diff options
| author | Franck Cuny <franck@fcuny.net> | 2026-01-09 19:11:37 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2026-01-12 08:20:24 -0800 |
| commit | 72307e4dca688a5f2b88cef26273aaa6a5e189db (patch) | |
| tree | 7883bd1387cac0c0ad9180ef75fe0b98965706df /machines/bree.nix | |
| parent | clean up ssh keys for the admin user (diff) | |
| download | infra-72307e4dca688a5f2b88cef26273aaa6a5e189db.tar.gz | |
don't use agenix from home manager
Install the key with the host's configuration and rekey the secrets.
Diffstat (limited to 'machines/bree.nix')
| -rw-r--r-- | machines/bree.nix | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/machines/bree.nix b/machines/bree.nix index 24089a0..1560ce6 100644 --- a/machines/bree.nix +++ b/machines/bree.nix @@ -5,6 +5,15 @@ ... }: { + wgPublicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904="; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFM4wZaYwz8kuu6lNrdrN6QOyouGQ0v1ye+Iwh1jawNi"; + + age.secrets = { + wireguard.file = ../secrets/bree/wireguard.age; + disk-unlock-key.file = ../secrets/bree/disk-unlock-key.age; + disk-passphrase.file = ../secrets/bree/disk-passphrase.age; + }; + imports = [ ../profiles/core-metrics.nix ../profiles/defaults.nix @@ -21,15 +30,6 @@ networking.useDHCP = lib.mkDefault true; systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; - wgPublicKey = "bJZyQoemudGJQox8Iegebm23c4BNVIxRPy1kmI2l904="; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFM4wZaYwz8kuu6lNrdrN6QOyouGQ0v1ye+Iwh1jawNi"; - - age.secrets = { - wireguard.file = ../secrets/bree/wireguard.age; - disk-unlock-key.file = ../secrets/bree/disk-unlock-key.age; - disk-passphrase.file = ../secrets/bree/disk-passphrase.age; - }; - services.remoteDiskUnlock = { enable = true; hosts = [ |