From d23d7bf78b38fd7976d2dbbc063f406fa04f13d5 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 9 Aug 2025 11:02:18 -0700
Subject: add the SSH key for the remote builder

All the secrets were rekeyed.
---
 machines/darwin/aarch64-darwin/mba-m2.nix   | 9 +++++++++
 machines/nixos/x86_64-linux/vm-synology.nix | 3 +++
 2 files changed, 12 insertions(+)

(limited to 'machines')

diff --git a/machines/darwin/aarch64-darwin/mba-m2.nix b/machines/darwin/aarch64-darwin/mba-m2.nix
index 1cd9aa8..9970e62 100644
--- a/machines/darwin/aarch64-darwin/mba-m2.nix
+++ b/machines/darwin/aarch64-darwin/mba-m2.nix
@@ -5,6 +5,15 @@
   ...
 }:
 {
+
+  age = {
+    secrets = {
+      ssh-remote-builder = {
+        file = "${self}/secrets/ssh-remote-builder.age";
+      };
+    };
+  };
+
   imports = [
     "${self}/profiles/home-manager.nix"
     "${self}/profiles/darwin.nix"
diff --git a/machines/nixos/x86_64-linux/vm-synology.nix b/machines/nixos/x86_64-linux/vm-synology.nix
index 1f7307c..309c3a6 100644
--- a/machines/nixos/x86_64-linux/vm-synology.nix
+++ b/machines/nixos/x86_64-linux/vm-synology.nix
@@ -82,7 +82,10 @@
 
   users.users.builder = {
     openssh.authorizedKeys.keys = [
+      # my personal key
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+      # remote builder ssh key
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw"
     ];
     isNormalUser = true;
     group = "nogroup";
-- 
cgit v1.2.3