From 35e372a0253522fe5d79d0ad5eea3f981566b419 Mon Sep 17 00:00:00 2001
From: blahai <github@blahai.gay>
Date: Mon, 27 Jan 2025 17:22:01 +0200
Subject: [PATCH] Secrets: fix

---
 modules/base/secrets.nix         |   2 +-
 modules/nixos/networking/ssh.nix |  13 +++++++++++++
 secrets/forgejo-runner-token.age |   9 ++++-----
 secrets/secrets.nix              |   7 +++++--
 secrets/vaultwarden-env.age      | Bin 345 -> 345 bytes
 5 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/modules/base/secrets.nix b/modules/base/secrets.nix
index 53354e1..97d4543 100644
--- a/modules/base/secrets.nix
+++ b/modules/base/secrets.nix
@@ -14,7 +14,7 @@ in {
     # to decrypt the secrets
     identityPaths = [
       "/etc/ssh/ssh_host_ed25519_key"
-      "${sshDir}/id_ed25519"
+      #"${sshDir}/id_ed25519"
     ];
   };
 }
diff --git a/modules/nixos/networking/ssh.nix b/modules/nixos/networking/ssh.nix
index 40843ef..f590692 100644
--- a/modules/nixos/networking/ssh.nix
+++ b/modules/nixos/networking/ssh.nix
@@ -10,5 +10,18 @@
     };
     openFirewall = true;
     ports = [22];
+
+    hostKeys = [
+      {
+        bits = 4096;
+        path = "/etc/ssh/ssh_host_rsa_key";
+        type = "rsa";
+      }
+      {
+        bits = 4096;
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
   };
 }
diff --git a/secrets/forgejo-runner-token.age b/secrets/forgejo-runner-token.age
index 18a7501..b91aa61 100644
--- a/secrets/forgejo-runner-token.age
+++ b/secrets/forgejo-runner-token.age
@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 ZfCryg dcBOsnptC6CR1PGCbRIL087/tMc4LWvTR4r3f58rCiI
-+xWxAQfCy7tgcxZAxxX2a/Ar40IspPUPpZVQyuPNsoU
---- 8LEM/+6yxdMP8e5Y8mdTtCnCDlptaTGTCqiUlPFJeqw
-����+
-�jb�G���c|4||*_�xPǻ�9�Q�&�l�+b���T�S�9��ҿb�G:�R�7����V�JЁ�Z
\ No newline at end of file
+-> ssh-ed25519 wxktWA OuxZ0Tu5vOZCA4WcLLJxMD9XZFCzZ0C57Mmv9fAZVW0
+3sE3V7NMUJHRyFa2XBRT5YJqSZqAYUl3OlPhCadGUcs
+--- TAhwgSih1beqhNHNlh6fA/SLiAiQolslAqUelwGueQM
+k�,,�=����([-�o��D3St��h,�=��I3���%
 "�x%��i�z�@��|�~,F��C"�)T���F
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index b49380b..6ba7637 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,7 +2,10 @@ let
   pingu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPbmiNqoyeKXk/VopFm2cFfEnV4cKCFBhbhyYB69Fuu";
   elissa = "";
   users = [pingu elissa];
+
+  theia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID3V7BfUmisdxsALpGc6ep2+hanPKKcrg4/es7cza4BA";
+  systems = [theia];
 in {
-  "forgejo-runner-token.age".publicKeys = [pingu];
-  "vaultwarden-env.age".publicKeys = [pingu];
+  "forgejo-runner-token.age".publicKeys = [theia];
+  "vaultwarden-env.age".publicKeys = [theia];
 }
diff --git a/secrets/vaultwarden-env.age b/secrets/vaultwarden-env.age
index 307d33b2dabe419ec6b15eb75a8fe7b8445786cc..b82d8df9d418d2947421f66659c5ef901ba26bee 100644
GIT binary patch
delta 317
zcmV-D0mA;-0@(tPC4YB#YjjsZAaqVobW=1~aZq+sZ*yZWS8Z8OXGcO&Zc1%%Fg8eb
zZb>sva#wdXR&Yc#3Pg5hWkgy@OhI}}Lt;c}HBT=`Lu*J$a5hpkLRnE}FIQ_<PAfKc
zT2wPt3N0-yAXPGPX+&C7FmX&;Pjqu)F-0^`YE)@fL@`NnXn%KkR!UYYX*qW=G;%9?
zV+v0|Mpt@y@~=sDd0DHd0It9-A8x#$>IAfvqiqQ@3-sakD<QHJ=BfFmuQbNI^PT$?
zL_XHuyo*noEpv>GZrHdAb`Q5wov)i30S5AiQ)%$g)P3`~ugw_gwk}lVv*|2RjczYs
zw8~pZ^kWWbQ#Pw19ky1Agg{p2r;UvvuKMjAjNU?ll;JQWesyH<+X6U3wuHbPrm47k
Pxfg;RdcFBzhplx7YWRgR

delta 317
zcmV-D0mA;-0@(tPC4X9GLvnd%AVP64M`cJ)axiT~I9DrWQ8#!@c~fpsMKX6$X;n{n
zYhrC$T4--_Lpf}73P*Q2Vpc;=YH@H@Rx)luRC8i0c`I{caW7R#L{V!oayT?ebar%T
zHZo*)3N0-yAZc20QgSwDVOdQxMou|%XmV~aHBU}zOiDFXQh!-cO?hieGcPo2XIN@_
zGzukE9-_rDjI)m?N04O$5<*(>KQmG0yz!-{>-w{BgvJBt53bQTm^#%vOwMET+G#-G
zgWbs|+1f|!+%iutsla#;QWmWD-Wrp<o8&IEL{0&{Cvo8<36sse0~da+h$4OWY0@aH
zUfzecT9K$khc;~2wPz;)Hd$y6!Nv7gJLMV&%<Q3e#nRy_cHcAFjN^@XD=Xe3Se_`8
PWAmQq3fgABc*L+U^t^^*