feat(secrets)!: Replace sops with agenix-rekey
sops-nix is tending to be fairly complex for our use-cases, which adds
difficulty to deploying, maintaining our wrapper module, keeping
".env.bin" files, etc.
agenix-rekey is a lot simpler.
notable in this commit is the `// { outputPath = ...; }` hack in
flake.nix. This is needed due to snowfall-lib otherwise butchering paths
such that agenix-rekey is unable to show us what secrets exist with
`agenix edit`, etc... companion to that is the lib.snowfall.fs stuff in
the secrets/default.nix file
Change-Id: Id3e79cfc7d37a7b7de7b8cc42f7392c4d8bd07c5
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/801
Reviewed-by: Skyler Grey <minion@clicks.codes>
Tested-by: Skyler Grey <minion@clicks.codes>
diff --git a/secrets/keys/minion/collabora-yubikey.pub b/secrets/keys/minion/collabora-yubikey.pub
new file mode 100644
index 0000000..a3061c2
--- /dev/null
+++ b/secrets/keys/minion/collabora-yubikey.pub
@@ -0,0 +1,7 @@
+# Serial: 20652804, Slot: 1
+# Name: MINION_COLLABORA_YUBIKEY
+# Created: Sun, 21 Jul 2024 12:55:44 +0000
+# PIN policy: Once (A PIN is required once per session, if set)
+# Touch policy: Always (A physical touch is required for every decryption)
+# Recipient: age1yubikey1qd38ggwk5h8y877qwx4kkt3jz89fd4483v843ps450z5fl2uwgc82x8tsz8
+AGE-PLUGIN-YUBIKEY-1QS3NKQVZC38R9FS6T2PNZ
diff --git a/secrets/keys/minion/iyubikey.pub b/secrets/keys/minion/iyubikey.pub
new file mode 100644
index 0000000..ec49feb
--- /dev/null
+++ b/secrets/keys/minion/iyubikey.pub
@@ -0,0 +1,7 @@
+# Serial: 24039462, Slot: 1
+# Name: MINION_iYUBIKEY
+# Created: Sun, 21 Jul 2024 12:57:17 +0000
+# PIN policy: Once (A PIN is required once per session, if set)
+# Touch policy: Always (A physical touch is required for every decryption)
+# Recipient: age1yubikey1qfczekkv6thu32q5fv272pmzca86rqf4pn4083h9qvfgytrmycquqz23c3d
+AGE-PLUGIN-YUBIKEY-1YMGXUQVZEHAJFXGQ57UKA
diff --git a/secrets/keys/minion/tiny-yubikey.pub b/secrets/keys/minion/tiny-yubikey.pub
new file mode 100644
index 0000000..0838d68
--- /dev/null
+++ b/secrets/keys/minion/tiny-yubikey.pub
@@ -0,0 +1,7 @@
+# Serial: 23751432, Slot: 1
+# Name: MINION_TINY_YUBIKEY
+# Created: Sun, 21 Jul 2024 12:49:01 +0000
+# PIN policy: Once (A PIN is required once per session, if set)
+# Touch policy: Always (A physical touch is required for every decryption)
+# Recipient: age1yubikey1qf92p7gj5k8pavnzrzg644plfqcpkc8laj2l4avdfnem2re08tuqsu7ynnf
+AGE-PLUGIN-YUBIKEY-1PP4K5QVZR6DHL7G8RVVJ0