From 72307e4dca688a5f2b88cef26273aaa6a5e189db Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Fri, 9 Jan 2026 19:11:37 -0800
Subject: don't use agenix from home manager

Install the key with the host's configuration and rekey the secrets.
---
 machines/argonath.nix | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'machines/argonath.nix')

diff --git a/machines/argonath.nix b/machines/argonath.nix
index 3d1b1eb..d1f1f7e 100644
--- a/machines/argonath.nix
+++ b/machines/argonath.nix
@@ -1,5 +1,13 @@
 { adminUser, ... }:
 {
+  wgPublicKey = "vTItDh9YPnA+8hL1kIK+7EHv0ol3qvhfAfz790miw1w=";
+  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHi9jHqRjpMzXlznTXi4nEtlRlFfyIzB6Ur9A+HDfFoq";
+
+  age.secrets = {
+    wireguard.file = ../secrets/argonath/wireguard.age;
+    acme-cloudflare-env.file = ../secrets/acme-cloudflare-env.age;
+  };
+
   imports = [
     ../profiles/core-metrics.nix
     ../profiles/defaults.nix
@@ -15,14 +23,6 @@
 
   networking.hostName = "argonath";
 
-  wgPublicKey = "vTItDh9YPnA+8hL1kIK+7EHv0ol3qvhfAfz790miw1w=";
-  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHi9jHqRjpMzXlznTXi4nEtlRlFfyIzB6Ur9A+HDfFoq";
-
-  age.secrets = {
-    wireguard.file = ../secrets/argonath/wireguard.age;
-    acme-cloudflare-env.file = ../secrets/acme-cloudflare-env.age;
-  };
-
   system.stateVersion = "25.05"; # Did you read the comment?
 
   home-manager.users.${adminUser.name} = {
-- 
cgit v1.2.3