From ec2afd9e927a521edfb68ad9eb3e0e8391d12156 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Thu, 12 Jun 2025 07:40:53 -0700
Subject: use a dedicated SSH key for agenix

The key is still stored in 1password, and we add a script to
synchronize the key to the host.

The existing keys have been rekeyed with the new key.
---
 secrets/secrets.nix | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

(limited to 'secrets/secrets.nix')

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 883ef91..d824ce1 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,9 +1,16 @@
 let
   users = {
-    fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
+    fcunyNixOs = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi";
+    fcunyAgenix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdyJepi/NyO6d9eP8m48Ga/gdjB5ENHRXYM1ZqFZR8t";
   };
 in
 {
-  "users/fcuny/llm.age".publicKeys = [ users.fcuny ];
-  "users/fcuny/anthropic-api-key.age".publicKeys = [ users.fcuny ];
+  "users/fcuny/llm.age".publicKeys = [
+    users.fcunyNixOs
+    users.fcunyAgenix
+  ];
+  "users/fcuny/anthropic-api-key.age".publicKeys = [
+    users.fcunyNixOs
+    users.fcunyAgenix
+  ];
 }
-- 
cgit v1.2.3