From b95bd6b36a341021f70e04284fe65d32b7e1e49d Mon Sep 17 00:00:00 2001
From: Raphael <rparodi@student.42.fr>
Date: Tue, 16 Dec 2025 14:59:43 +0100
Subject: [PATCH] feat(secrets): Only setup the secrets needed

---
 secrets/auth-grafana-id.age       |   7 -------
 secrets/auth-grafana-secret.age   | Bin 451 -> 0 bytes
 secrets/auth-nextcloud-id.age     |   7 -------
 secrets/auth-nextcloud-secret.age |   7 -------
 secrets/authentik-env.age         | Bin 487 -> 0 bytes
 secrets/kandim-idmAdmin.age       |   7 +++++++
 secrets/nextcloud-admin-pass.age  | Bin 0 -> 343 bytes
 secrets/nextcloud-database.age    | Bin 0 -> 495 bytes
 secrets/secrets.nix               |   3 +++
 9 files changed, 10 insertions(+), 21 deletions(-)
 delete mode 100644 secrets/auth-grafana-id.age
 delete mode 100644 secrets/auth-grafana-secret.age
 delete mode 100644 secrets/auth-nextcloud-id.age
 delete mode 100644 secrets/auth-nextcloud-secret.age
 delete mode 100644 secrets/authentik-env.age
 create mode 100644 secrets/kandim-idmAdmin.age
 create mode 100644 secrets/nextcloud-admin-pass.age
 create mode 100644 secrets/nextcloud-database.age

diff --git a/secrets/auth-grafana-id.age b/secrets/auth-grafana-id.age
deleted file mode 100644
index 40a3d5a..0000000
--- a/secrets/auth-grafana-id.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 eRdPLg sizbeKIH5VEhRyLSh4vsetSWjG3AQy4kAJuoz+vceRw
-/xKSxsI1WgoF3B62hDDuderO9N+50fu1n/VpigXVSXo
--> ssh-ed25519 KUgDMA 7Y3EyWnFPXAJKl4qQ4c7nwBV+sIFFIS+qu+KHbqFK0s
-8F/iFAIspcGx3Zsi5TMlIIpgLd7wQ9hBDzszqHkYCNE
---- Vyq3HcDfXdyfLuYzbVS4PGRuLI8pVLTGjTe8b4i7mos
-RkZCgDs�v�z�<�($�S����j�{�u+`��\I�F$&�����9�3R�T>���5��N2
���p�v旉
\ No newline at end of file
diff --git a/secrets/auth-grafana-secret.age b/secrets/auth-grafana-secret.age
deleted file mode 100644
index 12cec2929e86e5fda68f12b97c527b42cf716570..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 451
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSn4N3{{NmoeB@pOqy
z4o(d=PPZrzC`n3>@-58>*3NS*_ee4|cJU|;^~v{2%1kr%FyS&!Nz5(^NpnhaPO>n}
zj>;_XElD!Z3&`@T%ulNF_Dd-YFmreJb+k<NazwYyJ2c(J*HOW**u$yPD?6$rE7CXD
z!X&>cJ=xnl*T_e|G$}d2!!)<t(W27ar930h-IdETGRGw^)7UT|%E+~#L^~|k(8DvW
z!qUtwyvWtaq%z98)FRT*(Y-j|J(5dTS69Ki#4yXU!ZNkcGr%CSEF#-qJ1ogH%-_kt
z#4jMo$1l()$~dITN#DXeG@GlS&o%$H&|!yC>xjzhGoDr~|GzLM`9`ziqFM$aSrLik
z)=dio&a8|2^02OjA=&n`*}kj4wc<`$G&!m<-^%7V?J}d4;R2_mQeXM5tl#r^#cWco
z4KvG>4JWE-ak;hjJ{9%wdJzBZ>1q4iZC-UrDvArLw#gQH|8lva@x5r`)0;0`c72}e
jtTN-;t3r`WuRN1A9Crt=?=Q7F`X;(<^5w9Ax*zKRhv%rI

diff --git a/secrets/auth-nextcloud-id.age b/secrets/auth-nextcloud-id.age
deleted file mode 100644
index 614bc42..0000000
--- a/secrets/auth-nextcloud-id.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 eRdPLg 5C2kO5z/A6c93dx1NYZifgIMHT7brM8z8h+DdeKvcV0
-2u1Y9+s38dO4vCyX7gh7yqu3YGQMWV/MdM5MeXZwPek
--> ssh-ed25519 KUgDMA 7Lwks6fUlaq8C55cE3hEOc4TEhno/WoDpxOCVauSIzo
-noIB2GOiy7O+ItIpLahC/t9UjGnIx4rRrkzi1Ja2TqU
---- J8nTuMpn/FFezlo2+LzMMEmBVzP4rEsULHIfAk+DwdA
-��ҍoy�<�p�G���;�-VX.����7W~^���Hi7�"%_eܿC�7
�Gkr�;���l���NJ�%��
\ No newline at end of file
diff --git a/secrets/auth-nextcloud-secret.age b/secrets/auth-nextcloud-secret.age
deleted file mode 100644
index 1608bef..0000000
--- a/secrets/auth-nextcloud-secret.age
+++ /dev/null
@@ -1,7 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 eRdPLg Fq6RmT49xfvoG9jvZrxucEZEv4hanhCo/5UqJileGk8
-SHNpQUEwb3IDbFrn1zhZRXSk88NrpcU7Ez/NEwZkLVo
--> ssh-ed25519 KUgDMA MgT2VDns5L6UaHHwPKIireWCeDnZmKGzHXPfWXbagh4
-SxgXaY9U6MwJLGgs1wX2gCgMVapYUyjVskjZpgAwz74
---- QfUsq/dVThzmlh63ScwK7L6Zh87PtRs5hVcwyqgllKE
-�F�gp��~
��� ���~�y�Z�����X���U�+ZgX^t��}H�@̺��nN��Ya�b+�r@�!����̟E��ɒ�4m�jE!Jh�.1���:�u�)��q�X�=R�E�Y�-�Ӷ�f��/��k�H��x�L���_[ԸI)*�;w�
\ No newline at end of file
diff --git a/secrets/authentik-env.age b/secrets/authentik-env.age
deleted file mode 100644
index 45718a6f5b701ecd01ceed53c260ef1d0ef81f9a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 487
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUltkgEhELU(U2@Ma^
zHaGJKPOYk_$ToKMjBs%ZE4C~)Hcho~)Gy0P^E5Wkj!LO82;`~^4#{^3GY*T$@iH+t
zEwhX))%P&;NG%JtNYBd8cTEg73NtFp^mj`1$w#*>Ke;f|Cs4sV(KDw+JFMKxC^Rq2
zKg-W4xi~pB%_77+Bq=f=)5*B3$kIPQGA%FH$(1WG$X`Do(#<c^pvu(U$KTM%t<*5k
zDI?20uqw2|B_}wvswA<%BCjH=G?`0RS64wlIjS(qC)?LID$hOFtSB+xQ$NDQ)H}$~
z-`OjrG}F!4H7zK;+^N(w#FwijyyacmlXbDz4zH@t6gRk7?s?(j^^orPK>bClw}-2C
za{95{%iEk4xSP46IOWuD0ks?5>Sp2GmQ#E~mu<S`S-Sa>$>q&EdW9eIemoZ<e@!9Y
zsU+^9<&%nfuA}C)W-sQSdgd-H_A2py#Ko)P^?#b8wwdux$x3n);pSg|G>?hVc~J=S
z!l=`Wueoh@c%Q^!FWd9OYFF?E_pH-TBs%2H*2UaN3;B6jcW*X>(4h$VXcM)>Ic%4f
Vx|GPASl%kWChOI{-!3l|A_082xp4ph

diff --git a/secrets/kandim-idmAdmin.age b/secrets/kandim-idmAdmin.age
new file mode 100644
index 0000000..c1c25f4
--- /dev/null
+++ b/secrets/kandim-idmAdmin.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 Iy+0iw 9IPugH3s/JgOmn0zeN2BnVlqxWeKoikSWzC16TR++1w
+t0aZ893tlfApzAEmObBV23b8QY3BmuZ/KCGawLyo9u4
+-> ssh-ed25519 ocqiLQ mfPJCZqTLr+MXs/TSEd0GyjJQR6/95YAXP+RAbMXhQw
+DZkTwy/oYt5kulMW81ruet6N5GZeUXRu3SxrD9N4tO4
+--- tmLZqUeH3sHrxdHQtP6hNFXslXUXozkhHoF17YQSWs8
+':0×��덩�K�=3-�HV��c��I䁀Ҿ�r[/w���U���8��
\ No newline at end of file
diff --git a/secrets/nextcloud-admin-pass.age b/secrets/nextcloud-admin-pass.age
new file mode 100644
index 0000000000000000000000000000000000000000..da2a187fb50655ef34eec4c8e00c2b0924afd504
GIT binary patch
literal 343
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUltkgEhELSjg_APXB
zN-ro+Gc?x^^9aa}ObyA(^Dv1@wlp>>Db#lJ^)}C`h{!cGF6T1zPRmXUFimtU$|!c$
z&kGN#$V@gd@No_>*3R}fNHYpC@(!%bF$gR32}HLoKe;f|Cr}~CAiSg`BG@$F!z3a+
z$h*v^IHa_|F*n0MGQ`up$~nu)Ju$yB%BMIiJe|wOGcU)}Ff~~}(>vdzA|*YdD%B)4
z!ob|u+%zK0B_O-ZD5)&Kt)McyyqHT@S6893%HOFpB`41`!q_P@T;IsD${;Z}FFZUa
z)F3c1Aky5x(a<f>T-((%HJOWnr|Z`g17<rzrky85)|g)7&Y8v1y<VqsTQ=j@_-AhN
bACA^>ggti1v)#IQ;=!=LPEQp|bEg6T3V(DZ

literal 0
HcmV?d00001

diff --git a/secrets/nextcloud-database.age b/secrets/nextcloud-database.age
new file mode 100644
index 0000000000000000000000000000000000000000..646abd8b3dd44cca6fe8bf0e5149eb7ad32f5957
GIT binary patch
literal 495
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUltkgEhELZSM@yIpz
zt}^r}sqjhlDDm+R@X0dvF{nt7a4$8{&M++wF)G&1bvDX!E#`_!4b7-Z^zex)2zE~|
zcFZ#lcFM>zamh6<2utzKDDnu7C@qT0DD@942t>CnKe;f|Cr}~ZE6X$A*DKSwFe@*`
zILtLD!@?pbqsT2k%Dmhn)Lc8ux75+U!Z6PwxSXp>KPkH;-P_zX$0*q#q#((qBqK7w
zB3IipH7{H{%{9wNzbr8`B{bBuD49!FS69K$$+s#j&(gfur9|7ytK6jABd08&Dk9v}
zFF(i0Bs0(5(xlKe%`>SiH=paGEYIl$m-g^Ry`JmqsJm&WGmBK7h4#s-IUTOWi+@k^
z)-Ze|@3VaK>`gL`lXKF~GRw?QTJVwg{x2irpKGo}6*h=9soOOKG5mODYQlG2e)^^<
z!tZy+r^sj@{$l@?rP+mX^Ul9JFTO6zc4aK#^x$ZDZ~rvt`++j+di6DvZ(l5W)wbl^
zR`>5W?|QskcG=@x=_`FPul7wV>V+RG@Lm3vX4<*XQE+bN?-b@!cm8>QeY#`&?RFN;
g3BLcIuJLobwOafC;^lk(yDfex^7q{9{96+Y0E_|1od5s;

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index f72b3cd..a476be5 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -12,5 +12,8 @@ in
 {
   "mailjet-user.age".publicKeys = users ++ systems;
   "mailjet-pass.age".publicKeys = users ++ systems;
+  "nextcloud-admin-pass.age".publicKeys = users ++ systems;
+  "nextcloud-database.age".publicKeys = users ++ systems;
   "kandim-admin.age".publicKeys = users ++ systems;
+  "kandim-idmAdmin.age".publicKeys = users ++ systems;
 }