rename secrets

2026-01-05 14:35:42 +01:00
parent 0fee255cbf
commit 2114c6c347
9 changed files with 9 additions and 15 deletions
--- a/machines/109-199-104-83/configuration.nix
+++ b/machines/109-199-104-83/configuration.nix
@@ -25,7 +25,7 @@
    x509.useACMEHost = config.mailserver.fqdn;
    loginAccounts = {
      "test@${config.networking.domain}" = {
-        hashedPasswordFile = builtins.toString config.age.secrets.secret3.path;
+        hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
      };
    };
  };
--- a/machines/lenovo/configuration.nix
+++ b/machines/lenovo/configuration.nix
@@ -9,10 +9,6 @@
    ./impermanence.nix
    (modulesPath + "/installer/scan/not-detected.nix")
  ];
-  age.secrets = {
-    secret0.file = ../../secrets/secret0.age;
-    secret1.file = ../../secrets/secret1.age;
-  };
  boot.loader = {
    efi.canTouchEfiVariables = true;
    systemd-boot.enable = true;
--- a/pub-keys.nix
+++ b/pub-keys.nix
@@ -1,9 +1,8 @@
 {
  age.secrets = {
-    secret0.file = ./secrets/secret0.age;
-    secret1.file = ./secrets/secret1.age;
-    secret2.file = ./secrets/secret2.age;
-    secret3.file = ./secrets/secret3.age;
+    andromeda-pw.file = ./secrets/andromeda-pw.age;
+    mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age;
+    mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;
  };
  pub-keys = {
    ssh = {
--- a/secrets/andromeda-pw.age
+++ b/secrets/andromeda-pw.age
--- a/secrets/mailserver-acc-test-pw.age
+++ b/secrets/mailserver-acc-test-pw.age
--- a/secrets/mtgmonkey-pw.age
+++ b/secrets/mtgmonkey-pw.age
--- a/secrets/secret2.age
+++ b/secrets/secret2.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -4,8 +4,7 @@ let
  lenovo = pub-keys.ssh.lenovo;
  _109-199-104-83 = pub-keys.ssh._109-199-104-83;
 in {
-  "secret0.age".publicKeys = [andromeda lenovo];
-  "secret1.age".publicKeys = [andromeda lenovo];
-  "secret2.age".publicKeys = [andromeda lenovo _109-199-104-83];
-  "secret3.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "andromeda-pw.age".publicKeys = [andromeda lenovo];
+  "mtgmonkey-pw.age".publicKeys = [andromeda lenovo];
+  "mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
 }
--- a/users.nix
+++ b/users.nix
@@ -13,7 +13,7 @@ in {
      "andromeda" = {
        isNormalUser = true;
        description = "andromeda";
-        hashedPasswordFile = builtins.toString config.age.secrets.secret0.path;
+        hashedPasswordFile = builtins.toString config.age.secrets.andromeda-pw.path;
        extraGroups = [
          "networkmanager"
          "wheel"
@@ -22,7 +22,7 @@ in {
      "mtgmonkey" = {
        isNormalUser = true;
        description = "mtgmonkey";
-        hashedPasswordFile = builtins.toString config.age.secrets.secret1.path;
+        hashedPasswordFile = builtins.toString config.age.secrets.mtgmonkey-pw.path;
        extraGroups = [
          (lib.mkIf
            (machine == machines.lenovo)