X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fsystem.nix;h=8be7368d8d4a2e306f8307c691948062feeb0962;hb=da30ae4ffdd153a1eb32fb86f9ca9a65aa19e4e2;hp=6fc0ecd367ac9b38db05fa1cadcaf19fb418c4a8;hpb=05a3b25228d22943e42e3c492d0329415e549266;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/system.nix b/modules/private/system.nix
index 6fc0ecd..8be7368 100644
--- a/modules/private/system.nix
+++ b/modules/private/system.nix
@@ -1,10 +1,24 @@
 { pkgs, lib, config, name, nodes, ... }:
 {
   config = {
+    deployment.secrets."secret_vars.yml" = {
+      source = builtins.toString ../../nixops/secrets/vars.yml;
+      destination = config.secrets.secretsVars;
+      owner.user = "root";
+      owner.group = "root";
+      permissions = "0400";
+    };
+
     networking.extraHosts = builtins.concatStringsSep "\n"
       (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes);
 
-    users.extraUsers.root.openssh.authorizedKeys.keyFiles = [ "${config.myEnv.privateFiles}/id_ed25519.pub" ];
+    users.extraUsers.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.nix_repository ];
+    secrets.deleteSecretsVars = true;
+    secrets.gpgKeys = [
+      ../../nixops/public_keys/Immae.pub
+    ];
+    secrets.secretsVars = "/run/keys/vars.yml";
+
     services.openssh.enable = true;
 
     services.duplyBackup.profiles.system = {
@@ -26,8 +40,9 @@
     ];
 
     services.journald.extraConfig = ''
-      MaxLevelStore="warning"
-      MaxRetentionSec="1year"
+      #Should be "warning" but disabled for now, it prevents anything from being stored
+      MaxLevelStore=info
+      MaxRetentionSec=1year
       '';
 
     users.users =