From b00b4e322f9fa94eedda8b0a86fbd0eecc9fbff0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= <lelgenio@disroot.org>
Date: Sun, 22 Oct 2023 14:55:39 -0300
Subject: [PATCH] ghost: split secrets for server and local

---
 hosts/ghost.nix    | 17 ++++++++++++++++-
 system/secrets.nix | 14 +-------------
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/hosts/ghost.nix b/hosts/ghost.nix
index 99c665b..eec60f0 100644
--- a/hosts/ghost.nix
+++ b/hosts/ghost.nix
@@ -3,7 +3,6 @@
     "${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
     inputs.agenix.nixosModules.default
     ../system/nix.nix
-    ../system/secrets.nix
   ];
 
   # Use more aggressive compression then the default.
@@ -102,6 +101,22 @@
     size = (1024 * 2); # 2 GB
   }];
 
+  age = {
+    identityPaths = [ "/root/.ssh/id_rsa" ];
+    secrets.ghost-nextcloud = {
+      file = ../secrets/ghost-nextcloud.age;
+      mode = "400";
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+    secrets.ghost-writefreely = {
+      file = ../secrets/ghost-writefreely.age;
+      mode = "400";
+      owner = "writefreely";
+      group = "writefreely";
+    };
+  };
+
   system.stateVersion = "23.05"; # Never change this
 }
 
diff --git a/system/secrets.nix b/system/secrets.nix
index ebdb48c..776ee6e 100644
--- a/system/secrets.nix
+++ b/system/secrets.nix
@@ -1,6 +1,6 @@
 { pkgs, ... }: {
   age = {
-    identityPaths = [ "/home/lelgenio/.ssh/id_rsa" "/root/.ssh/id_rsa" ];
+    identityPaths = [ "/home/lelgenio/.ssh/id_rsa" ];
     secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
     secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
       ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
@@ -10,17 +10,5 @@
       ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
     secrets.monolith-nix-serve-privkey.file =
       ../secrets/monolith-nix-serve-privkey.age;
-    secrets.ghost-nextcloud = {
-      file = ../secrets/ghost-nextcloud.age;
-      mode = "400";
-      owner = "nextcloud";
-      group = "nextcloud";
-    };
-    secrets.ghost-writefreely = {
-      file = ../secrets/ghost-writefreely.age;
-      mode = "400";
-      owner = "writefreely";
-      group = "writefreely";
-    };
   };
 }