From 2114c6c347d4b45e7419c2827311baf68230767e Mon Sep 17 00:00:00 2001
From: andromeda <andromeda@lenovo>
Date: Mon, 5 Jan 2026 14:35:42 +0100
Subject: rename secrets

---
 machines/109-199-104-83/configuration.nix |   2 +-
 machines/lenovo/configuration.nix         |   4 ----
 pub-keys.nix                              |   7 +++----
 secrets/andromeda-pw.age                  |   7 +++++++
 secrets/mailserver-acc-test-pw.age        |   9 +++++++++
 secrets/mtgmonkey-pw.age                  | Bin 0 -> 396 bytes
 secrets/secret0.age                       |   7 -------
 secrets/secret1.age                       | Bin 396 -> 0 bytes
 secrets/secret2.age                       | Bin 506 -> 0 bytes
 secrets/secret3.age                       |   9 ---------
 secrets/secrets.nix                       |   7 +++----
 users.nix                                 |   4 ++--
 12 files changed, 25 insertions(+), 31 deletions(-)
 create mode 100644 secrets/andromeda-pw.age
 create mode 100644 secrets/mailserver-acc-test-pw.age
 create mode 100644 secrets/mtgmonkey-pw.age
 delete mode 100644 secrets/secret0.age
 delete mode 100644 secrets/secret1.age
 delete mode 100644 secrets/secret2.age
 delete mode 100644 secrets/secret3.age

diff --git a/machines/109-199-104-83/configuration.nix b/machines/109-199-104-83/configuration.nix
index 2699370..c9785cd 100644
--- a/machines/109-199-104-83/configuration.nix
+++ b/machines/109-199-104-83/configuration.nix
@@ -25,7 +25,7 @@
     x509.useACMEHost = config.mailserver.fqdn;
     loginAccounts = {
       "test@${config.networking.domain}" = {
-        hashedPasswordFile = builtins.toString config.age.secrets.secret3.path;
+        hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
       };
     };
   };
diff --git a/machines/lenovo/configuration.nix b/machines/lenovo/configuration.nix
index adf0814..152d136 100644
--- a/machines/lenovo/configuration.nix
+++ b/machines/lenovo/configuration.nix
@@ -9,10 +9,6 @@
     ./impermanence.nix
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
-  age.secrets = {
-    secret0.file = ../../secrets/secret0.age;
-    secret1.file = ../../secrets/secret1.age;
-  };
   boot.loader = {
     efi.canTouchEfiVariables = true;
     systemd-boot.enable = true;
diff --git a/pub-keys.nix b/pub-keys.nix
index 8bf4995..fcaa7d8 100644
--- a/pub-keys.nix
+++ b/pub-keys.nix
@@ -1,9 +1,8 @@
 {
   age.secrets = {
-    secret0.file = ./secrets/secret0.age;
-    secret1.file = ./secrets/secret1.age;
-    secret2.file = ./secrets/secret2.age;
-    secret3.file = ./secrets/secret3.age;
+    andromeda-pw.file = ./secrets/andromeda-pw.age;
+    mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age;
+    mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;
   };
   pub-keys = {
     ssh = {
diff --git a/secrets/andromeda-pw.age b/secrets/andromeda-pw.age
new file mode 100644
index 0000000..757e7ff
--- /dev/null
+++ b/secrets/andromeda-pw.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 mT2fyg 4fCTrNibFdjnVfsIbXi6plbd56K8ZDDqtgryXPk2SUA
+vKlbDi+HpyYlSsN39GRh6GRwdHRSjypCEqguOaHPFDM
+-> ssh-ed25519 UHxfvA RqrDa4xJoAy1Gdzvq6Z5eTSNTDtHzUmzRoLC+j+HxiI
++5CohUFSDB9oiLU0T25FKrQrz07DCviVuzZsVcUltOc
+--- SQ5zQx9lL5UdNinOgP6yG5WWiBdhSwFqJVt6u3SNpLA
+î6©ç¥UÛð¦pî‡„øÚúQÙ]ÜNû;K;1yœµ™J	“ø²-£'¸€Õ(Ó2ÜfÂÃ=N¼t–fšC±u¹ô˜˜FN9Çk9dY"F÷ÔQø<ÚŸð„sÑ¬§oü
\ No newline at end of file
diff --git a/secrets/mailserver-acc-test-pw.age b/secrets/mailserver-acc-test-pw.age
new file mode 100644
index 0000000..c38cb97
--- /dev/null
+++ b/secrets/mailserver-acc-test-pw.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 mT2fyg slLOkD/9TAYOuZ/g5U4NvPWUlmYZeie12xzggioviw0
+E0uAj4RMgv7DTJpvtEO54G9XHNLFOgFflR54Cl6/X8g
+-> ssh-ed25519 UHxfvA xHFujOdegur0PLNHZP+h5RxHhVD2K906NZx7nprMkUs
+PdDxzD5QBdE/yWPMnF+CDGROEpE4nYvg12v1G3QK9XI
+-> ssh-ed25519 Xoin5w YWsO9HtEFB79+aKr6eWi5Sg5geKfzT+IrDy2L5qEmx4
+sXLRmcRDyAv64nSGs8QXcHmKYO+F11Pzea1EVGmpEys
+--- Sjg8SqkkEEL4X0G1GOUoHO702ZtrM0hMniIdS7yIsDA
+'ÏBâÉ(–7DÏ“=ù³h•áÊh	fëÉ®×xT Ž!K.»‰‚~Ø³ò,…ß“D|éä+pûü"Òt‚ÝG¢yñQ¬ÏRcPÁQüúQßÐÙÕá=–qi×·À¹¨<¿c%~ÉÔ‚#
\ No newline at end of file
diff --git a/secrets/mtgmonkey-pw.age b/secrets/mtgmonkey-pw.age
new file mode 100644
index 0000000..facb97b
Binary files /dev/null and b/secrets/mtgmonkey-pw.age differ
diff --git a/secrets/secret0.age b/secrets/secret0.age
deleted file mode 100644
index 757e7ff..0000000
--- a/secrets/secret0.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 mT2fyg 4fCTrNibFdjnVfsIbXi6plbd56K8ZDDqtgryXPk2SUA
-vKlbDi+HpyYlSsN39GRh6GRwdHRSjypCEqguOaHPFDM
--> ssh-ed25519 UHxfvA RqrDa4xJoAy1Gdzvq6Z5eTSNTDtHzUmzRoLC+j+HxiI
-+5CohUFSDB9oiLU0T25FKrQrz07DCviVuzZsVcUltOc
---- SQ5zQx9lL5UdNinOgP6yG5WWiBdhSwFqJVt6u3SNpLA
-î6©ç¥UÛð¦pî‡„øÚúQÙ]ÜNû;K;1yœµ™J	“ø²-£'¸€Õ(Ó2ÜfÂÃ=N¼t–fšC±u¹ô˜˜FN9Çk9dY"F÷ÔQø<ÚŸð„sÑ¬§oü
\ No newline at end of file
diff --git a/secrets/secret1.age b/secrets/secret1.age
deleted file mode 100644
index facb97b..0000000
Binary files a/secrets/secret1.age and /dev/null differ
diff --git a/secrets/secret2.age b/secrets/secret2.age
deleted file mode 100644
index 993e770..0000000
Binary files a/secrets/secret2.age and /dev/null differ
diff --git a/secrets/secret3.age b/secrets/secret3.age
deleted file mode 100644
index c38cb97..0000000
--- a/secrets/secret3.age
+++ /dev/null
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 mT2fyg slLOkD/9TAYOuZ/g5U4NvPWUlmYZeie12xzggioviw0
-E0uAj4RMgv7DTJpvtEO54G9XHNLFOgFflR54Cl6/X8g
--> ssh-ed25519 UHxfvA xHFujOdegur0PLNHZP+h5RxHhVD2K906NZx7nprMkUs
-PdDxzD5QBdE/yWPMnF+CDGROEpE4nYvg12v1G3QK9XI
--> ssh-ed25519 Xoin5w YWsO9HtEFB79+aKr6eWi5Sg5geKfzT+IrDy2L5qEmx4
-sXLRmcRDyAv64nSGs8QXcHmKYO+F11Pzea1EVGmpEys
---- Sjg8SqkkEEL4X0G1GOUoHO702ZtrM0hMniIdS7yIsDA
-'ÏBâÉ(–7DÏ“=ù³h•áÊh	fëÉ®×xT Ž!K.»‰‚~Ø³ò,…ß“D|éä+pûü"Òt‚ÝG¢yñQ¬ÏRcPÁQüúQßÐÙÕá=–qi×·À¹¨<¿c%~ÉÔ‚#
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 285a1ab..53dff54 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -4,8 +4,7 @@ let
   lenovo = pub-keys.ssh.lenovo;
   _109-199-104-83 = pub-keys.ssh._109-199-104-83;
 in {
-  "secret0.age".publicKeys = [andromeda lenovo];
-  "secret1.age".publicKeys = [andromeda lenovo];
-  "secret2.age".publicKeys = [andromeda lenovo _109-199-104-83];
-  "secret3.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "andromeda-pw.age".publicKeys = [andromeda lenovo];
+  "mtgmonkey-pw.age".publicKeys = [andromeda lenovo];
+  "mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
 }
diff --git a/users.nix b/users.nix
index 270d8cf..1d78a87 100644
--- a/users.nix
+++ b/users.nix
@@ -13,7 +13,7 @@ in {
       "andromeda" = {
         isNormalUser = true;
         description = "andromeda";
-        hashedPasswordFile = builtins.toString config.age.secrets.secret0.path;
+        hashedPasswordFile = builtins.toString config.age.secrets.andromeda-pw.path;
         extraGroups = [
           "networkmanager"
           "wheel"
@@ -22,7 +22,7 @@ in {
       "mtgmonkey" = {
         isNormalUser = true;
         description = "mtgmonkey";
-        hashedPasswordFile = builtins.toString config.age.secrets.secret1.path;
+        hashedPasswordFile = builtins.toString config.age.secrets.mtgmonkey-pw.path;
         extraGroups = [
           (lib.mkIf
             (machine == machines.lenovo)
-- 
cgit v1.3