secrets: add kiosk user to wbob

4 files changed, 76 insertions, 29 deletions

diff --git a/.sops.yaml b/.sops.yaml
index 0036acfa0..349b0a88a 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -5,6 +5,7 @@ keys:
   - &gum_host age13ekyvn5ux7zyvclwlrpnhgauw5s6dzn538msjka8vpwhu535ychqa7dk7a
   - &omo_host age1g0h4fhgnfr7zvp3mqa32u24k4nlfpqmk4dvl5pwnj7t3m6zl2cfs3mw7ht
   - &wbob_host age1fz3fm09mpur0r5pp43tyuzemkx3f0gfwtgfxj6usv28apq8pfc6qnw3z2s
+  - &cake_host age12xhv7z8w3zaq2c0mf940a8afnardplye9fd6p2m5ynnck3k7vd7q00sqjy
 creation_rules:
   - path_regex: secrets/common.yaml$
     key_groups:
@@ -13,6 +14,10 @@ creation_rules:
       age:
       - *tsp_host
       - *x_host
+      - *wbob_host
+      - *cake_host
+      - *omo_host
+      - *gum_host
   # host secrets
   - path_regex: secrets/x.yaml$
     key_groups:
@@ -51,3 +56,9 @@ creation_rules:
       - *makefu
       age:
       - *wbob_host
+  - path_regex: secrets/cake.yaml$
+    key_groups:
+    - pgp:
+      - *makefu
+      age:
+      - *cake_host
diff --git a/2configs/bureautomation/default.nix b/2configs/bureautomation/default.nix
index 193a23d85..a2d85bb66 100644
--- a/2configs/bureautomation/default.nix
+++ b/2configs/bureautomation/default.nix
@@ -1,7 +1,6 @@
 { config, pkgs, lib, ... }:
 let
   kodi-host = "192.168.8.11";
-  unstable = import <nixpkgs-unstable> {};
   confdir = "/var/lib/homeassistant-docker";
 in {
   imports = [
diff --git a/secrets/common.yaml b/secrets/common.yaml
index 87a9695b5..ce106bfad 100644
--- a/secrets/common.yaml
+++ b/secrets/common.yaml
@@ -10,42 +10,78 @@ sops:
         - recipient: age1p7jqdpahxtf7j70kmzy7vg6za7wg63u6sq7ywuw6qkw0qek395nq5kyzae
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLUUQwRjVYSzhDZFVXWTBS
-            czB4TXZuc2VXSDNtbkZZZC9hZ3c5bkNqaXdNCnJJV2RHWWVES1hpSlI5WURWOGRv
-            a1J1MTd0Q3pFVHFSNDNWdGFEWEp2emcKLS0tIGhndkxkQitzZ3QwUEJGdU5FMjFP
-            S2xPTlVlOHNvQVc0L3NaaG52cmM0QXMK6Y/PpW55BwjUniYa2Q07QzIgVxTwH/gy
-            4qZnGaOPi+BTwMWG9/h5kbbdVBZ/PdpmzzGw2qcfFA4SotA4xj9cyw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtVGJUVUNRWjdlbkd2eUtt
+            MXltYjFQN1VrRWs4UkUyNGF5RXdkbndzOHg4CjhLazVwV2JxVUNLWkNRdkRyZUsz
+            MkJXWW9sYk9xcXFXZW01dER6V3pzbEEKLS0tIExFbWZucXE0d1lDcFJLdTY1ZkJk
+            czU3YjNsbjNORm9RazRMSGM3U2hmODgKX1e8G/Ld2diBR5flF/33E0h0hbaxoKVy
+            6UAQJN9pVlPPgo6PBDiyGHK3Qt8eg7bKoc1lYjhHYmO7uh/2C9TA6A==
             -----END AGE ENCRYPTED FILE-----
         - recipient: age1hqe5hs2jz2fk5zvw346ajhwlagkheunacahpu42uruxu0nlnwy7qn9q5k6
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNjQzMVl4cVNWWWlJMnl4
-            cWdYRE5va0ZhM2pRY21Nb0NFcnVqMjc5ZlhjCllUOFNNZ3oyUzRVUzE5Q0J2aGI0
-            ak1GR1lvdVNzSEJxNUJRKzBSOU15K2cKLS0tIGE5V09lVmVwUHhuVUZDWDljNDYx
-            TlZpeGU5YnF0V3V4T1drYTJGcC96MUUK89QI1fgqaMqgqjnTkokuQIvUEOLznHE7
-            EanxjY1iez8dKrgdm67GHRPtd54m7wckDnAvENq7FxwOAyZrmnfW7w==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZQ0pZZjdJMjh0cWVRWSsv
+            anUwQzlMbHUvNlpQaEFPWG42VTV4dENiRkRRCnpOSDZCK2c3M0IzcERld2txMkY4
+            WC9GMkwzQUR3WUFoMDN3VEd3ekVGOEUKLS0tIGs1NERjSWZteUJqUXpuNjRucXk1
+            VlBZdDlHdWpaM05DUFMwZWNNajJmZHcKRRpmco1pRfS31nCshqqvF3UNtG2ajSkB
+            LMOozuNa4u0zsEcr9y0FzYnUfUFTEkmvbcuXSUlm9krnlndH2imzLw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1fz3fm09mpur0r5pp43tyuzemkx3f0gfwtgfxj6usv28apq8pfc6qnw3z2s
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUGdCaThNU2F6Q1BWbHNZ
+            c29lZzg1STZBNXk3TzBlZVY2SzdlNlpQYWtzCm9RS1psdVlINkk0UjVTME9SRFpJ
+            RnNIZEVmQm5pQVNOWU5LL0NlMnQwVzgKLS0tIHlPMEhRK0pkQ2UrWUhYeTlOQjJa
+            UmRQcTVpeVVEMGVCTVh5Sk1TaXF6a0EKuI32xWBrxE953zifNzmacf7T/Pg5dpNM
+            iwPOWfw8mTQhY8DDZf4RRK/4cdbDPnl8GXH8KGIAnyxEqh6iECq1UQ==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age12xhv7z8w3zaq2c0mf940a8afnardplye9fd6p2m5ynnck3k7vd7q00sqjy
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUNHMwc1lCYVlTVktOVnpT
+            NWZydmtZY0NFOEdKcjBoeFl4VjBuOFJnclZrCmxNdTRqUmdoUUU0UG9pUFA5bHBk
+            clZsNERPV2p3R3pMQ3Y1NmRUWkVWZU0KLS0tIEdjZFpIK3JoYjlxRVhKcmxpN2lh
+            MkhXb1BSVGJJOFhWQ2NjWDFUdm5HczgKMByO5trpPmju/1JOpIu/OWnLsoNE7fmX
+            9807+BALsXiS/GXw4Ys1zPD8SNzQyIUR/YMd43Ks/PFzTVCJFn8asw==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1g0h4fhgnfr7zvp3mqa32u24k4nlfpqmk4dvl5pwnj7t3m6zl2cfs3mw7ht
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUanl3SGxnaGo3U2NXbTJC
+            eWVybFk5MXhYZENhUXAzNndYMExQd2lkNFVnCjlLK1Jzb0o3bEZteWhtSkJtMVpO
+            cjBQWmttUW51dEpvVUdYQjhGMy90WDAKLS0tIFhmeDZGYjN2Wm1iSVpDQTRnSHRx
+            UVhWQjN6V25XUU13ZVdMRGxtNFFOcWsKVAjwpu+4dp5yejW5UF7T1fiCv7HJl/vx
+            s+IdLZh3YmFNfqp1GAF2A+pp8gLHR5HmuUsldbSy0lgb773NHSrOLA==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age13ekyvn5ux7zyvclwlrpnhgauw5s6dzn538msjka8vpwhu535ychqa7dk7a
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxVTBMclNGQU1RcG40WXBH
+            ZW1hMXdlZzRrMUJlbjR1UWpZVTRmdnJRT2pnCjFUT3BSOUtGOUpXeDJsYUx0cmFx
+            Skl3ZFMxMWo4TlA2b25sVk1pcDhKL00KLS0tIDBid2JNUHFTTVFFSkI1bHo1b3Fs
+            bEdXYVBZcTc1d2FWY0tMVUZibTJvcDgKEMP2T9YL3tvMggk0ysLeJPm48pJzub06
+            6Mhcfh+jvgitqfRGvWa2r14xzWuFLjI6v//rVw56IH5usAdiaPm/PA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2023-06-14T19:55:31Z"
     mac: ENC[AES256_GCM,data:OJ2vp00y6k/KDJ1jqyK4/QAt383Mi4mP/cnLTS4OOiZzNhujIAFLg5l/STdPrZe7y4GuczH08+kzSUgENwwYQApYEzupKsd+TUyXWYQzVuXX2pmrkVJD9umdsGt/gY3P7ykxM3gaN5SeflJIij/MQSlnuvYPVuI1dyCnyPnK6aE=,iv:on00K4KOk43Js8+/wPcU0e6qwwlZP4q2uiHc9hHYalQ=,tag:8JW4EhictAqOSzpk1h9oBg==,type:str]
     pgp:
-        - created_at: "2023-06-14T20:06:20Z"
+        - created_at: "2023-07-05T12:24:40Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            wcFMA9JutVRDNegnAQ/6A/jLsJmB/g5nWE/Fu//krIkf9dw9a4hM1juKT2IxfDue
-            HX/KUhMNvSPNWqQ49WJUJOzl0gCSIp8NyzZCztYRQ2/kLW5Vh0YA/ifS/jMv3dkx
-            mDhZikFsjw4aIhxobys3jb5WjrP0/Z7ASBegkSM5gONgu2RaereCPJXGT9rnZB8m
-            M2ZAiqLXf0qVcdUh1Wjbe23oqPFAGu9a7kZ1XntXGwTlrfJH0Rjq+xIs1UKNB2ux
-            v/gSC5xP0Fzed56PTv7k62CjSUqnSWlb98oJroQ+diK23wRwHGukvpGldId/nvUo
-            3JiY4/I/2LDQCu+8Thd7WvQ2K4J7ioG6TkMS3+9F4SMHuW0hOT4KrBblA04RYF/x
-            PRWCHrTVDZunzDW3boPZIR1i37KfgoYFA+5YlR8KaLWHXe8Tg4jVPrbzYTd7ggFd
-            96xnL4IsNabnLrihXg8+ir/w35bmY5wwwal3aGCNhCpWCQWDn/ZwsKtvAOmFOmqG
-            QkUjp95u/iW6AcahgjNy9IzNPVfzLqyzQrf/7jG/D/FD+r1t/6ShdARR5QxEQ85t
-            y7CcJ+vEuKQhAd0SP7oshZZ3cl1OpkEtl5rpdUiSRO3F7wWj8tu05PfDfr2OikUv
-            rgouK4NmvTX2y0PtJK2uX0BLNkNWgxjmvcpqZwQNDX6mNPd9L277YQCBQhXcu7zS
-            UQFMO7mn9rJx6jJzWlAL41CIXQ1VE+/uB8ZGJp//46QspaeGNPge5GQH3B7SvQq7
-            NjejELOh+2VJIWUSlykkTeWOmGK60luDuww3G8FTG+p55A==
-            =Tk8d
+            wcFMA9JutVRDNegnARAAnKof3fBDfMyYJGq1N3Bgy2zEJAaAd3Y5CAcEj0Q6AvId
+            QRKX7nNzptXDru+2rH1rQbt6l0yeTOlXnPGdghlk3tMxghh5umZaAJP8uyt+4krQ
+            1HquSCKylpJ43InPiaCNo3uBgDIcd2c841W/CRiL8yTzr7fm6UDTxq4m2y+vEgX7
+            qKS5smoAfsQDaCO/ZavaQr7jZqmI0z9sPbv8Hn4lLT7w361rsQrd05rxwCX+PVc1
+            EZ3XETzwtStkZqCHRGiYo91gcrm2TIkuVSUEGzvNhitA2d0oS0VcXe3EJtXNLQdw
+            3c8hfZeOmybwFUnGe8UhWX3e4iEpbgdHCP5qYea/JLTpWV5YtWErUPJDRl+xgsDA
+            9ofychP4SMVSIsSBz6iagA6VMJFrAXo3aqluTOyYkCF3U+mFMfkdbTT8u46qX0ve
+            ghuTdpTU3KmaNR9+KLaEIPuLYfhcir3LItA/2+cWjCxsx6bSxhprpo32NoVSdmx0
+            4PZUF1G/9pOJiWqOndOrMPHFUao6yt3Lm+WwCNNGccad3ySW0zCdKWYVOSMyC5Ql
+            FTyXlYgrzfxO1tBT1hwKeRP8eT28P0bEhS1wuju3Mnri+KsWkTKa/T7ospdJObQC
+            J61htquYKL+pHRvocK/TFSA2d4fJh1PRXb9g4uejzmMdHWcXON0PMP94wWjc4FzS
+            UQGxa2X0HtkLsRkF2RqCTYqcvQGO1NuzhGguYG4He3IJhVdxlWV+qKRJT67+DJxa
+            Rf9gFLj6DZ95L09f31tJHbWXKl8idKLSGr81rk5wkyi59w==
+            =uS2I
             -----END PGP MESSAGE-----
           fp: F7B8DCE46BC6B0A8F95477C8563B8DFE2A0E2029
     unencrypted_suffix: _unencrypted
diff --git a/secrets/wbob.yaml b/secrets/wbob.yaml
index 8008822f5..b2a737fb6 100644
--- a/secrets/wbob.yaml
+++ b/secrets/wbob.yaml
@@ -1,7 +1,8 @@
 borg.priv: ENC[AES256_GCM,data:AkhsyDg9ryOfS5qnK9UBf4BAhg+rBTcvRJrBKiO5WQAHMFUYbFQ9VqONZWk1Z/+HYdUhXFyih6hH4WMGOvb7Rk0JgCPoZjFFdMkcKZ157HQxgiattFIqcFmuD3R1KWDGjKX4pEYjPRPEqalesoiI2e73EyFRmEfDF3KIu558y7FXWFGXUrEBLzi1kdyqs3OM4n5Ze27FFWf17VGe9Pu66aZPLYP7jaKxZKq+E3baXPsl/1F65oTsaNHq1BSLmtol5lHfyx0O8RMuktfS+bpuov9w8wgyI7f/IwzPDDOgMomWn4no2ADXx/7ZJbqLULKkrYOUDFD7LyqNFA+mzQhW4Z1g7OiVwSZa8VSz8iUsgYxOw4ghfsGo9YmyPH/Ro7/ZJRlPFhSdQGMGcV4DlED8wDl1wg4J75C8fdyVWbxwDzXvhOfcGqNL2KaGsmbPFcbjzke0bCvmU58J4HJRQqwYNIZqf4+8tg2h2aF2prwpGrjzLYjYOcHRNRVuIR/U5DJ4x5+FNI1uq2smmHlF7TiD,iv:OK+qEal5ZRr33FbeTYhzA+38VlF7j3X9cI/pcKhWnYU=,tag:3FL/Y/l84hIl9LrF20iA9g==,type:str]
 borg.pub: ENC[AES256_GCM,data:BAw0LgxQxYrl3zledLqPmg6cxSdGg8Jc5pWfyK5rJsMhaWl9MZlKdxb0aDD7hCWSflqh44kvKfzvG5Kas9DZ/A4Ebv4v1tgbfpUViqN/eyCCiNdCuJCibOsZ,iv:3dbmKrM5kPVFrmhqw5rIex3Z7RkUMKdz4/c8z4U48eQ=,tag:/RCFzGtz4Ci0iP+DMmNIsg==,type:str]
 borg.pw: ENC[AES256_GCM,data:BLVPPuawSGx5F2A8/rDpx4hv7fAVSTdSPzU=,iv:Gjl6UQfosDRuIGTiFmGqBkQTz5q7jhtYhp4PwduRXeg=,tag:qj4ZrT+y0ODD41+teoyhfA==,type:str]
-hashedPasswords.nix: ENC[AES256_GCM,data:eGXjBoMOFLBU5RQudkizUxGzrvkDgRMTcXcLstYAto/UwnhFqXDIhK8moLQD8Q3LrFPsrCI/uF1SK9+va9UU9fbc6XfiOj8OuZ+OC08+eY+jIljgevCSEoU+acSdy2sS9FA6B0DVB+dhH9tQgVTrBJrGHs51HJ9FAE4OHnMyXa40QOBGTXdawJafmvu0Pd51VazHlc1HSHzvzKVbFjEBF2CRhMjQ2D6UZMp38CdIJ9RAZgmFJGSyoJoQV+YTQK7x+NeXbBotAZpffaUmfjXpaaEsoinpBWdmdzoJrHxNXXT7cCRDR+DquoDZ3nFULT3u7GFDCVOIbR68cK8snkRBCoGUkCzVa/pJTtYk2quW3/TgC75lf8k0WmzCDW7FKFkw9I4LiyPhZ51qbE1FtMBVv/hvPBLTkiUT1e2AmkXxiJkTKy2lC5ag5/hZbIUJMF7Qx5qPdkT7ez9b8EUn6Pp6kEtMDwDkDiDE38hYkA==,iv:tEWR3zE2jwb1gNT9Tj5JDAjPxY8JvHPveAfRWgQQLRA=,tag:uR55yaqHdBuaAzYXdKdLyA==,type:str]
+passwd:
+    kiosk: ENC[AES256_GCM,data:YcWwptGozxMZpqUvCSdrQ3Gi90PpUC6ydwR2kC5O7tLx4N+mxnF+sNekA768/o6lkZSOiUiS3zKaZy/pxyrbv/YUvR0utxyex3O5ngfz3/l6gpiELtBiLu3+4N6ZljpBiG1b0ENMq6QGv5o=,iv:jNgH6ZdHhy4FgNgppc3SVT6QIgs6++SAEFxH+uH4zCw=,tag:EHa4DMzTtdfEbezJBnenog==,type:str]
 netdata-stream.conf: ENC[AES256_GCM,data:P0rvI7p474pbpvSnvpPdxeYpgSuj9Md2rqzHjhX2ZWgnfv3V317xyK+ZRwfwFBiIFgX2Drv/Il24VCkWm6PqQnJFcUyYfjDMxBq8x/XkdmhoIUhHflFOhXIXvWVkEY4apnuo3cPJJmppSTA=,iv:woZdvhHua8JnSct6uCFUtqq1hqpeuFL3MvkqKcxLWAI=,tag:8AZnb6qdK8QAX20rIxK0nA==,type:str]
 retiolum.ed25519_key.priv: ENC[AES256_GCM,data:aebIRItPT5M/Cu0fD22K8QVFbrn1IfE/x3LAJxzu2oE6SUKzyNA3C+2adiRhe0R0hcyCTKNJSsIhrmGKFdbyWA7yIe/V5R0WGLM3YRELfCuBgugCMno5gcCK2kC387K7zsYh000DULFgfwPG82afSw+tJ9oC+h9UJ065KBQfh6/SOs6dkO8sYuKb2EpqweDhlkOTcaE4z+jXXpsqFJzQ7pmAzSSRwKvWKPHvDLTNgLFwYPmtqNcO/Tq8kxB7Z6oETq30p8304CU=,iv:fRd/M5SPbMIy3v+TtgLfEaUppe17jDMAuYjUBDBAYT8=,tag:phF+vbkEPuGp2PqIQUqXIQ==,type:str]
 retiolum.ed25519_key.pub: ENC[AES256_GCM,data:rY3fgKxcskDcVHLX7IqL5qw2BHTzoE1K30hQDLyf7k9mDmgLrs5w8ciVjCN4B0qQoIMdEzlYOxEW15iHGxHT,iv:YA8Hais3Ridn8mgeENTyWykS/XQmtfKcNI22iKwR6ss=,tag:G9xZGuwZG9uFzqgY19y1Kg==,type:str]
@@ -37,8 +38,8 @@ sops:
             bTVZMWhISWRSd1g4QnFoTjZnQVNKdWcK0MN1a5EO1nt7Qcf/Eon/mucGvnZ7pMUZ
             1Nv2qNt0w4OU0ZElIUK88rXr0CTjzaL1JWk9ruzxL5Z7V4Dk2uPnGw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-06-14T23:46:16Z"
-    mac: ENC[AES256_GCM,data:fF29polOe7785XeTFB5O3zpti74zNxMcL6HvUOgUG8klFO6wi6uziGDl0EuCIAs7A+6tjGkpYUqstgmOOibQDNYG0oclpvImI8PuhcUhbZpa6GIuh2a2swmlHLT2lZ0C42wbJMRVtr7hZvhRpZqqrzXIDtG5IAX+EQRKxFBWvTU=,iv:lNaNosuHKHiJwo6v0jcjeYtESv8THlzhTush1w3zY5w=,tag:BpaShGefZPZyDhVeq7ijYA==,type:str]
+    lastmodified: "2023-07-05T12:19:20Z"
+    mac: ENC[AES256_GCM,data:ehwvSRsOdiPINe0dU9aKteBDHckEeqzk1pTspKlDB/NhSV0hLbn71oQqXKY3z0RdXYDYuKKC3Tz8MhLVD/BDHTX7wSoFuODHBytGEsLVVOYK01xxHT6cyTJ2GcI5MT84pbwpbAPkkJWoE9Ai4sQGqzTXcUXC4BWULy5GNJPyofc=,iv:hkGexbE03jkqwjJ5bzFagsWlVFxs24KVHo4+9igns34=,tag:Hjbc3bVncbriIZeD/+YquA==,type:str]
     pgp:
         - created_at: "2023-07-02T20:53:14Z"
           enc: |-