use a dedicated SSH key for agenix

The key is still stored in 1password, and we add a script to synchronize the key to the host. The existing keys have been rekeyed with the new key.
author: Franck Cuny <franck@fcuny.net> 2025-06-12 07:40:53 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-06-12 07:40:53 -0700
commit: ec2afd9e927a521edfb68ad9eb3e0e8391d12156 (patch)
tree: f348f44d197acf8ee9fff40fef5e04cc1c69b15b /secrets/secrets.nix
parent: configure `aspell` properly to work with Emacs (diff)
download: infra-ec2afd9e927a521edfb68ad9eb3e0e8391d12156.tar.gz
1 files changed, 10 insertions, 3 deletions
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 883ef91..d824ce1 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,9 +1,16 @@
 let
   users = {
-    fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
+    fcunyNixOs = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
+    fcunyAgenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdyJepi/NyO6d9eP8m48Ga/gdjB5ENHRXYM1ZqFZR8t";
   };
 in
 {
-  "users/fcuny/llm.age".publicKeys = [ users.fcuny ];
-  "users/fcuny/anthropic-api-key.age".publicKeys = [ users.fcuny ];
+  "users/fcuny/llm.age".publicKeys = [
+    users.fcunyNixOs
+    users.fcunyAgenix
+  ];
+  "users/fcuny/anthropic-api-key.age".publicKeys = [
+    users.fcunyNixOs
+    users.fcunyAgenix
+  ];
 }
author	Franck Cuny <franck@fcuny.net>	2025-06-12 07:40:53 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-06-12 07:40:53 -0700
commit	ec2afd9e927a521edfb68ad9eb3e0e8391d12156 (patch)
tree	f348f44d197acf8ee9fff40fef5e04cc1c69b15b /secrets/secrets.nix
parent	configure `aspell` properly to work with Emacs (diff)
download	infra-ec2afd9e927a521edfb68ad9eb3e0e8391d12156.tar.gz