diff options
| author | Franck Cuny <franck@fcuny.net> | 2026-01-09 19:11:37 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2026-01-12 08:20:24 -0800 |
| commit | 72307e4dca688a5f2b88cef26273aaa6a5e189db (patch) | |
| tree | 7883bd1387cac0c0ad9180ef75fe0b98965706df /machines/rivendell.nix | |
| parent | clean up ssh keys for the admin user (diff) | |
| download | infra-72307e4dca688a5f2b88cef26273aaa6a5e189db.tar.gz | |
don't use agenix from home manager
Install the key with the host's configuration and rekey the secrets.
Diffstat (limited to '')
| -rw-r--r-- | machines/rivendell.nix | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/machines/rivendell.nix b/machines/rivendell.nix index 6b16d67..0c4ac28 100644 --- a/machines/rivendell.nix +++ b/machines/rivendell.nix @@ -5,27 +5,8 @@ ... }: { - imports = [ - ../profiles/authelia.nix - ../profiles/core-metrics.nix - ../profiles/defaults.nix - ../profiles/disk/btrfs-on-luks.nix - ../profiles/git-server.nix - ../profiles/hardware/framework-desktop.nix - ../profiles/home-manager.nix - ../profiles/miniflux.nix - ../profiles/monitoring.nix - ../profiles/remote-unlock.nix - ../profiles/restic-backup.nix - ../profiles/server.nix - ../profiles/storage-media.nix - ../profiles/users/admin-user.nix - ../profiles/users/builder.nix - ../profiles/users/home-manager.nix - ../profiles/wireguard.nix - ]; - - boot.kernelModules = [ "sg" ]; + wgPublicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng="; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd"; age.secrets = { wireguard.file = ../secrets/rivendell/wireguard.age; @@ -52,13 +33,32 @@ }; }; + imports = [ + ../profiles/authelia.nix + ../profiles/core-metrics.nix + ../profiles/defaults.nix + ../profiles/disk/btrfs-on-luks.nix + ../profiles/git-server.nix + ../profiles/hardware/framework-desktop.nix + ../profiles/home-manager.nix + ../profiles/miniflux.nix + ../profiles/monitoring.nix + ../profiles/remote-unlock.nix + ../profiles/restic-backup.nix + ../profiles/server.nix + ../profiles/storage-media.nix + ../profiles/users/admin-user.nix + ../profiles/users/builder.nix + ../profiles/users/home-manager.nix + ../profiles/wireguard.nix + ]; + + boot.kernelModules = [ "sg" ]; + networking.hostName = "rivendell"; networking.useDHCP = lib.mkDefault true; systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP; - wgPublicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng="; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd"; - services = { website = { enable = true; |