Secrets: fix

modules/base/secrets.nix

@@ -14,7 +14,7 @@ in {
     # to decrypt the secrets
     identityPaths = [
       "/etc/ssh/ssh_host_ed25519_key"
-      "${sshDir}/id_ed25519"
+      #"${sshDir}/id_ed25519"
     ];
   };
 }

modules/nixos/networking/ssh.nix

@@ -10,5 +10,18 @@
     };
     openFirewall = true;
     ports = [22];
+
+    hostKeys = [
+      {
+        bits = 4096;
+        path = "/etc/ssh/ssh_host_rsa_key";
+        type = "rsa";
+      }
+      {
+        bits = 4096;
+        path = "/etc/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+    ];
   };
 }

secrets/forgejo-runner-token.age

@@ -1,6 +1,5 @@
 age-encryption.org/v1
--> ssh-ed25519 ZfCryg dcBOsnptC6CR1PGCbRIL087/tMc4LWvTR4r3f58rCiI
+-> ssh-ed25519 wxktWA OuxZ0Tu5vOZCA4WcLLJxMD9XZFCzZ0C57Mmv9fAZVW0
-+xWxAQfCy7tgcxZAxxX2a/Ar40IspPUPpZVQyuPNsoU
+3sE3V7NMUJHRyFa2XBRT5YJqSZqAYUl3OlPhCadGUcs
---- 8LEM/+6yxdMP8e5Y8mdTtCnCDlptaTGTCqiUlPFJeqw
+--- TAhwgSih1beqhNHNlh6fA/SLiAiQolslAqUelwGueQM
-èÈÐÞ+
+k‘,,†=“ÖďŇ([-Ăo˝ěD3StµĐh,ęŻ=ĆăI3©ŢĎ%
 "śx%Ą‰i’zś@Ś°|ű~,FŇčC"Ź)T·ĎćF
-èjbêG üÙc|4||*_ÞxPÇ»…9ÍQá&Ëlÿ+b뇯¡T´S®9³ÚÒ¿b†G:äR<C3A4>7èÖÛÏVîJÐ<>ùZ

secrets/secrets.nix

@@ -2,7 +2,10 @@ let
   pingu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILPbmiNqoyeKXk/VopFm2cFfEnV4cKCFBhbhyYB69Fuu";
   elissa = "";
   users = [pingu elissa];
+
+  theia = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID3V7BfUmisdxsALpGc6ep2+hanPKKcrg4/es7cza4BA";
+  systems = [theia];
 in {
-  "forgejo-runner-token.age".publicKeys = [pingu];
+  "forgejo-runner-token.age".publicKeys = [theia];
-  "vaultwarden-env.age".publicKeys = [pingu];
+  "vaultwarden-env.age".publicKeys = [theia];
 }