Refactor secrets handling

[perso/Immae/Config/Nix.git] / modules / private / system / quatresaisons.nix

diff --git a/modules/private/system/quatresaisons.nix b/modules/private/system/quatresaisons.nix
index 03446e70c02b295d6b767ea762ed42a56915607f..01486501760704c6a6ef073a44969bbf228b4f86 100644 (file)
--- a/modules/private/system/quatresaisons.nix
+++ b/modules/private/system/quatresaisons.nix
@@ -1,4 +1,3 @@
-{ privateFiles }:
 { config, pkgs, lib, ... }:
 let
   serverSpecificConfig = config.myEnv.serverSpecific.quatresaisons;
@@ -164,6 +163,8 @@ in
     targetHost = config.hostEnv.ips.main.ip4;
     substituteOnDestination = true;
   };
+  # ssh-keyscan quatresaison | nix-shell -p ssh-to-age --run ssh-to-age
+  secrets.ageKeys = [ "age1yz8u6xvh2fltvyp96ep8crce3qx4tuceyhun6pwddfe0uvcrkarscxl7e7" ];
 
   programs.ssh.package = pkgs.openssh.overrideAttrs(old: {
     PATH_PASSWD_PROG = "/run/wrappers/bin/passwd";
@@ -173,7 +174,7 @@ in
   imports = builtins.attrValues (import ../..) ++
     [ ./quatresaisons/nextcloud.nix ./quatresaisons/databases.nix ];
 
-  myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
+  myEnv = import ../../../nixops/secrets/environment.nix;
 
   fileSystems = {
     "/"     = { device = "/dev/disk/by-uuid/865931b4-c5cc-439f-8e42-8072c7a30634"; fsType = "ext4"; };