don't use agenix from home manager

Install the key with the host's configuration and rekey the secrets.
author: Franck Cuny <franck@fcuny.net> 2026-01-09 19:11:37 -0800
committer: Franck Cuny <franck@fcuny.net> 2026-01-12 08:20:24 -0800
commit: 72307e4dca688a5f2b88cef26273aaa6a5e189db (patch)
tree: 7883bd1387cac0c0ad9180ef75fe0b98965706df /machines/mba-personal.nix
parent: clean up ssh keys for the admin user (diff)
download: infra-72307e4dca688a5f2b88cef26273aaa6a5e189db.tar.gz
1 files changed, 13 insertions, 1 deletions
diff --git a/machines/mba-personal.nix b/machines/mba-personal.nix
index 2d82567..0ce4279 100644
--- a/machines/mba-personal.nix
+++ b/machines/mba-personal.nix
@@ -1,6 +1,18 @@
 { adminUser, pkgs, ... }:
 {
-  age.secrets.ssh-remote-builder.file = ../secrets/ssh-remote-builder.age;
+  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLQTIPZraE+jpMqGkh8yUhNFzRJbMarX5Mky3nETw6c";
+
+  age.secrets = {
+    ssh-remote-builder.file = ../secrets/ssh-remote-builder.age;
+    anthropic-api-key = {
+      file = ../secrets/anthropic-api-key.age;
+      owner = "${toString adminUser.uid}";
+    };
+    restic-password = {
+      file = ../secrets/restic-pw.age;
+      owner = "${toString adminUser.uid}";
+    };
+  };
 
   imports = [
     ../profiles/darwin.nix
author	Franck Cuny <franck@fcuny.net>	2026-01-09 19:11:37 -0800
committer	Franck Cuny <franck@fcuny.net>	2026-01-12 08:20:24 -0800
commit	72307e4dca688a5f2b88cef26273aaa6a5e189db (patch)
tree	7883bd1387cac0c0ad9180ef75fe0b98965706df /machines/mba-personal.nix
parent	clean up ssh keys for the admin user (diff)
download	infra-72307e4dca688a5f2b88cef26273aaa6a5e189db.tar.gz