From b6a12af7a9602cad8f700e58494a024489f5482d Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Tue, 7 Mar 2023 19:03:05 -0800
Subject: hosts/aptos: re-key all the secrets with age identities

This is now using the public keys from various age keys:
- one for my user on the laptop
- one for the root user on the laptop
- one backup key stored on the USB drive
---
 hosts/aptos/secrets/secrets.nix | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

(limited to 'hosts/aptos/secrets/secrets.nix')

diff --git a/hosts/aptos/secrets/secrets.nix b/hosts/aptos/secrets/secrets.nix
index 674af9b..59e43a5 100644
--- a/hosts/aptos/secrets/secrets.nix
+++ b/hosts/aptos/secrets/secrets.nix
@@ -1,29 +1,28 @@
 let
-  fcuny =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl";
-  aptos =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOTcPGaiL+/Mwl8JzLHrBwas7QvWPjix4lnaAA1tw+5t";
+  root = "age1g3hjfg8rsyaunsa63q73flxt0rnmqng5mvjk5qywsu0xjvuwq5rsmuxk35";
+  fcuny = "age1keyvdhpspgqp4g5zjthdphau5q5qlt6fs0ex0wqnve66dmup9pzqn4sakj";
+  backup = "age1fh4960rdrk4d7m4c5lwd3trvw9ylk09dvucj2gd2udy7d5cz2a0svcqws6";
 in
 {
-  "wireguard_privatekey.age".publicKeys = [ fcuny aptos ];
+  "wireguard_privatekey.age".publicKeys = [ root fcuny backup ];
 
   "syncthing/key.age" = {
-    publicKeys = [ fcuny aptos ];
+    publicKeys = [ root fcuny backup ];
     owner = "fcuny";
   };
 
   "syncthing/cert.age" = {
-    publicKeys = [ fcuny aptos ];
+    publicKeys = [ root fcuny backup ];
     owner = "fcuny";
   };
 
   "restic/repo-users.age" = {
-    publicKeys = [ fcuny aptos ];
+    publicKeys = [ root fcuny backup ];
     owner = "fcuny";
   };
 
   "gcloud/world-nix.age" = {
-    publicKeys = [ fcuny aptos ];
+    publicKeys = [ root fcuny backup ];
     owner = "fcuny";
   };
 }
-- 
cgit v1.2.3