Refactor secrets handling

[perso/Immae/Config/Nix.git] / modules / private / system.nix

diff --git a/modules/private/system.nix b/modules/private/system.nix
index 0e72d9962fec977563a3607002aa44910cc42f89..c7e277c4bb7313efdd72e57bc2b57a2c234ed8b2 100644 (file)
--- a/modules/private/system.nix
+++ b/modules/private/system.nix
@@ -4,7 +4,12 @@
     networking.extraHosts = builtins.concatStringsSep "\n"
       (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes);
 
-    users.extraUsers.root.openssh.authorizedKeys.keyFiles = [ "${config.myEnv.privateFiles}/id_ed25519.pub" ];
+    users.extraUsers.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.nix_repository ];
+    secrets.deleteSecretsVars = true;
+    secrets.gpgKeys = [
+      ../../nixops/public_keys/Immae.pub
+    ];
+
     services.openssh.enable = true;
 
     services.duplyBackup.profiles.system = {