31 lines
777 B
Nix
31 lines
777 B
Nix
{ config, ... }:
|
|
{
|
|
# TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
|
|
age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
|
|
|
|
age.secrets.access-tokens-github.file = ../secrets/gh.age;
|
|
age.secrets.obvps-id = {
|
|
file = ../secrets/1bvps.age;
|
|
path = "/home/rhea/.ssh/id_1bvps";
|
|
owner = "rhea";
|
|
symlink = false;
|
|
};
|
|
|
|
age.secrets.gcd_etwas = {
|
|
file = ../secrets/gcd_etwas.age;
|
|
path = "/home/rhea/.ssh/id_gcd_etwas";
|
|
owner = "rhea";
|
|
symlink = false;
|
|
};
|
|
|
|
age.secrets.etwas_sign_key = {
|
|
file = ../secrets/sign_etwas.age;
|
|
path = "/home/rhea/.ssh/etwas_sign_key";
|
|
owner = "rhea";
|
|
symlink = false;
|
|
};
|
|
|
|
nix.extraOptions = ''
|
|
!include ${config.age.secrets.access-tokens-github.path}
|
|
'';
|
|
}
|