diff --git a/secrets/monolith-nix-serve-privkey.age b/secrets/monolith-nix-serve-privkey.age new file mode 100644 index 0000000..843b433 Binary files /dev/null and b/secrets/monolith-nix-serve-privkey.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 7e17b73..cb4c4a0 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -5,4 +5,5 @@ in "rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ]; "monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [ main_ssh_public_key ]; "lelgenio-cachix.age".publicKeys = [ main_ssh_public_key ]; + "monolith-nix-serve-privkey.age".publicKeys = [ main_ssh_public_key ]; } diff --git a/switch-with-home-cache b/switch-with-home-cache index 025d931..cff021a 100755 --- a/switch-with-home-cache +++ b/switch-with-home-cache @@ -2,5 +2,5 @@ ./switch \ --option extra-substituters "http://nixcache.lelgenio.1337.cx:5000" \ - --option extra-trusted-public-keys "nixcache.lelgenio.1337.cx:zxCfx7S658llDgAUG0JVyNrlAdFVvPniSdDOkvfTPS8=" \ + --option extra-trusted-public-keys "nixcache.lelgenio.1337.cx:HZCwDaM39BOF+MLuviMQTUrz3rBWLTLV9H+GV4zcxVI=" \ "$@" diff --git a/system/nix-serve.nix b/system/nix-serve.nix index ccdccb1..0bd49c2 100644 --- a/system/nix-serve.nix +++ b/system/nix-serve.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: { services.nix-serve = { enable = true; - secretKeyFile = "/var/cache-priv-key.pem"; + secretKeyFile = config.age.secrets.monolith-nix-serve-privkey.path; }; } diff --git a/system/secrets.nix b/system/secrets.nix index 4725e85..437325c 100644 --- a/system/secrets.nix +++ b/system/secrets.nix @@ -6,5 +6,7 @@ ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age; secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age; + secrets.monolith-nix-serve-privkey.file = + ../secrets/monolith-nix-serve-privkey.age; }; }