT$R(qNa*z{ZL!mVH~Xp?RoE!u
z|7hvvCTXLfi-2`W9~l%nt_m-^p64VGaC8F6lp=N0*oti^U|@7b>TMjW3~j_Z;^R?=
zx+E2I77o<_X9~d0&CTsa;js{A$67w|MW-{NO!~HUgam7AwA~u(^@FG470D-i;F<l`
zzVzBRf=B+xe-PgDhZn#XzWr(at55&&x4#pA{^s*<Ke+#N_2s*-JVM{T<-EuL;;nbk
z=ijq_dU-kjnDWy1U;EIn-uPDe#7o*@e&FtlPrZBp!6zP~e|nPq?qAJkgXjM7=-y}k
z{Om`_C%reU4}bISTVMJ8^6>Bf{P720{oEfu|L~V@zWP!2<vaF|zMenx;_JWJ-}@nT
x|JEz_UVGwG-lJc?|Fh(lyz{r~yXIeBcmH+kd*A8V=N`QCllOh{PWrPi{2OgZp+x`y

diff --git a/secrets/default.nix b/secrets/default.nix
index 6dbfb5e..eee38de 100644
--- a/secrets/default.nix
+++ b/secrets/default.nix
@@ -1,20 +1,13 @@
 let
-  users = {
-    ccr-gpg = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5cEUx25pnZiH3eBrE2xNbJ92gJiKSznDUNRzcEL4ti6FlJm+75p4q0hgdqHwStR8+uCWBL6viVFCGutOVMFE5MX1Oc3A8fJdR6H9Rrwvk/1UQzqzc9tWxw1qPLKz+fnPDomjOvNofghCWQRwX3Xf1HnIqvRwELpNbR9i+/cHkDGzLJxkstbt4gol8ywMPkw02QdKk8s5MEd1vawxc+7Chs0JPW57RDqDYFErYys52JLeAViCBB9bofF+KT42LuRXKSjWlvCV9kR5TL49vUeBgzMQWMh++WQdN4m9lpqFqYyc75I49/E0HGf8LChDSS+hvRnb5MbtnVGjEA4WDHyldmJCvUNob5CUo4FjoSPRi+S/J3Ads8D4JVwaJOJEVqmMKEhiQ0Hzk4hwe3eV/VumlZj4U/QjaCrqqi4TW/iP0gNRfzcfiM+G/z5R7w1NMUpTX7oilyKjMQmGnXB857D3SSptS7dwh5OiKhVmrQMRCduooUsj236abqLU28K//RnxhOgh8kDGgoUHApnTiMZNKhgLiR42lKrubNcW1tAAqoNyFLMwwXeMLjh0iP1b5y8ntfNPNIcGb7vcwpS24z/aIjW7rQ4J7x5EBphHGhys6ne+irdhOM8c7kFr+c8+Q2oU0YAtFuMYztAFOHm1e20X00Zvys2nuee+hT9F1NungAQ== andrea.ciceri@autistici.org";
-    ccr-ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzCmDCtlGscpesHuoiruVWD2IjYEFtaIl9Y2JZGiOAyf3V17KPx0MikcknfmxSHi399SxppiaXQHxo/1wjGxXkXNTTv6h1fBuqwhJE6C8+ZSV+gal81vEnXX+/9w2FQqtVgnG2/mO7oJ0e3FY+6kFpOsGEhYexoGt/UxIpAZoqIN+CWNhJIASUkneaZWtgwiL8Afb59kJQ2E7WbBu+PjYZ/s5lhPobhlkz6s8rkhItvYdiSHT0DPDKvp1oEbxsxd4E4cjJFbahyS8b089NJd9gF5gs0b74H/2lUUymnl63cV37Mp4iXB4rtE69MbjqsGEBKTPumLualmc8pOGBHqWIdhAqGdZQeBajcb6VK0E3hcU0wBB+GJgm7KUzlAHGdC3azY0KlHMrLaZN0pBrgCVR6zBNWtZz2B2qMBZ8Cw+K4vut8GuspdXZscID10U578GxQvJAB9CdxNUtrzSmKX2UtZPB1udWjjIAlejzba4MG73uXgQEdv0NcuHNwaLuCWxTUT5QQF18IwlJ23Mg8aPK8ojUW5A+kGHAu9wtgZVcX1nS5cmYKSgLzcP1LA1l9fTJ1vqBSuy38GTdUzfzz7AbnkRfGPj2ALDgyx17Rc5ommjc1k0gFoeIqiLaxEs5FzDcRyo7YvZXPsGeIqNCYwQWw3+U+yUEJby8bxGb2d/6YQ== andrea.ciceri@autistici.org";
-  };
-  hosts = {
-    thinkpad = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZMyLFfuBeDfPLn8WL6JazYpYq3oVvCdD4ktyt915TL";
-    mothership = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlepPWHE9GvQIBcAQBQPd80oiePSPxGDnMdqpdEqx6I";
-  };
+  keys = (import ../lib).keys;
 in
-  with hosts;
-  with users; {
+  with keys.hosts;
+  with keys.users; {
     "cachix-personal-token.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad];
     "magit-forge-github-token.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad];
     "git-workspace-tokens.age".publicKeys = [ccr-ssh ccr-gpg mothership thinkpad];
 
     # WireGuard
-    "thinkpad-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg hosts.thinkpad];
-    "mothership-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg hosts.mothership];
+    "thinkpad-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg thinkpad];
+    "mothership-wireguard-private-key.age".publicKeys = [ccr-ssh ccr-gpg mothership];
   }
diff --git a/secrets/git-workspace-tokens.age b/secrets/git-workspace-tokens.age
index 71e629ee6e7e09b480fee00b5ea60935355b7fef..de7703d0beb683abfc2edc1e1b2777c899259058 100644
GIT binary patch
literal 1839
zcmYk6Im`730foWoVmY?TJH=oT-pQWaScuv8<Yr&s6S6NiH#f^o?oI3kaYk?o5e5dF
zKVYS;Ac#LeTb1uOh=pk3YcXPdio-cP=cIM{S`PWVkN5UAd~%y>XhVS4@4qZd^Exl-
z3&f-~`v5{Yz#*7iS-%xAcPUhE;Z5e0n1{YLzGh9HNbxj6jyeP7bLu}Z>pbcZ7u??D
z6!!rIE+?;Vdxh#V<Dl<)4hArHsglAUsXpFd<|bkZB>2yPPrCh3Zauy~{4|&B9;zc5
z$Xm@cI-NI!QmQI4-dk0g(={};*6z7oO?ox&CdpA^NI;f^t{H&?mqLgxZaH|959F}Z
zS@NV+ds>6w;}FV8s^W#1`N=<b0<5Nzhz!9*<OfAQdHm5m3`z7`$iXeLfMj6YrJBpe
zwLKx;F+ijgoObpg#t4NxBHZK(&*gx%`#6qJGHyWja7r`tgJ-l7baZ+vF-oxuL`H;e
zY(}B?po`zL3u~AaY|>nlHUyK~2h*+dZrfS12HM~``mTV_i$G&_0wA}G-g+b&AS}At
z*K3|u{+7pH!}d@kC52^qxXDCIIcsffw#32Aw}){HYREb^D&hb;okh!IHQhmVk3wvr
z)_Kh=!E=7G>wqqcy0x{CTGedUk9dM{))<EC(m==LVeLu+xA-AAqjqzgZlNuty<@Qi
zqNGUZ&_#v@SJSDRz&7n2t{PE*0=SLXu;_~Hc@j1F!2<q*nuWD52D4_d=*Er>BBz+2
z!ui0kMmIRqJewD8lI8j2fQ0PWC^a#(aIIv955@%mxeL3cE8|F*n?BoHNOJz&1TBwa
zn0#GpbyY+u-O?xa_<xRVdBz|HaID6aXr>^}5ut_P5DnA);qE69%ZaeAE$2yHO*rEw
zty@QbOi7V$+9-G~_O(-E8wFgAl=KJT`cDx~M{{J7%hBXRaZ$M@I<oS4uiB;yt_!3f
zXSmNLB*f!b$xjA{>^`OdCS8RKmTmhXPBp@boDd;<!h|cBP81d84CG6^cX!=eJ5Hic
zpu9g@b7G7kViMFQ0|P$Q9YvoPlcpmg6bge8is}?j9v-VW*bH{Qx<k<&eU-}db}F&R
zmxz6)hC>U{g9DJ%9xzIdEbwF^`Q)1O>2xp#jVYUN_Qmd;=D}a}X6;8tNoWg$b*87u
z8VVt5f6^5YOZZSDqbs>7b}F8yn$r8Gp5;juyXKfGgHVaun*6R3YwZSN$-S!=8xMCg
zzFtw;1egi8BO6<_z+QqoL&|7}i1BcrAJ@T4Llnmv<EigfJ%}|rDUVncB@~0_Z3!YX
zc)EaS`MC`B1xzK%<!;<I`0N-aJFDh{okJA4jmDy(%qpsAGgEH|pm9cZp&ym&)x^Er
zfp}}fk-^O}EBIu0R=XT!`H@g3%nM7pnX;gAqP1&D&Xh(XDKk5<@KO~v?yTU1!~<{>
z)Ovgk%8h;!LF;7!dA@UsaP9fq88S82hbYW{Ua~4tK{Az+`|-@5MpP4LJdk@0z>jkB
zVGsqYc{MJLdOi9}-S5%h!bdijr8_;e^LF%CSoxacvOoy}p<gD@KM%}{LAf-1^$n@z
zwUmRP9#g28lH7^~@wmzHvz8Kr#2i)V1B-zs!}DM^y>Qhsdn4X<sQAFNFmvT=#og_D
zNGQcAhX1#kuid1;(Czvqv|@!NXdjAY#pS4sp`iG{C1uNIPN6etxPaq8X%OewKsHn;
zBGf5JvnsL~_-2K@;KHa!h~rgaS+vS0hxJGvyZkpB`C89qx|BfDLuTUcCDb7onp8^e
z9F#ScGI|*UudlB!vzv+o5oF^bmK{x-DmfkA+r#9xzPE_O+cBhQ+k{`?82GaP*6&``
ze@y>+|L?#5^V9eK&wup8zpa0;@LzoXq4Lo;e(?UslFEOjfBxI=0^1iK|Mkxw{ONmT
r_tlqQy!#3N$*;Y4yzoae{-t97<=ez>zWLctfB&=ZeE6>U)u;aflt*Ar

literal 1915
zcmZ9MIm`730Y)t)h&V8v&0E-o*X&!NPIBMe?E4-YvoANx&3bRb3=HB=ka0w?v32Ym
zun`*z8+#kk#>PU>LM#+N3qkw=52rcjNvh(t7_#}eugy4oeVi+3M}XIFzAQ`qIxoo!
z#3mK@0JNjVCs^KvKBp=Z4`gJ(lSAR^ko8COTFKffg=uxz(X#BTT%?Gi-&U9ycSyxr
z8wYR~TEM+8VFmA~)N9SO0jqmbnsV)jClW=<5JOfnH**Y^9mS-!(O`X3Q}tF7Y6Sw_
z6Uv;!@yNT)X9_A0aX)v`rmat1o!FdT8{6esR?SOYpIn-s<~pQEg~Tr8m4H_aXu^EK
z#_o`rvW*i{o_95!8$)^GmzYV31d|Bt#xJBzPEWR|YP-Bt!;!o(g3io29|00;9Pq<N
zH(aeRjYb%6yG>}<aSWw{#SL(PaZvVRYkiI<x|F(T!Hh0FB|L9>C>&=Xn8WkI&+4-0
zSBplQ<?v>sQfc(iR(S=BlL=fSitop^sug9ah7W^q?M$Fcyy2MJ0=?PqRA(p55$Rj5
zv5Oi|Lg~qpSZ8!!KV4&_qoT6?4&ok?P5O}^+<l9IbniYClm@^GPvu+}+bpP>ss|w>
z(k~5q9FA6#LuJuAHrUni95S^n&JpxEd?Q)R6Y3bA-|QJEEej&jLlW`3OCj=>suU_{
zINFd2KjBv2md7lD*HL$HMPrkasUgK@GU|RGgm}_-phg>;%-h+#>b=&cfmJ-y;oKgM
zyr6#0RBvWpaX|$K^d!1efp{~A$17;o<W0!9Z3Ox}h-}sCw98o9lc=9T!x=1^78vdp
z^ZM4eb(!p(0Lt+HdTfa^2C=|fX=}#}UV?#0Lsgy?m{NKZ>zr;C4*@SllNb-T*YLYR
z9EaR*C{obKSuMAEDmPLB>@#^#{d!r5yK_O}o-)rNgBs<*UYj}4%JM;W7^qI`ZDZ38
zhnD5WN{}Ytk65hm%mRA$B*dWiwdE{b{`5vq3OV-PFYhKEwu9of<*eDiGY-Q*%z)e8
z!r8#Ofs7xBr>Fwx$z1rsxVaU`V{&*c44Bz`#MyB==o2to#55Yj`@lI^8qjdU89wH>
z@zHT@j-%%j(83_dMokjp5>GT`)ybr9Ayu<zau}Y;%nz}-ten<e>?jS?sL_JsR9%^i
zs}P&sodIZZ#_61Xn5w!L;OKs(41v0+R?CGY>lM3%Shm6r&y-(58`6|Vvqxk(ZsId;
zVJ!!sI>qJw#-?)VEH^Jkk6>vj-Rz}a^GNn~fLz>%d&A#mUBhalKpQJ*?Tub~x^rR#
zxRpE9r(7`9Z`C@xkLaSQq%dGP710^2Si{ve32dh5)8dvo!tSd8!78@L8A2+cRRc<l
zcX&5dpm*d3a%nn)B%B55d}Z?`K}@2Dds`d{XH%`8`*LRr5VKhx>qb^&)F1_Ly}6K<
zUXa8{A|smBS5hzDCCJWgsOEwS>ZgD_ZmV*7(nhLKyG>1kwtSN|PD3LI;IAgdvE_il
zZ0*x;80>HuBcm~YnA9|e^Kd8li})7fJ^o*hiyS2ggn5}j&m7nnL|busfCN;7<UT_A
zTnQR2@uE&lg9n8@HMoVHo9HnX4vhNIUj*HHnpC;&^0lM8SVgIeY<5r7&Y^pb$^~TF
zgBtxmP4G3<s$Mo+Qh4cFIdfPx<5}c3ldbX4)FjeSWQPPkDh5J0H3JJAOW(JIosN-%
z6l2l~^L9Jj4Jq>7YSd21U{<3`Dhu85KeX<(nu}y9UcNT#z+)d9`Z_hePf(f;vZVt_
z;l+)ZvEhBtDjq2lJfr;q(&R!R5sF4PJ*!=Pjh7zvITO%mCgWsm?{hLKxK_VCRTsZE
z;U!tw&@n990$yKVUkvjx%-VxbhR}ICa&f#n*rbzVI?n4l@>7tt%+c!*8cD!cbN=G|
z%m2~zz2n>1pY(5h@ad0#Q2tH%!soyL@F!pV)rWui^7n)3w}1G>KR@~S`Qm@}*Wicw
tcYgE!N663r48dRe<bz-TY@q)BkM}-JfBDDne$IZ@e(QH!_LcX3`fo={epUbg

diff --git a/secrets/magit-forge-github-token.age b/secrets/magit-forge-github-token.age
index 20c014d..bbbea9b 100644
--- a/secrets/magit-forge-github-token.age
+++ b/secrets/magit-forge-github-token.age
@@ -1,34 +1,34 @@
 age-encryption.org/v1
 -> ssh-rsa /AagBw
-OU36QsKIRRpi4HQcgl79D06i7imBtHmcAMPRk/cyzbBxVKONyJ1rXtcbUMHN08WH
-ZSxw0Rd866InITBU42yZrweYncBNT3B3JNsRHodce9MRoiL9oMws5sCr0TZpFWhC
-5Jlom7Bek8ugv/JjQSUUmG4Lzqik+EPuLYrePuFS4e6c4ow0Fw6D+72C4/jWaWUi
-aSdGVb3q1crGhNRaphDAx4ucyjcZn8QDEp7injC0Y34oAVNT/V4oMVkxxv8x4twI
-twG9IZeHQue27Xb7zGmoKWCPAMJBR1tcVjL4Yqmtab0JOTXk2ccpfrzILojXLXq4
-QlY3js6H6+pfHp/QLyqFEJ6mNWPuVv17Mv/Q5EYIK3A1YQvbWzc74Zkl1fJTorvI
-8mb3ECbkY2Yhq1nkdPq5AIBn9ThsQ/FACbzo+wnNMdY1xA92BsBXn3JbuhSoqWGI
-nPqB5/32tY1PdnwTPhzC0P/9z7L6qCg6wDselloanEIkkXwWGBgv+6PZ/hsojpWf
-SjZI9Q1E4acyZputQ9Lt23Kgfk4rKDH098c5pbfPZ5++wYKWjI9eWidRlObLxvM2
-T/tHvg5CE9/Gky5sz4mysA4ukrCs5vQR5OFhOmSVzwJB8nZdayk+VgNyEykjjiZx
-aUOi04G//6xp6uQUOEh9NXoDX+fJzORe/heRSNUYj6Q
+DbkYMdbPgGfDlXVKwmSROU5QUy+vdI5touz9rl1cDctmw3FV8pnPst2P0m2YEC1h
+538Yax6rLOGO8R2vbs2d/cPVon0cvSlGxfcHCT0C3xqM+fiWCUGJEK3Ry824IhGo
+qq/USK7JckPYhMDy300Ko2bml9Jh2CojyLSy8TpIb7LBhD8Jdb9qg6PRJs6Hxewl
+dyMqLhvbgK8iYjPEFPLDhfB3usux6fqo5KX1ZyyMbQsOvmQfYYp9UfpOTDPcLyS3
+lIiIBmKY3JSDLeRYWLwI+rTRT6u+rKo0oQ8f1Iy+Q05HEsM4eUZEJOqvezPTmseL
+xyFa8UVkv4p7xAWe7x9i2Ne0bEW16h//Ve6/NWZDfcGHpB9SzhEYdVV/8ibzPfip
+7x852jBYVKsjHOSRlgug5SUPthSs1thWZkvPHAJlyX1jEiJNzg57PGy8bmCvQtcH
+4DAqyKBxEH1pf4gocEU+KcpJQAXjU7job3FHalrU76oAO44s1aK18y02yJnLGDQq
+JLe+5RHXXmOicZVZjC8T2eRVBzsXg8tEdGqZtg/umZeCSoCDTH1jJu5Q7Z8OaOp5
+jlEesAMJBVlqKcsC4obYjSRmltD0vYhz+LvnKRLhm5L1FhR2dwac7K9PHs31oBoe
+aOwZ6VML2iVzTHHVSU0xEZ+m7SMket7mx5+cqmpzc10
 -> ssh-rsa QHr3/A
-PZUjVHmjEuzLo4HcI43XHYIMsl3L45Sgqrqvln8ACF9lGd8k/E1H2eIGuyK0LqDs
-Q5SsI96//x8wVi5emHr80rDectu/Ll3CjZH2xSlP1MpPNzVCK6oiFRIYnMcQda5Q
-EseQpKusgMiDEmY2yZqxISx4C5e4rnsvsZhCm5ZFaB+8ojsiukgEDLAdftgytD+C
-F/73m4B/kmfDpybBb4R12iUXjVDV4/dWLfkgEm1uNBpk2GiK7DsVQO/f7s5+Ueig
-cXAOT/cGhjMjAsJDAB0i/C6giQ7sxO4CM2EaBNCsGQ97AUfvpB61uG60+0UVvVTs
-1i9529cNqWGgFtE+1OLY3pBy2zHwoIP/mGYY/IhJaDdPYF+5OFP7VNgJ0ZcDaqwf
-clByrhZv9spf6YPhP/dhVHRAn8KiWzhjZljSE0qI3FAhYQFWoHgf9v4qfSI2skGe
-9l4BwxuYnrCwgodzgzhVjQWEsgJ2WwUtRLBB54ii6GpJlthRiEgVlfQ84bf+wPIz
-Uk+y/J3rRj7Mug0H0G7uD+nQfuQIpBC+KhLNSh6SwpP0rSQLY1ibXI7NE01Ciw7a
-cixjyaW6WW80aU+LZGaZUBp7TvcBkn9zZmEzJOY4xYwp/q20msyz9ua9lvN1+Et3
-jMtbpAxziaF9gLr9845DLGbUwuRqocymbugaDjKK9A4
--> ssh-ed25519 q+UPnA uBCO+5Q1cgxvW2kMknG/awz9gN74Uz7RC/pXcDc+zww
-m05T89H+qMgwP25t4cjdMWCWGm7N4jVuir8MAKNibUo
--> ssh-ed25519 GVMLQg 1Qnk4K8hHiOizrKRVljvylhAyOD68XeE2JyJlfVF/HM
-dbCx0+GzGtBIb+N84pgOWixLP18db0OR7XD1ftdQZlg
--> VvPM-$-grease ]R P f?x}K"`& Hg2
-2pYHuifLxpkj3Mo1Gy8huG0MNFGai4b2BK4BUuEo1s6gOjqzJ0lh5b8f3YMeIEnb
-lxW0Ug4CTUGLNjU
---- BybyLwJv9ibvHoz1+qPTMxyG6iHJUsGenqdKDTsHRG0
-�$���0��1Vj�$�B��g�I"�d�4�f��{�g=���hr�Y��X����A۔"f�5`�]
��Z2
\ No newline at end of file
+XmQEkYfvXncYfpaqykzISiTHH6hvHJf96auW1sktUG8EjGxJZNgLVNc2jOk2PVH1
+PjgoVe4R3OKwgboRDPh/x0zUvPAVXEBE0jZzk9ztzSmdUKZJl83iL4Yp9R9Fp2lR
+jyAnaKHgbc/nDMs9USleRS51HQPEHQQuUtsSoL8bikQ6fRvTCHwiQ9Sw3lbS5R0Y
+idCv5AKIxEj6yNrd+o4LOP2bD1jF2omIUMPX2wlO6EDvgcPT/cbG+WAMl0TrwWx6
+Zbyrnpg2nLwbhnPTO9yoIOR24vu+6+2JKNu8P/qRqQKB/GUES21FRBrJdv7J71rm
+d3/GGHogsNKzyzQDpDN7NsFNu2vxyJUyzfBnnMkLibkaAuGOMam/hGHePH+UiGGY
+AywMShzHX83yV9Gx0L/AUqiXuYqienPhxEvVF2zBGN+ewGHUt0MuBul6eWY9T5lb
+VMnwXc244IgbOKRWkU5/CZkahHHX+btsXmbu/9xMP1iyHnyoFOUqauThDrbs3Lol
+DH0fm7xe4aRfGxHVqblO7LbDyOb5Elj2UGfW67ep0xiXwO3A4bM5XFrFGMDUOSlJ
+0cHXRnqlE1H4KG9a9VWchOohIv1uEIocm5W5XB9qAd4Pgg3QMwV/xoyXEHB9cR6p
+EchARc9SUZxxH5upbp82BYY1XZTPMbT+pLajTHPjiw8
+-> ssh-ed25519 q+UPnA FWQNRXVrs2TlKV45LYSDzxcmUgjs7Qo4cyAb6onSNCM
+xkeeCDpbGT8jrnWNEt5E4ROUs45+dbuDd3Dgr9uyqBk
+-> ssh-ed25519 GVMLQg cCpgk4KfQjC9Z3gZ96WZiTRo2vnxa+qzTpD53aNYEHI
+nQRe2pxNHdp4OUcCsJQCcXkczttUhca21vUG4tar2e4
+-> rlWXWhU|-grease ;
+K66M60IV1KtnNp2ZY1xQpsci3Tu744C7GotEC2ObSDkSCvQ5HHeGwgCHKkkYguOU
+YHKt5DUc0Ww
+--- Q22uazEiOR61ZC/BLfptzDRsmbACcMX6DTxZTt2+dXU
+���˿��7�3�F�m��b��$&�6|��b_�-����J�\�3�򛈊��+;q��*�]�6�}���	!�
\ No newline at end of file
diff --git a/secrets/mothership-wireguard-private-key.age b/secrets/mothership-wireguard-private-key.age
new file mode 100644
index 0000000..d297b2a
--- /dev/null
+++ b/secrets/mothership-wireguard-private-key.age
@@ -0,0 +1,32 @@
+age-encryption.org/v1
+-> ssh-rsa /AagBw
+m5zNTTFAfMg/uFR6K5ZQLzUtCHPaCJBGx5Fl1EncRjSCKWrDVfypBewDh14Dd+j7
+mpzMw+60TLadMEBILbPMVP5Re9v62hWHfhaOuYRW4et1MEk6syd2Dciw72jW2Xb9
+ZZRy+zPjh8CulwZY5NM1beJ84DUJvQ0x/RMxmTciZ7COPNMKETLvaAwfUq1Ij4gR
+enX8DVeB6SQaXfy1S91vrtuINBIY+/XIvH+dgbFtxeBvt3eethmFWu845aDFqUjj
+85qEIxTwYb4qAtIxrBcf5rFfAFd27wg05NzH8qWoGS/hIAv+pCbKSJSx2F+BaWys
+qh04JuSu0y2mIXxVikM85T9kMGRf5YXEDUKmfvgtOlYFgfiYSss12GBy6ed3AcBw
+41nndgcT6ok1cKQF7M63CQoTWYev32KDnW2Nogm6vWBQBRs48mbj6rDxwNeAv7/W
+6Zy2mcsTMcioJv+tCh6e15qbOz82KCzbn58q0eFKiG6OdjgbiPQ0nuBeuUStso5d
+FqOFQ+WgCkQ9VtOmkjXG40Rsxp7/HjDSxUBmYpVdXscKD5fmDX5aUXIn0rW4MCO1
+ya/3RGHu5FHXwTM9/O/5oWRf9dvimEPQRhP+19Xz2U7Rh76lKfBg3CyjduQ9zZ60
+zTk2UgW6F4KcE+68/CjK5M2oKVYRYGDUYMRcVfFnO14
+-> ssh-rsa QHr3/A
+IEeaxqUUPfpcKJmzSySq2382mw2dhg5zzzGyDuM6yccWohG9Mh1xok9+im8/7wv1
+rosxC9NDAo0V0FSrwJd3nzm6JiNAHY1Q2ctLLSZn8UmNPbAqh/mDIFF+8gzArJfJ
+yeKR3gZ3w1OBtL1QP2YPvrRJA4sa8qifbqyRnSxQEScsS8xipq/XRFuBJvs5nJgp
+lHrJL60aLRFKbdgXfrpxvSyrxpzXVP8sNZmCYVLwyKlbTOx8CeC19ZMTNioOcLI+
+n6Q8d8Iozj6wnCBcaVLzPl37klF7CHrOpmYfGtJpRjx/A/Up4IzcYmV1kENkrC53
+v+WkBrVNw1C0vpqrMbUwEqu6KhFDmrRCJC/Dit/ydVwcqC7Xlk3MEFvrjvcomh8m
+Lg9P+jGOHwfWEETSDbnPwygfa0zBli0NdIw/2XoqrIKGplgoCZB0UkgsiwrRyErs
+Ux2U3q9JaXcvjodqSqClxTJk6BWUfo4pevNR+GYz+yoLMaCHrYZ/r/6huUbcDwru
+sC6+g00S32gqqlk3uh3UzOEOBgroOqW+T4hxOc7/jMVpCdEgjCH8Z0UcKmXhUJJj
+dlVH/L8Xm8JgwspMBhMBEgYGrn4qH+uWEHa8d81MBQ3GSWQQP5Q/EuBwPHxHdH2j
+ZveRsxZzMljORVRKyHHqdRwQZLW529ANmv8xUt+cmjg
+-> ssh-ed25519 q+UPnA KCDnZWCLKS7DRiUFi8uPJgSme9dUtNl6yT6ImKlSa2k
+A2/mcyY8ZnIOd9z1XMXxCkW31P/A6vnmD0rx7DjNDK4
+-> h%z,g.-grease qR*Jt6' C8Y m9CB
+rZ28gnIQ06Bz3DluA24+zTNAwbD437Sv4kXKb8+VLveQ/J0c95a58qMOwrgyUUe0
+CLAJ28w
+--- clHOA1nUvcyaz6oaKcHx2kjLlCxpCDn32QmGZgGZOtM
+U��ܪѯ!A��e_/W LQ{�LD�c��~#'#'f�>�5�`�G�]�t�j鈮bB
�*��.q.���H�4�
\ No newline at end of file
diff --git a/secrets/thinkpad-wireguard-private-key.age b/secrets/thinkpad-wireguard-private-key.age
new file mode 100644
index 0000000..c764053
--- /dev/null
+++ b/secrets/thinkpad-wireguard-private-key.age
@@ -0,0 +1,32 @@
+age-encryption.org/v1
+-> ssh-rsa /AagBw
+niXJPzU/BA3kBrRJjPJgNggQjz2xL/kTLsYmMYqk4cmTZDM8Itr3vIfNT1zS5CO1
+BBOydqNNsC6ELXxmZ66lVTyPQA5IX5yb38yqKm00eDCTBvcIeY0tXdyGZX2l5gv8
+jHH5tdLZHNuhg3Bsdx9Lc41zeK51Ge8f+QZBJn5lcpeT8C6JI3eQBfOCJ3jlrSBD
+z0rcA7Vi4VjmB/oGh5RCFU07rmK50fHu7/Zn3DDABTORslgEsBtpJDXhgwacO28r
+xP8Y3Z7G25bkBjkM3u9aLm1F3ztplmDVltiTEa5OValtk5dcLYkaFTzInbwnGIJS
+b1/dr88QskKvdr9OQHeOIY55rvjWoN7WzVYzPJ2L7a4ZShfpwmr0oGF7ssaKTzwq
+GG/o5BCn4qR5qONpnb696abjBb3dSCC5CAkj/Z82b9y+p8wBAMtrd8GphU6TxRMR
+0CIEPJ81YcuYXwLlujw9F2S++ypEanOAxW5S8N0X2y34EIjRuKgE+JP5/MXJ8M5I
+K3YXTanGQTfp63Ir6GgpM/+b4N6VqFFKNkoeX8RBFzuN/DPH7wHVlEYB9m15ENLC
+5u3JPq/7zuykXLOgVqiewCRINAv55u9sbi60qq5N6XUY4Em5WCyotYXwt+odYMD5
+oxgOAOA1unfg68ni2FxlTJen2/vqzPNhCcM/eimE1pA
+-> ssh-rsa QHr3/A
+oDVcokWirXH5BnASkJg8PT6F5qjq6MBaCcpPxVYKitVVr07rs+rQm/zsTW8ld0Po
+4Dq6E8RLlwxorRYaAzxdZLlLj/JlztNV/1uXC1raYsVE/4F2s+Ak5zjI73HdiMjT
+O0SLRw/7wEk494XhHxmdBZa/YuB/fwrA0oEHuXfc3q/wH4dpTVPziYylqVCZR1x6
+6tKINC9U1K6f+AsyY9eyA7rPSuK4rJMly8dmVB5LAseMdqokqhd90RSJ2m09SM+p
+k8SK9ApgS1IK0DLYgpt8mpCNe48mq3arBNdJGs/8tT9EqILsRdo/H8nE5bRjnRx/
+2vvqo0i5MaWr8aUMnjQU69pfmBZhMU+UmKilvUU6wBBskIPH9x8qPj2iGLZxykux
+iB0JdXV+KMdFFrl7ixZDOGE9KS7kgpoKBxCW/EhD8Lp6KyifqANKQXT2FowNld9z
+RUDDiT7BvjGCHyIyXyVSQJvmRHXqficG6sZHUKXRux5wpSX2hNukZesFmfuUOV58
+kRs3Z7gKeYuslL7uxtXZWduvtKA1wCECWjxCd9HqDINZ17/zBBmhLNVPla0vv+yR
+w9DdD5cPQAQnP0PW0IIpgOmyJBiZm2gp0orxN5LyC+to1k0AjfjjuO/EJqQPVZKC
+w4euHianbxYgcAXv/5XaHFU+fuq5+acVKFLyRc96Eog
+-> ssh-ed25519 GVMLQg MoY04NrRrk8O2g33IoJDQ7TvkhZ5R4/NEWgbh0OclWM
+Q0pY7z9eYUr9vC63zexXwB34zDyoz0vycrSqu7ktK60
+-> }m-grease g
+ujgP68SYg6LsIPUSZV8m4tgudJw+slyUt84MVt8+bc2RiH8zhiBojkxZBG9KLahh
+uyUbJbnAA+MPKG/R
+--- LXATOIzqIHUjhUSWy2PHY17WNIyAPIajrT3fdTzgVkc
+q��~&=��CJI.G6���=����l�_�y��
�����N�\\�ilա�� ,�����=*��T|�#B�J
\ No newline at end of file
diff --git a/thinkpad-wireguard-private-key.age b/thinkpad-wireguard-private-key.age
deleted file mode 100644
index a715b93..0000000
--- a/thinkpad-wireguard-private-key.age
+++ /dev/null
@@ -1,31 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa /AagBw
-MDvHFhWJ4XEaNt4XCOe1ssTpmXFSx6MaKI6ddmyNtcWi3zOtap0no+qjrXaRhqi1
-FqoyMdxySP5dwzM8HyaLIxqOoVvW8Ukr+93yVLUkrm9gpbImAJPm7wFTx++mGHaK
-sqCYUIU6aHYvAMSmY8PqhKQeLvcLWnSr/EGcEsJXPS6XSfOrmwlyqLEfVlOkGtVI
-xvjlAanhaC5tJzS52ECj89/Pn5s058/xY3WlSyGW/XGXrtQJTG6J8Uu4fXJT/mHZ
-dDkq/TXSTACdq0oBcqDJda5UiSgs/B6Z6kQBDC59mxmfiNAlgCcSAsTS2M+g5lHK
-EUdh8LCzcCxmZBwFDySh+/68eSxbGE/SDD9gUJtVBN+qtFNl2raiwtztY153QZT5
-w0YKx8zKNKT3VskbzJJ2kfhUW4BvvXbBU51pdJHrBECsmoea1TeHA0tcMZLqxqKh
-FNFR7llqPPD41phO5p3AKlLjZRVzGhNeynThdxw2gMaPzzAalS/NTBmmZvffp/Sn
-Bn7ytGkqXYRtYX1ovUrAVCCktuPss1YdoAy5VDe5O+EwCZE4YnlruKluAum66uko
-P8IFxp0pgLNgqiNwr2RbKm4y33OZ9UF+HZxM2rC4rBSuEh5m/MnA/qTGFi3zZcjb
-Km/+XlMWdqFd1F5cXnI+Apmjq3ei1zJcd0wiqG3PX7A
--> ssh-rsa QHr3/A
-BeYSstmPQ6ji2jSSB1Wz48tanPvhOJ9yfCH2PbXSDBzBoTE4k/XTMxnQWO0KDL/h
-valXox26Ug8wthg170zNvyWD3kz86Nb0cW5eI7jwbDs1yLX/KIvEWyy0yuMZ0HEY
-fkldZ12S+cGIhgxrG+3AieoyB/LgepGUI/YI/zDVoE6S40gyVbAKcUatoeI+LdiK
-0uRKdbfbtvf14VRqc7fw7WRp7iNW8UaaMSvnDXTRYzFkxsvCpzAjjjSTFg/CJwUa
-lSW4gh+nxA0ikZmkrW0k2zrmqwzspvIVye+jp0485+p9NeTPfVROHMrpR7VW9AnG
-Q+5jDBTYoeYZVMH5guuumlMJMmp9mTq5Ai5ymiGyvonyegXcJnPPpb3zSC/KY/UN
-O6op4zDQq3f7Dp3+ABzVyKGGwzy51/cAjfesMoCA797YH3lNXKShP8WEPVgt/e9Z
-3KEjbDS2fkHo1LX1y1bulvmzi0/3cbTgspD0zkbv6N73DfwKypOLEebXw547YnrQ
-K1yXMRhCS/5NQEUUY0tl1h7xojr6mnti1I6NPRqipbk+Wh08jpd8YVz21FYi1xXD
-smTVcPEiezG5D7GYN63DLDfN50LRV9qY+eMthsz7Q/bxBGWkUEAP9egZY4gZbP2W
-+088qiJGU1ZYDJr2pexGnYWj35DtzvrNVLPJnOzOPNc
--> ssh-ed25519 GVMLQg pKaKEc8uwMrocFz4r5kDe1F7XfIV5VJTdEg8GWcGHjg
-d4srdY+Em91u6+SZ+IU22SQ+tEIdAtsJhJU+jL/j0dU
--> S6%nGm(}-grease c!;98Uy .+~n
-1HIFXrAzFefM
---- /6HkX0cR3TTxik7n7lmv9NKitAnnD/V2jwd6gdWUGvQ
-��T!�]�+1Ώ-�yx��k�H��*Y��kp+
e�#j����,~ޙAh��)`q��9���]��Y�X�MAO�
\ No newline at end of file