From ed1268a6735d4339aad02fd560dd944167dcda3d Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 3 Jan 2026 11:32:50 -0800
Subject: move secrets to the hosts instead of profiles

---
 machines/rivendell.nix | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)

(limited to 'machines/rivendell.nix')

diff --git a/machines/rivendell.nix b/machines/rivendell.nix
index 99b03a5..d1b95aa 100644
--- a/machines/rivendell.nix
+++ b/machines/rivendell.nix
@@ -27,7 +27,30 @@
 
   boot.kernelModules = [ "sg" ];
 
-  age.secrets.rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age;
+  age.secrets = {
+    wireguard.file = ../secrets/rivendell/wireguard.age;
+    restic-local-pw.file = ../secrets/restic-pw.age;
+    restic-nas-smb-config.file = ../secrets/restic-nas-smb-config.age;
+    grafana-oidc.file = ../secrets/grafana-oidc.age;
+    miniflux-oidc.file = ../secrets/miniflux-oidc.age;
+    rsync-ssh-key.file = ../secrets/rsync-ssh-nas.age;
+    authelia-storage-key = {
+      file = ../secrets/authelia-storage-key.age;
+      owner = "authelia-main";
+    };
+    authelia-jwt-key = {
+      file = ../secrets/authelia-jwt-key.age;
+      owner = "authelia-main";
+    };
+    authelia-users = {
+      file = ../secrets/authelia-users.yaml.age;
+      owner = "authelia-main";
+    };
+    authelia-jwks = {
+      file = ../secrets/authelia-jwks.age;
+      owner = "authelia-main";
+    };
+  };
 
   networking.hostName = "rivendell";
   networking.useDHCP = lib.mkDefault true;
-- 
cgit v1.2.3