feat(secrets)!: Replace sops with agenix-rekey
sops-nix is tending to be fairly complex for our use-cases, which adds
difficulty to deploying, maintaining our wrapper module, keeping
".env.bin" files, etc.
agenix-rekey is a lot simpler.
notable in this commit is the `// { outputPath = ...; }` hack in
flake.nix. This is needed due to snowfall-lib otherwise butchering paths
such that agenix-rekey is unable to show us what secrets exist with
`agenix edit`, etc... companion to that is the lib.snowfall.fs stuff in
the secrets/default.nix file
Change-Id: Id3e79cfc7d37a7b7de7b8cc42f7392c4d8bd07c5
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/801
Reviewed-by: Skyler Grey <minion@clicks.codes>
Tested-by: Skyler Grey <minion@clicks.codes>
diff --git a/systems/x86_64-linux/teal/acme.sops.env.bin b/systems/x86_64-linux/teal/acme.sops.env.bin
deleted file mode 100644
index c66e26e..0000000
--- a/systems/x86_64-linux/teal/acme.sops.env.bin
+++ /dev/null
@@ -1,36 +0,0 @@
-{
- "data": "ENC[AES256_GCM,data:HgebCH+Hrzbu3pvXbWa66OMKEEy8uzkutqO0oSrj1ZgDuZnU/GHT/AZhd8NptUKIOIerSjWFxD4tZSMyYqOwj2c2,iv:7G1mmGkYDX24wlKqdGLTxBQvkRcPpSlA/J8IHJsyJZE=,tag:ah199Tfk3E60v2wBlb+sOg==,type:str]",
- "sops": {
- "kms": null,
- "gcp_kms": null,
- "azure_kv": null,
- "hc_vault": null,
- "age": null,
- "lastmodified": "2024-06-22T23:34:29Z",
- "mac": "ENC[AES256_GCM,data:jTCygJEQDbIpPBwU7xmlkqfntkautpQDEnvVchWzFq8QnzWCPV1/P/qeSayPjkwPAnB24x/wbFkuHCnNVamQ/QxNiuEVk8c977DYzdl+Hg/7MED4O/kExMzdU6cHQGtkKn3cXWatJNpZQVe5lko3xbhJN/JQwRFYYnzZKSN906Q=,iv:Mo0vwHkvFxvOQRUPnorLhJ476l8ZMQvgZ4wSyss4j3c=,tag:QOpuNQRe1+ZtoAVVAO3kyQ==,type:str]",
- "pgp": [
- {
- "created_at": "2024-06-22T23:23:10Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D6MHlIv4I/7ASAQdAygO+vRQVedxDSif6TnM4dI3OyMqTGqMaI2iBBIouKSkw\naxAi2caNG2Kkelgj1JMmlxV31wbtIMGWp3N2LhTAxcFX+N0idIDLrdF6aVjwMZaJ\n0l4BPkHzwA/jjIgMD5PurgGmarGiZkaXv0cOikEXhBaK52Kn849JjHt3hk0QZcIJ\n1PpLoatM8kwdJpJKrxePXWgmLGFlrv9Bza4Ephzfq2RzaUkS6eE6q7tKzSo2gFuj\n=UIIi\n-----END PGP MESSAGE-----",
- "fp": "BC82DF237610AE9113EB075900E944BFBE99ADB5"
- },
- {
- "created_at": "2024-06-22T23:23:10Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DxpBiwsu2o5wSAQdAw1CzYtLdBt3Wyn5VSl6WdCwrabGrFuFn1YoyTk2kUHkw\nrBYHoAFbhtSk0Kh5sEq4MbelLD8U8Vc4sWQ+uCBIP+IB3JqdFainNA3BgIX0xmuZ\n0l4Bp/Tim//p65+OYdtNXygpoK0QlM+jrcloND/fpbJ5DWEyKkPSHuDXTNXAa268\n9xLW2H3LhRimN/5y6hoh7QIT3WxAQoKkGRLruqWAvFq2fjyHAfepsu9xE1S80Jae\n=B3Aw\n-----END PGP MESSAGE-----",
- "fp": "76E0B09A741C4089522111E5F27E3E5922772E7A"
- },
- {
- "created_at": "2024-06-22T23:23:10Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA9bzf+GUl7kkARAAt+5GEtj4hbrZPD1kRaoFBjdtZDESlGHZgug88YHjyXTq\nDjlTheDs65ZfHBRhE+3OzsqLU8QwLyACB8MNJdnns6sn/ssV+4UOwIi6MRfth+P1\nlbqnSfsS9octnz91JPYmqZ1s65Qp9VkM/D04TV7OdreZzU1aIOI241u0JOTYgBat\nD5E9QjQGlPwwYWwhlt+r0uIMISa4lwJIWuud2Xm4lJ1JPrzuuJB6VJp3D3eaJNoE\nms1NMvSJTn1Q/6NKSyeSD+901oeJRrtoikGbk4y4r4UlqSUsQhW/AptgswMRnkfg\nyI2SmtD2EC79g2h9MATwQfxgo1maMu47FPNx0zI2vmZdp+5LKeSWbe5RuNK11SCo\nnpyLKRqrtsXlKu0MfFg0+fJ1xqqMjvdGlPj5lo/T5ng4boyTwAgDmn8/rCHlS9yu\nbQpKOzH2dnOB1CXPWEt/kj9wXHUTgygfasOCpn60eMKcyOuSXn0qJJj9Mc3A0Jw3\nD1MPNFnnrnGTa7rWyRWQRYLZLNpZV4MzgIF/g3eJuhfJRJDpAFJmu/XY59RsCjfd\npOW7NYpEwH2KHGv1u0e4EnZRysKNqMqJ/Y3PYSyhdquAwxFxqMCRkmYYheNpvjP8\nPsJXv77KM+O1RGTsEX/IKoGnnBcOlUBNEVMIaUOK3E8jVCxeCGXlesK/xT81MBHS\nXgF523bW5yt5jQ0+gyCNW7RuDRiu/E24bJcqqNYAkhJRlysDBRcQs2vdDuw5+xbP\nF6fc7UT19SEA2KzeAXdQNtSKMsOuwPBBluZpXpjRmdqscYHrcScegRmEbLQsdTs=\n=CRaE\n-----END PGP MESSAGE-----",
- "fp": "8F50789F12AC6E6206EA870CE5E1C2D43B0E4AB3"
- },
- {
- "created_at": "2024-06-22T23:23:10Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAw8Caq2TdS1qARAAhM0snxG2QBGF+kqH46cSfh2egIBfnooi5pSTtR3UBX01\n9B4AmKSC0wv4RcEmYgjS4rlVEkRa+a7V+rhPuIRLKSHvMjfpJKkAqbyawjf8rYR8\nKjh4gGr23+U0tna1TZ1amvZm/fBNfv71Tbb5gTshWnAamuIXevwOyIVlKAVhvAue\ngaLzlbhDbWf1+o1btA3VUdvUvUozrLlg2YJHmrzdyCfmS2SOO7WR9g1PAxJo1yii\ne+1fCQJ4PJOvsxRptuJ3tYS+AVhiHQh0VFU8OPjd9ThPHq4f4yIHu3b/M9a2b0R3\n2I5pVWUFP0/3DqeVg3ovdpaAquSKGJ9KzbHK5CyCHyzQr3AbTbWfH8u1bJdQjVpU\nrTgSSXxyAPf3iCBh4RFhHikNWelBcFcnjPibaxvXhD8zvKgK5RMbl+7OlVMBauxk\n8gKwIihfa78/akChZbZsANWHJd/TErJqc7DUKv0Vit7OUugSSEZ0UanEsVQuRayq\nyBRQsmHmuLwEluF2OP3G5Wn8MjXZ9gm9DgjQjSdn3qL00kIymB3U/fQmW8V0MR/e\nBdAg1WTWLWcAXiVXJvgYPWu6S/NnW4dCD9tZocD8yoqaeUo5BSL1FzFeM1YYZBkk\n0HZuIq9kYxQ5g7AoNmDnR/KoN+FxLipuXxZFg2d7ZV90O/U7JFb7mDCu420nCQTS\nWAFym4eE200cL8bzqho4aM76BnBZD38h7eaDJnG+L7L2E4pzg1bjs6guajx3qbhl\nzb/sclLIrDzV0WfU4X/s1KrIE5E22JwgNMZB26RQ3EG2WabObT/5WIQ=\n=hKk4\n-----END PGP MESSAGE-----",
- "fp": "67c66d58ac73fd744c2b49720f026aad93752d6a"
- }
- ],
- "unencrypted_suffix": "_unencrypted",
- "version": "3.8.1"
- }
-}
\ No newline at end of file
diff --git a/systems/x86_64-linux/teal/acme.sops.env.bin.license b/systems/x86_64-linux/teal/acme.sops.env.bin.license
deleted file mode 100644
index bda0f14..0000000
--- a/systems/x86_64-linux/teal/acme.sops.env.bin.license
+++ /dev/null
@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2024 Clicks Codes
-
-SPDX-License-Identifier: GPL-3.0-only
diff --git a/systems/x86_64-linux/teal/clicks.networking.tailscale.authKeyFile.age b/systems/x86_64-linux/teal/clicks.networking.tailscale.authKeyFile.age
new file mode 100644
index 0000000..3cd5dd9
--- /dev/null
+++ b/systems/x86_64-linux/teal/clicks.networking.tailscale.authKeyFile.age
Binary files differ
diff --git a/systems/x86_64-linux/teal/clicks.security.acme.defaults.environmentFile.age b/systems/x86_64-linux/teal/clicks.security.acme.defaults.environmentFile.age
new file mode 100644
index 0000000..875b683
--- /dev/null
+++ b/systems/x86_64-linux/teal/clicks.security.acme.defaults.environmentFile.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> piv-p256 xE4ypg AqG6xmH//FHa6O6Pd0YvIsGrs92iYwJ4FqIOAoWq9Xcq
+sdajJ2QNV/70mW5NLVLG8qyruOjq+pdO7xjzL01D534
+-> piv-p256 Hpt/+Q AxbUihvMM1OIz5tF+ywRr1MpnX3Ibvkhj4E8CCjlWQ+H
++qXOVExhZDpzvgsB53OZpdiAz+vVdNcxKFYcJrEn+ng
+-> piv-p256 zfskmQ AxYJBZErldYL6RA/pDiU9xNjnKh2hkXW7MtVs/o0otIQ
+DmettPDYZUyFeigDpxPt8h36y3Tk1s9u9xZbmvs2DQY
+-> .rYttX`-grease @]<S$rM B ?>78>Aa
+hD7fV1joAiqNCJq0kEsKrD23pdKl3qTp7/b5OiviCwtya2TAbR4
+--- VOzx+bHOjG/6f7ixT1v+/G38D79+lG7aBDRuUMMmBeg
+x�AÂo�Z£©�æ#Y ì/z^ÕÁÒ`'Ì�ï�äGà&ó®j�ªµ¡JRs$6�öÓ�l�ã)å»ëªz�;:pê#±²EòÈ��%�L©pÝ�ê®!%Øøæ�ã��Á�
\ No newline at end of file
diff --git a/systems/x86_64-linux/teal/clicks.services.headscale.database_password_path.age b/systems/x86_64-linux/teal/clicks.services.headscale.database_password_path.age
new file mode 100644
index 0000000..6d683e5
--- /dev/null
+++ b/systems/x86_64-linux/teal/clicks.services.headscale.database_password_path.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> piv-p256 xE4ypg AiABIeb7nQsaUe7jxXow8KBHhq0BfXnPiuI29aSu/gWU
+GAyoIEnVyHY8Hnp/O1gbsgjhaKkmB4FzTGf+iwOSXwo
+-> piv-p256 Hpt/+Q AihPD+1l2PMwawMH0Yu0wYgjBNUcXgOWu7H4/JtcFjc8
++rRoRScmxnC3srf0V7CNKkwQ3mx26CSZ5RUkL5Ndk3s
+-> piv-p256 zfskmQ AnzTX8xfBDy2c6BhRSKFA95DNP8oGv6eLJK1e4AEWBOO
+ikE059yKB8ZkCjSoFbnk+CiLpYWRnDq0S5Hui8/vfYg
+-> Ta_1;0D-grease 3U~ esRL y)1 5D7@!
+ftM
+--- KV4ev4Q0XGspO1OMu9InZsNG1r34+3ttmkbGA8EOeag
+�x\Õ&�ݵV*\_�þ<6�q+m'VÂjìÊÕ1SÊh£�FqÓæÒCýoJ�����¬
\ No newline at end of file
diff --git a/systems/x86_64-linux/teal/clicks.services.headscale.noise_private_key_path.age b/systems/x86_64-linux/teal/clicks.services.headscale.noise_private_key_path.age
new file mode 100644
index 0000000..0a80da7
--- /dev/null
+++ b/systems/x86_64-linux/teal/clicks.services.headscale.noise_private_key_path.age
Binary files differ
diff --git a/systems/x86_64-linux/teal/clicks.services.headscale.oidc.client_secret_path.age b/systems/x86_64-linux/teal/clicks.services.headscale.oidc.client_secret_path.age
new file mode 100644
index 0000000..dbe7f40
--- /dev/null
+++ b/systems/x86_64-linux/teal/clicks.services.headscale.oidc.client_secret_path.age
Binary files differ
diff --git a/systems/x86_64-linux/teal/clicks.services.headscale.private_key_path.age b/systems/x86_64-linux/teal/clicks.services.headscale.private_key_path.age
new file mode 100644
index 0000000..ff84916
--- /dev/null
+++ b/systems/x86_64-linux/teal/clicks.services.headscale.private_key_path.age
@@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> piv-p256 xE4ypg A/1AkQXyQfF7aTIhUDAw6OJ6JO6Ro9iSN5ZGIhFiSAqL
+MLsUkgt4+JeJTB4g4XRAv/K4+BZnc1mlAXJUTilZgqE
+-> piv-p256 Hpt/+Q AyReEFiNuDH9r4fchqNmAPsT1mSSoHm3Zw6jAFdraS7U
+6/mlABCjhArVnPTOR6bYtRcQ5JnHMovpdg7s/8yxhu4
+-> piv-p256 zfskmQ A1p28F/oDFbDEFz+HdvTVEe+wYDAA2NipMJIPrGgkBL/
+LTldK7n4lNRCh2V1BzTlMsCQIgptJJlNdtLXnHAgPC8
+-> 2M%-grease W5eYe~ .~*`-F
+VRvJBX8ur65GXtjI29c0Bef463yz3mRp9g8df6K7HKZ24LrQ/Ioi/RDJe7I94MFW
+sWkryndEdA
+--- JEiQ8CXqT6FikePa0ZUfE5gnOsCwubPTJwzp8QmGjwg
+
õûþ÷t^�§�d+*O¢»¨�J»�ÇNLnÀº¦¶M:Hñm»=9ãe4.Ãõ�¹Í�5ø¸Ca�44s}�êC§S¥/l((S+�'Òóþ%Ôxg�5ò)ŦG1åäµOjbÍ
\ No newline at end of file
diff --git a/systems/x86_64-linux/teal/default.nix b/systems/x86_64-linux/teal/default.nix
index d09bb7f..83cacf7 100644
--- a/systems/x86_64-linux/teal/default.nix
+++ b/systems/x86_64-linux/teal/default.nix
@@ -11,6 +11,8 @@
...
}:
{
+ age.rekey.hostPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPkKdPSPxsLdx3GUjjyibRLjLl3XfaXmfrrvemDFkjI3";
+
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@@ -31,7 +33,7 @@
defaults = {
email = "minion@clicks.codes";
dnsProvider = "cloudflare";
- environmentFile = config.clicks.secrets."${lib.clicks.secrets.name ./acme.sops.env.bin}".path;
+ environmentFile = config.age.secrets."clicks.security.acme.defaults.environmentFile".path;
};
};
};
@@ -49,14 +51,14 @@
issuer = "https://login.clicks.codes/realms/master";
allowed_groups = [ "/clicks" ];
client_secret_path =
- config.clicks.secrets."${lib.clicks.secrets.name ./headscale.sops.json}".paths.oidc_client_secret;
+ config.age.secrets."clicks.services.headscale.oidc.client_secret_path".path;
};
database_password_path =
- config.clicks.secrets."${lib.clicks.secrets.name ./headscale.sops.json}".paths.database_password;
+ config.age.secrets."clicks.services.headscale.database_password_path".path;
noise_private_key_path =
- config.clicks.secrets."${lib.clicks.secrets.name ./headscale.sops.json}".paths.noise_private_key;
+ config.age.secrets."clicks.services.headscale.noise_private_key_path".path;
private_key_path =
- config.clicks.secrets."${lib.clicks.secrets.name ./headscale.sops.json}".paths.private_key;
+ config.age.secrets."clicks.services.headscale.private_key_path".path;
acl =
let
internet = [
@@ -187,7 +189,7 @@
networking.tailscale = {
enable = true;
authKeyFile =
- config.clicks.secrets."${lib.clicks.secrets.name ./tailscale.sops.json}".paths.authKey;
+ config.age.secrets."clicks.networking.tailscale.authKeyFile".path;
};
storage = {
@@ -236,22 +238,28 @@
system.stateVersion = "24.05";
- clicks.secrets."${lib.clicks.secrets.name ./headscale.sops.json}" = {
- file = ./headscale.sops.json;
+ age.secrets."clicks.security.acme.defaults.environmentFile".rekeyFile = ./clicks.security.acme.defaults.environmentFile.age;
+
+ age.secrets."clicks.services.headscale.oidc.client_secret_path" = {
+ rekeyFile = ./clicks.services.headscale.oidc.client_secret_path.age;
group = "headscale";
- keys = [
- "oidc_client_secret"
- "database_password"
- "noise_private_key"
- "private_key"
- ];
- neededForUsers = false;
+ mode = "440";
+ };
+ age.secrets."clicks.services.headscale.database_password_path" = {
+ rekeyFile = ./clicks.services.headscale.database_password_path.age;
+ group = "headscale";
+ mode = "440";
+ };
+ age.secrets."clicks.services.headscale.noise_private_key_path" = {
+ rekeyFile = ./clicks.services.headscale.noise_private_key_path.age;
+ group = "headscale";
+ mode = "440";
+ };
+ age.secrets."clicks.services.headscale.private_key_path" = {
+ rekeyFile = ./clicks.services.headscale.private_key_path.age;
+ group = "headscale";
+ mode = "440";
};
- clicks.secrets."${lib.clicks.secrets.name ./tailscale.sops.json}" = {
- file = ./tailscale.sops.json;
- keys = [ "authKey" ];
- };
-
- clicks.secrets."${lib.clicks.secrets.name ./acme.sops.env.bin}".file = ./acme.sops.env.bin;
+ age.secrets."clicks.networking.tailscale.authKeyFile".rekeyFile = ./clicks.networking.tailscale.authKeyFile.age;
}
diff --git a/systems/x86_64-linux/teal/headscale.sops.json b/systems/x86_64-linux/teal/headscale.sops.json
deleted file mode 100644
index 881718b..0000000
--- a/systems/x86_64-linux/teal/headscale.sops.json
+++ /dev/null
@@ -1,39 +0,0 @@
-{
- "oidc_client_secret": "ENC[AES256_GCM,data:du4NPJBtH/x/vgybMf7RgLQqt0GdLfG27IFv20bvxQM=,iv:LW2fCg2cR8bB5DNLYW7wxgTYJM9ox0BHlQVRDYF07T4=,tag:v8nh7QkC86rQNpEc3Y9Wlw==,type:str]",
- "private_key": "ENC[AES256_GCM,data:qfg5g4YC6fZ4jEROcbnXXxWfyuVbZK7ZFOzPJRHY3uTkmlReXPYVnlUlrPSappak/TkPvpKr5gfu8IWB9TVZ385Eg77Gzs3f,iv:CQRfNWdXwVcAETgQ7LWGVoZJ2YF/9X8r8yHP8OhKXf0=,tag:Yg3AYEEjbvOD8JvKhRURJg==,type:str]",
- "noise_private_key": "ENC[AES256_GCM,data:8tMPzIRwgO8YR0RoRne6Difn1F/p3GRHAsRWtcxP3EEo6l10TkCrfVu9H+PirRp4X813QAR8Awb2raXsPULh/Ks0AV2zD3KI,iv:r6JXp0pI7rFbihtVZNgbHgcKooA2/ejSsCrfFBPYzaA=,tag:inccJyxd+ZP/D4gwr8RFFg==,type:str]",
- "database_password": "ENC[AES256_GCM,data:3bucm72144uHrkKzBQShV78smdM=,iv:BKP8HlH1J6iF+oL8iiyFfK4oaEMJZB7AtCXhuHfJNfk=,tag:IJRzlNAcFbv0ztGl2XHVDw==,type:str]",
- "sops": {
- "kms": null,
- "gcp_kms": null,
- "azure_kv": null,
- "hc_vault": null,
- "age": null,
- "lastmodified": "2024-06-08T22:46:01Z",
- "mac": "ENC[AES256_GCM,data:jAH8yiFPnfu8uW6rPnE5KBjD0S8/64TUxh0lfgQ9t6bXYCbdc3iEY6f9O4Ytc+IAh6lxyHQPuHMtBbKHOLL1P1wc492rSaLlbgTe5lItmoAMqT0hyTDv42rY2X/pmj7jXyEvCqNw2c7bMMpv3MF70mwW+G517bTNptn7GQpG0u4=,iv:M35BmeazOqhnB36CDTLsna0cuNra+l7zD+JOonMkLrg=,tag:shyZ6vDIpftOJwl5xf+0rw==,type:str]",
- "pgp": [
- {
- "created_at": "2024-06-08T19:13:02Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D6MHlIv4I/7ASAQdAApSEfHKLoIJg1WEUq3ZT0BrEUXp/53Oxg2pIOxEuDDgw\n7eKpufVyBr+0wxpMwYy/+g96i7k/5Degd5guwRraW5ToIZ9hC7Z61HTyjydbIfq1\n0lwBy8hlAEk4fwcsAxK0l5Xz+dQhF4Te7oRbERyzzygNYnfYr/ozpKK7aJSRx3FG\nuMgTs0DjyczKuv4LOAVyzLRaeRV1JFaAlEvXQ/DIc8OZvGyqTNEZ9YPeoA1m+A==\n=99Na\n-----END PGP MESSAGE-----",
- "fp": "BC82DF237610AE9113EB075900E944BFBE99ADB5"
- },
- {
- "created_at": "2024-06-08T19:13:02Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DxpBiwsu2o5wSAQdArUJbHBn3ldJS71e6Gfup7NawEvziU4tZQpPsCVLCjFww\neKakVSlHipeoNAqtMYKKzYK94kWPvk/4/8001oLyP89hO2k+3Nys42ARD8Pcnr6n\n0lwBw9WCRVqGUd0s09LDnnwqdAAVvYTw0duyaOqt8jsdj63B0b7TedbMgjYg8H4p\nD42iwa21FcnVD1+h5MYAXgyQrI/F8zK005e0Cp+ZYNyPafVg6DT4qhaysllzaQ==\n=Wcg5\n-----END PGP MESSAGE-----",
- "fp": "76E0B09A741C4089522111E5F27E3E5922772E7A"
- },
- {
- "created_at": "2024-06-08T19:13:02Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA9bzf+GUl7kkARAAlgpNcSOKCxpK442mG1c/L+P4lT1wZ+XlR6oYlTX0U1/M\n1a08upxNiYsTHbCV82PpEvAYTIydY8fgS16mUQWcvXXEu/3vgT66Kb5yw5AzZPjG\n8OFM9EgFImGMxUpr67qUJ4IgiofRTtTvtcVBgFAmK471nI//MZpwoUtQTrrVuAQa\nLuUCFtjb4d1/lHieeXFTsH0LFk25gyQAByTJ5iJVVOerNFHt7DY5Wa2m9cJL/6Xb\nrK8AFrjdendd9MKWo7TRdSiQyDYF10ZBe0vungTK7Yemy8RzYcHdz8fDHJvwS8pB\nrDl+VzgJwxnxXrIcbfrSQp7OTRiRT0ANCdF+qspmrqShUuDsCwPIusWJDxBPm7ab\ntiBmsLszakPk6LtYCc7cNyiBJOhLuR1tB7VEO5Ti2AIP5x5HHW86YbE6Nlzgamsa\nRMpPrINCNd0gP4TDkSmJdUA3yqS+GRqt/e0IECIfw9/rTI2X4hcBK8yFG2M6+YAs\no7cIQSmOWWJnfKrapKUZbSiTLdEXTxkGCrNIMrzGu6bLJvg3+qVF+cfaGXdqvwwc\n1pnYf/WRMHwO4DnZ8NUD4Pa7R/C40oB3ejbgcb9dXyt385WvKXQ6c95Winj6j9U7\n/AqT036CcEE0nqu9j4MY5/sCuTeZOODptrRLRbzeCFUruJ3RJACokhaU+R9dh0nS\nXAF76H99O1zYauHDjnVZUSPvkEZhaO+qvcJrK6cRDlWCSnP0e/uNH5jW1mMJeX0Z\n5g7WMFVVozjIvHySwIacUkDqIoibFK2Y2RI2TJ0vZeOXvKUhU6TWkaSlOM1Z\n=GX8j\n-----END PGP MESSAGE-----",
- "fp": "8F50789F12AC6E6206EA870CE5E1C2D43B0E4AB3"
- },
- {
- "created_at": "2024-06-08T19:13:02Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAw8Caq2TdS1qAQ/8DBFRc7DDXOUcZsfWVCaxNI78i6xvwzyDcHfuHyb+X8jO\nX0ITghV1JpWVpSpDKqLH+bRpzVyLnZkEDg5nixDYvLCmDz3Mnnsmw7YLf6tsKmog\nQ3lK9bKSECjoO/EW7CzczUj4YUCfUCP2vwANVLb+T94wL9NN+KL4F8tWVRJjb88M\nxTAZzVa8Fq21HXSFxZz8HiFNczxO018e6mqdH/a+46UMviO5PbjhYCj2ysGXPkoZ\nrIVMVnosNBtk2I8rsrtSMcNihutX9dLhaKCGcl/D85ZProXTdHa0BpXX+ZZvh0gX\nR63XfrNtzpRBwRYwFbR1AZP3bu05j+yewWJKIUrHEWU0ADbHUg6x2Goja2eTSBls\nETZRHgenAKke/8WyK7bDEqjKgeZZN6/QVgy8/kvxAT+hui2M/IzfSkQK64wiN5pR\nFOrkLckqgiwTlu6tlxwdAZNE/OYh/KRi+rjKMUVdMtAO4DY9Q/wWnwOMlNP5us4i\nkyUEuGQW2jpeDG++IuMTUHEu07ei7NlZXTpvRUIUh4upMQsow/mFqIec0co922Ba\n9eD9PkPN0a5r8RXRKvRBaDZTD533bDApqFXHeSDBE7M4GgywTD6fixRnrXh49HLo\nxUtdtAJRHeYsLfEuJFtoSFfjQ2IIB32bv2FSyo/Cky9gkVYxHcfkRlWRiUr8mDbS\nVgHrkYm0b3o+437gMXR23sp4qf2OyrhtxhaO9KN5fT36nqlAhg6i5l5k0SP19OsT\nBWPD3HqB81LHe0JKoBXPhH0+bnXJhQeYfmly9tfd1Ha0+EAbzSnp\n=H/it\n-----END PGP MESSAGE-----",
- "fp": "67c66d58ac73fd744c2b49720f026aad93752d6a"
- }
- ],
- "unencrypted_suffix": "_unencrypted",
- "version": "3.8.1"
- }
-}
\ No newline at end of file
diff --git a/systems/x86_64-linux/teal/headscale.sops.json.license b/systems/x86_64-linux/teal/headscale.sops.json.license
deleted file mode 100644
index bda0f14..0000000
--- a/systems/x86_64-linux/teal/headscale.sops.json.license
+++ /dev/null
@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2024 Clicks Codes
-
-SPDX-License-Identifier: GPL-3.0-only
diff --git a/systems/x86_64-linux/teal/tailscale.sops.json b/systems/x86_64-linux/teal/tailscale.sops.json
deleted file mode 100644
index ff1483e..0000000
--- a/systems/x86_64-linux/teal/tailscale.sops.json
+++ /dev/null
@@ -1,36 +0,0 @@
-{
- "authKey": "ENC[AES256_GCM,data:Fpnxd58MoKDjpFWAUl9hK38p8yS6YPd0ZgdCZuIRKnEtmHXqpRcIUbcCrAuq+ja+,iv:ZOTBAJmdIdZ9WkhIoyg3Li/jSMZV8yxhrMy5TQnSCng=,tag:ZaFhr+MApSkCmPzGZWwBhw==,type:str]",
- "sops": {
- "kms": null,
- "gcp_kms": null,
- "azure_kv": null,
- "hc_vault": null,
- "age": null,
- "lastmodified": "2024-06-09T22:48:26Z",
- "mac": "ENC[AES256_GCM,data:/1hnKjEBozmYEAiISda91jsALJXo0bSC/YiMhj9GDCD8BAD74VEczSj9iTqk7pA39FLNg0+Sw8Um28azOrIe6TGFmemhnk1EkYH4k+aVGezRND/yhozvzml/UWE90sPx2xecHWUp33gfVgvbO4D8Kis0MmsSPnsopr4CAgydZkM=,iv:3OLsBKfcMJaTp4WisPczGqpVeGGxx1cr0zfFKW9XlMo=,tag:wUQDgFtJL6eCstx6dzO/mA==,type:str]",
- "pgp": [
- {
- "created_at": "2024-06-09T19:37:39Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4D6MHlIv4I/7ASAQdA/2WUVwimMMk8s37AfsuMrhBHxdeWptDHzbEB4LQ6cGEw\nU2YTgbtQF6CeCaAAgxE7+OKPFfNPH4UgziBIvxhk1RXXLoV5rnKY9WPj95a56cxH\n0l4BDJ8dgh/ufGB2ai/3hu5z1F4vPbouKv347itkaHnhnU8ljR89cx5BgAPjVeQr\nwZi6H+H6KWS0VJtR7Ygbjzdo56Q+/F3X/xEC1GjbT7ZUBYlHAXIaQNepAE7SrnIi\n=y8Hs\n-----END PGP MESSAGE-----",
- "fp": "BC82DF237610AE9113EB075900E944BFBE99ADB5"
- },
- {
- "created_at": "2024-06-09T19:37:39Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DxpBiwsu2o5wSAQdAtpXcG/TCbQeoriZPp42t1YXOYE8usTsz3bifoGfwOUEw\nDIpm35PU+onEelcNndZ2UaJh2Z6M4OWuul68KxgZwF+WrXW/pIIX+3bHNBQ9mM2i\n0l4B6o2FwoUBn9P4+G7t+rKBnGadvDWNaA1Lf+qfkS6H9ohzikwE3UxDsnLdZ0RU\nJexicnSDCa/Uoao5593wiKl4rt2QE+vma7LdwoY/oqgzg6gqZWK6kMHF49u5bA6E\n=dpw2\n-----END PGP MESSAGE-----",
- "fp": "76E0B09A741C4089522111E5F27E3E5922772E7A"
- },
- {
- "created_at": "2024-06-09T19:37:39Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA9bzf+GUl7kkARAAxci3NfjtURRnLV7bw6xJLGxfmGzynoETHRCsEk6Wqhyo\nFRGEVJzpaadqTzvLHODI7LF6gpL3jsU50LfLqUnHHoOtBSi8qLEebow/ah2dvPaX\nX7adcwx3B05YinYZXKfIP+VZXgnKxW6r0OODhKTeWQSwxzc3aLXJBpEZPBG6ndTi\ns8TyPesMZMKi60mGr8goQZqzsEjzKfUeAZgzl55Y3+/gu252ayfYD2DHNSHMD6cs\ny6lNfQ8ECLF9+p/tauBRFiYckgqRWFZakjMlqcKX8s5zucJIPPuvwjqRTOcj3R18\nupKNCuC05yAN3GormNvwGENZ7n8p+aBBbjfc5Qqq3mgPU8+oo6Uw8inTUiL1Z1CN\nPGgSL3t4I4CIL7Znh5Ib0wA/UhOYS6G0ExiLg2LAWjBhF/oRgGafUb+O9jbibfrk\nD0PVedWY6HMV29Td45+7CgMCo7DkpHgsL4T55BjUO1bX9hmyJ3ryTRJMSmovM9db\nIGiLb57f8t2VzZcvXvn9OMCcBC1BF3BHD5y70H4ROLYqE+hl5qOqvyTF2M0XOaZ7\n8PXZgZFBrIsq6dMNHQrI0DXXzROFqBw4on2nlj3iV2j/6HTrpaUY8IZ9iXQfIwfm\n83cAtbwAnpWDrty/cchX5ZJ5mvJ4FzbHaJdxkfyriK3UQHcymveGQR1D6YgXH1/S\nXgFbNKSqFuIDPJG66U9nDbOF9zhnwvF1Ztc2pH+FmIFyk9lP7SlYflx/civfWI15\n3JD9E7iDhOFKuhlJ8mFFreRaVRBELII6qE/cFm5VTic+RXsZ8CdOLABH7oOCfm4=\n=D+Ck\n-----END PGP MESSAGE-----",
- "fp": "8F50789F12AC6E6206EA870CE5E1C2D43B0E4AB3"
- },
- {
- "created_at": "2024-06-09T19:37:39Z",
- "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMAw8Caq2TdS1qAQ//fFgBgGmOXPYWdw7U1o8Alof3ZLtErIJDCgIc4WmY6git\nTdHcnHvDsIrI8kWEOrmr+Zz+ev0Px27BlFnsCj+p/8IUqTxxpqCdOu8rh4YPeHoD\n1ktfBxpxP1kBJKvsdmP6dwttYfm2bEEKCiIOnsJI2u+cNVszSz3UbTyuoI9CKfCL\nTgqVD3tF6P/5euFzbUHEBz+rSMDmV0OJBZ2nDupeiCwveYdGYS6qKRONcG9CZ2E6\nSayfZqvYq5ec3ETzLTTzio+fpN7aJsBMfy1DHo903Wk3MlPYyGlxrYaUdSfpjXDf\ngoEcVXN2abqjipnfJHWRhU3BDzH1f4TNHvOHuRemTqo6eickjuCp20KqBoWOYqY8\nULRH/5vfGjrEj8U2jKRbDV+FSwTDktY1lsU9u8MUPwiAANhdB691lK/pjpVfVg6C\nB800DFx7z5P84IQhsDJN4PrUmktnpMqbZ4hMhQJTzTrFpVtXDwFz15TckWK+JuyY\naqHgyvpfYFylc1Orn1uSUwqOXRl8zO335aP79Ss2hgNjfZZiFEOnRvjYipT4NvC6\n/mAWGRRrzOUzLjxT3/xcPSKFLiJ9Qx7R7VmxcoEU4Vs25DkZcpLt0y38WEH25qZZ\nO9LcarohWOb5SmSQ221TlvDFy7lm0yuoQu6mGjBMedw0y+mPQ4crASOx/C/KksLS\nWAGgSGR2jGpR1vhpmYUgX2IdPKrbk6bOAQFy1Hg2I1NzXYJBncIjKqklRrXUXDZI\n272hkAs02o7NFlS0u6qWcjiMMuhfgJn1jAqLbGnaS//CKK1fUGnjhXY=\n=c6ad\n-----END PGP MESSAGE-----",
- "fp": "67c66d58ac73fd744c2b49720f026aad93752d6a"
- }
- ],
- "unencrypted_suffix": "_unencrypted",
- "version": "3.8.1"
- }
-}
\ No newline at end of file
diff --git a/systems/x86_64-linux/teal/tailscale.sops.json.license b/systems/x86_64-linux/teal/tailscale.sops.json.license
deleted file mode 100644
index bda0f14..0000000
--- a/systems/x86_64-linux/teal/tailscale.sops.json.license
+++ /dev/null
@@ -1,3 +0,0 @@
-SPDX-FileCopyrightText: 2024 Clicks Codes
-
-SPDX-License-Identifier: GPL-3.0-only