refactor: move secrets off-shore

flake.lock

@@ -3,22 +3,19 @@
     "agenix": {
       "inputs": {
         "darwin": "darwin",
-        "home-manager": [
-          "home-manager"
-        ],
+        "home-manager": "home-manager_2",
         "nixpkgs": [
+          "secrets",
           "nixpkgs"
         ],
-        "systems": [
-          "systems"
-        ]
+        "systems": "systems"
       },
       "locked": {
-        "lastModified": 1723293904,
-        "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
+        "lastModified": 1736955230,
+        "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
+        "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
         "type": "github"
       },
       "original": {
@@ -27,6 +24,28 @@
         "type": "github"
       }
     },
+    "agenix-rekey": {
+      "inputs": {
+        "devshell": "devshell",
+        "flake-parts": "flake-parts_2",
+        "nixpkgs": "nixpkgs_4",
+        "pre-commit-hooks": "pre-commit-hooks_2",
+        "treefmt-nix": "treefmt-nix"
+      },
+      "locked": {
+        "lastModified": 1737124467,
+        "narHash": "sha256-askwM5GDYo4xy/UARNXUvn7lKERyNp31BcES/t4Ki2Y=",
+        "owner": "oddlama",
+        "repo": "agenix-rekey",
+        "rev": "27c5fc5b763321054832d0c96a9259d849b2f58a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oddlama",
+        "repo": "agenix-rekey",
+        "type": "github"
+      }
+    },
     "aquamarine": {
       "inputs": {
         "hyprutils": [
@@ -78,6 +97,7 @@
     "darwin": {
       "inputs": {
         "nixpkgs": [
+          "secrets",
           "agenix",
           "nixpkgs"
         ]
@@ -97,6 +117,28 @@
         "type": "github"
       }
     },
+    "devshell": {
+      "inputs": {
+        "nixpkgs": [
+          "secrets",
+          "agenix-rekey",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1728330715,
+        "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
+        "owner": "numtide",
+        "repo": "devshell",
+        "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "devshell",
+        "type": "github"
+      }
+    },
     "firefox-addons": {
       "inputs": {
         "flake-utils": "flake-utils",
@@ -136,6 +178,22 @@
         "type": "github"
       }
     },
+    "flake-compat_2": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
     "flake-parts": {
       "inputs": {
         "nixpkgs-lib": "nixpkgs-lib"
@@ -154,6 +212,28 @@
         "type": "github"
       }
     },
+    "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "secrets",
+          "agenix-rekey",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1733312601,
+        "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
     "flake-utils": {
       "locked": {
         "lastModified": 1629284811,
@@ -191,7 +271,7 @@
     },
     "flake-utils_3": {
       "inputs": {
-        "systems": "systems_2"
+        "systems": "systems_3"
       },
       "locked": {
         "lastModified": 1731533236,
@@ -229,6 +309,29 @@
         "type": "github"
       }
     },
+    "gitignore_2": {
+      "inputs": {
+        "nixpkgs": [
+          "secrets",
+          "agenix-rekey",
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1709087332,
+        "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -249,6 +352,28 @@
         "type": "github"
       }
     },
+    "home-manager_2": {
+      "inputs": {
+        "nixpkgs": [
+          "secrets",
+          "agenix",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1703113217,
+        "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "hyprcursor": {
       "inputs": {
         "hyprlang": [
@@ -892,6 +1017,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1735471104,
+        "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nmd": {
       "flake": false,
       "locked": {
@@ -2990,6 +3131,30 @@
         "type": "github"
       }
     },
+    "pre-commit-hooks_2": {
+      "inputs": {
+        "flake-compat": "flake-compat_2",
+        "gitignore": "gitignore_2",
+        "nixpkgs": [
+          "secrets",
+          "agenix-rekey",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1735882644,
+        "narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "a5a961387e75ae44cc20f0a57ae463da5e959656",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
     "rnix-lsp": {
       "inputs": {
         "naersk": "naersk",
@@ -3012,7 +3177,6 @@
     },
     "root": {
       "inputs": {
-        "agenix": "agenix",
         "firefox-addons": "firefox-addons",
         "flake-parts": "flake-parts",
         "flake-utils": "flake-utils_2",
@@ -3027,7 +3191,7 @@
         "nixpkgs": "nixpkgs_2",
         "nvf": "nvf",
         "secrets": "secrets",
-        "systems": "systems",
+        "systems": "systems_2",
         "zjstatus": "zjstatus"
       }
     },
@@ -3076,6 +3240,8 @@
     },
     "secrets": {
       "inputs": {
+        "agenix": "agenix",
+        "agenix-rekey": "agenix-rekey",
         "flake-parts": [
           "flake-parts"
         ],
@@ -3087,11 +3253,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1737094724,
-        "narHash": "sha256-PeNJWuk+zNrqCsrSbElfFmMP+R5E0uFaAgW9tWG03ag=",
+        "lastModified": 1737363899,
+        "narHash": "sha256-9W7+5Mx2J60I/s6mgq6iRcxIV06nrBr6KWzN55GWnYE=",
         "ref": "refs/heads/master",
-        "rev": "dbbf390c798a14bb316681e62fe56355d9ea88f6",
-        "revCount": 4,
+        "rev": "ec8227f9dacaef659249df279d6fd98776ebaeb6",
+        "revCount": 25,
         "type": "git",
         "url": "ssh://git@github.com/ooks-io/kunzen"
       },
@@ -3101,6 +3267,21 @@
       }
     },
     "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_2": {
       "locked": {
         "lastModified": 1689347949,
         "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -3115,7 +3296,7 @@
         "type": "github"
       }
     },
-    "systems_2": {
+    "systems_3": {
       "locked": {
         "lastModified": 1681028828,
         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -3130,6 +3311,28 @@
         "type": "github"
       }
     },
+    "treefmt-nix": {
+      "inputs": {
+        "nixpkgs": [
+          "secrets",
+          "agenix-rekey",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1735135567,
+        "narHash": "sha256-8T3K5amndEavxnludPyfj3Z1IkcFdRpR23q+T0BVeZE=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "9e09d30a644c57257715902efbb3adc56c79cf28",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
     "utils": {
       "locked": {
         "lastModified": 1656928814,

flake.nix

@@ -26,15 +26,6 @@
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
-    agenix = {
-      url = "github:ryantm/agenix";
-      inputs = {
-        nixpkgs.follows = "nixpkgs";
-        systems.follows = "systems";
-        home-manager.follows = "home-manager";
-      };
-    };
-
     nix-index-db = {
       url = "github:nix-community/nix-index-database";
       inputs.nixpkgs.follows = "nixpkgs";

modules/nixos/base/admin.nix

@@ -1,10 +1,10 @@
 {
   config,
   pkgs,
-  keys,
   ...
 }: let
   inherit (config.ooknet.host) admin;
+  inherit (config.ooknet.secrets) keys;
 
   ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
 in {

modules/nixos/base/default.nix

@@ -7,7 +7,6 @@
     ./admin.nix
     ./locale.nix
     ./options.nix
-    ./secrets.nix
     ./openssh.nix
     ./tailscale.nix
     ./networking.nix

modules/nixos/base/distributed-builds.nix

@@ -1,5 +1,4 @@
 {
-  keys,
   config,
   lib,
   ...
@@ -7,6 +6,7 @@
   inherit (lib) mkIf;
   inherit (config.ooknet.host) admin;
   inherit (config.networking) hostName;
+  inherit (config.ooknet.secrets) keys;
 
   mkBuilderMachine = {
     host,

modules/nixos/base/nix.nix

@@ -23,7 +23,6 @@ in {
     defaultPackages = [];
     systemPackages = attrValues {
       inherit (pkgs) git deadnix statix;
-      inherit (inputs'.agenix.packages) default;
     };
 
     # location of the configuration flake

modules/nixos/base/secrets.nix

@@ -1,43 +0,0 @@
-{
-  config,
-  lib,
-  self,
-  ...
-}: let
-  inherit (lib) mkIf;
-
-  inherit (config.ooknet) host;
-  inherit (host) admin;
-  inherit (config.services) tailscale transmission;
-in {
-  age.identityPaths = [
-    "/home/${admin.name}/.ssh/id_ed25519"
-  ];
-
-  age.secrets = {
-    tailscale-auth = mkIf tailscale.enable {
-      file = "${self}/secrets/tailscale-auth.age";
-      mode = "444";
-    };
-    github_key = mkIf admin.homeManager {
-      file = "${self}/secrets/github_key.age";
-      path = "/home/${admin.name}/.ssh/github_key";
-      owner = "${admin.name}";
-      group = "users";
-    };
-    ooknet_org = mkIf admin.homeManager {
-      file = "${self}/secrets/ooknet_org.age";
-      path = "/home/${admin.name}/.ssh/ooknet_org";
-      owner = "${admin.name}";
-      group = "users";
-    };
-    spotify_key = mkIf admin.homeManager {
-      file = "${self}/secrets/spotify_key.age";
-      owner = "${admin.name}";
-      group = "users";
-    };
-    "mullvad_wg.conf" = mkIf transmission.enable {
-      file = "${self}/secrets/mullvad_wg.age";
-    };
-  };
-}

modules/nixos/server/services/ookflix/lib.nix

@@ -132,14 +132,6 @@
     };
   };
 
-  mkServiceSecret = name: service: {
-    ${name} = {
-      file = "${self}/secrets/containers/${name}.age";
-      owner = cfg.services.${service}.user.name;
-      group = cfg.services.${service}.group.name;
-    };
-  };
-
   mkNetworkService = name: _network:
     nameValuePair "podman-network-${name}" {
       description = "Podman network ${name} for ookflix";
@@ -151,5 +143,5 @@
       };
     };
 in {
-  inherit mkServiceStateFile mkServiceSecret mkBasicServiceOptions mkServiceOptions mkServiceStateDir mkServiceUser mkUserOption mkPortOption mkGroupOption mkVolumeOption mkSubdomainOption mkNetworkService;
+  inherit mkServiceStateFile mkBasicServiceOptions mkServiceOptions mkServiceStateDir mkServiceUser mkUserOption mkPortOption mkGroupOption mkVolumeOption mkSubdomainOption mkNetworkService;
 }

modules/nixos/server/services/ookflix/networking/gluetun.nix

@@ -6,14 +6,13 @@
   ...
 }: let
   ookflixLib = import ../lib.nix {inherit self lib config;};
-  inherit (ookflixLib) mkServiceUser mkServiceSecret;
+  inherit (ookflixLib) mkServiceUser;
   inherit (lib) mkIf;
   inherit (ook.lib.container) mkContainerEnvironment;
   inherit (config.ooknet.server.ookflix.services) qbittorrent gluetun;
 in {
   config = mkIf gluetun.enable {
     users = mkServiceUser gluetun.user.name;
-    age.secrets = mkServiceSecret "vpn_env" "gluetun";
     virtualisation.oci-containers.containers = {
       # vpn container
       gluetun = mkIf gluetun.enable {

modules/nixos/server/services/ookflix/networking/traefik.nix

@@ -6,7 +6,7 @@
   ...
 }: let
   ookflixLib = import ../lib.nix {inherit self lib config;};
-  inherit (ookflixLib) mkServiceUser mkServiceSecret mkServiceStateDir mkServiceStateFile;
+  inherit (ookflixLib) mkServiceUser mkServiceStateDir mkServiceStateFile;
   inherit (lib) mkIf;
   inherit (ook.lib.container) mkContainerEnvironment mkContainerLabel mkContainerPort;
   inherit (config.ooknet) server;
@@ -19,7 +19,6 @@ in {
       traefikStateDir = mkServiceStateDir "traefik";
       traefikAcmeFile = mkServiceStateFile "traefik" "acme.json";
     };
-    age.secrets = mkServiceSecret "cf_creds" "traefik";
     virtualisation.oci-containers.containers = {
       # vpn container
       traefik = mkIf traefik.enable {

outputs/default.nix

@@ -4,7 +4,6 @@
     ./lib
     ./hozen
     ./hosts
-    ./keys.nix
     ./pkgs
     ./images.nix
     ./devshells

outputs/images.nix

@@ -1,8 +1,4 @@
-{
-  ook,
-  self,
-  ...
-}: {
+{self, ...}: {
   flake.images = {
     ooknode = self.nixosConfigurations.ooknode.config.system.build.image;
   };

outputs/keys.nix

@@ -1,6 +0,0 @@
-let
-  keys = import ../secrets/keys.nix;
-in {
-  perSystem._module.args.keys = keys;
-  flake.keys = keys;
-}

outputs/lib/builders.nix

@@ -7,9 +7,9 @@
   inherit (inputs) nixpkgs;
   inherit (lib) singleton recursiveUpdate mkDefault;
   inherit (builtins) concatLists;
-  inherit (self) hozen keys ook;
+  inherit (self) hozen ook;
+  inherit (inputs.secrets.nixosModules) secrets;
   hm = inputs.home-manager.nixosModules.home-manager;
-  agenix = inputs.agenix.nixosModules.default;
   nixosModules = "${self}/modules/nixos";
   baseModules = nixosModules + "/base";
   hardwareModules = nixosModules + "/hardware";
@@ -22,7 +22,7 @@
     (baseModules + "/admin.nix")
     (baseModules + "/ssh.nix")
   ];
-  core = [baseModules hardwareModules consoleModules appearanceModules hm agenix];
+  core = [baseModules hardwareModules consoleModules appearanceModules hm secrets];
   hostModules = "${self}/hosts";
 
   mkNixos = nixpkgs.lib.nixosSystem;
@@ -44,7 +44,7 @@
       mkNixos {
         specialArgs =
           recursiveUpdate {
-            inherit hozen ook keys lib inputs self inputs' self';
+            inherit hozen ook lib inputs self inputs' self';
           }
           specialArgs;
         modules = concatLists [
@@ -123,7 +123,7 @@
     ...
   }:
     mkNixos {
-      specialArgs = {inherit keys inputs lib self;};
+      specialArgs = {inherit inputs lib self;};
       modules = concatLists [
         (singleton {
           networking.hostName = hostname;

secrets/containers/cf_creds.age

@@ -1,19 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 xeHnUA orzYvtHssnqm5RxM5aa2/9C8WE+b71dDA2I2Xazhc2k
-zkiBhnB7MdSIxrT/Sh14pHGU9ipGkBrrhNrHjW6lbJw
--> ssh-ed25519 6HvatA tABXMcWyBkSJWrl3MM76eJGJSU0XKQTG6lmFWIS/qxs
-ZZ3PYHKqbbdz0kDCTXhQBGCnWGsXLqZmdNjlWpT8SY4
--> ssh-ed25519 3DwG4w GUdLU60u2plRSDoFkAoNep5USX5Lj6jLrIQHzxYyPkI
-5dnetJBkJeSe12iczuOMnJO8K0gkB5qhPL1UbGAslzI
--> ssh-ed25519 Nn8WxA wnQzj5PqL1EoXisYGabcHzChGBZWvis+CSTE+6eCMEk
-fw4XLdF7kIIWBVVDu3DBxtxdYxBSsXozpJQ7p0No8I4
--> ssh-ed25519 Gd+9pg TIdiOlNUhp4fkQPQi3PItzVBssM1TxoDYZNCB0GYryw
-Ch+pJ6BEO/oUTeUn3t8qaiVuLaRgf9GUO4jpAgnJstY
--> ssh-ed25519 eMj+Jg 83Cbf9k7T0DRcE7hFchQWEj/pR+qNGTLIdXDmbWMeT4
-PqOzucTkTSQg92Vd8ZMLX6cDKyESCE4v9VVHJlAfFyg
--> ssh-ed25519 MQ/7Ew f4axkHyjiTOsbiYu90MAirHKoB9S70dK11JDtMKmSkc
-Rb2+dIewpW0bL+qJtAxIgVAyWqTDZI9dcwMQR/0pg3s
--> ssh-ed25519 3DwG4w FYRpJ1zJZmOil2/X+URrw03KXZk7qZoMO1/P+BJGCxo
-SRBJ/FOUbisy7Dhd5tXd4fN8HWM95L6oDQOjzmM5St8
---- /7SydLy/XxsnVqTD5ffym1MnyKzVyvvhIbazmf4oB18
-4ðÒ9Œ¯ÅaCr›¨™Bññ"<22>’Òe•5Š¢nö9ÂuF?ùyÛæÍk ¤µÓßbDB¸+Í™‰—D¨b÷HŠ©õôb»“^Í<>LóøÝÓ»©Ñö÷ÐV*^žûË–¿ÉL‡¼Ï™J8_6S·ÂÀÅ$+¼ÈK:$

secrets/keys.nix

@@ -1,28 +0,0 @@
-let
-  users = {
-    ooks = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEx2kNirkcFrNji+qz7KX+zdRxpgJyOwK0vyBrx9Ae3c";
-  };
-
-  hosts = {
-    ooksdesk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBn3ff3HaZHIyH4K13k8Mwqu/o7jIABJ8rANK+r2PfJk";
-    ooksmedia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL7ttz1jTy+byfzi874vogy3ZPLW9+8W2o512tdsqUUV";
-    ookst480s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWFZwTuHIITHa7s4Zp6KPF2suZIMXZbe085OiG0GRh5";
-    ooksphone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINredx07UAk2l1wUPujYnmJci1+XEmcUuSX0DIYg6Vzz";
-    ooksmicro = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUSu2iy3GvMXT5eEDAymIwSQe8UuVG5GH5FJ408JiG4";
-    ooksx1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBR6Cyx64Qjth/4aS2x95scEkfiOnsCzufMZW5e41bfE";
-  };
-
-  workstations = [
-    hosts.ooksdesk
-    hosts.ooksmedia
-    hosts.ookst480s
-    hosts.ooksphone
-    hosts.ooksmicro
-    hosts.ooksx1
-  ];
-  servers = [
-    hosts.ooksmedia
-  ];
-in {
-  inherit users servers hosts workstations;
-}

secrets/secrets.nix

@@ -1,12 +0,0 @@
-let
-  keys = import ./keys.nix;
-  inherit (keys) users workstations servers;
-in {
-  "tailscale-auth.age".publicKeys = [users.ooks] ++ workstations;
-  "github_key.age".publicKeys = [users.ooks] ++ workstations;
-  "spotify_key.age".publicKeys = [users.ooks] ++ workstations;
-  "ooknet_org.age".publicKeys = [users.ooks] ++ workstations;
-  "mullvad_wg.age".publicKeys = [users.ooks] ++ workstations ++ servers;
-  "containers/vpn_env.age".publicKeys = [users.ooks] ++ workstations ++ servers;
-  "containers/cf_creds.age".publicKeys = [users.ooks] ++ workstations ++ servers;
-}

secrets/spotify_key.age

@@ -1,17 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 xeHnUA +isoneTG5GTQVZ2mkNWJMApJL0EbtlRg2lE7CFPVs0o
-b0katAQ3DeRRTZZKzexJMM5JtcqY6pPpz1Z017ZmVBw
--> ssh-ed25519 6HvatA Knq4A7wvjmXnWAikVSbv9BALW7f0lph2bQsiyUcilSo
-SFHeWqjVO5jxnNW0cgE9qJrg0xG8SkEfZ87GpE77EZ8
--> ssh-ed25519 3DwG4w j7k+whyqKrKrkQCIMkOHl+EpCsIlJqtfqBShCc1ZGkk
-vLwteoZ9DvjAecJJhPzcXvnMVsKWEDwHiL76fm2PTC0
--> ssh-ed25519 Nn8WxA ENSIpye6C7RaxwmUQP4fGD3NZ/mXh7Q0gyNsdvEGyxU
-zhKepo7NqWe4NVTRcTcqKJavgZdHAXi5TK8nsHqRJNA
--> ssh-ed25519 Gd+9pg wlz2TZrZVdNz9yBugvydWeUgc/430iOPpDP3+aJ0nDo
-ST+uLYDvOg95qXN86vsvKmlr56sttg7Z7l4OAJfgytI
--> ssh-ed25519 eMj+Jg XP+CWaVkKTzptg2lpmPcT0d+K3JoDTfmFjpyKouqwXk
-WGrv56kthwxT88xXSyaPecLklfumxva9RxCoFNZwVTU
--> ssh-ed25519 MQ/7Ew XgTs4XL6bGspzSFdT2IW4BW3MPjdP0YiLQqo0SDR+EI
-18MBJWrgjk3J58EPZjwW/OwAo3bKG+jHztowqQeYG5M
---- nxPnfZNn24Q70LqqEO2Mo76xPcaBuZ7OEYXTO0Ac/wk
-”Þê4ª¨V+Ô_<’P|Í(ŽH3ìj¢S<C2A2>#(åv¥pþ¥‚ØjÈüè8a—ßc6’DïÔøèðd'(qÜZA[9ö