phase 2: move secrets → secrets/{desktop,home,server,usb-secrets}/
This commit is contained in:
primary
BIN
secrets/desktop/disk-password
Normal file
BIN
secrets/desktop/disk-password
Normal file
Binary file not shown.
BIN
secrets/desktop/nix-cache-netrc
Normal file
BIN
secrets/desktop/nix-cache-netrc
Normal file
Binary file not shown.
BIN
secrets/desktop/password-hash
Normal file
BIN
secrets/desktop/password-hash
Normal file
Binary file not shown.
BIN
secrets/desktop/secureboot.tar
Normal file
BIN
secrets/desktop/secureboot.tar
Normal file
Binary file not shown.
BIN
secrets/desktop/wifi-passwords.nix
Normal file
BIN
secrets/desktop/wifi-passwords.nix
Normal file
Binary file not shown.
BIN
secrets/home/llama_cpp_api_key
Normal file
BIN
secrets/home/llama_cpp_api_key
Normal file
Binary file not shown.
BIN
secrets/home/openrouter_api_key
Normal file
BIN
secrets/home/openrouter_api_key
Normal file
Binary file not shown.
BIN
secrets/home/steam-user-id
Normal file
BIN
secrets/home/steam-user-id
Normal file
Binary file not shown.
BIN
secrets/server/caddy_auth.age
Normal file
BIN
secrets/server/caddy_auth.age
Normal file
Binary file not shown.
BIN
secrets/server/ci-deploy-key.age
Normal file
BIN
secrets/server/ci-deploy-key.age
Normal file
Binary file not shown.
BIN
secrets/server/coturn-auth-secret.age
Normal file
BIN
secrets/server/coturn-auth-secret.age
Normal file
Binary file not shown.
BIN
secrets/server/ddns-updater-config.age
Normal file
BIN
secrets/server/ddns-updater-config.age
Normal file
Binary file not shown.
BIN
secrets/server/firefox-syncserver-env.age
Normal file
BIN
secrets/server/firefox-syncserver-env.age
Normal file
Binary file not shown.
BIN
secrets/server/git-crypt-key-dotfiles.age
Normal file
BIN
secrets/server/git-crypt-key-dotfiles.age
Normal file
Binary file not shown.
BIN
secrets/server/git-crypt-key-server-config.age
Normal file
BIN
secrets/server/git-crypt-key-server-config.age
Normal file
Binary file not shown.
BIN
secrets/server/gitea-runner-token.age
Normal file
BIN
secrets/server/gitea-runner-token.age
Normal file
Binary file not shown.
BIN
secrets/server/harmonia-sign-key.age
Normal file
BIN
secrets/server/harmonia-sign-key.age
Normal file
Binary file not shown.
BIN
secrets/server/hashedPass.age
Normal file
BIN
secrets/server/hashedPass.age
Normal file
Binary file not shown.
BIN
secrets/server/jellyfin-api-key.age
Normal file
BIN
secrets/server/jellyfin-api-key.age
Normal file
Binary file not shown.
BIN
secrets/server/livekit_keys
Normal file
BIN
secrets/server/livekit_keys
Normal file
Binary file not shown.
BIN
secrets/server/llama-cpp-api-key.age
Normal file
BIN
secrets/server/llama-cpp-api-key.age
Normal file
Binary file not shown.
BIN
secrets/server/matrix-reg-token.age
Normal file
BIN
secrets/server/matrix-reg-token.age
Normal file
Binary file not shown.
BIN
secrets/server/minecraft-whitelist.nix
Normal file
BIN
secrets/server/minecraft-whitelist.nix
Normal file
Binary file not shown.
BIN
secrets/server/mollysocket-env.age
Normal file
BIN
secrets/server/mollysocket-env.age
Normal file
Binary file not shown.
BIN
secrets/server/murmur-password-env.age
Normal file
BIN
secrets/server/murmur-password-env.age
Normal file
Binary file not shown.
BIN
secrets/server/nix-cache-auth.age
Normal file
BIN
secrets/server/nix-cache-auth.age
Normal file
Binary file not shown.
BIN
secrets/server/njalla-api-token-env.age
Normal file
BIN
secrets/server/njalla-api-token-env.age
Normal file
Binary file not shown.
BIN
secrets/server/ntfy-alerts-token.age
Normal file
BIN
secrets/server/ntfy-alerts-token.age
Normal file
Binary file not shown.
BIN
secrets/server/ntfy-alerts-topic.age
Normal file
BIN
secrets/server/ntfy-alerts-topic.age
Normal file
Binary file not shown.
BIN
secrets/server/persistent.tar
Normal file
BIN
secrets/server/persistent.tar
Normal file
Binary file not shown.
BIN
secrets/server/secureboot.tar.age
Normal file
BIN
secrets/server/secureboot.tar.age
Normal file
Binary file not shown.
BIN
secrets/server/slskd_env.age
Normal file
BIN
secrets/server/slskd_env.age
Normal file
Binary file not shown.
BIN
secrets/server/wg0.conf.age
Normal file
BIN
secrets/server/wg0.conf.age
Normal file
Binary file not shown.
BIN
secrets/server/zfs-key.age
Normal file
BIN
secrets/server/zfs-key.age
Normal file
Binary file not shown.
44
secrets/usb-secrets/setup-usb.sh
Executable file
44
secrets/usb-secrets/setup-usb.sh
Executable file
@@ -0,0 +1,44 @@
|
||||
#!/usr/bin/env nix-shell
|
||||
#! nix-shell -i bash -p parted dosfstools
|
||||
set -euo pipefail
|
||||
|
||||
SCRIPT_DIR="$(dirname "$(realpath "$0")")"
|
||||
USB_DEVICE="$1"
|
||||
if [[ -z "${USB_DEVICE:-}" ]]; then
|
||||
echo "Usage: $0 <usb_device>"
|
||||
echo "Example: $0 /dev/sdb"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -b "$USB_DEVICE" ]]; then
|
||||
echo "Error: $USB_DEVICE is not a block device"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -f "$SCRIPT_DIR/usb-secrets/usb-secrets-key" ]]; then
|
||||
echo "Error: usb-secrets-key not found at $SCRIPT_DIR/usb-secrets/usb-secrets-key"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "WARNING: This will completely wipe $USB_DEVICE"
|
||||
echo "Press Ctrl+C to abort, or Enter to continue..."
|
||||
read
|
||||
|
||||
echo "Creating partition and formatting as FAT32..."
|
||||
parted -s "$USB_DEVICE" mklabel msdos
|
||||
parted -s "$USB_DEVICE" mkpart primary fat32 0% 100%
|
||||
parted -s "$USB_DEVICE" set 1 boot on
|
||||
|
||||
USB_PARTITION="${USB_DEVICE}1"
|
||||
mkfs.fat -F 32 -n "SECRETS" "$USB_PARTITION"
|
||||
|
||||
echo "Copying key to USB..."
|
||||
MOUNT_POINT=$(mktemp -d)
|
||||
trap "umount $MOUNT_POINT 2>/dev/null || true; rmdir $MOUNT_POINT" EXIT
|
||||
|
||||
mount "$USB_PARTITION" "$MOUNT_POINT"
|
||||
cp "$SCRIPT_DIR/usb-secrets/usb-secrets-key" "$MOUNT_POINT/"
|
||||
umount "$MOUNT_POINT"
|
||||
|
||||
echo "USB setup complete! Label: SECRETS"
|
||||
echo "Create multiple backup USB keys for redundancy."
|
||||
BIN
secrets/usb-secrets/usb-secrets-key
Normal file
BIN
secrets/usb-secrets/usb-secrets-key
Normal file
Binary file not shown.
Reference in New Issue
Block a user