Configure agenix to use local SSH key

- Add age.identityPaths to juspay.nix for local key usage

- Update secrets justfile to use ~/.ssh/agenix instead of 1Password

- Add zest SSH key for secret decryption

- Remove infinitude system keys from secrets config

- Rekey all secrets with updated key configuration

modules/home/work/juspay.nix

@@ -15,6 +15,7 @@ in
   ];
 
   age.secrets.juspay-anthropic-api-key.file = ../../../secrets/juspay-anthropic-api-key.age;
+  age.identityPaths = [ "${config.home.homeDirectory}/.ssh/agenix" ];
 
   programs.zsh.initContent = ''
     export ANTHROPIC_API_KEY="$(cat "${config.age.secrets.juspay-anthropic-api-key.path}")"
@@ -48,27 +49,4 @@ in
     ANTHROPIC_MODEL = "claude-sonnet-4-5";
     # ANTHROPIC_API_KEY set in initExtra via agenix
   };
-
-  /*
-    # Enable Vertex AI integration
-    CLAUDE_CODE_USE_VERTEX = "1";
-    CLOUD_ML_REGION = "us-east5";
-    ANTHROPIC_VERTEX_PROJECT_ID = "dev-ai-gamma";
-
-    # Optional: Disable prompt caching if needed
-    DISABLE_PROMPT_CACHING = "1";
-
-    # Optional: Override regions for specific models
-    VERTEX_REGION_CLAUDE_3_5_HAIKU = "us-central1";
-    VERTEX_REGION_CLAUDE_3_5_SONNET = "us-east5";
-    VERTEX_REGION_CLAUDE_3_7_SONNET = "us-east5";
-    VERTEX_REGION_CLAUDE_4_0_OPUS = "europe-west4";
-    VERTEX_REGION_CLAUDE_4_0_SONNET = "us-east5";
-    VERTEX_REGION_CLAUDE_4_5_SONNET = "us-east5";
-
-    # Model configuration
-    ANTHROPIC_MODEL = "claude-sonnet-4-5";
-    ANTHROPIC_SMALL_FAST_MODEL = "claude-3-5-haiku";
-    };
-  */
 }

secrets/github-nix-ci/srid.token.age

@@ -1,12 +1,11 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ qxnWrc61w1kSBf3m7ofJWrTTdhrKSMmp9iW5y9RzdUU
-epgghGOuuMctx4uyYWrvN33tu4dL91E8VNxlMuvxw/g
--> ssh-ed25519 Ysxvmg ZjHA3/xCKFO+sk9RGRXkfGcxixk4arKP6PlRnLKRqi0
-CJITJ6M4KRM5lH23O5kWY8qjs+WEZLe5OooaIa7LInE
--> ssh-ed25519 HQ+y9w MyD/org+yNN0HhLh3GLG9PbCxIjffsMOxcJaQAmeThI
-jGFfuzJmA+AXgG9OI1c88TD4GHFA4C4GnzBPYlbvjQY
--> ssh-ed25519 p0qplg dod6JyHjstJGo0LgxlG4z5zrca8qunco+UuFLYZUyxo
-cWZElzFjbZESN2tlbna76yn77qm6e1og7OhoLzYsqVc
---- dD6aThNJBsJXoIS+6JbkIk1o3FJUbvjjjRwX6k3Riz0
- 
-ÊtJÏ$uÅb” |åŸGÁŽ¦Þê#b‹ÄÂж春+´áÜOºMÍ罕`·ÜþBâ݈¡	ä‘o(å!³wÌt-¿vº(ª&™Â‚8Æ´Ö*;_©6€}IèóuG‡±³‘`U?gñ:Â7í°<C3AD>½L¢ù j¬
+-> ssh-ed25519 96IXNQ V6z62p+pW3kgBssNzyKXgeSkg1Wd8RL6G1UrumXTIWY
+Ct4rp8A1Gg9ExzUyE63JgzgHD5aaeqakZ6ROAPm/XRE
+-> ssh-ed25519 It7HZQ +Hfd+DFL1cxlRFHSfLC2iiEbQ52cir2KgsIAQsgWLj8
+pCD9VDE0GWsr23NRHRCmiZJDrdNN3zKJFY6zNTpzPqg
+-> ssh-ed25519 Ysxvmg NzAhvPK21VdhfbEAD5Fk9VSqqeKjE8n5T9yurBeGohs
+qRZzel60SENc1ewUbubi48zRyhxbpGK85Y2j871YPwY
+--- R2HwRQqDwwfnDYltxQsw+s8fhBHhXVY+t93Uwh4PNYw
+Ò/´Ý¹³øù{¨Œã?bå¿^i#W©Æ
+’as}ëîÈ­jã„é×
+¹p¨$ç'Dµ°ÿöA•ì›@Èù½6ÅÓ2O<š¸<1A>“0‹D†ó2Ëó½c@Ò¦·)뙀ÿ®7„^?Ï娨§ô–ÄÂlVÑÕ0¾ó5ýöXe8

secrets/gmail-app-password.age

@@ -1,11 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ AlPQKdJW4i7KiKFShOJiZS3jaU4rGHxfpTcbxFFhX0c
-/T+E7XkiUOgWtdRVRz9T3ut/AKXLEZpIywdjgPSXetU
--> ssh-ed25519 Ysxvmg ib7r93LrHHqg8Mpy2qjHDscc1j78xHYn+mSE0mgCVmI
-FIcdml33o0867qmVXsfwCTouhNFdzUMcpI/RkD1Ydvk
--> ssh-ed25519 HQ+y9w eqKQ865HffWRjvbj/I5Qoe/jxKEP0Fdjh3FxWppW3zc
-4qtKAl3FFwfevlF0qFPe5brMRdll1cNDbOv/ynzrw94
--> ssh-ed25519 p0qplg QWiCH31vijXLdRi1ERrrsO9/wPnB5dVKmV+JQ7TxWig
-bziVlyMK13NYneR0mmyipoKwTboEd8kQeOE2JS9evMw
---- vO0xh4UbUG45Wnq+c5oL6C4P42B87tYeZ2iKwBEKLa0
-{òkU¤i¨{~¨e’ÙɤÓA#•N7uBÏ; äJ´¥]H¸Ät6}xÂ=i®ža
+-> ssh-ed25519 96IXNQ T3RyKheawLaYNrlkDoCXS8pgRIwsNygCXKspcIgFqCo
+atSHBU2ubK2vXRudE/WAd1bVaclb32bqr1DuCfuncD8
+-> ssh-ed25519 It7HZQ AiZwpmGEojWzGAGPOnL9OTF96OsNEskVXq7nzSmIuQw
+qhv3adMWpgHRCSTixOuPOtC9GKPDf8igzEOhCqlZPug
+-> ssh-ed25519 Ysxvmg STvgaNkoEEec339ils0g3H0D32RGph9uBk1socsLiBI
+5pmdT4t49xbzQJy4XhZrCieDcYYr/HT826g55mnAfew
+--- XYTAbK/8LHg4SlajLfSlqToRkAl+mAnXXNdvgMvzaj4
+NtÍî'8ä“ÿ<E2809C>òҡƧuÕòþúGú_ö¸8QY,û<')¢;Ÿ‘Å!Ïv˦

secrets/hackage-password.age

@@ -1,11 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ fkw73hLDykfEcq/OvTGwfQKO8adwA1ojBuPCKO5hZyw
-YNN1Vcg+30il/ccbcWMgR4uucLBMGSdFLk+6PwjKiKc
--> ssh-ed25519 Ysxvmg RATkz1A0SNVm6Ynu2FhoTgc8yi6TwnK+I3LRpp32jAM
-lUFyoIQSu1DCjkdAgWtDTDuM89GtqFSdbBsBzSZr4yg
--> ssh-ed25519 HQ+y9w OZSJZi0YRfkpmc5d6cMALj+Uo/WFoPy9+ME5tScunn4
-+4W1K5A+p2IPtPzcIiO+z4sVhNotX4T9wqs0E1BRlSc
--> ssh-ed25519 p0qplg Z2P1LtaIrYJujIQy9pIfgjc/tjvy5lWCKPDRUrr5LGs
-Ve5d3aOfB9/GI45gapzVEtnTr0u6N4krZ+DoWj2lbN8
---- CBkheL3TQ/W/4aVzTxuTUPh1UQMGT5AeWTXKCcVTVq8
-‡:wé[-CþÖ7Ÿ#ì«õØu<¥ÑG:l¹<6C>Pâ{‚gÐã¹ÙþR¥ç\Î@./
+-> ssh-ed25519 96IXNQ nHWK3DGvD5svfKFD/QiyGUyE94MfiIAGvwtowQfB8CE
+HKw+5SB99G+BVO1t6dggH+LFfjWSExUXaPA6TgbXkjo
+-> ssh-ed25519 It7HZQ tN1niOfw1WOTti0NAg9IlBSnAkTGloTE5dZGJ3rdXR0
+xw9DqdaqI3o0JuXslaOWcHwN4eLqz4g/lzQPmqZIpLU
+-> ssh-ed25519 Ysxvmg K7Taxefo/m7ObS0f62lowOnSNkN4kRO51A68N9tFmGM
+sOEEjMpzH2CPwnmk7X5fbLKJ3Yw/Tr2P33UHM676y8A
+--- FrVEGbyKNFknaLXq05sb5gD7cZqPv+UZUcuD+sj/SPA
+œcˆÄŠx=âwj»”¿½@±[
+—ðyª²µ}Ãh”8#‹MÜ .N)Æó•DÑ+‹

secrets/juspay-anthropic-api-key.age

@@ -1,11 +1,10 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ dfehVZ2LNMujmbP0wsxuPU92PynoTs+JoifCpvOxx0g
-Kw5EgbGE8z213x3nB1z4K/H2c+5gZ3tGM2lpvN9yGwQ
--> ssh-ed25519 Ysxvmg XyaT6WaAtv0XyyAfXJ6N7vWZxJ546SiEW5MAYuGXPV0
-0lUd23m+JlFXVAM6dS1UFI8WUfd5lrKjJMQEpNvSae8
--> ssh-ed25519 HQ+y9w aU1OdyrR/qE6E1e3LrGi9I6rzki4X1rlaCdYZ9MzHmg
-EV0/NKDyORAfcFIu6CObkg6EDEdwjJI0pVi0Dpy9wI8
--> ssh-ed25519 p0qplg h5N/ldxUIgUsNOXDP9BSIvoild4YYs9loy9As9RC8W8
-ajAJsLO8GOCLxTMwGG752kpt3TN7ImPyEICZsDFc/P8
---- xLBYy+XcNGtYh0LRLMyUgnXUnwp6UA8rVhDDHbCS2eA
-׍0Ë$†‡yH|"(ޤšöÁ<C3B6>ŕŠmK¨(Nfת:*¨x’ČőîjĂŕ7X جúŞő2ă0
+-> ssh-ed25519 96IXNQ MqhWG7d6fRrIzIZDyu1/Sr8Kcc/0g6b09JxadmeWISM
+qhSR1c/JfIh9xLR5Yb86D7E8M0X23wvmmBpHl6RiYuA
+-> ssh-ed25519 It7HZQ E6XNqLnTEqg7PjMfQV+4Q2+PxgzwNqUTCIphK1ebWQQ
+NdyhbsqlXpMqn/T9CJeKXP9APY/gMTf045iAyz9Niis
+-> ssh-ed25519 Ysxvmg FDBhNnfef8Mgl0aAnwDcK6Y70LCnvFi74gfPqbYa7U4
+cNUdR58Go8ggcsbcHy288xHRo1wUL1MKiIvKvjcCLQo
+--- FXrK+Jq0W+jvGa+yBaWfvU0th7bAYeU2lxQexsyAnSU
+þ¾ÒâΗ&ážNRý_4`YÁð›%	KAxµW„[T"Ÿn*g~Ió"þ·åSѱü-Vz%DIÐ
+D˜

secrets/justfile

@@ -4,4 +4,9 @@ default:
 
 # Run `agenix -e <file>` 
 edit FILE:
-    bash -c 'agenix -e {{ FILE }} -i <(op read "op://Private/id_ed25519/private key")'
+    # bash -c 'agenix -e {{ FILE }} -i <(op read "op://Private/id_ed25519/private key")'
+    agenix -e {{ FILE }} -i ~/.ssh/agenix
+
+rekey:
+    # bash -c 'agenix -r -i <(op read "op://Private/id_ed25519/private key")'
+    agenix -r -i ~/.ssh/agenix

secrets/pureintent-basic-auth.age

@@ -1,11 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 96IXNQ 0/NuV8hDzg51QcJGiwG0/baeBQc+W9h9q66AzEm+EnY
-V1xUVHQQmXo6YN+BF+ZCn9Ew+bcUqP0975JmvaiSY4o
--> ssh-ed25519 Ysxvmg DxRnKZodptsoekhgqYHvRTmuDoqwsvzZ+lsXA2wU8U8
-lJxE8eCxkBCd5uHUSrOMywBgy0HQEekU5HEn9k7v6xE
--> ssh-ed25519 HQ+y9w sjoTiMATKONmXTmEfmUEsURXxKOEnYS8K3wcTP6OEWU
-kmj2v92yAR8mo/5bL24GMJ9idN4DXPoBh41sGmJFu6U
--> ssh-ed25519 p0qplg 1TuM1BqPK2U5prLL/zEel4nHLEtxud34aSslvCS1k1k
-PvnOGEDrQ0Mek3Z/VeHAcvhdurAN1RZxACiLsali6WQ
---- 2AiI3tw705Kala8qEBWg0PIlXn+yOyeDns01nZ7YjGw
-̉<>Ït¼ª¬ä<C2AC>þu
#`=ªèU&S•p6C§Eé:~v;b}<7D>€Ó›.'<27>TŒ-xŠ(;Þ|¹ƒÑ\Sù!æR£dWy£<79>
¬¬ëDœÞ5‡8œqA}*ѱZS
+-> ssh-ed25519 96IXNQ 2fAb4UaMDzIvV6al6FJhaLubphtiSuCpVOaeN+HwGVo
+bP/J1UYVBhjV2aquWSsTytU19R76+9Vlof5/V9CUBZU
+-> ssh-ed25519 It7HZQ /UlpuPliwqF04HPG87ldFPCjxWim6EuCxUUax8h51TQ
+rbQBDdCtd1N2IEuCSZeeusVtkogL3MOr0Mxue/Gwiso
+-> ssh-ed25519 Ysxvmg A81MyiFDefSbX6u7p4bN9vCREgGcp/frzguX1uwXYVM
+KiicSyou3NiK9znW2/MEJi3ElLfsqkCLfMuPbqTLoJs
+--- ArMgx+hzGLdzksx0CEXhb7N//pSq+ovYS/SPS3mQBcs
+bQAü[iz´§/¤%VA‹<41>Ÿ´Exìôò.£šˆº‚‹‚bæZMIsÒ¨1ŒâÙTeq«þõ̦Sïúò“,ÚJ÷ÛàÓ­Ê2ÞS¤•ä«á(øTùú6FkÀDÖ.Q¯ìÞR[

secrets/secrets.nix

@@ -1,11 +1,15 @@
 let
   config = import ../config.nix;
-  users = [ config.me.sshKey ];
+  users = [
+    config.me.sshKey
+    # zest: unique just for decrypting secrets
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYQQXPMHYBtRcPzSkjQ3oqyje8T4UlCpbr6XjrlzzlK srid@zest"
+  ];
 
   pureintent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICkY5feaNt4elPqRQimB9h3OFxtFAzp98p1H+JezBv92 root@nixos";
-  infinitude-macos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjg6aknmaXdQ/arHcTD+USFwCTsUGyJv9R1dXnejdby";
-  infinitude-nixos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhLuTee/YS04uBhg9Zri5OKfQySoeUXxVVpz6xVUtB5";
-  systems = [ pureintent infinitude-macos infinitude-nixos ];
+  systems = [
+    pureintent
+  ];
 in
 {
   "hedgedoc.env.age".publicKeys = users ++ systems;