From 6e1a5034c451b3bf0d69b3ab6bd3b52013f66b33 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Wed, 5 Apr 2023 16:57:31 +0300
Subject: [PATCH] another secret

---
 configuration.nix                      |  2 +-
 flake.nix                              |  4 ++--
 secrets.nix                            |  3 ++-
 secrets/hel1-a/borgbackup/password.age | 10 ++++++++++
 4 files changed, 15 insertions(+), 4 deletions(-)
 create mode 100644 secrets/hel1-a/borgbackup/password.age

diff --git a/configuration.nix b/configuration.nix
index b398d3e..2d0e6fc 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -253,7 +253,7 @@ in {
             repo = "zh2769@zh2769.rsync.net:hel1-a.servers.jakst";
             encryption = {
               mode = "repokey-blake2";
-              passCommand = "cat /var/src/secrets/borgbackup/password";
+              passCommand = "cat ${config.age.secrets.borgbackup-password.path}";
             };
             paths = value.paths;
             extraArgs = "--remote-path=borg1";
diff --git a/flake.nix b/flake.nix
index fa101aa..897b35c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -41,8 +41,8 @@
           agenix.nixosModules.default
 
           {
-            #age.secrets.zfs-passphrase.file = ./secrets/hel1-a/zfs-passphrase.age;
-            age.secrets.x.file = ./secrets/hel1-a/zfs-passphrase.age;
+            age.secrets.zfs-passphrase.file = ./secrets/hel1-a/zfs-passphrase.age;
+            age.secrets.borgbackup-password.file = ./secrets/hel1-a/borgbackup/password.age;
           }
         ];
       };
diff --git a/secrets.nix b/secrets.nix
index fd881fb..71d2d39 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -6,5 +6,6 @@ let
   systems = [ hel1-a ];
 in
 {
-  "secrets/hel1-a/zfs-passphrase.age".publicKeys = [ motiejus hel1-a ];
+  "secrets/hel1-a/zfs-passphrase.age".publicKeys = [ hel1-a ] ++ users;
+  "secrets/hel1-a/borgbackup/password.age".publicKeys = [ hel1-a ] ++ users;
 }
diff --git a/secrets/hel1-a/borgbackup/password.age b/secrets/hel1-a/borgbackup/password.age
new file mode 100644
index 0000000..cfb775b
--- /dev/null
+++ b/secrets/hel1-a/borgbackup/password.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 vDjOfg 0/IO1+EoGmn3ZEet4SMhOmAJQeT5YpttmKAipD1oCwg
+iZLiUv9rhKU5LLPRsJOoCHTb8TIvJ0LlC3d2Sd9roo4
+-> piv-p256 +y2G/w A730rF1kEug1nr308d+6913WteORiv4BiHJ3GgZIrSXA
+qd0R3f3FDMldSvOTlzk2CljuGkSWP4/KImPRDbhOv/o
+-> ~_^9s}-grease 4$%7. i/IdUD
+8AYlo65+TL2iuJUfLDurHcr9l26OLjuzEbdaOjne6xZblfvHPYiRnzHmFdiLGNoY
+HbzxgTmY0UjlR1stDc7JqigIiD0zNNr6AfeBDnOQtJItpTNvmPIH4OqGluR/cQ
+--- hLALRFLVY80PGNkw0E8fUoM2h80+BJKegw9DeAjkC7g
+ËIÈÂ°ßm¨p¹OWÄqª‰íÃ—§fA’yµ5Íî#?ñ…oAéqYÃ®q§fO;]±	¼ Ó
\ No newline at end of file