hosts/aptos: re-key all the secrets with age identities

This is now using the public keys from various age keys:
- one for my user on the laptop
- one for the root user on the laptop
- one backup key stored on the USB drive

1 files changed, 8 insertions, 9 deletions

diff --git a/hosts/aptos/secrets/secrets.nix b/hosts/aptos/secrets/secrets.nix
index 674af9b..59e43a5 100644
--- a/hosts/aptos/secrets/secrets.nix
+++ b/hosts/aptos/secrets/secrets.nix
@@ -1,29 +1,28 @@
 let
-  fcuny =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl";
-  aptos =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTcPGaiL+/Mwl8JzLHrBwas7QvWPjix4lnaAA1tw+5t";
+  root = "age1g3hjfg8rsyaunsa63q73flxt0rnmqng5mvjk5qywsu0xjvuwq5rsmuxk35";
+  fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj";
+  backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6";
 in
 {
-  "wireguard_privatekey.age".publicKeys = [ fcuny aptos ];
+  "wireguard_privatekey.age".publicKeys = [ root fcuny backup ];
 
   "syncthing/key.age" = {
-    publicKeys = [ fcuny aptos ];
+    publicKeys = [ root fcuny backup ];
     owner = "fcuny";
   };
 
   "syncthing/cert.age" = {
-    publicKeys = [ fcuny aptos ];
+    publicKeys = [ root fcuny backup ];
     owner = "fcuny";
   };
 
   "restic/repo-users.age" = {
-    publicKeys = [ fcuny aptos ];
+    publicKeys = [ root fcuny backup ];
     owner = "fcuny";
   };
 
   "gcloud/world-nix.age" = {
-    publicKeys = [ fcuny aptos ];
+    publicKeys = [ root fcuny backup ];
     owner = "fcuny";
   };
 }