feat: update ot synchronous gpio and rotate keys

pi/README.md

@@ -57,7 +57,7 @@ This setup expects SSH key login for user `pi`; it does not configure a password
 After boot, verify SSH works:
 
 ```sh
-ssh pi@noisebridge-pi.local
+ssh pi@noisebell-pi.local
 ```
 
 ## Add the Pi host key to age recipients
@@ -67,7 +67,7 @@ The deploy flow decrypts secrets locally on your laptop, but the Pi host key sho
 Grab the Pi host key:
 
 ```sh
-ssh-keyscan noisebridge-pi.local 2>/dev/null | grep ed25519
+ssh-keyscan noisebell-pi.local 2>/dev/null | grep ed25519
 ```
 
 Add that key to `secrets/secrets.nix` for:
@@ -99,7 +99,7 @@ These stay encrypted in git. The deploy script decrypts them locally on your lap
 From your laptop:
 
 ```sh
-scripts/deploy-pios-pi.sh pi@noisebridge-pi.local
+scripts/deploy-pios-pi.sh pi@noisebell-pi.local
 ```
 
 If you only know the IP:
@@ -141,7 +141,7 @@ The deploy script:
 
 - installs the Tailscale package if missing
 - enables `tailscaled`
-- runs `tailscale up --auth-key=... --hostname=noisebridge-pi`
+- runs `tailscale up --auth-key=... --hostname=noisebell-pi`
 
 So Tailscale stays part of the base OS, while its auth key is still managed as an encrypted `age` secret in this repo.
 
@@ -150,7 +150,7 @@ So Tailscale stays part of the base OS, while its auth key is still managed as a
 Normal iteration is just rerunning the deploy script:
 
 ```sh
-scripts/deploy-pios-pi.sh pi@noisebridge-pi.local
+scripts/deploy-pios-pi.sh pi@noisebell-pi.local
 ```
 
 That rebuilds the binary locally, uploads a new release, refreshes secrets, and restarts the service.