ghost: split secrets for server and local

hosts/ghost.nix

@@ -3,7 +3,6 @@
     "${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-image.nix"
     inputs.agenix.nixosModules.default
     ../system/nix.nix
-    ../system/secrets.nix
   ];
 
   # Use more aggressive compression then the default.
@@ -102,6 +101,22 @@
     size = (1024 * 2); # 2 GB
   }];
 
+  age = {
+    identityPaths = [ "/root/.ssh/id_rsa" ];
+    secrets.ghost-nextcloud = {
+      file = ../secrets/ghost-nextcloud.age;
+      mode = "400";
+      owner = "nextcloud";
+      group = "nextcloud";
+    };
+    secrets.ghost-writefreely = {
+      file = ../secrets/ghost-writefreely.age;
+      mode = "400";
+      owner = "writefreely";
+      group = "writefreely";
+    };
+  };
+
   system.stateVersion = "23.05"; # Never change this
 }
 

system/secrets.nix

@@ -1,6 +1,6 @@
 { pkgs, ... }: {
   age = {
-    identityPaths = [ "/home/lelgenio/.ssh/id_rsa" "/root/.ssh/id_rsa" ];
+    identityPaths = [ "/home/lelgenio/.ssh/id_rsa" ];
     secrets.lelgenio-cachix.file = ../secrets/lelgenio-cachix.age;
     secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file =
       ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
@@ -10,17 +10,5 @@
       ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
     secrets.monolith-nix-serve-privkey.file =
       ../secrets/monolith-nix-serve-privkey.age;
-    secrets.ghost-nextcloud = {
-      file = ../secrets/ghost-nextcloud.age;
-      mode = "400";
-      owner = "nextcloud";
-      group = "nextcloud";
-    };
-    secrets.ghost-writefreely = {
-      file = ../secrets/ghost-writefreely.age;
-      mode = "400";
-      owner = "writefreely";
-      group = "writefreely";
-    };
   };
 }