move secrets to the hosts instead of profiles

author: Franck Cuny <franck@fcuny.net> 2026-01-03 11:32:50 -0800
committer: Franck Cuny <franck@fcuny.net> 2026-01-03 11:32:50 -0800
commit: ed1268a6735d4339aad02fd560dd944167dcda3d (patch)
tree: e2a9836d0fb8206298cbdcdaac0d8763eae7b2fd /machines/rivendell.nix
parent: delete ollama (diff)
download: infra-ed1268a6735d4339aad02fd560dd944167dcda3d.tar.gz
1 files changed, 24 insertions, 1 deletions
diff --git a/machines/rivendell.nix b/machines/rivendell.nix
index 99b03a5..d1b95aa 100644
--- a/machines/rivendell.nix
+++ b/machines/rivendell.nix
@@ -27,7 +27,30 @@
 
   boot.kernelModules = [ "sg" ];
 
-  age.secrets.rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age;
+  age.secrets = {
+    wireguard.file = ../secrets/rivendell/wireguard.age;
+    restic-local-pw.file = ../secrets/restic-pw.age;
+    restic-nas-smb-config.file = ../secrets/restic-nas-smb-config.age;
+    grafana-oidc.file = ../secrets/grafana-oidc.age;
+    miniflux-oidc.file = ../secrets/miniflux-oidc.age;
+    rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age;
+    authelia-storage-key = {
+      file = ../secrets/authelia-storage-key.age;
+      owner = "authelia-main";
+    };
+    authelia-jwt-key = {
+      file = ../secrets/authelia-jwt-key.age;
+      owner = "authelia-main";
+    };
+    authelia-users = {
+      file = ../secrets/authelia-users.yaml.age;
+      owner = "authelia-main";
+    };
+    authelia-jwks = {
+      file = ../secrets/authelia-jwks.age;
+      owner = "authelia-main";
+    };
+  };
 
   networking.hostName = "rivendell";
   networking.useDHCP = lib.mkDefault true;
author	Franck Cuny <franck@fcuny.net>	2026-01-03 11:32:50 -0800
committer	Franck Cuny <franck@fcuny.net>	2026-01-03 11:32:50 -0800
commit	ed1268a6735d4339aad02fd560dd944167dcda3d (patch)
tree	e2a9836d0fb8206298cbdcdaac0d8763eae7b2fd /machines/rivendell.nix
parent	delete ollama (diff)
download	infra-ed1268a6735d4339aad02fd560dd944167dcda3d.tar.gz