fix: yippie, fucking agenix-rekey now works, that was some torture

flake.nix

@@ -74,7 +74,7 @@
           nixos-hardware.nixosModules.framework-13-7040-amd
           lix-module.nixosModules.default
           nix-index-database.nixosModules.nix-index
-          # private-config.nixosModules.default
+          ./modules/utils/agenix/agenix.nix
           ./modules
           ./home
         ];

modules/utils/agenix/agenix.nix

@@ -1,6 +1,7 @@
 {
   config,
   pkgs,
+  inputs,
   ...
 }:
 {
@@ -28,66 +29,73 @@
       # Choose a directory to store the rekeyed secrets for this host.
       # This cannot be shared with other hosts. Please refer to this path
       # from your flake's root directory and not by a direct path literal like ./secrets
-      localStorageDir = inputs.private-config/modules/secrets + "/rekeyed/${config.networking.hostName}";
+      localStorageDir = ./. + "/rekeyed/${config.networking.hostName}";
     };
 
     secrets = {
-      access-tokens-github.file = inputs.private-config/modules/secrets/gh_argstr.age;
+      access-tokens-github.rekeyFile = ./secrets/gh_argstr.age;
 
-      fbda-wg-privkey.file = inputs.private-config/modules/secrets/fbda_wg_priv_key.age;
+      fbda-wg-privkey.rekeyFile = ./secrets/fbda_wg_priv_key.age;
-      fbda-wg-psk.file = inputs.private-config/modules/secrets/fbda_wg_psk.age;
+      fbda-wg-psk.rekeyFile = ./secrets/fbda_wg_psk.age;
 
       obvps-id = {
-        file = inputs.private-config/modules/secrets/1bvps.age;
+        rekeyFile = ./secrets/1bvps.age;
         path = "/home/rhea/.ssh/id_1bvps";
         owner = "rhea";
         symlink = false;
       };
 
+      dn42git_token = {
+        rekeyFile = ./secrets/dn42git_token.age;
+        path = "/home/rhea/.ssh/id_dn42_etwas";
+        owner = "rhea";
+        symlink = false;
+      };
+
       ncvps-id = {
-        file = inputs.private-config/modules/secrets/ncvps.age;
+        rekeyFile = ./secrets/ncvps.age;
         path = "/home/rhea/.ssh/id_ncvps";
         owner = "rhea";
         symlink = false;
       };
 
       gh_etwas = {
-        file = inputs.private-config/modules/secrets/gh_token.age;
+        rekeyFile = ./secrets/gh_token.age;
         path = "/home/rhea/.ssh/id_gh_etwas";
         owner = "rhea";
         symlink = false;
       };
 
       gcd_etwas = {
-        file = inputs.private-config/modules/secrets/gcd_etwas.age;
+        rekeyFile = ./secrets/gcd_etwas.age;
         path = "/home/rhea/.ssh/id_gcd_etwas";
         owner = "rhea";
         symlink = false;
       };
 
       ebd_rhea = {
-        file = inputs.private-config/modules/secrets/ebd_token.age;
+        rekeyFile = ./secrets/ebd_token.age;
         path = "/home/rhea/.ssh/id_ebd_rhea";
         owner = "rhea";
         symlink = false;
       };
 
       glrwth_tuda = {
-        file = inputs.private-config/modules/secrets/glrwth_token.age;
+        rekeyFile = ./secrets/glrwth_token.age;
         path = "/home/rhea/.ssh/id_glrwth_tuda";
         owner = "rhea";
         symlink = false;
       };
 
       etwas_sign_key = {
-        file = inputs.private-config/modules/secrets/sign_etwas.age;
+        rekeyFile = ./secrets/sign_etwas.age;
         path = "/home/rhea/.ssh/etwas_sign_key";
         owner = "rhea";
         symlink = false;
       };
 
       ffda_outoor_key = {
-        file = inputs.private-config/modules/secrets/ffda_token.age;
+        rekeyFile = ./secrets/ffda_token.age;
         path = "/home/rhea/.ssh/id_ffda_outdoor";
         owner = "rhea";
         symlink = false;

modules/utils/agenix/rekeyed/rhea-laptop/75b8bbd64b17a040f92a8c09aa0a18b1-fbda-wg-psk.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 7JS6dg krvfE+Q3MyPk9atXqvWIZ34jdnLIuJ0SoocHwHiC9l0
+8DuWAGg+sp/22GVFxx5NIBp2NF3mk/9hs2uOBWx0Q9g
+-> @-grease ]0mX_ M2]l G
+q/uLLUTyYlZpDQ
+--- akYJCo6Fx7+mjZBYtwXI+4ji9+VHq+qtNHLjp051m/0
+žBÊéhèÏsGqƒŽnwßë<C39F>ˆÑž¯‚,'¸vM«ñš_×.ïx@´~<7E>7
+„›ñAÌÚïn­«?Ï‘ø$
ñ]ì²~3°¦U}Ý9

modules/utils/agenix/rekeyed/rhea-laptop/fe3b797d7fc54e6a24d4e9dcb049e626-access-tokens-github.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 7JS6dg X4tDO/iunyQPRSCQElOeZ2Wggl1iVgXtsi1U4AiLIzs
+YhWzsL787a4tidiOfGm4wBEnextzg7q2T/NvSOYgHhs
+-> )lD,-grease L s=]tTt0 %fL1
+Z8++T2G4ef9Rogaf1khv2rVNQC2ksRR+BV80ZCc4vRPfbocTbeYzLkKhlDNcBI7x
+uM6TGxU
+--- BVxz5t84EgdJoqGCbd7r8y38wOPmQzW18DI+8M8Z9/U
+±
+6ùÝ9k"¢MZ%ȪÎY¢@‰ã)•;“ž ‰ß½ª5I›¡dÜŠ*—‚Wvóï×㿧åWdÞ‡·"TZV7xp|E+	U}BÍrÖPô¯œ<…o©«—¼G,Zý<5A>¤=Râ95„º¸&ûvÕ(ŒhíÒŽl4‡¡¬¨Õ£ÕI“Ça,Æî#0ŒydzG¼ Úâ|¹¦ãˆ<C3A3>Á+_

modules/utils/agenix/secrets/fbda_wg_psk.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> X25519 9gg+So36zrxzTKZ+NKEE0Mi0+1PJhg25+h5TJCDCWCM
+oD9VMqfQQ8enVjUoHugRbaICHRcUILhhaMMfk4VkYLA
+-> v_-grease )
+Ig
+--- XuF9ikNgXeY3V4FBAfrSftQXmA1Jxm7DIU77EFyPt8A
+ÞÏ€Áæa;ï…<C3AF>ÂI}eäàô·ãªc×I­†m¯ã$®zìŠëmATèÞï”Ù	!ZQ³`×9œeK`Ág¿ú ¶7ùñ¦‡›kË{‘ã

modules/utils/agenix/secrets/gcd_etwas.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 bX7dt9ZzmW/ViStZiUjJwithRJYu1Lj40JNtIa+PFhE
+qf2xV/RFHRwH7Gf6mt1uNHJxS8p8og4M7+NVfzQHkyw
+-> 2t&,-grease
+Ah3d0tGRGEH4uxayOFlydRpnEQNiGZFthb2iuYvpLWH6R8UTCR2CwsGeVt1z/VYx
+q3wl3dUBgyG6rUnulGN+gSyoxjd9ogER
+--- OxvK2Z3y5XhXwngfxzlRLyCnRnHayXVb8W1V7LAXil8
+=Ï öÊgÒ6æé7ŠÿýÈlVв‘ÈžÍ@'p1<70>‰€\2qÿ~çwyð­Û`ô='Úk•œ†<C593>}<7D>ZæßG<1B>¯+®ùùž^fÔKb£\ý„̨ÿ]@S‚™Ê/¿ÂûæŽt=]•ÉhÎEµ<45>YÖFZ-o<>¤¢ððw.;ÿ«ac˜PN1ꬳ5`ÓŠ¸><1B>UO`d…P Jbœqz¿RJÜlÚäB8dó†ÞI„59!Åê<C385>4c="¸|`ȪKåM‚›ÍƱP#\’4¤¬ÛácFj¶„¯6äF—t&þIÚ¥~~+mê¨2t•ÃÑÈýcýçwíðcü¿£YQ Øn¤mA²gÍô0ò6U‰OÛ <C39B>òé=ú®øC`´ïìf „hw‘eºŸ	ÊJ<C38A>‡î$ªC.¸ý,ÄçÇNDç´¹`›b–=<3D>õ7ÄG†Yg“׉EÿòBÒ³¬AƒIÃÒ²í,|t²™¯oÉb§+Éeós³½±‡õs?";yßÂo‡Uáj0ÖÚcáeƒºœž•šû,U=>à*V)ÑÈÐìîaî%üxЫӿsï©US×òŠ Ý´7J¤çE ãžñO

modules/utils/agenix/secrets/gh_argstr.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 GKUURHej+ErV3IMimOmdGwFVPZ/h+QaqdjZPLxseNBY
+C1Pig/pPSJMk34PrH3mXbMwX9tMDKuelJ5ttUB5e3+k
+-> $g:]dvYJ-grease
+1z69372dSEFbYg7Ny+Xn/6RAozi43aaSybJG/HScdMSzFvttJ7gYbZEStEo32MMm
+TjLKHwBX205vizvoeskIMdhp0Vr7vz894//0MEEJAeIbsVKV/eEUbw
+--- FhK586dKqyoWab5v9kI7SW+Cg+ID+fYtlsrpidOA2PA
+¬2R©ĄŃ K@lE0AoŹş~éWmŁîe\ )ZaJ÷§)pĺ ńţ"đš1i”öŢürQy2Ý›.ËçfnżéMÎźć~Śś¦=Ńů9׼X	*Ě\†>Mů	BTš÷Óf  
+dţ€DÉć´ţńÜ	W‡:bíMú®Ó]ó—TčSů×P椦JÄ
2‚íç» ŢaEŐ Í5)ßżc÷Đ
äÍ

modules/utils/agenix/secrets/glrwth_token.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 cRGm7gXPptdANVdI68CkmKmguojNn/8fI9KS3m/6wng
+p//dLMAqSr/UNYsmWCHy28hiMAFI2u4xyrZ0jb+yTQ4
+-> wD%m*X*]-grease " qB0 9npD"
+vT2TiwtPdyYwvUxHusUhE8Ef4iqAzwkBzA+xmlW0UA7bgMe/7yMx9UsyRv4Qo3TL
+nQKDl4Z16SVXWXPUWXa4JiWhIXCrIQ
+--- g9xrDSSxbAzvkNpHNMRAaBAPqHxRAE9Bw0fvTUV4UQ0
+ôÖYv·£à?ôãˉEÆ
/:Y%~E6-{:êıMœP‘ŒmNeeoõìê}F/ílŠ’<aî‰.µ¾ö§¢ùRÁÒ<Á‹Eg=:ÔÔ¿ JÀ.?ØÃPŽªó^NzGíÐnú(YþZ‹Øëûq›g8«Í}Æßy%w_µÑ¢Ž³ÔÞN=Eô<45>¢Æ¥>1ÓöïðM.”ù/ˆF0êÜ„r›Ï‚­¢#<23>˜  ¬D,ñÿzŸXÐmOqŽ×7’ÒOf<4F>mþ'YÃR˜•MV$DŽL•´ÞPõÍŽ#X2~þÙp£~œz„ÿékhzžSÓA¿+ZÕ‰µõ½J¢áâßn{AT¡D¦W&w+J²N·Wæ<03>ùô{˘ʚqWѲ’šXFþ¾~Ä{¬‹éÓcló¥+þÖ$]<5D>^‚ LÔ¦>w¢ra*ÿä J;.’Èd=sÇ…Ó–±(l“û™¬À•MJX?g…>T®Ûf¡;Õ·8ÚKÙäfhô芓Ôc$
)˜Fyó!Ó<>ć7$´8ˆú7<C3BA>®+Bþû%h¨imòïÎí²r„’£JÑK¨ÑØæU¦Ÿ{ó

modules/utils/agenix/secrets/ncvps.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> X25519 cGBOe2zfyQXE72uHNGIqjjPDbzZ7k6P6rXw2Y/2LtRM
+DGc8dJq0A+3lYFBQcEAHLX68w2A5VjsTVejIuz14rfY
+-> @R\SB5D{-grease c(E:qB PUX C_!n`
+KDzwVYv4OFSYKMTDrFzow3MybnsarrLcwgMg/Ul4d9ZxBNQXuzLqtHaS6ppNyBh2
+OVsDZNq3r8LNyh8xfAWwTU9ViAffCRQ+
+--- /ki/C/Y4topj9uabMskg4jaiQJj/5jESdxjfgyRkFnA
+Õ¾;InšÈZ¹A<C2B9>úòf<C3B2>}äxyø$'ÕS謧ÈáàÏÆø|ÖàÆÓ“*a¡õÑÄ0àj~|ì“[W7N¢fìÈ9ÉÒJP‹â£WU̸GQÅ­ÐfØÿW=ñGmÎn.(ôǶi²þØœW=Ø”T>øÖç6,T$뼺“¸Ä4:ô
¼í…2Ø*’™"k†„ɨγI®«Þ®,íâ*{o–ÿf ’b…•²:2T;#ËÎÀnµ‰|<7C>…<ÐýÏ×´©T¨ÍôÎÛ'jŽ»…W‹Ueê …¨
hTëütpp˜e´ðPekK……Eµó³Ã¦Žê#H¤7Â<37>JÆ24^_í(Ñ\ôÎZp<5A>•²±.¦=^Z›‡ûUDa¯ç9úÐÚwº£Z
+—½X“Ú$<24>so<q¢gä˜(1®g³•¢ÄIä±ß<15>ubzð¾Ó?MQ
³¾V+ŸÙs )\gkð*<05>~”Xé9£^ú®˜Ã‹²G†7›ƒé	æø°
¹=s×ܯÿµ
B¹ MOMÛx¼Œ„þÔ§ÄÄ” l"4«É‘ø3YØ	ù‹7¤]_°]Í„Á