From 72307e4dca688a5f2b88cef26273aaa6a5e189db Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Fri, 9 Jan 2026 19:11:37 -0800
Subject: don't use agenix from home manager

Install the key with the host's configuration and rekey the secrets.
---
 machines/mba-personal.nix | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'machines/mba-personal.nix')

diff --git a/machines/mba-personal.nix b/machines/mba-personal.nix
index 2d82567..0ce4279 100644
--- a/machines/mba-personal.nix
+++ b/machines/mba-personal.nix
@@ -1,6 +1,18 @@
 { adminUser, pkgs, ... }:
 {
-  age.secrets.ssh-remote-builder.file = ../secrets/ssh-remote-builder.age;
+  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLQTIPZraE+jpMqGkh8yUhNFzRJbMarX5Mky3nETw6c";
+
+  age.secrets = {
+    ssh-remote-builder.file = ../secrets/ssh-remote-builder.age;
+    anthropic-api-key = {
+      file = ../secrets/anthropic-api-key.age;
+      owner = "${toString adminUser.uid}";
+    };
+    restic-password = {
+      file = ../secrets/restic-pw.age;
+      owner = "${toString adminUser.uid}";
+    };
+  };
 
   imports = [
     ../profiles/darwin.nix
-- 
cgit v1.2.3