From 72307e4dca688a5f2b88cef26273aaa6a5e189db Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Fri, 9 Jan 2026 19:11:37 -0800
Subject: don't use agenix from home manager

Install the key with the host's configuration and rekey the secrets.
---
 machines/rivendell.nix | 48 ++++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

(limited to 'machines/rivendell.nix')

diff --git a/machines/rivendell.nix b/machines/rivendell.nix
index 6b16d67..0c4ac28 100644
--- a/machines/rivendell.nix
+++ b/machines/rivendell.nix
@@ -5,27 +5,8 @@
   ...
 }:
 {
-  imports = [
-    ../profiles/authelia.nix
-    ../profiles/core-metrics.nix
-    ../profiles/defaults.nix
-    ../profiles/disk/btrfs-on-luks.nix
-    ../profiles/git-server.nix
-    ../profiles/hardware/framework-desktop.nix
-    ../profiles/home-manager.nix
-    ../profiles/miniflux.nix
-    ../profiles/monitoring.nix
-    ../profiles/remote-unlock.nix
-    ../profiles/restic-backup.nix
-    ../profiles/server.nix
-    ../profiles/storage-media.nix
-    ../profiles/users/admin-user.nix
-    ../profiles/users/builder.nix
-    ../profiles/users/home-manager.nix
-    ../profiles/wireguard.nix
-  ];
-
-  boot.kernelModules = [ "sg" ];
+  wgPublicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
+  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd";
 
   age.secrets = {
     wireguard.file = ../secrets/rivendell/wireguard.age;
@@ -52,13 +33,32 @@
     };
   };
 
+  imports = [
+    ../profiles/authelia.nix
+    ../profiles/core-metrics.nix
+    ../profiles/defaults.nix
+    ../profiles/disk/btrfs-on-luks.nix
+    ../profiles/git-server.nix
+    ../profiles/hardware/framework-desktop.nix
+    ../profiles/home-manager.nix
+    ../profiles/miniflux.nix
+    ../profiles/monitoring.nix
+    ../profiles/remote-unlock.nix
+    ../profiles/restic-backup.nix
+    ../profiles/server.nix
+    ../profiles/storage-media.nix
+    ../profiles/users/admin-user.nix
+    ../profiles/users/builder.nix
+    ../profiles/users/home-manager.nix
+    ../profiles/wireguard.nix
+  ];
+
+  boot.kernelModules = [ "sg" ];
+
   networking.hostName = "rivendell";
   networking.useDHCP = lib.mkDefault true;
   systemd.network.wait-online.anyInterface = lib.mkDefault config.networking.useDHCP;
 
-  wgPublicKey = "jf7T7TMKQWSgSXhUplldZDV9G2y2BjMmHIAhg5d26ng=";
-  publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID76U5kt8DfBbuP16rMzfBTVTpjjPFKWnnheMALaCQEd";
-
   services = {
     website = {
       enable = true;
-- 
cgit v1.2.3