ssh key reroll

2025-09-30 23:24:10 +02:00 · 2025-09-30 23:24:10 +02:00 · fb781d6e8a
commit fb781d6e8a
parent aec7763929
10 changed files with 191 additions and 42 deletions
--- a/modules/base/secrets.nix
+++ b/modules/base/secrets.nix
@ -1,12 +1,13 @@
 {
  lib,
  config,
-  inputs,
+  pkgs,
  ...
 }: let
  inherit (lib) mkEnableOption mkIf;
  cfg = config.horseman.base.secrets;
  secretFile = path: ../../secrets/${path};
+  username = config.horseman.username;
 in {
  options = {
    horseman.base.secrets = {
@ -15,12 +16,35 @@ in {
  };

  config = mkIf cfg.enable {
-    environment.systemPackages = [
-      inputs.agenix.packages.x86_64-linux.default
-    ];
+    environment.systemPackages = [pkgs.ragenix];

    age.secrets = {
      wifi.file = secretFile "wifi.age";
+
+      personalSSHpub = {
+        file = secretFile "id_personal.pub.age";
+        owner = username;
+        group = "users";
+        path = "/home/horseman/.ssh/id_personal.pub";
+      };
+      personalSSH = {
+        file = secretFile "id_personal.age";
+        owner = username;
+        group = "users";
+        path = "/home/horseman/.ssh/id_personal";
+      };
+      githubSSHpub = {
+        file = secretFile "id_github.pub.age";
+        owner = username;
+        group = "users";
+        path = "/home/horseman/.ssh/id_github.pub";
+      };
+      githubSSH = {
+        file = secretFile "id_github.age";
+        owner = username;
+        group = "users";
+        path = "/home/horseman/.ssh/id_github";
+      };
    };
  };
 }