phase 2: move secrets → secrets/{desktop,home,server,usb-secrets}/

2026-04-18 00:48:18 -04:00
parent d13cec76ba
commit 05fd05deda
36 changed files with 0 additions and 0 deletions
--- a/legacy/dotfiles/home-manager/secrets/llama_cpp_api_key
+++ b/legacy/dotfiles/home-manager/secrets/llama_cpp_api_key
--- a/legacy/dotfiles/home-manager/secrets/openrouter_api_key
+++ b/legacy/dotfiles/home-manager/secrets/openrouter_api_key
--- a/legacy/dotfiles/home-manager/secrets/steam-user-id
+++ b/legacy/dotfiles/home-manager/secrets/steam-user-id
--- a/legacy/dotfiles/system/secrets/disk-password
+++ b/legacy/dotfiles/system/secrets/disk-password
--- a/legacy/dotfiles/system/secrets/nix-cache-netrc
+++ b/legacy/dotfiles/system/secrets/nix-cache-netrc
--- a/legacy/dotfiles/system/secrets/password-hash
+++ b/legacy/dotfiles/system/secrets/password-hash
--- a/legacy/dotfiles/system/secrets/secureboot.tar
+++ b/legacy/dotfiles/system/secrets/secureboot.tar
--- a/legacy/dotfiles/system/secrets/wifi-passwords.nix
+++ b/legacy/dotfiles/system/secrets/wifi-passwords.nix
--- a/legacy/server-config/secrets/caddy_auth.age
+++ b/legacy/server-config/secrets/caddy_auth.age
--- a/legacy/server-config/secrets/ci-deploy-key.age
+++ b/legacy/server-config/secrets/ci-deploy-key.age
--- a/legacy/server-config/secrets/coturn-auth-secret.age
+++ b/legacy/server-config/secrets/coturn-auth-secret.age
--- a/legacy/server-config/secrets/ddns-updater-config.age
+++ b/legacy/server-config/secrets/ddns-updater-config.age
--- a/legacy/server-config/secrets/firefox-syncserver-env.age
+++ b/legacy/server-config/secrets/firefox-syncserver-env.age
--- a/legacy/server-config/secrets/git-crypt-key-dotfiles.age
+++ b/legacy/server-config/secrets/git-crypt-key-dotfiles.age
--- a/legacy/server-config/secrets/git-crypt-key-server-config.age
+++ b/legacy/server-config/secrets/git-crypt-key-server-config.age
--- a/legacy/server-config/secrets/gitea-runner-token.age
+++ b/legacy/server-config/secrets/gitea-runner-token.age
--- a/legacy/server-config/secrets/harmonia-sign-key.age
+++ b/legacy/server-config/secrets/harmonia-sign-key.age
--- a/legacy/server-config/secrets/hashedPass.age
+++ b/legacy/server-config/secrets/hashedPass.age
--- a/legacy/server-config/secrets/jellyfin-api-key.age
+++ b/legacy/server-config/secrets/jellyfin-api-key.age
--- a/legacy/server-config/secrets/livekit_keys
+++ b/legacy/server-config/secrets/livekit_keys
--- a/legacy/server-config/secrets/llama-cpp-api-key.age
+++ b/legacy/server-config/secrets/llama-cpp-api-key.age
--- a/legacy/server-config/secrets/matrix-reg-token.age
+++ b/legacy/server-config/secrets/matrix-reg-token.age
--- a/legacy/server-config/secrets/minecraft-whitelist.nix
+++ b/legacy/server-config/secrets/minecraft-whitelist.nix
--- a/legacy/server-config/secrets/mollysocket-env.age
+++ b/legacy/server-config/secrets/mollysocket-env.age
--- a/legacy/server-config/secrets/murmur-password-env.age
+++ b/legacy/server-config/secrets/murmur-password-env.age
--- a/legacy/server-config/secrets/nix-cache-auth.age
+++ b/legacy/server-config/secrets/nix-cache-auth.age
--- a/legacy/server-config/secrets/njalla-api-token-env.age
+++ b/legacy/server-config/secrets/njalla-api-token-env.age
--- a/legacy/server-config/secrets/ntfy-alerts-token.age
+++ b/legacy/server-config/secrets/ntfy-alerts-token.age
--- a/legacy/server-config/secrets/ntfy-alerts-topic.age
+++ b/legacy/server-config/secrets/ntfy-alerts-topic.age
--- a/legacy/server-config/secrets/persistent.tar
+++ b/legacy/server-config/secrets/persistent.tar
--- a/legacy/server-config/secrets/secureboot.tar.age
+++ b/legacy/server-config/secrets/secureboot.tar.age
--- a/legacy/server-config/secrets/slskd_env.age
+++ b/legacy/server-config/secrets/slskd_env.age
--- a/legacy/server-config/secrets/wg0.conf.age
+++ b/legacy/server-config/secrets/wg0.conf.age
--- a/legacy/server-config/secrets/zfs-key.age
+++ b/legacy/server-config/secrets/zfs-key.age
--- a/legacy/server-config/usb-secrets/setup-usb.sh
+++ b/legacy/server-config/usb-secrets/setup-usb.sh
@@ -1,44 +0,0 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p parted dosfstools
-set -euo pipefail
-
-SCRIPT_DIR="$(dirname "$(realpath "$0")")"
-USB_DEVICE="$1"
-if [[ -z "${USB_DEVICE:-}" ]]; then
-    echo "Usage: $0 <usb_device>"
-    echo "Example: $0 /dev/sdb"
-    exit 1
-fi
-
-if [[ ! -b "$USB_DEVICE" ]]; then
-    echo "Error: $USB_DEVICE is not a block device"
-    exit 1
-fi
-
-if [[ ! -f "$SCRIPT_DIR/usb-secrets/usb-secrets-key" ]]; then
-    echo "Error: usb-secrets-key not found at $SCRIPT_DIR/usb-secrets/usb-secrets-key"
-    exit 1
-fi
-
-echo "WARNING: This will completely wipe $USB_DEVICE"
-echo "Press Ctrl+C to abort, or Enter to continue..."
-read
-
-echo "Creating partition and formatting as FAT32..."
-parted -s "$USB_DEVICE" mklabel msdos
-parted -s "$USB_DEVICE" mkpart primary fat32 0% 100%
-parted -s "$USB_DEVICE" set 1 boot on
-
-USB_PARTITION="${USB_DEVICE}1"
-mkfs.fat -F 32 -n "SECRETS" "$USB_PARTITION"
-
-echo "Copying key to USB..."
-MOUNT_POINT=$(mktemp -d)
-trap "umount $MOUNT_POINT 2>/dev/null || true; rmdir $MOUNT_POINT" EXIT
-
-mount "$USB_PARTITION" "$MOUNT_POINT"
-cp "$SCRIPT_DIR/usb-secrets/usb-secrets-key" "$MOUNT_POINT/"
-umount "$MOUNT_POINT"
-
-echo "USB setup complete! Label: SECRETS"
-echo "Create multiple backup USB keys for redundancy."
--- a/legacy/server-config/usb-secrets/usb-secrets-key
+++ b/legacy/server-config/usb-secrets/usb-secrets-key